Documente Academic
Documente Profesional
Documente Cultură
0
Administration Guide
This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose other than the purchaser's personal use without the written permission of Quest Software, Inc. If you have any questions regarding your potential use of this material, contact: Quest Software World Headquarters LEGAL Dept 5 Polaris Way Aliso Viejo, CA 92656 USA www.quest.com email: legal@quest.com Refer to our Web site for regional and international office information.
TRADEMARKS
Quest, Quest Software, the Quest Software logo, Aelita, Akonix, AppAssure, Benchmark Factory, Big Brother, ChangeAuditor, DataFactory, DeployDirector, ERDisk, Foglight, Funnel Web, GPOAdmin, I/Watch, Imceda, InLook, IntelliProfile, InTrust, Invertus, IT Dad, I/Watch, JClass, Jint, JProbe, LeccoTech, LiteSpeed, LiveReorg, MessageStats, NBSpool, NetBase, Npulse, NetPro, PassGo, PerformaSure, Quest Central, SharePlex, Sitraka, SmartAlarm, Spotlight, SQL LiteSpeed, SQL Navigator, SQL Watch, SQLab, Stat, StealthCollect, Tag and Follow, Toad, T.O.A.D., Toad World, vAnalyzer, vAutomator, vControl, vConverter, vEssentials, vFoglight, vMigrator, vOptimizer Pro, vPackager, vRanger, vRanger Pro, vReplicator, vSpotlight, vToad, Vintela, Virtual DBA, VizionCore, Vizioncore vAutomation Suite, Vizioncore vEssentials, Xaffire, and XRT are trademarks and registered trademarks of Quest Software, Inc in the United States of America and other countries. Other trademarks and registered trademarks used in this guide are property of their respective owners.
Disclaimer
The information in this document is provided in connection with Quest products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Quest products. EXCEPT AS SET FORTH IN QUEST'S TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, QUEST ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL QUEST BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF QUEST HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Quest makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. Quest does not make any commitment to update the information contained in this document.
Quest vWorkspace Administration Guide v.4 Updated - January 2009 Software Version - 6.0
CONTENTS
WHATS NEW IN VWORKSPACE 6.0 . . . . . . . . . . . . . . . . . . . . XVII UPGRADE CONSIDERATIONS . . . . . . . . . . . . . . . . . . . . . XVII FEATURES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . XVII
Parallels Virtuozzo Containers Integration . . . . . . . . . Experience Optimized Protocol Features . . . . . . . . . . Geographic Locations vWorkspace . . . . . . . . . . . . . . Web Access Interface . . . . . . . . . . . . . . . . . . . . . . . HP Remote Graphics Software . . . . . . . . . . . . . . . . . Remote Control Sessions for VDI . . . . . . . . . . . . . . . Assignment of VM. . . . . . . . . . . . . . . . . . . . . . . . . . User Profiles Enhancements and Support for Desktops Microsoft Windows Vista and Server 2008 Support . . . Security Enhancements . . . . . . . . . . . . . . . . . . . . . . Persistent Disks and Memory for VMware . . . . . . . . . USB Redirection . . . . . . . . . . . . . . . . . . . . . . . . . . . Bandwidth Optimization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviii xviii xviii . xix . xix . xx . xx . xx . xx . xx . xxi . xxi . xxi
WHATS CHANGED . . . . . . . . . . . . . . . . . . . . . . . . . . . . . XXI ABOUT THIS GUIDE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . XXIII OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . XXIV CONVENTIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . XXIV ABOUT QUEST SOFTWARE . . . . . . . . . . . . . . . . . . . . . . . . . XXV CONTACT QUEST SOFTWARE . . . . . . . . . . . . . . . . . . . . XXV
VWORKSPACE
RESOURCES . . . . . . . . . . . . . . . . . . . . . . . . XXVI
CONTACT SUPPORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . XXVI DOCUMENT FEEDBACK . . . . . . . . . . . . . . . . . . . . . . . . XXVI CHAPTER 1 INTRODUCTION TO VWORKSPACE . . . . . . . . . . . . . . . . . . . . . . . . 1 OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 PRODUCT SUITES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 ENTERPRISE EDITION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 TERMINAL SERVICES ENHANCEMENTS . . . . . . . . . . . . . . . . 5
Provision-IT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Secure-IT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Web Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
TCP PORT REQUIREMENTS . . . . . . . . . . . . . . . . . . . . . . . . .16 CLIENT CONNECTIVITY . . . . . . . . . . . . . . . . . . . . . . . . . . . .17 MICROSOFT WINDOWS . . . . . . . . . . . . . . . . . . . . . . . . .18 WINDOWS CE THIN CLIENT TERMINALS . . . . . . . . . . . . . .18
VWORKSPACE
BENEFITS OF VWORKSPACE-ENABLED DESKTOP SERVICES . . . . . .22 POWER TOOLS SUITE FOR TERMINAL SERVERS STANDARD EDITION .24 LICENSING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26 CUSTOMER INFORMATION . . . . . . . . . . . . . . . . . . . . . . .28 LICENSES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29 USER SESSIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . .30 CHAPTER 2 DEPLOYMENT PLANNING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 CONSIDERATIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32 CHAPTER 3 INSTALLATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 INSTALLATION REQUIREMENTS . . . . . . . . . . . . . . . . . . . . . . .36 VIRTUALCENTER SSL CERTIFICATE . . . . . . . . . . . . . . . . . . . .39
Export the SSL Certificate .............................................. 40 Import the SSL Certificate .............................................. 41 View or Modify Keystore Registry Entries .......................... 41 Copy to Other Connection Brokers ................................... 42
VWORKSPACE
INSTALLATION REFERENCE . . . . . . . . . . . . . . . . . . . . . . . . . .66 CHAPTER 5 EXPERIENCE OPTIMIZED PROTOCOL . . . . . . . . . . . . . . . . . . . . . 73 OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .74 REQUIREMENTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .74 OPTIMIZATION SETTINGS . . . . . . . . . . . . . . . . . . . . . . . . . .75 BIDIRECTIONAL AUDIO . . . . . . . . . . . . . . . . . . . . . . . . . . . .75 LATENCY REDUCTION . . . . . . . . . . . . . . . . . . . . . . . . . . . . .79 MULTIMEDIA REDIRECTION . . . . . . . . . . . . . . . . . . . . . . . . .81 GRAPHICS ACCELERATION . . . . . . . . . . . . . . . . . . . . . . . . . .81
VWORKSPACE
CHAPTER 6
MANAGEMENT CONSOLE . . . . . . . . . . . . . . . . . . . 83 MANAGEMENT CONSOLE WINDOW . . . . . . . . . . . .84 MENU OPTIONS AND ICONS . . . . . . . . . . . . . . . .87
ADMINISTRATION . . . . . . . . . . . . . . . . . . . . . . . . . . . .88
iii
Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Add a New Administrator................................................ 91 Edit Administration Settings ........................................... 92 Remove an Administrator ............................................... 92 Set Permission at the Object Level .................................. 92
RESOURCES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
View the Resources Assigned to a Client......................... 103
PERFORMANCE OPTIMIZATION. . . . . . . . . . . . . . . . . . . . . . . 112 VIRTUAL IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 FILE AND REGISTRY REDIRECTION . . . . . . . . . . . . . . . . . . . . 113 WORKLOAD EVALUATORS . . . . . . . . . . . . . . . . . . . . . . . . . 113 CHAPTER 7 VWORKSPACE LOCATIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 ABOUT LOCATIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116 LOCATIONS NODE OPTIONS . . . . . . . . . . . . . . . . . . . . . . . . 116
iv
DESKTOPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Set Desktops Properties ............................................... 158
CHAPTER 8 VWORKSPACE DESKTOPS . . . . . . . . . . . . . . . . . . . . . . . . . . . 161 ABOUT DESKTOPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162 COMPUTER GROUPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163 COMPUTER GROUP PROPERTIES . . . . . . . . . . . . . . . . . . 164 VIEW MANAGED COMPUTER GROUPS . . . . . . . . . . . . . . . 169
View Summary Information .......................................... 169 View Managed Computers ............................................ 169 View Tasks for a Computer Group ................................. 170 View Logs for a Computer Group ................................... 170 Modify the Properties of a Computer Group..................... 170 Delete a Computer Group............................................. 170
PNTOOLS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198 DATA COLLECTOR SERVICE . . . . . . . . . . . . . . . . . . . . . 199 UNIVERSAL PRINT DRIVER. . . . . . . . . . . . . . . . . . . . . . 199 ACCELERATED MULTIMEDIA PLAYBACK . . . . . . . . . . . . . . . 200 USB DEVICE REDIRECTION . . . . . . . . . . . . . . . . . . . . . 200 USER PROFILE ACCELERATION . . . . . . . . . . . . . . . . . . . 200 INSTALLATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201 CHAPTER 9 MANAGE APPLICATIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203 OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204 ABOUT MICROSOFT TERMINAL SERVER . . . . . . . . . . . . . . . . . 204
vi
ABOUT MANAGED COMPUTERS . . . . . . . . . . . . . . . . . . . . . . 205 ABOUT VIRTUALIZED APPLICATIONS . . . . . . . . . . . . . . . . . . . 205 NEW APPLICATION TOOL. . . . . . . . . . . . . . . . . . . . . . . . . . 206
Start New Applications using Terminal Servers Node ........ 206 Start New Applications using the Desktops Node ............. 206 Start New Applications from the Resources Node ............. 207
CHAPTER 10 APPLICATION COMPATIBILITY ENHANCEMENTS . . . . . . . . . . . . . 225 ABOUT APPLICATION COMPATIBILITY ENHANCEMENTS . . . . . . . . 226 HOW REDIRECT-IT WORKS . . . . . . . . . . . . . . . . . . . . . . . . 226 INSTALLATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
Create a Registry Redirection Rule................................. 227 Create a File Redirection Rule ....................................... 228 Create a Folder Redirection Rule ................................... 229 View a Redirection Rule ............................................... 230 Edit a Redirection Rule................................................. 230
vii
CHAPTER 12 VWORKSPACE ADDITIONAL COMPONENTS . . . . . . . . . . . . . . . . 237 OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238 PASSWORD RESET SERVICE . . . . . . . . . . . . . . . . . . . . . . . . 238
Install the Password Reset Service ................................ 238 Configure the Password Reset Service............................ 239 Configure Password Management in AppPortal ................ 239 Configure Password Management in Web Access ............. 241
PROXY-IT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
Install Proxy-IT........................................................... 242 Configure Proxy-IT ...................................................... 242
CHAPTER 14 VMWARE INTEGRATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259 OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260 CONNECT TO VMWARE VIRTUALCENTER SERVERS . . . . . . . . . . 260 DISK AND MEMORY PERSISTENCE . . . . . . . . . . . . . . . . . . . . 260 DATA CENTERS . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
Add a Data Center using the Datacenter Wizard .............. 262
viii
CHAPTER 15 VIRTUAL IRON INTEGRATION . . . . . . . . . . . . . . . . . . . . . . . . 283 OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284 DATA CENTERS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284
Add a Data Center using the Datacenter Wizard .............. 284
POWER MANAGEMENT . . . . . . . . . . . . . . . . . . . . . . . . . . . 299 CHAPTER 16 MICROSOFT HYPER-V INTEGRATION . . . . . . . . . . . . . . . . . . . . 301 OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302 HYPER-V BROKER HELPER SERVICE . . . . . . . . . . . . . . . . . . . 302 INSTALLATION TIPS . . . . . . . . . . . . . . . . . . . . . . . . . . 302 HOSTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
Add a Host using the Hyper-V Host Wizard ..................... 303
POWER MANAGEMENT . . . . . . . . . . . . . . . . . . . . . . . . . . . 314 CHAPTER 17 PARALLELS VIRTUOZZO INTEGRATION . . . . . . . . . . . . . . . . . . . 315 OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316 ABOUT PARALLELS VIRTUOZZO . . . . . . . . . . . . . . . . . . . . . . 316
Import Virtuozzo Slave Nodes ....................................... 317 Add Independent Virtuozzo Nodes ................................. 321
ix
CHAPTER 18 NON-POWER MANAGED DATA CENTERS . . . . . . . . . . . . . . . . . . 335 OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336 COMPUTER GROUPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336
Add Computer Groups to Other/Physical Type ................. 338
CHAPTER 19
VWORKSPACE VWORKSPACE
ABOUT THE VAS CLIENT 32 . . . . . . . . . . . . . . . . . . . . 348 ABOUT THE VAS CLIENT 32T . . . . . . . . . . . . . . . . . . . 348
vWorkspace Client Executables . . . . . . . . . . . . . . . . . 349
VWORKSPACE
MULTIPLE MONITOR SUPPORT . . . . . . . . . . . . . . . . . . . . . . 351 MANAGE APPPORTAL CONNECTIONS . . . . . . . . . . . . . . . . . . . 352 ABOUT THE CONNECTION PROPERTIES . . . . . . . . . . . . . . 352
Connectivity Settings . . . . . . . . Firewall/Proxy Traversal Setting . Credentials Settings . . . . . . . . . Display Settings . . . . . . . . . . . . Local Resources Settings . . . . . . User Experience Settings . . . . . . Password Management Settings . Desktop Integration Settings . . . Auto-Launch Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353 355 357 358 360 362 364 365 366
APPPORTAL ACTIONS MENU OPTIONS . . . . . . . . . . . . . . . 367 APPPORTAL SETTINGS MENU OPTIONS . . . . . . . . . . . . . . 369 ABOUT THE PNTRAY . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369 CHAPTER 20 VWORKSPACE USER SESSIONS . . . . . . . . . . . . . . . . . . . . . . . . 373 OVERVIEW OF USER ACCESS . . . . . . . . . . . . . . . . . . . . . . . 374 MANAGE TERMINAL SERVER SESSIONS . . . . . . . . . . . . . . . . . 374
View View View View View Users Connected to Terminal Servers ..................... 375 Terminal Server Sessions ..................................... 376 Client Information for an Active Session ................. 378 Terminal Server Processes .................................... 379 Terminal Server Applications ................................. 380
USER ACCESS OPTIONS IN THE RESOURCES NODE . . . . . . . . . . 381 ADDITIONAL CUSTOMIZATIONS . . . . . . . . . . . . . . . . . . . 381
Create New Additional Customization Settings................. 381
Assign Clients to the Client List ..................................... 390 Unassign Clients from the Client List .............................. 390 View Client Properties .................................................. 390 Schedule Access Hours ................................................ 390
xi
SCRIPTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 398
Assign a Script............................................................ 399
WALLPAPERS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405
Assign Wallpapers ....................................................... 405 Change Wallpaper Properties ........................................ 406 Add New Wallpaper ..................................................... 407
CHAPTER 21 USER PROFILES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409 OVERVIEW OF USER PROFILES . . . . . . . . . . . . . . . . . . . . . . 410 HOW USER PROFILES WORK . . . . . . . . . . . . . . . . . . . . 411 USER PROFILES PROPERTIES . . . . . . . . . . . . . . . . . . . . . . . 411 GENERAL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412 STORAGE SERVERS . . . . . . . . . . . . . . . . . . . . . . . . . . 413 SILOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415 PERMISSIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416 CONFIGURE USER PROFILES . . . . . . . . . . . . . . . . . . . . . . . 416
Configure User Profiles Properties.................................. 416
xii
CHAPTER 22 VWORKSPACE WEB ACCESS . . . . . . . . . . . . . . . . . . . . . . . . . . 427 ABOUT WEB ACCESS . . . . . . . . . . . . . . . . . . . . . . . . . . . . 428 INSTALLATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 429
Install Web Access ...................................................... 430
WEB ACCESS MANAGEMENT CONSOLE . . . . . . . . . . . . . . . . . 430 GLOBAL SETTINGS . . . . . . . . . . . . . . . . . . . . . . . . . . 431 FARM SETTINGS . . . . . . . . . . . . . . . . . . . . . . . . . . . . 432 CONFIGURATION . . . . . . . . . . . . . . . . . . . . . . . . . . . 432
Configure Farms . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433
Add or Remove a Farm ................................................ 433
USE WEB ACCESS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453 INTEGRATION WITH JUNIPER NETWORKS SECURE ACCESS . . . . . . 460
Create Custom Headers ............................................... 460
xiii
CHAPTER 23 VWORKSPACE AND THE SSL GATEWAY . . . . . . . . . . . . . . . . . . 467 ABOUT THE SSL GATEWAY . . . . . . . . . . . . . . . . . . . . . . . . 468 INSTALLATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 468
Install the SSL Gateway ............................................... 469
CHAPTER 24 UNIVERSAL PRINTING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 483 ABOUT PRINT-IT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 484 PRINT-IT COMPONENTS . . . . . . . . . . . . . . . . . . . . . . . . . . 485 UNIVERSAL PRINT DRIVER. . . . . . . . . . . . . . . . . . . . . . 485 UNIVERSAL NETWORK PRINT SERVICES . . . . . . . . . . . . . . 485 UNIVERSAL PRINT DRIVER OPTIONS . . . . . . . . . . . . . . . . . . . 486 UNIVERSAL NETWORK PRINTER AUTO-CREATION OPTION . . . 486 UNIVERSAL CLIENT PRINTER AUTO-CREATION OPTION . . . . . 488 PRINT-IT PROPERTIES . . . . . . . . . . . . . . . . . . . . . . . . 489
Print-IT Client Properties . . . . . . . . . . . . . . . . . . . . . . 501
UNIVERSAL NETWORK PRINT SERVICES OPTIONS . . . . . . . . . . . 503 UNIVERSAL NETWORK PRINT SERVER EXTENSIONS OPTION . . 503
Setup Print-IT Printers ................................................. 504 Add Network Printers................................................... 504 Assign Printers to Clients.............................................. 505
PRINTERS WINDOW IN VWORKSPACE MANAGEMENT CONSOLE . . . 511 PRINT-IT PRINTER PROPERTIES . . . . . . . . . . . . . . . . . . 512
View and Edit Print-IT Printer Properties......................... 512
xiv
CHAPTER 25 USB DEVICES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 515 ABOUT USB DEVICES . . . . . . . . . . . . . . . . . . . . . . . . . . . 516 USB REDIRECTION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 516
Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 516
CHAPTER 26 WORKLOAD MANAGEMENT AND PERFORMANCE OPTIMIZATION . . 525 ABOUT WORKLOAD MANAGEMENT . . . . . . . . . . . . . . . . . . . . 526 HOW WORKLOAD MANAGEMENT WORKS . . . . . . . . . . . . . 526 WORKLOAD MANAGEMENT ON TERMINAL SERVERS . . . . . . . 529 WORKLOAD EVALUATOR GUIDELINES . . . . . . . . . . . . . . . 529
Create Workload Evaluators.......................................... 530 Assign Workload Evaluators to Servers .......................... 531 Assign Workload Evaluators to Managed Applications ....... 531
PERFORMANCE OPTIMIZATION. . . . . . . . . . . . . . . . . . . . . . . 532 ABOUT CPU UTILIZATION MANAGEMENT . . . . . . . . . . . . . 532 ABOUT VIRTUAL MEMORY OPTIMIZATION . . . . . . . . . . . . . 533
Install CPU and Memory Optimization . . . . . . . . . . . . . 535 Enable CPU and Memory Optimization. . . . . . . . . . . . . 535
xv
APPENDIX B . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 555 ABOUT THE CONFIG.XML FILE . . . . . . . . . . . . . . . . . . . . . . 555 LOCATION SECTION OF CONFIG.XML. . . . . . . . . . . . . . . . 563 GLOSSARY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 565 INDEX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 571
xvi
Upgrade Considerations
The following consideration needs to be reviewed prior to completing an upgrade to Quest vWorkspace version 6.0.
Any versions of PNTools that are previous to the vWorkspace 6.0 release must be removed before proceeding with the installation of vWorkspace 6.0.
Features
Parallels Virtuozzo Containers Integration Experience Optimized Protocol Features Geographic Locations vWorkspace Web Access Interface HP Remote Graphics Software Remote Control Sessions for VDI User Profiles Enhancements and Support for Desktops
Microsoft Windows Vista and Server 2008 Support Security Enhancements Persistent Disks and Memory for VMware Bandwidth Optimization
Settings for the optimization features can be enabled so that users can automatically connect to the features at logon. See Experience Optimized Protocol for more information.
xviii
xix
Assignment of VM
The ability to assign a virtual machine to client type of Users, Groups, Device Addresses, Device Names, or Organizational Units is available with this release. Clients can be assigned to a specific computer based on User, Device Name, Device Address, Organizational Unit, or Group by using the Computer Group wizard. These assignments are made on the Client Assignment window of the Computer Group wizard. See Client Assignment in the vWorkspace Management Console chapter for more information.
Security Enhancements
Enhancements have been made to add additional security to PIT files when using a launch application method.
xx
USB Redirection
The ability to use virtually any USB connected device (PDAs, local printers, scanners, cameras, headsets) in conjunction with VDI is included in this release. Users can connect multiple USB devices and then decide which devices to share. See USB Redirection for more information.
Bandwidth Optimization
Integration with quality of service (QoS) and bandwidth compression devices, where RDP settings are automatically configured to allow the QoS devices to further compress and cache RDP content, has been added with this release. See Computer Group Properties for more information.
Whats Changed
Listed below are some of the features that have changed in vWorkspace 6.0: An additional column has been added to the vWorkspace Management Console to identify if computers are disabled or enabled. With this change, disabled computers can be easily identified. A wizard is available to assist with publishing multiple App-V/SoftGrid applications at the same time. Virtual Channel Policy has been renamed to Client Settings. Microphone, Local Text Echo, Graphics Acceleration, and Multimedia Redirection has been added to the Client Settings.
xxi
VMware icons have been changed from the standard VMware icon to the VirtualCenter Server icon. Properties for Connection Brokers, Terminal Servers, Desktops, and Other Servers are now configured on the Managed Computers Properties window, located under Properties, from the Locations context menu. A new Ticket Expiration setting has been added to the Communications Settings of the Connection Brokers Properties. Locations | Properties | Communication Settings The seamless windows logic is now disabled during logon, replaced by a progress window that includes a Detail button that enables users to view any problems that might occur during logon. Once the application is started, the progress window closes and all windows display seamlessly. Previous references to the computer assignment label of Permanent has been changed to Persistent. Previous references to USB Handhelds has been renamed to USB Devices. A new step, Install Files Path, has been added to the Advanced Settings of the Sysprep process for new and imported sypreps for VMware machines. This step can be used if you are using VMware update 3, as with the update 3 release an InstallFilesPath entry needs to be added in the sysprep information in order for the VM to be joined to a domain. The ability to select Remote Control has been added to the Processes tab function for Terminal Servers.
xxii
Overview
The Quest vWorkspace Administration Guide is designed to assist administrators with tasks pertaining to deploying, managing, and using the Quest vWorkspace. It assumes familiarity with: Microsoft Windows XP Professional and Microsoft Windows Server 2003 Virtual Iron Version 3.x VMware Virtual Infrastructure 3 and VirtualCenter 2 Microsoft Hyper-V Parallels Virtuozzo Containers
It is recommended that you review the table of contents to familiarize yourself with the topics of discussion.
Conventions
In order to help you get the most out of this guide, we have used specific formatting conventions. These conventions apply to procedures, icons, keystrokes, and cross-references:
ELEMENT Select Bolded text Italic text Bold Italic text Blue text CONVENTION This word refers to actions such as choosing or highlighting various interface elements, such as files and radio buttons. Interface elements that appear in Quest Software products, such as menus and commands. Used for comments. Used for emphasis. Indicates a cross-reference. When viewed in Adobe Reader, this format can be used as a hyperlink. Used to highlight additional information pertinent to the process being described. Used to provide Best Practice information. A best practice details the recommended course of action for the best result.
xxiv
ELEMENT
+ |
A plus sign between two keystrokes means that you must press them at the same time. A pipe sign between elements means that you must select the elements in that particular sequence.
Web site
Refer to our Web site for regional and international office information.
xxv
vWorkspace Resources
The Quest vWorkspace home page is found at http://www.vWorkspace.com. The following resources are available from the vWorkspace web site: Software downloads Select the Download link and log in. Downloadable files include the vWorkspace product, hotfixes, prerequisites, and documentation. Technical support Select the Support link and log in. Free 60-day support (from the purchase date) is available directly from Quest vWorkspace. Online knowledgebase Select the Support | Knowledgebase link to view technical articles with answers to frequently asked questions, troubleshooting tips, and white papers. Discussion forums Select the Forums link and log in to participate in discussions with other vWorkspace users about technical matters related to Quest vWorkspace software products. Technical Training Select the Education link to review course schedules and enroll in certification classes. Blog The Quest vWorkspace official blog can be found at: http://blogs.inside.quest.com/provision
Contact Support
Quest vWorkspace support is available to customers who have a trial version of our product, or who have purchased a commercial version and have a valid support contract. Contact Quest vWorkspace support at support@provisionnetworks. com or visit our Web site at http://www.vworkspace.com and click on the Support link.
Document Feedback
We would like to hear from you. Please e-mail any comments or suggestions about our documentation to pndocfeedback@quest.com.
xxvi
1
Introduction to vWorkspace
Overview Product Suites Enterprise Edition Desktop Services Edition Power Tools Suite for Terminal Servers Standard Edition Licensing
Overview
Welcome to the Quest vWorkspace, a comprehensive presentation and desktop virtualization solution. Our solutions embrace and extend the Microsoft Terminal Services platform and virtualization infrastructure platforms from VMware, Virtual Iron, and Citrix XenSource, Microsoft Hyper-V, and Parallels Virtuozzo Containers delivering resilient, scalable, and dynamic on-demand desktop deployment and application delivery for enterprises worldwide. vWorkspace leverages virtual machine technologies, as well as PC blade technologies from vendors such as IBM, Hewlett-Packard Company, and others. More than a traditional connection broker, vWorkspace empowers desktop infrastructures with extensive management and monitoring capabilities, as well as a myriad desktop and application access features. Organizations can implement vWorkspace to deliver full-featured desktops from a central infrastructure comprised of virtual and physical machines, running a Windows desktop or server operating system such as Microsoft Windows XP Professional, Windows Vista, Microsoft Windows Server 2003, or Microsoft Windows Server 2008. Throughout the enterprise, users gain access to desktop resources by using thin client terminals or repurposed PCs running a Web browser and the vWorkspace client. Mobile and home users can gain single, secure access point to the same vWorkspace-enabled infrastructure via the built-in SSL gateway or various third-party SSL VPN appliances. vWorkspace offers desktop management and client access methodologies very similar to those found in Windows Terminal Server environments. Desktop workspaces are provisioned and managed in groups that are functionally similar to Terminal Server silos. These desktop groups are referred to in the vWorkspace as managed computer groups. A managed computer group is a logical grouping of virtual or physical machines that share common attributes and adhere to common policies. A managed computer group often mirrors a departmental function or task, a geographical location, or an outsourced entity. A vWorkspace-enabled hosted desktop infrastructure consists of a farm of managed computer groups. Similar to Windows Terminal Server environments, the workspace experience is delivered to the client in the form of a published desktop, or as a set of individually published applications which are preinstalled onto each desktop or streamed on demand.
2
Introduction to vWorkspace
Product Suites
Several product suites are available: Hosted Desktops and Terminal Servers (Enterprise Edition) This product builds a unified infrastructure comprised of Windows Terminal Servers and standard Windows desktops. Some of the features include: Application Publishing Load Balancing Seamless Windows Connections Web Access SSL Gateway Universal Print Driver User Profile Acceleration
3
USB Redirection Performance Optimization Virtual IP Session Configuration and Lockdown File and Registry Redirection Concurrent User Licensing
Hosted Desktops Only (Desktop Services Edition) This product builds and manages infrastructures comprised of standard Windows desktops running on physical PCs or in a virtualized environment. Some of the features include: Integration with VMware VirtualCenter, Virtual Iron, Microsoft Hyper-V, and Parallels Virtuozzo. Sysprep-based Desktop Provisioning Power State Management Application Publishing Seamless Windows Connections Web Access SSL Gateway Universal Print Driver USB Redirection Concurrent User Licensing
Power Tools Suite for Terminal Servers (Standard Edition) This product empowers your existing Terminal Server infrastructure with additional features, which include: Universal Print Driver User Profile Acceleration USB Redirection Performance Optimization Virtual IP Session Configuration and Lockdown File and Registry Redirection Concurrent User Licensing
Introduction to vWorkspace
Standalone Power Tools for Terminal Servers This product allows you to license specific power tools, but not the entire suite. Licensing is on a per server basis.
Enterprise Edition
vWorkspace Hosted Desktops and Terminal Servers (Enterprise Edition) includes all the functional modules included with the Standard and Desktop Services Editions. In addition, it includes Terminal Services Enhancements (Provision-IT) that extend the inherent capabilities of Windows Terminal Server with such important features as application publishing, load balancing, seamless windows, Web Interface, and SSL Gateway.
Secure-IT
Secure-IT is a Secure Sockets Layer (SSL) gateway designed to simplify the deployment of business-critical applications via the Internet, securely and cost-effectively. With Secure-IT, RDP connections from client workstations to the Secure-IT server are encrypted using SSL, and sent through the firewall on TCP port 443. Once received by the Secure-IT server, the SSL traffic is then decrypted and forwarded to the Provision-IT Terminal Servers on TCP port 3389, which is the standard RDP port. Outbound RDP traffic passing through the Secure-IT server is encrypted and forwarded to the client workstations.
5
Web Access
Web Access extends Provision-IT functionality by enabling Win32 clients to access published applications using a standard Web browser. With Web Access, traditional client and server applications can be instantly deployed over the Web, eliminating the need to rewrite Web-specific versions of these applications.
Introduction to vWorkspace
vWorkspace offers desktop management and client access methodologies very similar to those found in Windows Terminal Server environments. Desktop workspaces are provisioned and managed in groups that are functionally similar to Terminal Server silos. These desktop groups are referred to in vWorkspace as managed computer groups. A managed computer group is a logical grouping of virtual or physical machines that share common attributes and adhere to common policies. A managed computer group often mirrors a departmental function or task, a geographical location, or an outsourced entity. A vWorkspace-enabled hosted desktop infrastructure consists of a farm of managed computer groups. Also, the vWorkspace experience is delivered to the client in the form of a published desktop, or as a set of individually published applications which are preinstalled onto each desktop or streamed on demand.
Application streaming is a software distribution methodology used to enhance the management and flexibility of a desktop infrastructure by making the need to pre-install (manually or by using conventionally software distribution tools) the applications onto each desktop unnecessary.
Introduction to vWorkspace
Key Features
The following key features and aspects of the Desktop Services Edition are described below: Connection Broker Virtual Machine Management Tasks Desktop Group and Individual Desktop Policies Desktop and Application Publishing Access Control Lists Resource Management and High Availability Client Connectivity User Experience Enhancements / Last-Mile Features
Connection Broker
The Connection Broker offers the following features: Highly scalable Windows service. Integrates with Virtual Iron Virtualization Manager and VMware VirtualCenter Server to provision and customize new desktop workspaces, and to perform a broad set of power management tasks. Multiple Virtual Iron Virtualization Manager servers and VMware VirtualCenter servers are supported simultaneously. Multiple Connection Brokers are allowed per infrastructure. Installation can be inside a virtual appliance. Responds to client connectivity requests and redirects each client to the appropriate desktop. Communicates with the Data Collector service running inside each managed computer.
9
Virtual machine deletion. Virtual machine suspension and resumption. Virtual machine power-off and power-on. Virtual machine status monitoring (powered off, powered on, suspended). Desktop operating system event reporting (logged on, logged off, disconnected offline).
Virtual Iron vWorkspace Desktop Services offers the following features to assist and enhance managing desktop computers hosted in a Virtual Iron Infrastructure 4.x or newer. Wizard-based VM provisioning capability allowing the administrator to specify the following parameters: Number of virtual machines in a group. Distribute virtual machines across multiple datastores. Desired template for deploying new virtual machines.
Virtual machine status monitoring (power off and power on). Desktop operating system event reporting (logged on, logged off, disconnected offline).
10
Introduction to vWorkspace
Microsoft Hyper-V vWorkspace Desktop Services offers the following features to assist and enhance managing desktop computers hosted in a Microsoft Hyper-V environment. Wizard-based VM provisioning capability allowing the administrator to specify the following parameters: Number of virtual machines in a group. Target resource pool for creating virtual machines. Distribute virtual machines across multiple datastores. Target folder for categorizing virtual machines. Desired template for deploying new virtual machines. Customization parameters. Date and time to start the virtual machine creation process.
Virtual machine deletion. Virtual machine suspension and resumption. Virtual machine power-off and power-on. Virtual machine status monitoring (powered off, powered on, suspended). Desktop operating system event reporting (logged on, logged off, disconnected offline).
Parallels Virtuozzo Containers vWorkspace Desktop Services offers the following features to assist and enhance managing desktop computers hosted in a Parallels Virtuozzo Containers environment. Wizard-based VM provisioning capability allowing the administrator to specify the following parameters: Number of virtual machines in a group. Import master nodes and add independent nodes. Target folder for categorizing virtual machines. Desired template for deploying new virtual machines. Customization parameters. Date and time to start the virtual machine creation process.
Virtual machine power on and shut down os. Virtual machine status monitoring.
Client Connectivity
The following client devices are supported:
12
Microsoft Windows 2000 Pro/XP/Vista Microsoft Windows CE (version 5.0 and later)
Introduction to vWorkspace
13
Universal Print Driver Eliminates the need to install vendor-specific print drivers into the desktops. Driverless printers are autocreated inside each desktop using a single EMF-based universal print driver, regardless of printer make and model. USB Redirection Enables USB-based devices to be redirected over RDP connections and used in conjunction with the BlackBerry Desktop, HotSync, and ActiveSync software running inside the hosted desktops. This feature currently works in conjunction with Windows 2000 Pro/XP/Vista. Remote Password Reset Allows users to reset their expired Windows domain passwords prior to logging on. Experience Optimized Protocol (EOP) Addresses the user experience challenges of Virtual Desktop Infrastructure (VDI) by provisioning seamless, reliable, high-performance enhancements over Microsoft Remote Desktop Protocol (RDP). These enhancements ensure that a VDI deployment can deliver on the promise of virtualization and a true local-desktop experience.
vWorkspace Database
The vWorkspace infrastructure is database-driven, requiring a shared or dedicated Microsoft SQL Server 2000 or 2005 to store its configuration information in a database referred to as the Provision or vWorkspace database. For small- to medium-size environments (up to 2,500 desktops), Microsoft SQL Server 2005 Express database management system can be used. Please note that a single vWorkspace infrastructure can encompass multiple Virtual Iron Virtualization Manager servers and VMware VirtualCenter servers, each managing several hosts.
14
Introduction to vWorkspace
Connection Broker
At the heart of vWorkspace is the Connection Broker, a highly scalable Windows service that runs on a Windows XP Professional or Windows Server 2003 computer. The Connection Broker is tasked with provisioning and managing desktops running on physical computers, such as PC blades, as well as inside virtual machines. The Connection Broker integrates with virtualization platforms from Virtual Iron and VMware using their respective Software Developer Kits (SDK) for the purpose of provisioning fully customized desktop workspaces encapsulated inside virtual machines, and, when necessary, to perform power management tasks such as Power Off, Power On, Suspend, and Resume. The Connection Broker is also responsible for client connectivity arbitration, such as determining the proper desktop to which the user will connect. For scalability and high availability, multiple Connection Brokers can coexist in a single vWorkspace infrastructure, and the computers running the Connection Broker service can either be virtual or physical. It is also possible, though not recommended for very large environments, to host the vWorkspace database on one of these computers along with the Connection Broker.
Hosted Desktops
Hosted desktops are the physical and virtual machines that run on an operating system such as Windows XP Professional and Windows Server 2003. They must be configured to accept remote desktop connections using the RDP protocol. In addition, the PNTools must be installed onto these machines, enabling them to communicate back and forth with the Connection Brokers. Specifically, the Data Collector service running on each desktop communicates with the Connection Broker to send it a heartbeat signal, as well as events such as logon, logoff, or disconnect, logon status, and connection readiness information. It also receives from the Connection Broker pre-logon configuration data, allowing the desktop to be preconfigured according to established policies, shortly prior to the user logging on. The PNTools also extends the capabilities of each desktop with user experience enhancements and last-mile features such as application publishing, seamless windows, universal print driver, and USB-based PDA redirection.
Microsoft Vista host machines require Microsoft Vista SP1 or higher to work with PNTools.
15
The TCP/IP port number requirements for vWorkspace services are listed below. Data Collector Service It listens for Connection Broker service connections on 5203. This is a Windows service that runs inside each managed computer and vWorkspace-enabled Terminal Server and communicates back and forth with the Connection Broker. When the PNTools is installed onto a desktop, a Windows Firewall port exception rule is automatically added to allow incoming connections on this port. Connection Broker It listens for Data Collector service connections on 5201. It also listens for incoming client connection requests on a configurable port, using 8080 as the default. Optionally, the Connection Broker can be configured to require SSL encryption using 443 as the default. This service communicates back and forth with the Data Collector running inside each managed computer or vWorkspace-enabled Terminal Server.
16
Introduction to vWorkspace
Password Management Service This service accepts SSL-protected client password reset requests on a configurable port, using 443 as the default. Web Interface The Web Interface, being a web service, uses HTTP and HTTPS application protocols. Although the default port numbers are 80 and 443 respectively, any ports can be used. SSL Gateway The Quest vWorkspace SSL Gateway acts as an SSL proxy for Connection Broker, Web Interface, and RDP communications, and by default listens on 443. RDP RDP listens on 3389 by default. Microsoft RDP (Remote Desktop Protocol) is used for connections from vWorkspace clients to Terminal Servers or managed computer.
Client Connectivity
The Quest vWorkspace is available for various Windows and non-Windows platforms using the AppPortal or Web Access view. The following platforms are available: Microsoft Windows Windows CE Thin Client Terminals vWorkspace Linux Client Thin Client Devices
AppPortal View
17
Microsoft Windows
In order to establish remote connections to vWorkspace managed computers, the vWorkspace client software must be installed onto the users Windows computer which could be a conventional or repurposed PC, laptop, or a Windows XPe thin client terminal. In all cases, users initiate a remote connection by using the AppPortal or a Web browser. Upon successful authentication, the authorized list of published desktops and applications are sent to the client device. Remote connections can then be initiated by clicking the desired desktop or application shortcut inside AppPortal or the Web browser. The following Microsoft Window client platforms are supported: Microsoft Windows 2000 Pro Microsoft Windows XP Microsoft Window Vista
Introduction to vWorkspace
Upon successfully connecting to and authenticating with a Connection Broker, a Linux-based client receives back a list of published desktops and applications, that can be selected and started. Upon starting a published desktop or application, the client receives from the Connection Broker the IP address of the desktop that has been assigned to the user. Lastly, the RDESKTOP client is started to initiate a direct RDP connection to the desktop. The vWorkspace Networks Linux client offers the following features: Application publishing Desktop publishing Mapping of local drives Mapping of local audio Mapping of smart cards NAT for firewall traversal RDP over SSL Window size and colors Local printer ports Local COM ports RDP printers Experience options
There is no support for USB-IT or Print-IT in this version of the client. The source code is freely available for compiling on different versions of Linux. The vWorkspace Live clients (PXE/TFTPBoot and LiveCD) are based on Debian GNU/Linux.
19
Wyse Thin OS
vWorkspace supports Wyse Thin OS (WTOS), and the configuration of it is controlled by DHCP and INI files on the Connection Broker. The following steps must be followed for configuration.
Configuration
DHCP option 188 is used to list the addresses of each Connection Broker, and the XML Communication Port. DHCP option 161 lists the servers that hold updated WTOS Firmware. Since Connection Brokers can do both of these, once may configure either or both options.
20
Introduction to vWorkspace
On the Connection Broker, browse to %ProgramFiles%\Provision Networks\Wyse. Create a subdirectory named WNOS (case sensitive). In the WNOS directory, create two sub-directories, ini and bitmap. Use Notepad to create the two ini files listed in the WNOS directory: wnos.ini contents: signon=1 autoload=1 autosignoff=yes privilege=High Domainlist=YourDomainName rdp.ini contents: Fullscreen=yes Colors=high Encryption=128 Experience=15 Lowband=no Autoconnect=1 To update the WTOS Firmware, copy the new firmware (RCA_wnos) to the WNOS directory, and set autoload=1 on the wnos.ini file. The basic configuration is completed to connect a WTOS Thin Client to a Connection Broker. If one has multiple Connection Brokers, list them in the DHCP options, and copy the contents of the Wyse Directory to each additional Connection Broker.
For users who connect using version 5.9 or lower, Compatibility Mode can be used. Please note that this delivers using a less secure PIT file. To place a Connection Broker in to Compatibility Mode, create the following registry value on all the Connection Brokers in a farm: You can put a broker into Compatibility Mode by creating the following registry value on all brokers in a farm: HKLM\Software\Provision Networks\Common\Load And License Manager CompatibilityMode = 1 REG_DWORD
21
Compliance Organizations need to contain desktop proliferation and build standardized, centrally managed computer environments that exhibit tight adherence to corporate security policies and regulatory compliance guidelines including: HIPAA Sarbanes-Oxley Gramm-Leach-Bliley
Disasters Organizations must quickly recover, reprovision, and reestablish user access to complete desktop environments to ensure business continuity. The Desktop Services Edition is deployed in conjunction with virtual machine technology such as Virtual Iron or VMware, each desktop environment is encapsulated inside a separate virtual machine. If a virtual machine becomes unrecoverable for any reason, a new one can be instantly deployed from an existing template. A virtual machine is hardware independent; it is simply files that can be instantly recovered or redeployed to an alternate data center in the event of a major disaster.
Alternative Workspace Organizations must have contingency plans in place to accommodate: Work from home employees. Employees who are quarantined due to a pandemic.
22
Introduction to vWorkspace
Isolation Unlike shared server solutions, Desktop Services Edition offers the following isolation benefits: Each desktop environment is encapsulated inside a separate virtual machine, completely isolated from other virtual machines. If a virtual machine crashes due to a faulty device driver or application, or if anything goes seriously wrong with a virtual machines, other virtual machines remain fully operational. There are no application servers that must be restarted in the event of an anomaly.
Standard OS Unlike shared server solutions, Desktop Services Edition promotes the use of standard desktop operating systems, such as Windows XP, Vista, or Windows Server 2003, and thus offers the following benefits: One machine = One user. Therefore, limited-user access (non-admin) problems or conflicts resulting from concurrent access to HKLM, common files, and other shared data structures are a thing of the past. No custom application repackaging required. No lack of support from ISVs. Does not require additional or complex IT training. Applications are installed and executed without modifications. Manage using standard desktop management tools.
Other Desktop Services Edition can reduce the costs associated with the following: Squandering of computing resources typically observed with severely under-utilized physical PCs. It is a fact that PC resource usage is typically around five percent. Mobile workers requiring additional solutions to satisfy their remote access needs. Test and validation of multiple PC hardware configurations prior to deployment. Need to support a geographically dispersed PC infrastructure with limited to no IT skills at the branch offices. Loss or theft of corporate data assets when physical PCs are stolen.
23
24
Introduction to vWorkspace
25
Virtual-IP (VIP-IT)
VIP-IT enables each user instance of a legacy application to be bound to a unique IP address for identification purposes, allowing many legacy client-server designed applications to run correctly in a multi-user environment.
Licensing
There are two types of licensing: Concurrent User Licensing Per-Server Licensing
vWorkspace Enterprise, Standard, and Desktop Services editions are all licensed on a concurrent user basis. Any number of servers can belong to the vWorkspace infrastructure using this model. For the Enterprise edition, two separate licenses are issued; one for Terminal Services Enhancements and another for Desktop Services. Each license has a user count associated with it indicating the maximum number of concurrent users that can connect and use the respective services. Each of the Power Tools for Terminal Services modules can be purchased and licensed separately. In this case, a license is needed for each server on to which a component is installed. An optional add-on, Experience Optimized Protocol, contains the following features: Bidirectional Audio Enables support for applications that require the use of a microphone.
26
Introduction to vWorkspace
Latency Reduction Enables instant echo of keystrokes when connecting over a latent network connection. A client Control Panel applet is used to adjust settings of this feature. Multimedia Redirection Enables the redirection of Microsoft Direct Show content (anything that can be played in Microsoft Windows Media Player) from the VDI or Windows Terminal Session through an RDP Virtual Channel to the client, where it is played using the local compression/decompression technology (CODEC). Graphics Acceleration Reduces bandwidth consumption and dramatically improves user experiences, making RDP usable over WAN connections.
27
You can access the Licensing windows from the File menu option in the vWorkspace Management Console, or by selecting the Licensing icon from the toolbar. There are three parts to licensing: Customer Information Licenses User Sessions
Customer Information
The Customer Information licensing window is used to enter demographic information, including an address and contact information. Once information is entered it should not be edited, as this may result in existing user licenses for the specified farm to be rendered invalid.
28
Introduction to vWorkspace
Licenses
The Licenses window enables administrators to view current licenses and to add new licenses.
29
User Sessions
The User Sessions window enables administrators to view active user sessions and license and product usage. Select User Sessions to view current user sessions.
By selecting Remote Control Session from the Sessions window, administrators are able to shadow active user sessions. Administrators can set the key command used to end the remote session on the Remote Control window. Remote control can only be accomplished when initiated from one RDP session to another. You may receive a warning message indicating that this functionality is not available to you.
30
2
Deployment Planning
Considerations
Considerations
Use the following information to become acquainted with and plan for, your implementation of vWorkspace. Storage Adequate storage space for virtual machines. A storage area network (SAN) is strongly recommended. vWorkspace Database Shared or dedicated Microsoft SQL Server 2000 or 2005. Small- to medium-size deployments (up to 2,500 virtual machines) can also use the free Microsoft SQL Server 2005 Express. Connection Broker One or more computers are needed for hosting the Connection Broker service. These computers can either be physical or virtual machines running Windows XP Professional or Windows Server 2003. Web Interface One or more computers are needed for hosting the Web Interface and SSL Gateway. These computers can either be physical or virtual machines running Windows XP Professional or Windows Server 2003. Secured Communications One or more SSL certificates for the Web Interface and Secure Gateway servers. These certificates are generated by an internal Certificate Authority (CA) or a trusted Certificate Authority such as Verisign, Entrust, and others. VMware Environment A VMware Virtual Infrastructure consisting of one or more VMware ESX 2.5 or newer servers, as well as one or more VirtualCenter 2.x or newer servers. Virtual Iron Environment A Virtual Iron infrastructure consisting of one or more Virtual Iron 4.x or newer servers. Microsoft Hyper-V Environment A Microsoft Hyper-V infrastructure consisting of a Microsoft Windows Server 2008. Parallels Virtuozzo Containers A Parallels Virtuozzo Containers infrastructure consisting of Parallels Virtuozzo Containers 4 environment.
Any versions of PNTools that are previous to the vWorkspace 6.0 release must be removed before proceeding with the installation of vWorkspace 6.0.
32
Deployment Planning
TARGET COMPUTER Preferably dedicated Windows XP Professional or Windows Server. Physical or virtual machine.
SSL CERTIFICATE Only if SSL connectivity is required, and SSL Gateway is not present.
Web Interface
Windows XP Professional or Windows Server. Physical or virtual machine. Can co-exist with SSL Gateway on same computer.
Optional.
SSL Gateway
Windows XP Professional or Windows Server. Physical or virtual machine. Can co-exist with Web Interface on same computer.
Optional.
Yes.
Yes.
33
34
3
Installation
Installation Requirements VirtualCenter SSL Certificate Microsoft SQL Server
Installation Requirements
The following requirements apply to vWorkspace infrastructures supporting either Terminal Servers or managed computers: Shared or dedicated Microsoft SQL Server 2000 or 2005. Small to medium size deployments can use the Microsoft SQL Server 2005 Express or MSDE 2000. One or more computers for hosting the Connection Broker service. These computers can either be physical or virtual machines running Windows XP Professional or Windows Server.
The following requirements apply to vWorkspace infrastructures using Hosted Desktops: For VMware environments, a VMware Virtual Infrastructure consisting of one or more VMware ESX 2.5 or newer servers, as well as one or more VirtualCenter 2.x or newer servers. This computer can either be physical or virtual machines running Windows XP Professional or Windows Server. At least one computer hosting the Connection Broker service and the VMware VirtualCenter Integration extension. For Virtual Iron environments, a Virtual Iron infrastructure consisting of one or more Virtual Iron 4.x or newer servers. Adequate storage space for virtual machines. A storage area network (SAN) is strongly recommended.
The following requirement applies to vWorkspace infrastructures using Terminal Servers: One or more computers with Microsoft Terminal Services installed in application server mode. These computers can either be physical or virtual machines running Windows XP Professional, Windows Server 2003, or Windows Server 2008.
Some optional items for vWorkspace infrastructures for Terminal Servers and Hosted Desktops include: One or more computers for hosting the vWorkspace Web Interface. These computers can either be physical or virtual machines running Windows XP Professional or Windows Server 2003 with Microsoft.NET Framework 2.0 or higher installed on them.
36
Installation
One or more computers for hosting the vWorkspace SSL Gateway. These computers can either by physical or virtual machines running Windows XP Professional or Windows Server. If password management is used, one or more computers for hosting vWorkspace Password Manager. An SSL server certificate for each deployed Connection Broker server if SSL encryption is required for their communications. An SSL server certificate for each vWorkspace Password Manager server, if being used. An SSL server certificate for the Web Interface and Secure Gateway servers. These certificates are generated by an internal Certificate Authority (CA) or trusted Certificate Authority, such as VeriSign or Entrust.
37
Various software prerequisites need to be in place depending on which vWorkspace components and features are installed.
COMPONENT Connection Broker Service with VMware and Virtual Iron Integration REQUIREMENTS Java 2 Platform Standard Edition Runtime Environment 5.0 (update 7,8,9,10, or 11) is automatically installed when this subfeature is selected to be installed. Note: Java does not show up in Control Panel | Add/Remove Programs. Microsoft SQL Server Database Engine The database for vWorkspace Enterprise Edition must be hosted on a Microsoft SQL Server. Microsoft SQL Server 2000 or Microsoft SQL Server 2005 for medium to large sized infrastructures. Microsoft SQL Sever 2005 Express Edition (requires .NET Framework 2.0) or MSDE 2000 for small and some medium sized infrastructures. Note: There is an option to have Microsoft SQL Server 2005 Express automatically installed during vWorkspace installation. See vWorkspace Installation for more information. VMware Keystore VirtualCenter server certificates must be imported into a keystore file on each Connection Broker server in the vWorkspace infrastructure if managed computers are going to be hosted in a VMware VirtualCenter environment. Note: There is an option to have the VirtualCenter server certificates automatically installed during vWorkspace installation. See vWorkspace Installation for more information. Terminal Services Terminal Services needs to be installed before vWorkspace Terminal Services Provision-IT and Power Tools for Terminal Services is installed on a server.
38
Installation
REQUIREMENTS Microsoft .NET Framework 2.0 or higher (with 3.0 support) is required on any computer that has vWorkspace Web Interface installed. Note: During vWorkspace installation, the wizard checks to see if the correct versions of Microsoft .NET Framework are installed, and if they are not, an automatic installation occurs. See vWorkspace Installation for more information.
Microsoft ASP.NET and Internet Information Services is required on any computer that has vWorkspace Web Interface installed. The minimal IIS installation would include the following on a Windows Server 2003 computer: Application Server ASP.NET Enable network COM+ access Internet Information Services Common Files Internet Information Services Manager World Wide Web Service
How to ...
Export the SSL Certificate Import the SSL Certificate Copy to Other Connection Brokers
39
Export the SSL Certificate Perform the following steps on the first designated Connection Broker in your environment. If you are installing an additional Connection Broker, refer to Copy to Other Connection Brokers. 1. Create a directory to store the keystore. This directory is commonly named VMware-Certs, for example: C:\VMware-Certs. 2. 3. Start your web browser. Enter https://VirtualCenter_server or an IP address. A Security Alert dialog box is displayed. The VirtualCenter_server name is the host name or IP address of the VirtualCenter server. 4. 5. 6. 7. 8. 9. Click View Certificate. A Certificate window is displayed. Click Install Certificate. The Certificate Import Wizard is displayed. Click Next, and the click Next again. Click Finish. A Security Warning dialog box is displayed. Click Yes to install the certificate. A Certificate Import Wizard window is displayed. Click OK.
10. Click OK in the Certificate window. 11. Click Yes in the Security Alert window. The server home page is displayed in the browser. 12. Select Tools | Internet Options. The Internet Options window is displayed. 13. Select the Content tab. 14. Click Certificates. The Certificates window is displayed. 15. Select the Trusted Root Certification Authorities tab. 16. Scroll down towards the bottom until you locate the certificate issued to and by VMware. Perform the following steps: a) Select the certificate. b) Click Export. The Certificate Export Wizard is displayed. c) Click Next. d) Click Next. e) Enter a file name C:\VMware-Certs\servername.cer. For example: C:\VMware-Certs\virtualcenter1.cer. f) Click Next.
40
Installation
g) Click Finish. 17. Click Close to close the Certificates window. 18. Click Cancel to close the Internet Options window. 19. Repeat the above steps for every VirtualCenter server you plan to use in conjunction with vWorkspace. Import the SSL Certificate For each exported certificate, you need to perform the following steps. If you are in the process of installing an additional Connection Broker, please skip directly to the section entitled Copy to Other Connection Brokers. 1. 2. 3. 4. Make sure the Java SDK tools are in your path (i.e., C:\Program Files\Java\jre1.5.0_09\bin). Open a Command Prompt. Change to the C:\VMware-Certs directory (cd C:\VMware-Certs). For each certificate you want to import, perform the following: a) Enter the following command: keytool -import -file certificate-filename -alias servername -keystore vmware.keystore Example: keytool -import -file vc-server1.cer -alias virtualcenter1 -keystore vmware.keystore b) Enter the desired password for the keystore. c) Enter Yes to trust and import the certificate.
If vWorkspace has already been installed prior to executing the previous steps, simply restart the Connection Broker service to enable it to read the root certificate store, vmware.keystore.
View or Modify Keystore Registry Entries 1. 2. 3. 4. 5. 6. Log on to the Connection Broker using an account that has administrative rights. Open the Registry Editor. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Provision Networks\VDI. To view the current value, locate and select the REG_SZ value named TrustStore. To modify the current value, locate and double-click the REG_SZ value named TrustStore. Enter the path and file name into the Value Data box, and then click OK to save and close the Edit String window.
41
7.
Copy to Other Connection Brokers Use the following instructions to copy the VMware certificates to additional Connection Brokers. 1. Copy the C:\VMware-Certs folder from the first Connection Broker in your environment to the additional designated Connection Brokers.
If vWorkspace has already been installed prior to copying the C:\VMware-Certs folder from another Connection Broker, simply restart the Connection Broker service to enable it to read the root certificate store, vmware.keystore.
42
Installation
How to ...
Install Microsoft SQL Server 2005 Express vWorkspace supports Microsoft SQL Server 2000 and 2005, as well as Microsoft SQL Server 2005 Express. The database engine can reside on any machine near the Connection Broker. Though it is not recommended for very large environments, such as those over 2,500 desktops, the SQL Server can be installed onto the same machine hosting the Connection Broker service. Use the following steps to install the Microsoft SQL Server 2005 Express. 1. Download Microsoft SQL Server 2005 Express. The setup file SQLEXPR.EXE can be downloaded from Quest vWorkspace Web site, http://www.vWorkspace.com, Download link. An account name and password is required to access downloads from the Quest vWorkspace Web site. 2. 3. Extract SQLEXPR.EXE into a temporary directory by executing SQLEXPR.EXE/x. From the temporary directory, execute the following command to automatically install an instance of SQL Server 2005 Express named PROVISION. You can specify a different SA password (SAPWD) than the one suggested below. SETUP.EXE /qb ADDLOCAL=SQL_Engine,SQL_Data_Files INSTANCENAME="PROVISION" SECURITYMODE=SQL SAPWD="Provision" DISABLENETWORKPROTOCOLS=0 4. SQL Server 2005 Express is installed in unattended mode and only displays basic setup dialogs. Error screens, if any, are displayed, and log files are written to the %ProgramFiles%\Microsoft SQL Server\90\Setup Bootstrap\LOG folder. Additional command line setup options can be found at: http://msdn2.microsoft.com/en-us/library/ms144259.aspx. Download and install Microsoft SQL Server Management Studio Express setup file, SQLServer2005_SSMSEE.msi, from Quest vWorkspace Web site http://www.vWorkspace.com. Management Studio includes the functions of SQL Server 2000 Enterprise Manager, Analysis Manager, and SQL Query Analyzer in one tool.
5.
43
44
4
vWorkspace Installation
Download vWorkspace Install the Connection Broker vWorkspace Terminal Servers vWorkspace Connectivity Features vWorkspace Peripheral Server Extensions vWorkspace Additional Components Installation Reference
Download vWorkspace
This chapter describes the steps that must be performed to install various components of vWorkspace.
An account name and password is required to access the Download link on the Quest vWorkspace Web site.
The Quest vWorkspace Download page provides links to the various vWorkspace component categories, as described in the following table. Only the current and one previous version of the vWorkspace client are available for download.
DESCRIPTION The vWorkspace client for Windows Terminal Services and Computer Services.
46
vWorkspace Installation
DESCRIPTION The Power Tools clients for Windows Terminal Services, including Print-IT and USB-IT. This package enables you to install the entire vWorkspace from a single MSI-based package. The PNTools for managed virtual machines and PC Blades running Windows XP, Vista (must be Vista SP1 or higher), and Server 2003. PNTools is an optional set of components that deliver added functionality and user experience enhancements such as the ability to: Start published applications Seamless windows Multiple monitor support 4096x2048 display resolution Universal print driver Kerberos/credentials pass-through USB based redirection Note: Any versions of PNTools that are previous to the vWorkspace 6.0 release must be removed before proceeding with the installation of vWorkspace 6.0.
The latest hotfixes and patches. Documentation and user guides. Additional components and prerequisites to accompany your installation. The Broker Helper Service for Hyper-V, which is required to be installed on to every Microsoft Hyper-V server, is located under this component.
Use the following steps to download the vWorkspace software. 1. 2. 3. Enter the URL http://www.vworkspace.com. Click the Download link at the top of the page. Enter your user login and password, and then click Enter. If you do not have a user account, you can create one by selecting New Users Register Here.
47
Select the link for the component category you want to download on the Downloads page.
Any versions of PNTools that are previous to the vWorkspace 6.0 release must be removed before proceeding with the installation of vWorkspace 6.0.
The following steps should be performed on all the designated Connection Brokers. 1. 2. Execute the start.exe installer program. Review the options on the vWorkspace window, and then click Install to start the installation process.
48
vWorkspace Installation
Use this option to review what is new with this release. Use this option to review release notice for this release version. Use this option to review the contents of the license agreement. Use this option to initiate the installation process. Use this option to browse the contents. Use this option to exit the install.
3. 4. 5. 6. 7.
Click Next on the Welcome window. Accept the License agreement. Select an option on the Licensing Mode window. Select Connection Broker Service from the list of available features on the Custom Setup window. Do one of the following: Select the Integration with VMware VI3 and Virtual Iron subfeature if you plan to use vWorkspace in conjunction with VMware or Virtual Iron and then click Next.
OR
Select the Integration with Microsoft Hyper-V subfeature if you plan to use vWorkspace in conjunction with Microsoft Hyper-V servers, and then click Next.
OR
Select the Integration with Parallels Virtuozzo subfeature if you plan to use vWorkspace in conjunction with Parallels Virtuozzo Containers, and then click Next.
49
8.
If Microsoft .NET version 2.0 or higher is not detected on your system, the following window appears:
50
vWorkspace Installation
9.
Do one of the following on the Microsoft .NET Framework Prerequisite window: a) Click Back to return to the Custom Setup window and unselect features so that you can proceed with the install without installing Microsoft .NET Framework. b) Click Next to have the Microsoft .NET Framework installed. Follow the installation instructions on the Microsoft .NET Framework windows. c) Click Cancel to stop the installation process. Items that have been chosen to be installed appear in black font, and items that have not been selected to be installed appear in gray font.
10. Select one of the following options on the Management Database Setup window, and then click Next: Connect to an existing database Select this option to connect this computer to an existing management database. See step 11 to continue the install. Create a new database on an existing SQL Server Select this option to create a new management database on an existing SQL server. See step 12 to continue the install. Install SQL Server Express Edition on this computer and create a new database Select this option to install SQL Server Express and create a new management database. See step 13 to continue the install.
51
Do nothing at this time Select this option to skip the configuration during the install, and manually configure the management database.
See Manual Database Configuration for more information on how to configure the database from the vWorkspace Management Console.
11. If you selected Connect to an existing database, do the following: a) Complete the necessary information on the Management Database Configuration window.
12. If you selected Create a new database on an existing SQL Server, do the following: a) Complete the necessary information on the Management Database Configuration window.
52
vWorkspace Installation
13. If you selected Install SQL Server Express Edition on this computer and create a new database, do the following: a) Complete the necessary information on the Management Database configuration window. The SQL Server Name and SQL User Name are grayed out and the information in these fields are not able to be changed.
b) The Microsoft SQL Server Installation wizard appears. Follow the installation instructions on the wizard windows, and then click Install. 14. If you are using VMware, complete the information on the VMware Keystore File Creation window by selecting one of the following options, and then click Next. If you are not using VMware, click Next. Do nothing at this time. Create a new keystore file. Copy the keystore file from an existing Connection Broker.
15. If you are using a Virtual Iron server, complete the information on the Virtual Iron Jar Libraries window. If you are not using a Virtual Iron server, click Next.
53
16. Complete the information on the Add Server to Management Database window, and then click Next.
OR
Click Skip to add the server to the management database manually in the vWorkspace Management Console.
54
vWorkspace Installation
55
DESCRIPTION This feature leverages and extends the features of Windows Terminal Services and Remote Desktop Protocol (RDP) by enhancing deployments with core enterprise features that include: Application publishing Load Balancing Seamless window connections Session sharing Credentials pass-through Extended screen resolutions Multiple monitor support
POWER TOOLS SUITE FOR TERMINAL SERVERS Universal Print Drive (Print-IT) This feature enables driver independent printing to client side printers as well as LAN and WAN based network printers. Two subfeatures include: Universal Client Printer Auto-Creation Universal Network Printer Auto-Creation CPU and Virtual Memory Optimization (Max-IT) This feature improves application response times, enhances end-user experience, and increases Terminal Server capacity by optimizing the use of virtual memory and managing CPU utilization. Two subfeatures include: Virtual Memory Optimization CPU Utilization Management PDA Redirection (USB-IT) This feature enables seamless redirection of USB based Palm, BlackBerry, and PocketPC handheld devices in Terminal Server sessions. This feature combines the persistence of roaming profiles with the speed and stability of mandatory local profiles. This feature enables each user instance of legacy applications to be bound to a distinct IP address for identification purposes.
56
vWorkspace Installation
DESCRIPTION This feature enhances Terminal Server security by protecting against unauthorized access to sensitive software programs and network resources. Two subfeatures include: Application Access Control (AAC) Protects against unauthorized access to sensitive software programs from within a Terminal Server session. Host Access Control (HAC) Prevents programs running from within Terminal Server sessions from gaining access to unauthorized network resources.
This feature automates several time-consuming session configuration and lock-down tasks that are applied when users log in to a Terminal Server. This feature eliminates many conflicts that can occur when running applications in a multi-user environment such as Terminal Server by creating user specific instances of HKLM registry keys and files or folders stored in common system areas. This feature enables Terminal Server users to execute time sensitive applications using their respective time zones rather than the time zone of the Terminal Server to which they connect.
How to ...
Install Terminal Server Components Use the following steps to install the appropriate components onto all designated Terminal Servers. 1. 2. 3. 4. 5. 6. 7. Execute the start.exe installer program. Click Next on the Welcome window. Accept the License agreement. Select Hosted Desktops and Terminal Servers (Enterprise Edition) on the Custom Setup window. Select Terminal Servers Enhancements (Provision-IT). Expand the Power Tools for Terminal Servers option, and select the options that are to be installed, and then click Next. Click Install.
57
How to ...
Install the SSL Gateway 1. 2. 3. Execute the start.exe installation program. Select SSL Gateway (Secure-IT) from Connectivity Features on the Custom Setup window. Click Next and complete the installation.
58
vWorkspace Installation
User Profile Storage Service Enhances the management, performance, and storage efficiency of user profiles in Terminal Server environments.
How to ...
Install Peripheral Server Extensions 1. 2. 3. 4. Execute the start.exe installation program. Click Next on the Welcome window. Accept the License agreement. Select Hosted Desktops and Terminal Servers (Enterprise Edition), and then Peripheral Server Extensions.
59
5. 6.
Select the appropriate features. Click Next and complete the installation.
60
vWorkspace Installation
How to ...
Install the Password Reset Service 1. 2. 3. 4. 5. 6. Execute the start.exe installation program. Click Next on the Welcome window. Accept the License agreement. Select Hosted Desktops and Terminal Servers (Enterprise Edition), and then Additional Components. Select the appropriate features. Click Next and complete the installation.
How to ...
Install the vWorkspace Management Console 1. 2. 3. Execute the start.exe installation program. Click Next on the Welcome screen. Accept the License agreement.
61
4. 5. 6.
Select Hosted Desktops and Terminal Servers (Enterprise Edition), and then Additional Components. Select vWorkspace Management Console. Click Next and complete the installation.
vWorkspace Client
To enable users to connect to managed applications and desktops in a vWorkspace infrastructure, a vWorkspace client must be installed onto their client device. The following is a list of available client packages: VASCLIENT32 This package includes the AppPortal GUI, but can also be used with the Web Interface. It is referred to as the vWorkspace Client or AppPortal. VASCLIENT32.EXE MSI-based installation with EXE bootstrapper. The MSI Engine (2.0 or higher) must already be installed onto the target client workstations. VASCLIENT32.MSI MSI-based installation without EXE bootstrapper. The MSI Engine (2.0 or higher) must already be installed onto the target client workstations. VASCLIENT32.CAB CAB-based installation for automatic deployment via the Web Interface. VASCLIENT32T Web Interface access only; this package does not include the AppPortal GUI. It is referred to as the vWorkspace Web Client. VASCLIENT32T.EXE MSI-based installation with EXE bootstrapper. The MSI Engine (2.0 or higher) must already be installed onto the target client workstations. VASCLIENT32T.MSI MSI-based installation without EXE bootstrapper. The MSI Engine (2.0 or higher) must already be installed onto the target client workstations. VASCLIENT32T.CAB CAB-based installation for automatic deployment via the Web Interface.
62
vWorkspace Installation
How to ...
Install the vWorkspace Client Perform the following steps to install the vWorkspace Client on Windows computers, laptops, and XP embedded thin client terminals. 1. 2. 3. 4. 5. 6. 7. Download vasclient32.xxx or vasclient32t.xxx. The xxx denotes EXE or MSI. Execute vasclient32.xxx or vasclient32t.xxx and follow the setup instructions. Click Next at the Welcome window. Accept the terms of the License Agreement, and then click Next. Click Next at the Customer Information window. Click Next at the Destination Folder window. Select the option Enable Credentials Pass-Through, and then click Next. This option should only be selected if the client computer is joined to the domain and you want to reuse the users domain credentials on the client computer to authenticate with the vWorkspace-enabled desktop infrastructure without having to retype them every time. This is an optional step.
8.
Select the desired shortcuts on the Shortcut Options window, and then click Next. This window is not available with VASCLIENT32T.
63
9.
Click Install to begin the installation. You may be prompted to restart your system after the installation of the vWorkspace client has completed.
64
vWorkspace Installation
The following are a list of prerequisites for the Web Interface: Microsoft .NET Framework 2.0 Microsoft ASP.NET Internet Information Services (IIS)
Multiple versions of the.NET Framework can coexist on the same machine. To determine whether one or both versions are already installed, check for the presence of one or both directories, namely, v1.1.4322 and v2.0.xxxxx, under %SYSTEMROOT%\Microsoft.NET\Framework. To reinstall the.NET Framework, execute ASPNET_REGIIS.EXE i from either the v1.1.4322 or v2.0.xxxxx folder. This may be necessary if the ASP.NET Web Server Extension is not present in Internet Information Services (IIS) Manager. This is often the case if the administrator has previously uninstalled the.NET Framework (ASPNET_REGIIS.EXE u).
How to ...
Install the Web Interface 1. Ensure the following has been completed before installing the Web Interface: a) ASP.NET and Internet Information Services (IIS) subcomponents of the Application Server are installed. b) Word Wide Web Service subcomponent of Internet Information Services (IIS) is installed. c) Microsoft.NET Framework version 2.0 is installed. d) ASP.NET Web Service Extension is allowed in the Internet Information Services (IIS) Manager. 2. 3. Execute start.exe. Select Web Interface (Web-IT) from Connectivity Features on the Custom Setup window.
This feature is only available for installation if the WWW service is already installed.
4.
65
Installation Reference
This section references some of the vWorkspace installation windows and descriptions of the options.
DESCRIPTION This option is selected if you do not want to create a new keystore or copy one from an existing Connection Broker. This option is selected to create a new keystore file, select this option and then click Next. The Keystore File Management window is displayed. See Keystore File Management for more information. This option is selected to copy a keystore file from an existing Connection Broker, select this option. The fields of Existing Broker, Windows Admin Name, and Admin Password are enabled and need to be completed.
66
vWorkspace Installation
DESCRIPTION This box is where you specify the broker from which the keystore file is to be copied. This box is for the admin name of an account with Windows administrative rights on the remote broker. You can leave this box blank to reuse your credentials.
Admin Password
This box is for the admin password of the account entered in the Windows Admin Name box. You can leave this box blank to reuse your credentials.
DESCRIPTION This box is used to identify a keystore file password. At least one VMware VirtualCenter server certificate to the keystore. The password needs to be at least six (6) characters in length. 67
DESCRIPTION This box is used to identify the host name or IP address of your VirtualCenter Server. If you are using a host name, make sure it is resolvable.
This box is for the admin name of an account with Windows administrative rights on the remote broker. You can leave this box blank to reuse your credentials.
Admin Password
This box is for the admin password of the account entered in the Windows Admin Name box. You can leave this box blank to reuse your credentials.
Skip button
DESCRIPTION This field is used to identify the server This button is to be selected after you have entered your Virtual Iron server information.
68
vWorkspace Installation
OPTION Protocol
DESCRIPTION This field is used to define the protocol as used in your Virtual Iron setup. The default is http.
Port
This field is for the port that is used in your Virtual Iron setup. The default is 80.
DESCRIPTION This option is selected if you want to keep your existing database configuration, as displayed in the fields of Data Source Name, Database Version, SQL Server Name, and Database Name, on this window.
69
DESCRIPTION This option is used if you want to configure a new database connection. The Management Database Setup window is presented after this option is selected. You then can select from the following options on that window: Connect to an existing database. Create a new database on an existing SQL Server. Install SQL Server Express Edition on this computer and create a new database. Do nothing at this time.
OPTION Password
DESCRIPTION This box must have a password, for existing installations, if you are prompted by the vWorkspace Management Console for a password at startup.
70
vWorkspace Installation
OPTION Next
DESCRIPTION This button needs to be selected to verify if the server that was selected previously exists in the management database. If it does not exist, it is automatically added. The Skip button can be used to move forward and to not verify that the selected server exists in the management database. If you choose to skip this step, you need to manually add the selected database to thevWorkspace Management Console.
71
72
5
Experience Optimized Protocol
Overview Requirements Optimization Settings Bidirectional Audio Latency Reduction Multimedia Redirection
Overview
The Experience Optimized Protocol (EOP) addresses the user experience challenges of Virtual Desktop Infrastructure (VDI) by provisioning seamless, reliable, high-performance enhancements over remote desktop software. These enhancements ensure that your VDI and Terminal Server deployment can deliver on the promise of virtualization and a true local-desktop experience. One of the key features of the EOP is the ability to improve the remoting of graphic intensive applications, including Internet browser content and support multimedia content such as webcasts and web-based training. The following features are available through the Experience Optimized Protocol license: Bidirectional Audio Enables support for applications that require the use of a microphone, such as dictation, collaboration, and certain VOIP applications. Latency Reduction Enhances the user experience when typing, if they are connecting over a high latency network connection. A client Control Panel applet is used to adjust settings of this feature. Multimedia Redirection Enables the redirection of Microsoft DirectShow content (anything that can be played in Microsoft Windows Media Player) from the VDI or Windows Terminal Session through an RDP Virtual Channel to the client, where it is played using the local compression/decompression technology (CODEC). Graphics Acceleration Reduces bandwidth consumption and dramatically improves user experiences, making RDP usable over WAN connections.
These features can be assigned to Users, Groups, OU, Client IP or Client Device Name, so you can choose to license specific clients for this, as necessary.
Requirements
To use the features included in the EOP, the following requirements need to be met: The Experience Optimized Pack license needs to be acquired and added to the Licenses in the vWorkspace Management Console. The same version of vWorkspace needs to be used, that is the version, including the vWorkspace client and PNTools.
74
Optimization Settings
The EOP features are only available for the following: Hosts (servers): Microsoft Windows XP Professional Microsoft Windows Server 2003 Clients: Microsoft Windows XP Professional Microsoft Vista Microsoft Windows XP Embedded
The Microsoft Remote Desktop Connection needs to be at version 5.2 or higher. Microsoft Windows Media Player version 10 on the server side. The EOP functionality can be used for only the 32- bit applications that are on a 64-bit platform.
Optimization Settings
The features of EOP are installed via the vWorkspace installer, along with valid license. Administrators can limit to whom and which features are automatically presented to users during the log on process. The optimizations settings of Graphics Acceleration, Local Text Echo, and Multimedia Redirection can be found at the following locations. The options are set to disable by default. Quest vWorkspace Remote Desktop Connection | Experience tab | Optimizations section vWorkspace AppPortal | Actions | Manage Connections | User Experience Optimizations section Web Access (Admin) | User Experience | Performance | Optimizations section
Bidirectional Audio
This feature enables users to redirect their microphone devices to Terminal Servers and hosted desktops for use with applications involving dictation and for certain VOIP applications.
75
Microphone sound quality is best with sufficient bandwidth, at least 25 to 30 Kbps, to support the audio channels.
The Client Settings, Remote Computer Sound option overrides the setting for Remote computer sound on the Local Resources window in the AppPortal setup, as well as the Local Resource Settings window in the Web Access setup.
76
Bidirectional Audio
Bidirectional audio for the AppPortal client can be setup several different ways: Manage Connections | Local Resources Quest vWorkspace Remote Desktop Connection | Local Resources
If you use the setup option of the Manage Connections, you need to set Remote computer sound to Bring to Local Computer and select the Microphone option. Once completed, you need to click OK.
77
If you use the setup option, Quest vWorkspace Remote Desktop Connection, set the Remote computer sound option to Bring to this computer, and select the Microphone option.
The setup option for this feature for the Web Access client is Remote computer sound, of the Local Resources option.
78
Latency Reduction
Latency Reduction
This feature enables a local presentation of keystrokes when a user is connecting over a high latency network connection. The user can type at full speed without waiting for the keystrokes to appear, as the text appears in a bubble as it is typed. It is important to note that most password fields are not displayed in a text bubble when connecting over a high latency network.
79
A client Control Panel applet, Local Text Echo Client, is used to change the default settings, such as the bubble size and latency speed.
A server Control Panel applet, Local Text Echo Server, is used to set a list of application exclusions for text echo.
80
Multimedia Redirection
Multimedia Redirection
This feature redirects Microsoft Windows Media content through an RDP virtual channel to the client, where it is played using the local compression/decompression (CODEC) technology. This enables support for full fidelity playback of Microsoft Windows Media content. Multimedia Redirection accelerates the delivery of multimedia content such as recorded webcasts and web-based training from remote virtualized desktops and applications. The requirements for multimedia redirection include: Microsoft Windows Media Player version 10 installed on the virtual host (server). All vWorkspace components, including PNTools and the vWorkspace client need to be on the same version. Microsoft Windows Media Player 10 and proper CODEC to decode the required media format needs to be installed on the client.
After obtaining the EOP license, no other setup is required with multimedia redirection.
Graphics Acceleration
This feature reduces bandwidth consumption and improves user experiences when viewing complex graphics or animations, and allows RDP protocol to be usable over WAN connections.
81
82
6
vWorkspace Management Console
About the vWorkspace Management Console vWorkspace Management Console Window vWorkspace Menu Options and Icons vWorkspace Object Nodes Farm Locations Clients Resources Packaged Applications Performance Optimization Virtual IP File and Registry Redirection Workload Evaluators
84
Menu Bar
Navigation Pane
Toolbar
Object Nodes
Status Bar
DESCRIPTION This node represents the entire vWorkspace infrastructure. From this node you can: Assign a name to the farm. Enable database caching. Assign administrative rights.
Locations
This node is used to organize groups of users based on geographical locations, within a vWorkspace infrastructure.
85
DESCRIPTION This node is used to identify vWorkspace clients. Once defined in the vWorkspace database, they can be used in Access Control Lists associated with various objects. Clients are identified by: User name Group membership IP address Device name Active Directory Organizational Units
Resources
This node contains the list of items that can be assigned to clients using Client Assignment. A toolbar option, Toggle Client Assignment List Display, allows the client assignment to be displayed at the bottom of the window, the right-side of the window, or not at all.
Packaged Applications
This node is used to identify Microsoft Application Virtualization (App-V) servers and their hosted application packages, as well as MSI packages. This node is used to configure CPU Utilization and Virtual Memory Optimization policies, and to view the results of these policies. This node is used to provide special configuration options for applications running in a multi-user environment that require unique IP addresses for identification. This node provides mechanisms that allow applications to work properly in a multi-user environment. This node is used to configure workload evaluators when published applications are hosted on multiple Terminal Servers. A workload evaluator can be assigned to either the published application or the Terminal Servers.
Performance Optimization
Virtual IP
Workload Evaluators
86
The Help option, About, displays information about the Quest vWorkspace product, including the version number.
87
ICON
DESCRIPTION This icon is used to access Current User Session and the Remote Control Session options.
This icon is used to collapse the tree in the navigation pane of the console.
Administration
The Administration option of the vWorkspace Management Console is used to identify users or groups of users and how administrative tasks are delegated to them. Once users or groups of users have been added as administrators, permissions can then be set. It is important to note that not every administrator needs to be added to the vWorkspace Management Console, they just need to be a member of a Windows group that has been added. So, you could create a Windows group in your domain, add all the administrators to that group and then add that group to the vWorkspace Management Console.
88
If you choose not to use the Administration feature, administrations have full access rights to the vWorkspace Management Console. The vWorkspace Management Console does check to ensure that the current Windows user is also a Windows administrator prior to granting access to the vWorkspace Management Console. Users and groups of users who are selected as system administrators have implicit allow permissions for all actions, and may add and remove other system administrators. The first administrator defined in the system is automatically defined as a system administrator, and the last administrator to be removed from the system must be a system administrator. This selection cannot be modified, as it is designed to prevent inadvertent lock out situations. Once one or more administrators are defined, a Login window is displayed during the vWorkspace Management Console startup.
If checkbox, Login as the current Windows user is selected, the user and password fields are filled out automatically, and the fields are disabled. If the checkbox is unselected, the user must enter their user name and password. The Login window is also presented when a user selects the menu option, Change User, to allow the user to enter different credentials.
Permissions
Permissions enable administrators to allow or deny actions for activities within the vWorkspace Management Console. An administrator does not have the ability to set their own permissions or permission of a group to which they belong. However, a system administrator can modify permissions for any user or group.
89
The Permissions structure is a hierachy; that is, there are a lot of parent-child relationships. For example, there is a permission named Modify Resources at the Resource node level; a permission named Modify Managed Applications a the Managed Applications level; and a permission named Modify Managed Application for an individual application. Any child permission may be undefined, or not explicitly set by an administrator. The parent permission in this example is Modify Resources, so all of the other child permission levels of Allow or Deny is inherited from the parent permission. Permission checkboxes may be one of the following:
Enabled, permission not set. Checkbox has white background. Enabled, explicit permission set. Checkbox has white background. Enabled, inherited permission set. Checkbox has white background. Disabled, permission not set. Checkbox has gray background. Disabled, explicit permission set. Checkbox has gray background. Disabled, inherited permission set. Checkbox has gray background.
The gray checkmarks indicate that the permission is inherited from its parent. Permissions that are disabled can not be modified by the current administrator, as the administrator does not have sufficient permissions to change it.
90
How to ...
Add a New Administrator Edit Administration Settings Remove an Administrator Set Permission at the Object Level
Add a New Administrator 1. 2. 3. 4. 5. Open the vWorkspace Management Console. Select File | Administration. To add users or a group of users, click Add User/Group. The Administrator wizard appears. Click Next on the Welcome window. Select User or Group, and then enter Domain\User or Domain\Group in to the dialog box. Use the ellipses to assist in selecting users or groups. 6. Select the checkbox if this user or group is to be a system administrator, and then click Next. System administrators have implicit allow permissions for all actions, and may add and remove other system administrators. 7. Select one of the default permission settings, Deny All, Allow All, or Copy from, and then click Next. Use Copy from to quickly set the initial permissions of a new administrator to those of an existing non-system administrator, administrator. 8. Make any changes to the Allow and Deny columns on the Permissions window, and then click Finish. The Administrators window appears.
91
9.
Highlight the user or group that you just added, and then select Settings.
10. Specify the administration settings, Allow or Deny, on the Settings window, and then click Apply to save your settings. 11. Select Permissions to specify administrator permission. 12. Click Apply to save your changes, and OK to close the window. Edit Administration Settings 1. 2. 3. Open the vWorkspace Management Console. Select File | Administration. Edit as appropriately, and click Apply to save your changes, and OK to close the window.
Remove an Administrator 1. 2. 3. 4. 5. 6. Open the vWorkspace Management Console. Select File | Administration. Highlight the user or group name from the list. Click Remove. Verify by selecting Yes on the confirmation window. Click OK to close the window and save your changes, or Apply to save your changes without closing the window.
Set Permission at the Object Level 1. 2. Open the vWorkspace Management Console. Highlight the object to which the permission is to be set. Permissions are inherited from the parent permission, unless the level is set separately.
92
How to ...
Create a New Database and DSN Connect to an Existing Database Change a Servers Database Configuration
Create a New Database and DSN 1. 2. 3. Start the vWorkspace Management Console on one of the Connection Brokers or an administrative computer. Click New Data Source on the Configure vWorkspace Database window. Select Create new database and DSN on the New vWorkspace Data Source window.
93
4.
server_name\instance_name
Enter a New Database name, or accept the default name, vWorkspace_Database. Existing SQL Admin Login Enter the Name for the SQL admin account, or accept the default, sa. Enter a password for the SQL admin account. New vWorkspace SQL Login Enter a Name or accept the default, PNADMIN for the SQL user account. Enter a Password for the SQL user account. New Data Source (DSN) Enter a Name for the DSN or accept the default name, Provision Database. Enter a Description for the DSN or accept the default description, Provision Database.
5. 6. 7. 8. 9.
Click Create. Confirm the password of the SQL admin and new Provision SQL logins. Click Yes to set the current main vWorkspace database to the newly created database. Enter your company and contact information, and click Save. Click Close.
94
Connect to an Existing Database Once the vWorkspace database is created, all servers with vWorkspace components requiring database connectivity must have DSNs configured. 1. 2. 3. 4. Start the vWorkspace Management Console from the additional Connection Broker or administrative computer. Click New Data Source on the Configure vWorkspace Database window. Select Create DSN only for existing database on the New vWorkspace Data Source window. Specify the following parameters:
Server & Database Enter the Server Name of the SQL server where the database is to be created. If you are using MSDN or SQL Express, use the format:
server_name\instance_name
Enter the name of the Existing Database. Existing vWorkspace SQL Login Enter the Name of the SQL user account. Enter the Password for the SQL user account. New Data Source (DSN) Enter a Name for the DSN or accept the default name, vWorkspace Database. Enter a Description for the DSN or accept the default description, vWorkspace Database.
5. 6. 7.
Click Create. Confirm the password of the vWorkspace SQL login. Click Yes to set the current main vWorkspace database to the newly created database.
95
Change a Servers Database Configuration A servers infrastructure can be changed without reinstalling the software. Use the following steps to change the database configuration.
1. 2. 3. 4. 5. 6.
Log on to the desktop of the server that is to be changed. Open the vWorkspace Management Console. Select File | Database Configuration. Click New Data Source. Select either Create new database and DSN or Create DSN only for existing database. Complete the remaining boxes of the New vWorkspace Datasource window as appropriate, and then click Create.
Farm
The first node in the navigation pane represents the vWorkspace infrastructure. Properties of this node can be used to:
96
Enable or disable database caching. Change the administrative service account information.
FIELD Name
DESCRIPTION This is the name that is assigned to the vWorkspace infrastructure. This name is stored as a record in the vWorkspace database and requires no configuration changes to member servers. It can be changed at any time and is automatically passed on by the Connection Broker servers to the vWorkspace clients.
If selected, this checkbox enables the use of database caching. If enabled, all Provision-IT servers work from their local cache. For mid to large size infrastructures, the use of database caching can reduce the number of open database connections.
97
Locations
The Locations node represents a location that groups one or more data centers and the desktops within those data centers. Administrators define Connection Brokers, Terminal Servers, desktops, and other servers for each defined location, which can only be defined after a new location has been established. See vWorkspace Locations for more information.
Clients
The Clients node on the vWorkspace Management Console is used to define the list of clients that can be used in client assignments. The vWorkspace uses client assignments to assign managed applications, managed computers, and other resources to user sessions when connected to servers and managed computers in the infrastructure. It is possible that a given user might belong to more than one client definition. By design, client assignments are cumulative, meaning they receive the assignment of all of the client definitions they are members of, except for when a conflict exists. In this case, the client with the highest priority wins the conflict. Client priority can be modified by selecting the desired Client node, and using Move Up or Move Down. Client types at the top of the list have higher priority than those lower in the list. For example, the Windows domain users and domain administrators global groups might be defined as clients, with domain administrators being higher in priority. Domain administrators has an application restriction that allows them to run registry editing tools. Domain users have an application restriction that denies them the ability to run registry editing tools. However, members of domain administrators are also members of domain users. Since there is a conflict in assignments, and the domain administrators client definition has higher priority, any user who logs on as a member of domain administrators is able to run registry editing tools.
98
Client Types
The following table lists the client types, along with a description.
TYPE Users Groups Device Addresses Device Names Organizational Units DESCRIPTION Any trusted Windows domain or local user account. Any trusted Windows domain or local group account. IP address assigned to the client hardware device. NetBIOS name of the client device. Active Directory Organizational Unit containing the user, group, or computer account.
How to ...
Define Clients by Users Define Clients by Groups Define Clients by Device Address Define Clients by Device Name Define Clients by Organizational Unit
Define Clients by Users 1. 2. 3. Expand the Clients node in the navigation pane of the vWorkspace Management Console. Right-click on the Users node, and select New User(s). To add users by selecting them from a domain, do the following: a) Click the Users tab on the Add Client(s) window. b) Select a Windows domain or computer from the Domain drop-down. c) Type the user name in the Enter the User(s) field, or select the user from the list in Select the User(s). d) Click OK to complete the task. 4. To add users by selecting them from Active Directory, do the following: a) Click the Active Directory tab on the Add Client(s) window. b) Select the Windows domain from the Domain drop-down.
99
c) Select Organizational Units, Users, or both in the Display section. d) Enter a specific or partial name in the Filter field. You can also enter an asterisk (*) as a wildcard. e) Click Refresh and the system displays a list of options in the bottom pane. f) Select one or more of the options, and then click OK. Define Clients by Groups 1. 2. 3. Expand the Clients node in the navigation pane of the vWorkspace Management Console. Right-click on the Groups node, and select New Group(s). To add users by selecting them from a domain, do the following: a) Click the Groups tab on the Add Client(s) window. b) Select a Windows domain or computer from the Domain drop-down. c) Type the user name in the Enter the Group(s) field, or select the user from the list in Select the Group(s). d) Click OK to complete the task. 4. To add users by selecting them from Active Directory, do the following: a) Click the Active Directory tab on the Add Client(s) window. b) Select the Windows domain from the Domain drop-down. c) Select Organizational Units, Groups, or both in the Display section. d) Enter a specific or partial name in the Filter field. You can also enter an asterisk (*) as a wildcard. e) Click Refresh and the system displays a list of options in the bottom pane. f) Select one or more of the options, and then click OK. Define Clients by Device Address 1. 2. Expand the Clients node in the navigation pane of the vWorkspace Management Console. Right-click on the Device Addresses node, and select New Device Address(es).
100
3.
Click the Device IP Addresses tab and enter a Starting Address and Ending Address to define the client IP address or a range of addresses. The Active Directory tab is currently not being used. Click OK.
4.
Define Clients by Device Name 1. 2. 3. Expand the Clients node in the navigation pane of the vWorkspace Management Console. Right-click on the Device Names node, and select New Device Name(s). Click the Device Names tab and enter the device names, separated by a semicolon (;). To enclose a range, use square brackets ([]). For example W2K3-[0-10]. Click OK.
4.
Define Clients by Organizational Unit 1. 2. 3. 4. 5. 6. 7. Expand the Clients node in the navigation pane of the vWorkspace Management Console. Right-click on the Organizational Units node, and select New Organizational Unit(s). Select the Domain from the drop-down list. Select Organization Units in the Display section. Enter a specific or partial name in the Filter field. You can also enter an asterisk (*) as a wildcard. Click Refresh and the system displays a list of options in the bottom pane. Select one or more of the options, and then click OK.
Resources
The Resources node allows administrators control over aspects of a user session when connected to managed applications and desktops within the vWorkspace infrastructure. The following table provides a list of the available Resources options and a description of each. See User Access Options in the Resources Node for the Resources node customization setup information.
101
DESCRIPTION The ability to customize items relating to the Windows Desktop, Start Menu, drive mappings, and network mappings. The ability to explicitly or implicitly restrict what applications are allowed or denied for assigned clients. The ability to assign standard Window color schemes. The ability to assign network drive mappings to clients without logon scripts or Active Directory Group Policy. The ability to assign user environment variables that are automatically created and removed. The ability to act as a per-session firewall allowing Web and network access restrictions to be enforced. The ability to assign to clients applications, desktops, and content hosted from either Terminal Servers or Desktop Services. The ability to assign shared printers on LAN or WAN based Windows print servers by using either the Quest vWorkspace Universal or Windows native print drivers. The ability to assign per-session modifications to users HKCU registry hive.
Application Restrictions
Managed Applications
Printers
Registry Tasks
102
DESCRIPTION The ability to assign scripts on a per-session basis to vWorkspace clients without having to modify Terminal Servers complex logon script sequence or the Active Directory Group Policy. The ability to assign time zones on a per-session basis. The ability to assign user level policies on a per-session basis. The ability to simulate roaming profiles during user logon and logoff. See User Profiles for more information.
Client Settings
The ability to preconfigure the local device resources that are available, and under what conditions they are available. See Client Settings for more information.
Wallpapers
How to ...
View the Resources Assigned to a Client 1. 2. 3. Expand the Clients node in the navigation pane of the vWorkspace Management Console. Click on the node of the desired client type, such as Users or Groups. Do one of the following: a) Select the client that is to be viewed from the list in the information pane. The system displays the assigned items for the selected client the additional pane, if Toggle Configuration Display is activated.
OR
a) Right-click on the client to view from the list of clients in the left pane of the Details window and select Properties. b) Click on the Assigned Resources tab to view the resources.
103
Packaged Applications
The Packaged Application node allows users to identify Microsoft Application Virtualization (formerly Microsoft SoftGrid Application Virtualization) servers and their hosted application packages, and MSI Packages in the vWorkspace Management Console.
App-V/Softgrid Node
Microsoft Application Virtualization applications are published as the type of Content. There are two choices when publishing content: Client This content starts the application on the vWorkspace client host, which is the computer onto which the vWorkspace client is installed and where the RDP connection originates. The vWorkspace Management Console manages an icon with a pointer to a local executable. The Application Virtualization Client for Windows Desktops must be installed on the vWorkspace client host. Server This content starts an RDP connection to a Terminal Server or managed computer. The binary is started as a published application with an argument pointing to the appropriate.osd file. The Application Virtualization Client for Windows Desktops needs to be installed on each managed computer hosting the Application Virtualization applications or Application Virtualization for Terminal Servers on each of the Terminal Servers hosting the applications.
How to ...
Establish a New Server Connection 1. 2. Open the vWorkspace Management Console. Expand the Packaged Applications node, and then double-click on App-V/Softgrid.
104
3.
Select the App-V/Softgrid Servers tab in the information pane, and then click on the New App-V/SoftGrid Server icon on the toolbar. Complete the following information on the New App-V/SoftGrid Server window, and then click OK. Once the information is completed, the system displays the SoftGrid Server connection in the right pane of the vWorkspace Management Console.
4.
Enter the server name. Click in this field, and it is populated with the path to the SoftGrid Management virtual directory. If the Server Name field is DNS unresolvable, the path needs to be corrected to have the DNS name or IP address of the server. Note: Multiple connections can be made to the same server by entering different friendly names in the Server Name field.
Username (domain\account)
105
Password
Enter the password for the SoftGrid Administrator. Confirm the password as directed.
Edit the Properties of an App-V/SoftGrid Server 1. 2. 3. Open the vWorkspace Management Console. Expand the Packaged Applications node, and then expand the App-V/SoftGrid node. Do one of the following to access the App-V/Softgrid server Properties: a) Right-click on the specified server, and then select App-V/Softgrid Server Properties. b) Highlight the App-V/SoftGrid node, and then highlight the specified server in the information pane, and click Server Properties. c) Highlight the specified server in the navigation pane (under the App-V/SoftGrid node) and then click Server Properties in the information pane. 4. Edit the properties on the App-V/SoftGrid Server Properties window as appropriate, and click OK.
Import App-V/SoftGrid Applications 1. 2. 3. Open the vWorkspace Management Console. Expand the Packaged Applications node, and then highlight the App-V/SoftGrid node. Select the server in the right pane, and then click Import/Update Applications.
OR
Right-click on the server in the navigation pane and select Import/Update Applications. 4. Select Next on the Welcome window of the App-V/SoftGrid Import wizard. The Welcome window is presented only if this is the first time that you have imported applications to the specified server. 5. 6. Click Refresh to refresh the list. Do one of the following on the Select Applications window: a) To import all the applications, click Select All.
106
b) To import specific applications, select them on the list by pressing CTRL and using a left-click. c) Click Next or Apply. If importing for the first time, Next is the option to move to the next window. If you are updating applications, Apply is used to save your changes on the current window, and OK is used to close the wizard. 7. On the Create Access Groups window, do the following: a) Select the access groups that are to be imported, and click Yes. b) Select the access groups that are not to be imported, and click No. c) Select All to import all the groups. d) Click Next or OK. 8. On the Launch Location window, do one of the following: a) To choose all the applications from the list, click Select All, and then select either Client or Server. b) Select individual applications and the select the Launch Location of Client or Server. c) Click Next or OK. 9. To publish the application on a Terminal Server, do the following on the Publish On window: a) To publish all on the same Terminal Server, click Select All, or to select the specific applications by using CTRL + left-click. b) Click Terminal Server. c) Select the Terminal Server from the Publish On window, and then click OK. 10. To publish the application on a computer group, do the following on the Publish On window: a) To publish all on the same computer group, click Select All, or to select the specific applications by using CTRL + left-click. b) Click Desktop Group. c) Select the desktop group from the Publish On window, and then click OK. 11. Click Next or OK on the Publish On window.
107
12. On the Workload Evaluator window, click Select All or the specific applications by using CTRL + left-click to specify the applications for load balancing, and then click Workload Evaluator. If you do not want to use load balancing, click Next. 13. Select the appropriate workload evaluator, and then click OK. 14. Click Next or OK on the Workload Evaluator window. 15. On the vWorkspace Client Folders window, do the following and then click Next or OK. a) Select specific applications, or use the Select All button. b) Click Folder(s). c) Highlight the appropriate folder or folders from the list, or click Manage Folders to add or change folders, and then click OK. 16. On the Desktop Integrations Settings window, specify the location of the shortcuts on the vWorkspace client host when using AppPortal in desktop integrated mode by doing the following: a) Select specific applications, or use the Select All button. a) Click Desktop Integration. b) Select one or more of the options, Desktop, Start Menu, Start Menu\Programs, and click OK. c) Click Next or OK on the Desktop Integration Settings window.
108
17. Review the selections on the Summary window and click Back to make changes or click Finish. View/Edit Imported App-V/SoftGrid Application Properties 1. 2. 3. Open the vWorkspace Management Console. Expand Resources, and click on Managed Applications. View the App-V/SoftGrid applications in the right pane. The applications are listed by server name, and their Type is Content on Server or Content on Client. View or edit the properties by right-clicking on the application or select the application and select the Properties icon. Properties can be edited, except for the executable Path and the Type, which are grayed out and unaccessible.
4.
MSI Packages
The MSI Packages node is used to define MSI packages that can be deployed, as well as used in the Task Automation feature. MSI Packages is also available from the context menu of a computer group in the vWorkspace Management Console. Once MSI Packages is selected, established MSI packages display in the information pane and the MSI Package wizard is available by selecting New from the information pane toolbar.
How to ...
Add a New MSI Package 1. 2. Open the vWorkspace Management Console. Expand Packaged Applications, and then select MSI Packages.
109
3. 4. 5.
Click New in the information pane. The MSI Package Wizard Welcome window appears. Click Next. Enter a Name for the MSI package, and then click Next. This is the name that is displayed in the vWorkspace Management Console.
6. 7.
Enter the MSI source file or click the ellipses to browse on the Source File window, and then click Next. Select one of the following on the Run Location window, and then click Next. a) Execute the MSI file directly from the source location.
OR
a) Copy the MSI file to each computer before executing. b) Enter the full path and file name of the Destination File
8. 9.
Enter the credentials necessary to access the source MSI file, and then click Next. On the Parameters window, complete the following information, and then click Next.
110
Enter the parameters necessary for a new installation: Enter the upgrade code for this MSI package.
Enter the upgrade code. Use Retrieve to get the upgrade code from the MSI file. Enter the parameter necessary to perform an update. Enter the parameter necessary to complete an uninstall. Select this button for assistance with the installer parameters.
Enter the parameters necessary to perform an update: Enter the parameters necessary to uninstall: Help
111
10. On the Timeout Period window, do one of the following, and then click Next. a) Select the first option, Select the timeout value..., and then specify the Timeout after value by using the drop-down list.
OR
b) Select the second option, Execute the MSI operation and continue.
11. Specify MSI Package permissions, if appropriate, on the Permissions window, and then click Finish.
Performance Optimization
The Performance Optimization node on the vWorkspace Management Console is used with Terminal Servers to improve application response time and increase overall server capacity by streamlining and optimizing the use of virtual memory and CPU resources in a multi-user environment. See the Workload Management and Performance Optimization chapter for more information.
112
Virtual IP
The Virtual IP node on the vWorkspace Management Console enables each user instance of a legacy application to be bound to a distinct IP address. This allows many legacy applications to run concurrently and reliably on Terminal Servers. See the Virtual IP chapter for more information.
Workload Evaluators
The Workload Evaluators node is used to define servers used in workload evaluation process. See the chapter, Workload Management and Performance Optimization, for more information.
113
114
7
vWorkspace Locations
About Locations Locations Node Options New Location Location Properties Virtualization Servers Connection Brokers Terminal Servers Desktops Other Servers
About Locations
Locations give organizational structure to your vWorkspace farm; a way to specify a location that groups one or more data centers and the machines within those data centers. Locations are heterogeneous containers of objects that include: Virtual data centers, such as VMware VirtualCenter and Virtual Iron. Individual virtualization hosts not managed by a central management server, such as Microsoft Hyper-V and Parallels Virtuozzo.
Locations contain Connection Brokers, Terminal Servers, Desktops, and Other Servers that are associated with it. For example, you can name a location based on an office site, and then associate the Connection Brokers, Terminal Servers, and Desktops to that location.
New Location Select to open the New Location wizard used to add new locations. Properties Select to display the properties of the Connection Brokers, Terminal Servers, Desktops, and Other Servers.
vWorkspace Locations
Virtualization Servers Select to open the Virtualization Server wizard, which is used to add virtualization servers. Refresh Select to refresh the Locations node.
New Location
Use the following steps to add and delete locations to the vWorkspace Management Console.
How to ...
Add a Location Delete a Location
Add a Location 1. 2. Open the vWorkspace Management Console. Do one of the following to start the New Location wizard: Right-click on the Locations node, and select New Location.
OR
Click the New Location icon from the toolbar. 3. 4. Click Next on the Welcome window of the New Location wizard. Enter the name for the location, and then click Next. This is the name that appears in the vWorkspace Management Console.
117
5.
On the Add Servers window, you can add Connection Brokers and Terminal Servers to this location. To add a Connection Broker: a) Click on Add Connection Broker. b) Click Next on the Welcome window of the Server wizard. c) Enter the name or IP address of the server, and then click Next. Use the ellipses to browse for the server.
118
vWorkspace Locations
d) Specify the role for the server, Connection Broker, on the Server Role window, and then click Next. e) Specify or view the certificate that is to be used on this server, and then click Next. f) Select to enable trace logging on this server, and then click Next. Typically, logging is only used as assisted by the Quest Support Services Department. g) Specify any permissions for this server, and then click Finish. In order to assign permissions, you must first add users or groups using the New Administrator wizard located at File| Administration. h) Click Next on the Add Servers window to advance to the next window, or click Add Terminal Servers, if appropriate. To add a Terminal Server: a) Click Add Terminal Server. b) Click Next on the Welcome window of the Server wizard. c) Enter the name or IP address of the server, and then click Next. Use the ellipses to browse for the server. d) Specify the role for the server, Terminal Server, on the Server Role window, and then click Next.
119
e) Specify the folder for this Terminal Server, if appropriate. Click New Folder to create a new folder. Click Next when completed. Folders are for organization and display; it does not change the operation of the servers. f) Specify the workload evaluator on the Workload Management window, and then click Next. This is an optional step. g) Select the setting for Session Auto-Logoff as appropriate, and then click Next.
h) Complete the following information on the Connectivity window, and then click Next.
120
vWorkspace Locations
Connections
Select Accept least busy connection requests checkbox if you want the server to participate in workload management. Enter an alternative IP address. Select Inherit global settings or Only allow RDP connections to vWorkspace managed applications.
i) Specify the performance optimizations options that are to be enabled on this server, and then click Next: Virtual Memory Optimizations CPU Utilization Management j) Specify if the bandwidth optimization is to be Enabled or Disabled on this server, and then click Next. k) Specify the Virtual IP settings for this server, as appropriate, and then click Next.
121
l) Review the information on the Licensing window, and then click Next. m) Specify any permissions for this server, and then click Finish. In order to assign permissions, you must first add users or groups using the New Administrator wizard located at File| Administration. 6. Datacenters, hosts, and nodes are associated to this location by using the Import/Add option on the Virtualization Entities window. If you choose to not assign them at this time, click Next and go to the next step. Use the following sections to Import/Add virtualization entities. 7. Import VMware Datacenters Import Virtual Iron Datacenters Import Virtuozzo Slave Nodes Add Microsoft Hyper-V Hosts Add Independent Virtuozzo Nodes
Use the Permissions window to assign permissions to users or groups. Users and groups must be added using the New Administrator wizard. See Administration for more information.
8.
122
Click Finish to save the changes made in the New Location wizard.
vWorkspace Locations
Import VMware Datacenters 1. 2. 3. 4. 5. Select Import VMware Datacenter from the Import/Add option on the Virtualization Entities window of the New Location wizard. Click Next on the Welcome window. Click Edit Virtualization Servers. The Virtualization Server wizard is presented. Click Next on the Welcome window. Enter the appropriate information on the Name and System Type window, and then click Next.
Enter the friendly name that is used when referring to the virtualization server. Select VMware VirtualCenter Server.
6.
Enter the appropriate information on the Server URL/Name and Credentials window, and then click Next.
123
Server URL
Name
Enter the name of a user account that has the required access permissions to the target server specified in the Server URL field. For a Windows domain account, use: DomainName\UserName
Enter the case sensitive password. Confirm the previously entered password.
7.
Enter the appropriate information on the Other Settings window, and then click Finish.
Shutdown Guest OS Use the drop-down list to specify the number of guest operation system shutdown commands that can be sent to the virtualization server from the Connection Broker at one time.
124
vWorkspace Locations
Restart Guest OS
Use the drop-down list to specify the number of guest operation system restart commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of Update PNTools commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of Initialize Computer commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down to specify the amount of time that the Connection Broker waits for a response from the virtualization server. Default option is 30 Seconds. For medium to large production environments where the virtualization server is busy, you may need to set the Connection Timeout to two or three minutes. Note: A Connection Timeout error does not necessarily mean that the task requested by the Connection Broker has failed. It may be that the virtualization server is too busy to report the successful completion of the operation in a timely manner.
Update PNTools
Initialize
Connection Timeout
Power On
Use the drop-down list to specify the number of virtual machine power on commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of virtual machine power off commands that can be sent to the virtualization server from the Connection Broker at one time.
Power Off
125
Suspend
Use the drop-down list to specify the number of guest operation system suspend commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of guest operation system resume commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of guest operation system reset commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of delete virtual machine operations that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of clone virtual machine operations that can be sent to the virtualization server from the Connection Broker at one time.
Resume
Reset
Delete
Clone
8.
You are returned to the New Locations wizard. See step 7 to complete the process.
Import Virtual Iron Datacenters 1. Select Import Virtual Iron Datacenter from the Import/Add option on the Virtualization Entities window of the New Location wizard. Click Next on the Welcome window. Click Edit Virtualization Servers. The Virtualization Server wizard is presented. Click Next on the Welcome window. Enter the appropriate information on the Name and System Type window, and then click Next.
2. 3. 4. 5.
126
vWorkspace Locations
Enter the friendly name that is used when referring to the virtualization server. Select Virtual Iron.
6.
Enter the appropriate information on the Server URL/Name and Credentials window, and then click Next.
127
Server URL
Enter the URL path to the virtualization server. http://servername or IP Address OR tcp://servername or IP Address
Name
Enter the name of a user account that has the required access permissions to the target server specified in the Server URL field. For a Windows domain account, use: DomainName\UserName Note: For a system type of Virtual Iron that is installed on Linux, the user names are case sensitive.
Enter the case sensitive password. Confirm the previously entered password.
128
vWorkspace Locations
7.
Enter the appropriate information on the Other Settings window, and then click Finish.
Shutdown Guest OS Use the drop-down list to specify the number of guest operation system shutdown commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of guest operation system restart commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of Update PNTools commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of Initialize Computer commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down to specify the amount of time that the Connection Broker waits for a response from the virtualization server. Default option is 30 Seconds. For medium to large production environments where the virtualization server is busy, you may need to set the Connection Timeout to two or three minutes. Note: A Connection Timeout error does not necessarily mean that the task requested by the Connection Broker has failed. It may be that the virtualization server is too busy to report the successful completion of the operation in a timely manner.
Restart Guest OS
Update PNTools
Initialize
Connection Timeout
8.
You are returned to the New Locations wizard. See step 7 to complete the process.
129
Import Virtuozzo Slave Nodes 1. 2. 3. 4. 5. 6. Select Import Virtuozzo Slave Nodes from the Import/Add option on the Virtualization Entities window of the New Location wizard. Click Next on the Import Virtuozzo Nodes Welcome window. Click Edit Virtualization Servers on the Master Node window. The Virtuozzo Master Node wizard is presented. Click Next on the Virtuozzo Master Node Wizard Welcome window. Click Next on the Welcome window. Enter the appropriate information on the Name and System Type window, and then click Next.
Enter the friendly name that is used when referring to the virtualization server. Select Parallels Virtuozzo.
7.
Enter the appropriate information on the Server URL/Name and Credentials window, and then click Next.
130
vWorkspace Locations
Server URL
Name
Enter the name of a user account that has the required access permissions to the target server specified in the Server URL field. For a Windows domain account, use: DomainName\UserName
Enter the case sensitive password. Confirm the previously entered password.
8.
Enter the appropriate information on the Other Settings window, and then click Finish.
Shutdown Guest OS Use the drop-down list to specify the number of guest operation system shutdown commands that can be sent to the virtualization server from the Connection Broker at one time.
131
Restart Guest OS
Use the drop-down list to specify the number of guest operation system restart commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of Update PNTools commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of Initialize Computer commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down to specify the amount of time that the Connection Broker waits for a response from the virtualization server. Default option is 30 Seconds. For medium to large production environments where the virtualization server is busy, you may need to set the Connection Timeout to two or three minutes. Note: A Connection Timeout error does not necessarily mean that the task requested by the Connection Broker has failed. It may be that the virtualization server is too busy to report the successful completion of the operation in a timely manner.
Update PNTools
Initialize
Connection Timeout
Power On
Use the drop-down list to specify the number of virtual machine power on commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of virtual machine power off commands that can be sent to the virtualization server from the Connection Broker at one time.
Power Off
132
vWorkspace Locations
Suspend
Use the drop-down list to specify the number of guest operation system suspend commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of guest operation system resume commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of guest operation system reset commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of delete virtual machine operations that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of clone virtual machine operations that can be sent to the virtualization server from the Connection Broker at one time.
Resume
Reset
Delete
Clone
9.
10. You are returned to the New Locations wizard. See step 7 to complete the process. Add Microsoft Hyper-V Hosts 1. 2. 3. Select Add Microsoft Hyper-V Host from the Import/Add option on the Virtualization Entities window of the New Location wizard. Click Next on the Welcome window. Enter the appropriate information on the Name and System Type window, and then click Next.
133
Enter the friendly name that is used when referring to the virtualization server. Select Microsoft Hyper-V.
4.
Enter the appropriate information on the Server URL/Name and Credentials window, and then click Next.
134
vWorkspace Locations
Server URL
Enter the URL path to the virtualization server. net.tcp://servername or IP Address:port Note: The default port for Microsoft Hyper-V is 9000.
Name
Enter the name of a user account that has the required access permissions to the target server specified in the Server URL field. For a Windows domain account, use: DomainName\UserName
Enter the case sensitive password. Confirm the previously entered password.
135
5.
Enter the appropriate information on the Other Settings window, and then click Finish.
Shutdown Guest OS Use the drop-down list to specify the number of guest operation system shutdown commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of guest operation system restart commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of Update PNTools commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of Initialize Computer commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down to specify the amount of time that the Connection Broker waits for a response from the virtualization server. Default option is 30 Seconds. For medium to large production environments where the virtualization server is busy, you may need to set the Connection Timeout to two or three minutes. Note: A Connection Timeout error does not necessarily mean that the task requested by the Connection Broker has failed. It may be that the virtualization server is too busy to report the successful completion of the operation in a timely manner. Power On Use the drop-down list to specify the number of virtual machine power on commands that can be sent to the virtualization server from the Connection Broker at one time.
Restart Guest OS
Update PNTools
Initialize
Connection Timeout
136
vWorkspace Locations
Power Off
Use the drop-down list to specify the number of virtual machine power off commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of guest operation system suspend commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of guest operation system resume commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of guest operation system reset commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of delete virtual machine operations that can be sent to the virtualization server from the Connection Broker at one time.
Suspend
Resume
Reset
Delete
6.
You are returned to the New Locations wizard. See step 7 to complete the process.
Add Independent Virtuozzo Nodes 1. Select Add Independent Virtuozzo Nodes from the Import/Add option on the Virtualization Entities window of the New Location wizard. Click Next on the Welcome window. Enter the appropriate information on the Name and System Type window, and then click Next.
2. 3.
137
Enter the friendly name that is used when referring to the virtualization server. Select Parallels Virtuozzo.
4.
Enter the appropriate information on the Server URL/Name and Credentials window, and then click Next.
138
vWorkspace Locations
Server URL
Name
Enter the name of a user account that has the required access permissions to the target server specified in the Server URL field. For a Windows domain account, use: DomainName\UserName
Enter the case sensitive password. Confirm the previously entered password.
5.
Enter the appropriate information on the Other Settings window, and then click Finish.
Shutdown Guest OS Use the drop-down list to specify the number of guest operation system shutdown commands that can be sent to the virtualization server from the Connection Broker at one time. 139
Restart Guest OS
Use the drop-down list to specify the number of guest operation system restart commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of Update PNTools commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of Initialize Computer commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down to specify the amount of time that the Connection Broker waits for a response from the virtualization server. Default option is 30 Seconds. For medium to large production environments where the virtualization server is busy, you may need to set the Connection Timeout to two or three minutes. Note: A Connection Timeout error does not necessarily mean that the task requested by the Connection Broker has failed. It may be that the virtualization server is too busy to report the successful completion of the operation in a timely manner.
Update PNTools
Initialize
Connection Timeout
Power On
Use the drop-down list to specify the number of virtual machine power on commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of virtual machine power off commands that can be sent to the virtualization server from the Connection Broker at one time.
Power Off
140
vWorkspace Locations
Suspend
Use the drop-down list to specify the number of guest operation system suspend commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of guest operation system resume commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of guest operation system reset commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of delete virtual machine operations that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of clone virtual machine operations that can be sent to the virtualization server from the Connection Broker at one time.
Resume
Reset
Delete
Clone
6.
You are returned to the New Locations wizard. See step 7 to complete the process.
Delete a Location 1. 2. 3. Open the vWorkspace Management Console. Right-click on the location that is to be deleted. Select Delete Location. The Location can only be deleted after Connection Brokers, Terminal Servers, Desktops, and Other Servers associated with the location are deleted as well.
Location Properties
Location properties are defined for Connection Brokers, Terminal Servers, Desktops, and Other Servers. Location properties are the same for all the locations within a farm.
141
To access Location properties, highlight the Locations node and then select the Properties option, either from the context menu or by selecting the Properties icon in the toolbar.
142
vWorkspace Locations
DESCRIPTION
Specify the TCP/IP port number that is to be used when listening for inbound connection requests. Any port number can be used if it is available on all servers with the Connection Broker. Default values are: HTTP: 8080 HTTPS: 443 The HTTP and HTTPS protocols can be used simultaneously. The use of the HTTPS requires an X.509 digital certificate containing the servers FQDN to be installed into the Windows machine store of each Connection Broker. Bypass proxy settings when communicating with the connection brokers If selected, proxy settings are not used when communicating with Connection Brokers. This setting is selected by default. The Ticket Expiration setting is used to specify the expiration time for tickets that are sent to the Connection Broker when applications are launched. The default for the Ticket Expiration setting is 1 minute.
License Pool
Enter a number of minutes, which is the number of minutes the Connection Broker servers update license usage information.
Terminal Servers Logoff Exclusion List Enter a module name for a process, which if it persists after the session has been closed, then the session is automatically logged off. To add a process, click Add. To delete a process from the use, highlight the process and click the red X.
143
DESCRIPTION Select this checkbox to restrict users to only use RDP connections when connecting to managed applications.
Desktops and Other Servers Timing and Other Settings Heartbeat Interval Specifies how often the Data Collector Service on managed computers sends status information. Offline Count Specifies the number of missed heartbeats before a managed computer is considered offline. Offline Retry Specifies how often the Connection Broker attempts to contact an offline managed computer. Inactivity Timeout Specifies how long a managed computer is logged off before it is considered inactive and automatically placed into a suspend state. Sysprep Period Specifies how long the system waits during the sysprep operation before attempting to initialize the computer. Task & Log Settings Task History Age at which completed task records are automatically deleted. Task Display Expiration Age at which the current or most recently executed task on a managed computer is no longer displayed. Log History Age at which log records are automatically deleted. Display Time format for tasks and log entries. Computer Naming Conventions Enforce unique computer machine names across datacenters Select to ensure computer name uniqueness across all data centers.
144
vWorkspace Locations
DESCRIPTION
Enter users or groups and then set permissions to Allow or Deny for the following: Add Locations Add Virtualization Servers Delete Locations Delete Virtualization Servers Modify Locations Modify Virtualization Servers
Virtualization Servers
A Virtualization Server is a Windows or Linux based computer system used to centrally manage one or more physical servers enabled with computer virtualization technology, and the virtual machines being hosted and executed on them. Virtualization servers can be added, deleted, or modified from this node, or during the process of adding a new location for VMware, Virtual Iron or Parallels Virtuozzo. Settings to limit the number of concurrent operations can also be completed for virtualization servers. See the Virtualization Servers chapter for more information.
How to ...
Add Virtualization Server Connections The Virtualization Server wizard is used to add new entries to the virtualization server connections. Use the following information to complete the Virtualization Server wizard. 1. Open the vWorkspace Management Console and right-click on the Locations node, and select Virtualization Servers. The Virtualization Server wizard appears. If you have previously added virtualization servers, the Virtualization Servers window appears. To add a new virtualization server, click on the green plus sign (+), and the Virtualization Server wizard is presented.
145
2.
Enter the appropriate information on the Name and System Type window, and then click Next.
Enter the friendly name that is used when referring to the virtualization server. Select the virtualization server type of Virtual Iron, VMWare VirtualCenter Server or Parallels Virtuozzo.
3.
Enter the appropriate information on the Server URL/Name and Credentials window, and then click Next.
146
vWorkspace Locations
Server URL
Enter the URL path to the virtualization server. For Virtual Iron, the URL must be in the format: http://servername or IP Address OR tcp://servername or IP Address For VMware VirtualCenter Server, the URL must be in the format: https://servername or IP Address/sdk For Parallels Virtuozzo, the URL must be in the format: https://servername:port
147
Name
Enter the name of a user account that has the required access permissions to the target server specified in the Server URL field. For a Windows domain account, use: DomainName\UserName Note: For a system type of Virtual Iron that is installed on Linux, the user names are case sensitive.
Enter the case sensitive password. Confirm the previously entered password.
4.
Enter the appropriate information on the Other Settings window, and then click Finish.
Shutdown Guest OS Use the drop-down list to specify the number of guest operation system shutdown commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of guest operation system restart commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of Update PNTools commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of Initialize Computer commands that can be sent to the virtualization server from the Connection Broker at one time.
Restart Guest OS
Update PNTools
Initialize
148
vWorkspace Locations
Connection Timeout
Use the drop-down to specify the amount of time that the Connection Broker waits for a response from the virtualization server. Default option is 30 Seconds. For medium to large production environments where the virtualization server is busy, you may need to set the Connection Timeout to two or three minutes. Note: A Connection Timeout error does not necessarily mean that the task requested by the Connection Broker has failed. It may be that the virtualization server is too busy to report the successful completion of the operation in a timely manner.
The following options are only supported on virtualization servers with the type of VMware VirtualCenter Server and Parallels Virtuozzo, except where noted. Power On Use the drop-down list to specify the number of virtual machine power on commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of virtual machine power off commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of guest operation system suspend commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of guest operation system resume commands that can be sent to the virtualization server from the Connection Broker at one time.
Power Off
Suspend
Resume
149
Reset
Use the drop-down list to specify the number of guest operation system reset commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of delete virtual machine operations that can be sent to the virtualization server from the Connection Broker at one time. This function is only available with the system type of VMware VirtualCenter Server. Use the drop-down list to specify the number of clone virtual machine operations that can be sent to the virtualization server from the Connection Broker at one time.
Delete
Clone
Connection Brokers
Connection Brokers need to be identified and their roles specified in the vWorkspace database before they can be managed and participate in the vWorkspace infrastructure. Connection Brokers can be added during the New Location wizard process, or by selecting New Connection Broker from the context menu of the Connections Brokers node.
Servers need to have the appropriate vWorkspace components installed on them, and configured to connect to the vWorkspace database before they are added.
How to ...
Add Connection Broker Servers Set Connection Broker Properties Remove Connection Broker Servers
150
vWorkspace Locations
Add Connection Broker Servers 1. Open the vWorkspace Management Console, and expand the Locations node, and then the location that the Connection Broker is to be added. Right-click on Connection Brokers, and then select New Connection Broker. Click Next on the Welcome window of the Server wizard. Enter the name or IP address of the server, and then click Next. Use the ellipses to browse for the server.
2. 3. 4.
5. 6. 7.
Specify the role for the server, Connection Broker, on the Server Role window, and then click Next. Specify or view the certificate that is to be used on this server, and then click Next. Select to enable trace logging on this server, and then click Next. Typically, logging is only used as assisted by the Quest Support Services Department.
8.
Specify any permissions for this server, and then click Finish. In order to assign permissions, you must first add users or groups using the New Administrator wizard located at File| Administration.
151
Set Connection Broker Properties Once Connection Brokers have been added to a location, set permissions, as appropriate. 1. 2. 3. 4. Right-click on the Connection Brokers node under the location in which you want to add the permission and select Properties. Select the Permissions tab. Highlight the user or group, and then set the permissions to Allow or Deny, by selecting the checkbox, as appropriate. Click Apply to save your changes, and then OK to close the window.
Remove Connection Broker Servers Use the following steps to remove a Connection Broker from inclusion in the vWorkspace infrastructure. Removing a Connection Broker deletes its associated records within the vWorkspace database, but it does not uninstall any of the vWorkspace components or any other software on the server, nor does it change its database configuration (DSN). 1. Expand the Connection Brokers node in the navigation pane of the vWorkspace Management Console, and select the Connection Broker sever that is to be removed.
152
vWorkspace Locations
2.
Click the Delete Server icon from the navigation pane toolbar, or right-click on the Connection Broker, and select Delete Server from the context menu. Click Yes to complete the removal.
3.
Terminal Servers
Terminal Servers need to be identified and their roles specified in the database before they can be managed and participate in the vWorkspace infrastructure.
Servers need to have the appropriate vWorkspace components installed on them, and configured to connect to the vWorkspace database before they are added.
How to ...
Add Terminal Servers Set Terminal Server Properties Remove Terminal Servers
Add Terminal Servers 1. 2. 3. Open the vWorkspace Management Console, and then expand to the location where the Terminal Server is to be added. Right-click on Terminal Servers, and then select New Terminal Server. If the New Server window is presented, select New Server on the Add Terminal Server window, and click OK.
153
4. 5. 6. 7. 8. 9.
Click Next on the Welcome window of the Server wizard. Enter the name or IP address of the server, and then click Next. Use the ellipses to browse for the server. Specify the role for the server, Terminal Server, on the Server Role window, and then click Next. Specify the folder to this Terminal Server. Click New Folder to create a new folder. Click Next when completed. Folders are for organization and display; it does not change the operation of the servers. Specify the workload evaluator on the Workload Management window, and then click Next.
10. This is an optional step. 11. Select the setting for Session Auto-Logoff as appropriate, and then click Next.
154
vWorkspace Locations
12. Complete the following information on the Connectivity window, and then click Next.
155
Connections
Select Accept least busy connection requests checkbox if you want the server to participate in workload management. Enter an alternative IP address. Select Inherit global settings or Only allow RDP connections to vWorkspace managed applications.
13. Specify the performance optimizations options that are to be enabled on this server, and then click Next: Virtual Memory Optimizations CPU Utilization Management
14. Specify as to if the bandwidth optimization is to be Enabled or Disabled on this server, and then click Next. 15. Specify the Virtual IP settings for this server, as appropriate, and then click Next.
16. Specify licenses on the Licensing window, and then click Next.
156
vWorkspace Locations
17. Specify any permissions for this server, and then click Finish. In order to assign permissions, you must first add users or groups using the New Administrator wizard located at File| Administration. Set Terminal Server Properties Once Terminal Servers have been added, you can set properties to apply to all servers in the vWorkspace farm that have the Terminal Server role. 1. 2. Right-click on the Terminal Servers node under the location in which you want to add the permission, and then select Properties. Highlight the user or group, and then change the permissions to Allow or Deny, by selecting the checkbox, as appropriate. For more information on permissions, see Permissions. 3. Click Apply to save your changes, and then OK to close the window.
Remove Terminal Servers Use the following steps to remove a Terminal Server from inclusion in the vWorkspace infrastructure. Removing a Terminal Server deletes its associated records within the vWorkspace database, but it does not uninstall any of the vWorkspace components or any other software on the server nor does it change the database configuration (DSN). 1. Expand the Terminal Servers node in the navigation pane of the vWorkspace Management Console, and select the Terminal Server that is to be removed. Click the Delete Server icon from the navigation pane toolbar, or right-click on the server and select Delete Server from the context menu. Click Yes to complete the removal.
2.
3.
Desktops
The Desktop node on the vWorkspace Management Console is used to define computer groups and managed computers. The desktop computers within a group can be either physical or virtual, and typically have the same version operating system and service pack level, a common set of installed applications, and are used by individuals with similar job tasks and responsibilities. See vWorkspace Desktops for more information.
157
How to ...
Set Desktops Properties Once Desktops have been added to a location, you can set the properties. 1. 2. 3. Right-click on the Desktops node under the location in which you want to add the permission. Select Properties. Highlight the user or group, and then change the permissions to Allow or Deny, by selecting the checkbox, as appropriate. For more information on permissions, see Permissions. 4. Click Apply to save your changes, and then OK to close the window.
Other Servers
The Other Servers node is used to identify general purpose servers, such as Max-IT servers.
How to ...
Add Other Servers Set Other Servers Properties
Add Other Servers 1. 2. Open the vWorkspace Management Console, and then expand to the location where the Other Server is to be added. Right-click on the Other Servers node, and select New Computer Group, or click on the New Computer Group icon on the navigation pane toolbar. Click Next on the Welcome window of the New Computer Group wizard. Enter the name for the server, and then click Next. This is the name that appears in the console. Select Other/Physical on the System Type window, and then click Next. Enter administrative account information on the Computer Administrative Account window, and then click Next.
3. 4. 5. 6.
158
vWorkspace Locations
7.
Complete task automation information, as appropriate to schedule tasks to be completed at specified times, and then click Next. See Task Automation for more information. Specify the session protocol on the Session Protocol window, and then click Next. Select Enabled or Disabled on the Bandwidth Optimization window, and then click Next.
8. 9.
10. Specify user and group permissions, as appropriate, and then click Next. 11. Select the appropriate option on the Finish window, and then click Finish. Set Other Servers Properties Once Other Servers have been added to a location, you can set the properties. 1. 2. Right-click on the Other Servers node under the location in which you want to add the permission, and then select Properties. Highlight the user or group, and then change the permissions to Allow or Deny, by selecting the checkbox, as appropriate. For more information on permissions, see Permissions. 3. Click Apply to save your changes, and then OK to close the window.
159
160
8
vWorkspace Desktops
About Desktops Computer Groups Managed Computers Initialize Computer PNTools
About Desktops
The following is an overview of the concepts and terminologies associated with the Desktops node of vWorkspace. Computer Groups Containers for managing a group of desktop computers as a single entity. One or more computer groups may be created for each datacenter. See Computer Groups for more information. Managed Computers Objects in the vWorkspace database that represent the Windows desktop computers that are to be managed by vWorkspace. These desktops are installed on physical devices, such as PC blades, or virtual machines. See Managed Computers for more information. Initialize Computer Managed computers need to be able to communicate properly with the vWorkspace enabled Connection Brokers, when added to a managed computer group. The Initialize Computer task is the process that enables this communication, and is the responsibility of the Connection Broker. See Initialize Computer for more information. PNTools Set of executables, dynamic link libraries, and device drivers that provide features and management functionality required for managed computers in a vWorkspace infrastructure. PNTools must be installed on all computers, virtual or physical, which are being managed using Desktops. See PNTools for more information. Publish Managed Desktops and Applications Managed desktops must be published before users can connect to their assigned applications or managed computer. Once published, icons representing the managed desktop appear in the application set of the AppPortal or Web Interface client, allowing the user to click on an icon to initiate the program. See Publish a Managed Desktop and Publish Managed Applications for more information.
162
vWorkspace Desktops
Power Management Managed computers are considered to be power managed computers if the power state can be changed automatically by the Connection Broker, or manually by an administrator using the vWorkspace Management Console. See the Power Management sections in the various integration chapters for more information on power managing with VMware, Virtual Iron, Microsoft Hyper-V, Parallels Virtuozzo, and Non-Power Managed Data Centers.
Computer Groups
Once locations are established, administrators can add computer groups to them. There are no limitations as to how many computer groups can exist in each location. The Computer Group wizard is used to add computer groups to an existing data center. Some options on the Computer Group wizard may be unavailable, based upon the System Type you use when creating the group. After the System Type is selected, only the parameters relevant to that type are presented. The System Types are: Microsoft Hyper-V Virtual Iron VMware VirtualCenter Server Parallels Virtuozzo Other/Physical
Administrators can activate the Computer Group wizard from the vWorkspace, Desktops node any of the following ways: Expand the location to which the computer group is to be added, right-click on the Desktops node, and then select New Computer Group.
OR
Expand the location to which the computer group is to be added, and highlight the Desktops node. Select New Computer Group from the Actions menu on the toolbar in the navigation pane, from the New Computer Group icon in the toolbar of the navigation pane, or from the Actions menu on the Desktops information pane.
163
For specific information on completing the Computer Group wizard based on System Type, refer to one of the following sections: VMware Integration;Virtual Iron Integration; Microsoft Hyper-V Integration; Parallels Virtuozzo Integration; or Non-Power Managed Data Centers.
164
vWorkspace Desktops
DESCRIPTION Name of the user account that is used when performing administrative tasks on the desktop computers within this group.
APPLIES TO: Microsoft Hyper-V Virtual Iron VMware VirtualCenter Server Parallels Virtuozzo Other
Enable/Disable
Microsoft Hyper-V Virtual Iron VMware VirtualCenter Server Parallels Virtuozzo Other
165
DESCRIPTION Used to permanently assign users to specific computers. The two types of user assignment are: Persistent A permanent desktop is assigned to the user. Temporary A free desktop is assigned on a temporary basis to the user, and then is available to be used again at user logoff. A client type can be assigned to the computers in the group based on the following: User Device Name Device Address Organizational Unit Group Note: Since users can be in more than one group or organization unit, administrators must manually assign individual computers to users if client assignment is based on Group or Organizational Unit. Assign computers using the Client Assignment window for the specified computer. See Managed Computers for more information on this window.
APPLIES TO: Microsoft Hyper-V Virtual Iron VMware VirtualCenter Server Parallels Virtuozzo Other
Access Timetable
Used to restrict access to the computers in this group based on day and time.
Microsoft Hyper-V Virtual Iron VMware VirtualCenter Server Parallels Virtuozzo Other
166
vWorkspace Desktops
DESCRIPTION Automatically assigns users to local security groups. This policy is useful when provisioning desktop workspaces to users that require elevated privileges.
APPLIES TO: Microsoft Hyper-V Virtual Iron VMware VirtualCenter Server Parallels Virtuozzo Other
Session Auto-Logoff
Automatically logs off user sessions. This policy is for users that start published applications and not full desktops. If enabled, vWorkspace automatically logs off when the last published application is closed. This eliminates the potential issue of applications remaining in memory, thus never really terminating.
Microsoft Hyper-V Virtual Iron VMware VirtualCenter Server Parallels Virtuozzo Other
Inactivity Timeout
Logoff Action
Automatically resets the computers in this group when the user logs off. Automatically expands the group to accommodate an increase in users to ensure there is always a minimum number of free computers available at all times.
VMware VirtualCenter Server Virtual Iron VMware VirtualCenter Server Parallels Virtuozzo
Auto-Expand
167
DESCRIPTION Tasks can be scheduled to be completed at specified times. See Task Automation for more information.
APPLIES TO: Microsoft Hyper-V Virtual Iron VMware VirtualCenter Server Parallels Virtuozzo Other
Session Protocol
Specify the protocol for remote user sessions for this group, either RDP or RGS.
Microsoft Hyper-V Virtual Iron VMware VirtualCenter Server Parallels Virtuozzo Other
Bandwidth Optimization
Microsoft Hyper-V Virtual Iron VMware VirtualCenter Server Parallels Virtuozzo Other
Permissions
Microsoft Hyper-V Virtual Iron VMware VirtualCenter Server Parallels Virtuozzo Other
168
vWorkspace Desktops
PROPERTY Finish
DESCRIPTION Select from the options available as to the finish process for this group.
APPLIES TO: Microsoft Hyper-V Virtual Iron VMware VirtualCenter Server Parallels Virtuozzo Other
How to ...
View Summary Information View Managed Computers View Tasks for a Computer Group View Logs for a Computer Group Modify the Properties of a Computer Group Delete a Computer Group
View Summary Information 1. 2. 3. Open the vWorkspace Management Console. Highlight the managed desktop group. Select the Summary tab in the information pane.
View Managed Computers 1. 2. 3. Open the vWorkspace Management Console. Navigate to the Desktops node of the computer group that you want to view, and highlight the computer group. Select the Computers tab in the information pane.
169
View Tasks for a Computer Group 1. 2. 3. 4. Open the vWorkspace Management Console. Navigate to the Desktops node of the computer group that you want to view the tasks, and highlight the computer group. Select the Summary tab in the information pane. Click the Toggle Lower Pane button on the toolbar of the information pane. This enables the lower pane. 5. Select the Tasks tab to view.
View Logs for a Computer Group 1. 2. 3. 4. Open the vWorkspace Management Console. Navigate to the Desktops node of the computer group that you want to view the logs, and highlight the computer group. Select the Summary tab in the information pane. Click the Toggle Lower Pane button on the toolbar of the information pane. This enables the lower pane. 5. Select the Log tab to view.
Modify the Properties of a Computer Group 1. 2. 3. 4. Open the vWorkspace Management Console. Navigate to the Desktop node that includes the computer group that you want to modify. Right-click on the managed desktop group, and select Properties. Change the properties as appropriate, and then click OK.
Delete a Computer Group 1. 2. 3. Open the vWorkspace Management Console. Navigate to the Desktops node of the computer group that is to be deleted. Right-click on the computer group, and then select Delete Group. If the group is not empty, a message appears stating that all managed computers from the group need to be removed prior to deleting the group. 4. Click Yes to delete the group.
170
vWorkspace Desktops
Task Automation
The ability to schedule the execution of a vWorkspace supported operation on a vWorkspace managed virtual or physical machine is available through the Automated Task Wizard. Some of the scheduled tasks include: Power management. Deletion of virtual machines, including the ability to delete machines that have been inactive for a specified number of days. Installation of MSI packages. Installation and update of PNTools. Program and script execution.
How to ...
Schedule Tasks using the Automated Task Wizard 1. 2. 3. Open the vWorkspace Management Console. Expand the Desktops node for the location to which you want to add the scheduled task. Do one of the following to open the Computer Group Properties window: a) Right-click on the computer group, and select Properties. b) Highlight the computer group, and then select Actions | Properties from the navigation pane toolbar. c) Highlight the computer group. Select the Summary tab in the navigation pane, then Actions | Properties. Scheduled tasks can also be identified by computer. See Automated Tasks for more information, and use the below steps to add a new scheduled task, using the Automated Task Wizard, to a specific computer. 4. 5. 6. 7. 8.
Select Task Automation in the left pane, and then click on the green
Select the task from the list on the Task window, and then click Next. On the Task Parameters window, complete the information as appropriate, and then click Next. The fields on the Task Parameters window change based upon the Task selected.
171
9.
Complete the information on the Schedule window, as appropriate, and then click Finish.
172
vWorkspace Desktops
Managed Computers
Managed Computers are objects in the vWorkspace database that represent the Windows desktop computers that are to be managed by vWorkspace. These desktops are installed on virtual machines or on physical devices, such as PC blades. Managed computers have properties that control their creation and use. The properties that are available depend upon the type of group in which the managed computer exists. When a desktop computer is added or imported into a managed desktop group, it inherits the property settings of the group. Computers are added to a managed desktop group by using the Add Computers tool. There are several methods available for accessing this tool. The method chosen is based upon if the managed desktop group exists or if it is being created. The controls and inputs available on the Add Computers tool are based upon the System type of the selected computer group. Access the Add Computers tool by one of the following methods: Select the Create new desktops from a master template on the Add Desktops page of the Managed Computer Group wizard.
OR
Select the computer group from the vWorkspace Management Console and do one of the following: a) Right-click on the computer group and select Add Computers. b) Select the Add Computers icon from the navigation pane toolbar. c) Select Add Computers from the Actions menu from the navigation pane. d) Select Add Computers from the Actions menu on the information pane of the data center. For more information on how to use the Add Computers tool based upon data center type, refer to one of the following sections: VMware Integration; Virtual Iron Integration;Microsoft Hyper-V Integration;Parallels Virtuozzo Integration; or Non-Power Managed Data Centers.
173
DESCRIPTION The Windows computer name. The Domain Name System name. The NetBIOS name. The first 15 characters of the Windows computer name is assigned automatically by Windows setup and can not be modified. The TCP/IP address last assigned to the managed computer. The Media Access Control address assigned to the managed computers network interface card.
174
vWorkspace Desktops
COMPUTER NAME WINDOW This computer may be power-managed (suspended, reset, etc.) through the vWorkspace management console.
DESCRIPTION Unselecting this checkbox disables the ability to use the vWorkspace Management Console to control the power state, if an applicable option, of the managed computer.
DESCRIPTION Selecting this checkbox allows a different administrative account and password to be assigned to the managed computer from the ones being used by the group. This field is used to specify the name of a user account that has local administrative rights. This field is used for the password of the user account specified by Account. 175
Account
Password/Confirm Password
Enable/Disable
DESCRIPTION Selecting this checkbox allows this computer to have a different property than the group. Select one of the options for this computer. If Disabled is selected, the Connection Broker does not redirect incoming connection requests to this computer.
176
vWorkspace Desktops
Client Assignment
DESCRIPTION Displays the name of the user account currently logged on to the managed desktop computer. If a user is not logged on, a value of None is displayed.
Permanent User
Displays the name of the user account permanently assigned to the managed desktop computer. If a user is not logged on, a value of None is displayed.
177
CLIENT ASSIGNMENT WINDOW Select a user to whom this desktop should be permanently assigned
DESCRIPTION Use this option to select a user account that is permanently assigned to the managed desktop computer. This option is available if a user is currently not logged on to the desktop. Note: If a User Assignment policy for the desktop group is set to Temporary, it is overridden for this desktop computer only. Note: If the User Assignment policy for the desktop group is set to Persistent, this setting can be used to pre-assign a user account to the managed computer.
Use this option to assign the currently logged on user account to the managed computer. This option is available if a user is currently not logged on to the desktop. Note: If a User Assignment policy for the desktop group is set to Temporary, it is overridden for this desktop computer only.
Use this option to remove the current permanent assignment from the managed computer. Note: If a User Assignment policy for the desktop group is set to Temporary, the managed computer is available for automatic, permanent assignment. Note: If the User Assignment policy for the desktop group is set to Persistent, this setting can be used to pre-assign a user account to the managed computer. However, the vWorkspace administrator can still choose to pre-assign the desktop to a user.
178
vWorkspace Desktops
Access Timetable
DESCRIPTION If selected, you can specify a different access timetable setting than that of a desktop group. Click on the green grid to set a time schedule. If selected, choose from the following: Grant Permission Specifies the days of the week and the hours of the day when logons to the desktop computer are allowed. Deny Permission Specifies the days of the week and the hours of the day when logons to the desktop computer are not allowed.
179
User Privileges
DESCRIPTION If selected, you can specify a different level of user privileges for the users that log on to this desktop computer. At logon, the user is added to the desktop computers built-in Power Users local group. At logon, the user is added to the desktop computers built-in Administrators local group. At logon, the user is added to the desktop computers built-in Users local group.
180
vWorkspace Desktops
Inactivity Timeout
DESCRIPTION
Desktops can be automatically suspended when idle for a specified amount of time. Override group policy If selected, you can specify a different inactivity timeout setting than that of the parent desktop group. Select to enable automatic suspension of the desktop computer when inactive (user is logged off, but computer is still powered on), or if offline. Select to disable automatic suspension of the desktop computer when inactive (user is logged off, but computer is still powered on), or if offline.
Automatically suspend
181
Session Auto-Logoff
DESCRIPTION If selected, you can specify a different session auto-logoff setting than that of a desktop group. Enter the Module Name, and then click Add.
Enter the name, such as wuauclt.exe. Select after entering a name in the Module Name box. Select to remove items from the list.
182
vWorkspace Desktops
DESCRIPTION Enables administrators to modify the current memory and virtual disks configuration. Refreshes the current view of the window.
183
LOGOFF ACTION WINDOW Automatically reset the computer when the user logs off Do not automatically reset the computer
DESCRIPTION If selected, this computer with a nonpersistent disks is automatically reset. If selected, this computer is not automatically reset.
184
vWorkspace Desktops
Automated Tasks
DESCRIPTION Identifies the name of the task. Identifies the task that is to be completed. Indentifies the schedule to which the task is to be completed. Select to add a new scheduled task. See Schedule Tasks using the Automated Task Wizard for more information.
185
Session Protocol
DESCRIPTION Remote session protocol for this computer is set to RDP. Remote session protocol for this computer is set to RGS.
186
vWorkspace Desktops
Bandwidth Optimization
DESCRIPTION Enables support for bandwidth optimization for this computer. Disables support for bandwidth optimization for this computer.
187
Permissions
DESCRIPTION Lists users and groups who have permission to perform administrative tasks on this computer. Select a user or group to view their permissions.
Permissions
Lists permission for this computer and if they are allowed or denied for the selected user or group. For more information on permissions, see Permissions.
188
vWorkspace Desktops
How to ...
Create Sysprep Customizations for New Computers 1. 2. 3. 4. From the Syprep Customizations window on the Add Computers wizard, select the New icon (green plus sign). Click Next on the Welcome to the Sysprep Customization Wizard window. Enter a Name for this sysprep customization, and then click Next. Complete the information on the Import window, if you want to import an existing sysprep.inf file, and then click Next.
OR
If you do not want to import an existing file, click Next.
5. 6. 7.
Specify the Windows operating system on the Operating System window, and then click Next. Enter the Windows registration information of Owner and Organization on the Registration window, and then click Next. Select a Time Zone that is to be used when configuring Windows on the Time Zone window, and then click Next.
189
8.
Select one of the following on the Product Key window, and then click Next. a) Specify a single product key. b) Retrieve product keys from a text file. Use the ellipses to browse.
9.
Select either Per Server or Per Device or Per User on the Licensing Mode page, and then click Next.
10. Enter the Password for the administrator account for the desktops created in this group, on the Administrator Password window, and then click Next. 11. Select Workgroup or Domain where the computers are to be added on the Domain or Workgroup window. If you select Domain, you need to specify a user account that has permission to add a computer to the domain.
12. Enter the Active Directory Organization Unit Path to which the computers are to be added on the Active Directory Path, and then click Next. 13. Enter the path to the folder where the installation files are located. If you do not want a folder specified, you must delete the default value in the Path field. This is an optional step. The default is c:\sysprep\i386. You can change the value, or if you remove the entry, a value does not appear in the sysprep.
190
vWorkspace Desktops
14. Select one of the following options on the Regional Settings window, and then click Next: a) Use the default regional settings for the Windows version you are installing. b) Specify the regional settings. You need to select a default value for the language. 15. On the Languages window, select a different language in which the users can view the content, and then click Next. 16. Use the Run Once window to configure Windows to automatically run a command the first time a user logs on. a) Enter the command in the Command box, and click Add. b) Click Next when you are finished. 17. Enter an Identification String, which is written to the registry of the computer to assist in determining which sysprep object was used to customize a computer. Click Next. 18. Alter custom sysprep entries on the Custom Sysprep Entries window. This is an optional step. Click Next to go to the next window.
191
19. Review your entries on the Summary window and do one of the following: a) Click Back to make changes. b) Click Finish to create the desktops. c) Click Cancel to exit without saving the settings or creating the desktops.
How to ...
View Summary Information View Tasks for a Managed Computers View Logs for a Managed Computers View a Session by Remote Control
View Summary Information 1. 2. 3. 4. Open the vWorkspace Management Console. Navigate to the computer group to which the computer belongs, and highlight the computer group. Select the Computers tab in the information pane, and then highlight the computer. Click the Toggle Lower Pane button from the toolbar of the information pane. This enables the lower pane with three tabs, Summary, Tasks, and Log. 5. Select the Summary tab to view property information.
View Tasks for a Managed Computers 1. 2. 3. Open the vWorkspace Management Console. Navigate to the computer group to which the computer belongs, and highlight the computer group. Select the Computers tab in the information pane, and then highlight the computer.
192
vWorkspace Desktops
4.
Click the Toggle Lower Pane button on the toolbar of the information pane. This enables the lower pane with three tabs, Summary, Tasks, and Log.
5.
View Logs for a Managed Computers 1. 2. 3. 4. Open the vWorkspace Management Console. Navigate to the computer group to which the computer belongs, and highlight the computer group. Select the Computers tab in the information pane, and then highlight the computer. Click the Toggle Lower Pane button on the toolbar of the information pane. This enables the lower pane with three tabs, Summary, Tasks, and Log. 5. Select the Log tab to view.
View a Session by Remote Control 1. 2. 3. 4. Open the vWorkspace Management Console. Navigate to the computer group to which the computer belongs, and highlight the computer group. Select the Computers tab in the information pane, and then right-click on the computer. Select Remote Control Session. This option is grayed out for inactive sessions. Remote control can only be accomplished when initiated from one RDP session to another. You may receive a warning message indicating that this functionality is not available to you.
193
5.
Specify the command to be used to end the remote session on the Remote Session window, and then click OK.
Desktops Properties
The Properties option is used to set user and groups access permissions for the Desktops node. Permissions enable administrators to allow or deny actions for activities within the vWorkspace Management Console. Users and groups of users who are selected as system administrators have implicit allow permissions for all actions, and may add and remove other system administrators. See Administration for more on setting up permissions.
194
vWorkspace Desktops
Initialize Computer
When a managed computer (virtual or physical) is added to a computer group, the vWorkspace Data Collector Service must be installed to allow the managed computer to communicate properly with the vWorkspace enabled Connection Brokers. The process that accomplishes this is called the Initialize Computer task, and is initiated and executed by the Connection Broker. The Initialize Computer task is accomplished as follows: 1. The Connection Broker checks for the IP address of the computer to be initialized by querying the server (for power-managed computers), and for non-power managed computers, it checks for the issuing DNS or NetBIOS name resolution queries. Once the IP address of the target computer has been retrieved, the Connection Broker attempts to connect to the Data Collector service on that computer using TCP port 5203. If successful, it queries for the version of the Data Collector service. If the Connection Broker is unable to connect to the Data Collector service, or if the version of the Data Collector service on the target computer is older than that running on the Connection Broker, the Connection Broker attempts to install the newer version of the service by remotely connecting to the Windows Service Control Manager and system drive of the target desktop computer. It then stops the Data Collector service if it is running and copies the newer version of PNDCSVC.exe to the Windows\System32 folder. Once the file has been copied, the Connection Broker issues a remote command to start the Data Collector service. 4. Once the newly installed Data Collector service has been successfully started on the target computer, the Connection Broker again attempts to contact the Data Collector service on TCP port 5203. If the connection is successful, the Connection Broker passes the following information to the Data Collector service: List of all available Connection Brokers. Informs the Data Collector service to use TCP port 5201 when initiating connections to a Connection Broker. Encrypt the connections. Configured heartbeat interval (the interval at which the Data Collector service is to send status updates to the Connection Brokers).
2.
3.
195
License Mode for the vWorkspace infrastructure. Public Key to use for SSL encryption. Unique Computer ID assigned to that managed computer.
When an Initialize Computer task is unsuccessful, the Connection Broker considers the desktop unusable and marks it offline, making it unavailable to users. Some common causes of a failure include: Firewalls are blocking the communications between the Connection Broker and the managed computer. Name resolution issues. Insufficient privileges held on the managed computer. You need to be able to connect to the administrator file shares and have the privilege to create a service on the managed computer. The privilege is set in the Properties of the computer group, in Computer Administrative Account.
Initialization Triggers
The following events can trigger the Initialize Computer task: Successful Clone operation (VMware and Virtual Iron) Add/Import Desktops Missed Heartbeats
The ability to manually initialize a computer or multiple computers is available through the context menu option of the highlighted computers. Select the computer group under the Desktops node on the vWorkspace Management Console, and then highlight the computers that are to be initialized from the Computers tab of the information pane and right-click to select the Initalize option.
196
vWorkspace Desktops
DESCRIPTION Use this policy setting to automatically control membership into the Remote Desktop Users group. This is especially helpful when adding new managed computers hosted in the VMware environment.
197
MICROSOFT GROUP POLICY SETTINGS Always wait for the network at computer startup and logon
DESCRIPTION Use this policy to allow the network components of Windows to fully initialize and process Active Directory policy settings before allowing users to log on. Some communications between the managed computer and the Connection Broker may fail if this policy is not enabled. Use the following path to set this policy: Computer Configuration | Administrative Templates | System | Logon
Several firewall settings must be enabled and configured as both a domain profile and a standard profile. Use this path to set the following policies: Computer Configuration | Administrative Templates | Network | Network Connections | Windows Firewall Allow Remote Desktop Exception This policy must be enabled so that users can connect remotely. Allow File and Printer Sharing Exception This policy must be enabled so that PNTools can be installed remotely. Define Port Exceptions This policy must be enabled so that the vWorkspace Connection Broker can communicate with managed computers on TCP port 5203.
PNTools
PNTools is a set of executables, dynamic link libraries, and device drivers that provide features and management functionality required for managed computers in a vWorkspace infrastructure. PNTools must be installed on all computers, virtual or physical, which are being managed using Desktops.
198
vWorkspace Desktops
PNTools provides the following: Data Collector. Seamless window display mode. Up to 4096 x 2048 screen resolution. Quest vWorkspace Universal Print Driver. Quest vWorkspace USB Redirection. Accelerated Multimedia Playback. Full-fledged desktop or published application sessions. Multi-monitor support (only with seamless windows).
Microsoft Vista host machines require Microsoft Vista SP1 or higher to work with PNTools.
199
The Quest vWorkspace Print-IT Control Panel applet is installed on each virtual machine, allowing administrators to configure printer autocreation settings for Windows PC and laptop users. To support non-Windows clients and thin client terminals, the Print-IT print server extensions must be installed onto existing or dedicated print servers, and managed using the vWorkspace Management Console. See Universal Printing for more information on Print-IT.
200
vWorkspace Desktops
Installation
Any versions of PNTools that are previous to the vWorkspace 6.0 release must be removed before proceeding with the installation of vWorkspace 6.0.
The installation program for PNTools is located in the following folder on all Connection Brokers: %ProgramFiles%\Provision Networks\PNTools\pntools.msi There are several ways to install, upgrade, or uninstall PNTools: Use the PNTools | Install/Update from the context menu of a specific managed desktop group or managed desktop computer on the vWorkspace Management Console. Use the MSI Packages option from the Packaged Applications node of the vWorkspace Management Console to define a package for PNTools. See MSI Packages for more information. Use the Automated Tasks option. See Task Automation for more information. Manually install PNTools into the VMware virtual machine template. Use third-party software distributions.
201
202
9
Manage Applications
About Microsoft Terminal Server About Managed Computers About Virtualized Applications New Application Tool Publish Terminal Server Applications Publish a Managed Desktop Publish Managed Applications Publish Content Work with Published Applications
Overview
Before an application can be published and accessed by users, it first must be installed on the hosting machine. In a Quest vWorkspace infrastructure, the hosting machine can be any of the following: Microsoft Windows Terminal Server. Managed computer running Microsoft Windows XP or Vista. Virtualized application package stored on a Microsoft Application Virtualization server.
204
Manage Applications
205
How to ...
Start New Applications using Terminal Servers Node Start New Applications using the Desktops Node Start New Applications from the Resources Node
Start New Applications using Terminal Servers Node 1. 2. 3. 4. 5. Open the vWorkspace Management Console. Expand Locations and then the location name where the Terminal Sever is located. Highlight the Terminal Servers node. Select the Applications tab in the right-hand window. Select New Applications from either the toolbar or by the context menu which can be accessed by right-clicking in a blank area of the information pane.
Start New Applications using the Desktops Node 1. 2. 3. 4. 5. Open the vWorkspace Management Console. Expand Locations and then the location name where the computer group is located. Expand the Desktops node. Select the Managed Computer Group into which the application is to be published. Right-click on Managed Computer Group, and select New Application.
OR
In the details window pane on the right, click on the Managed Applications tab and select Actions | New Application in Group.
206
Manage Applications
Start New Applications from the Resources Node 1. 2. 3. Open the vWorkspace Management Console. Expand the Resource node, and click on Managed Applications. Right-click the Managed Applications node, and then select New Managed Application.
OR
In the Resources Managed Applications details window pane on the right, select New from either the Actions or the context menu.
207
4.
On the Application Type window, select the type of application, and then click Next.
5.
On the Publishing window, select Terminal Server(s) and select the servers on which to publish the application for a specified location, and then select Next.
208
Manage Applications
6.
Complete the following information on the Defaults window, and then click Next: a) If the application to be published is a virtualized application package stored on a SoftGrid server, click Select App-V/SoftGrid Application. b) Enter a Path, or select the ellipses to browse. c) Enter any arguments that you want to have passed to the application when started in the Arguments box. d) If the application requires a working directory, type its path in the Working Dir box.
209
7.
On the Server Specific window, enter server specific program specifications, as appropriate. Click Next.
210
Manage Applications
8.
On the Display Name window, enter a Display Name if you want the name that is displayed to the user to be different that what is in the Name box on the Application Name window. Click Next. On the Icon window, select an icon for the application, and then click Next.
9.
10. Specify the applications window state when started, on the Startup window, and then click Next.
211
11. Select the appropriate option (Desktop, Start Menu, Start Menu \Programs) for clients using AppPortal in desktop integrated mode on the Desktop Integration window, and then click Next. 12. Select the appropriate option on the Graphics Acceleration window, and then click Next. The Use default option refers to the default Graphics Acceleration option setting on the Managed Applications Properties window.
212
Manage Applications
13. Select Disabled on the Status tab if you do not want users to be able to connect to the application until a later time on the Enable/Disable window, and then click Next. 14. Complete the information, as appropriate, on the Workload Management window, and then click Next.
213
15. Specify any application restriction settings for this application, and then click Next.
214
Manage Applications
16. Select the Virtual-IP settings for this application, as appropriate, and click Next. The settings are: Virtual IP, Client IP, and Virtual Loopback. 17. Use the Client Assignment window to assign this application to clients, and then click Next.
18. Set Permissions as appropriate, and then click Finish. Publish Terminal Server Desktops The steps for publishing a shared Windows desktop hosted on a Terminal Server is exactly the same as that for publishing a shared application, except for the following exceptions: 1. The Application Type is set to Desktop. When this is done, no path, arguments, or working directory are needed, and the fields for these are not presented. The Startup section is not present. The Startup option is only available if the Type is Program. The Defaults and Server-Specific options are not available.
2. 3.
215
How to ...
Publish a Desktop to a Managed Computer Group 1. 2. 3. 4. 5. Navigate to the compute group where the desktop is to be published. Start the New Application from the context menu. On the Application Name window, specify a friendly name for the application in the Name box, and then click Next. On the Application Type window, select the type of application (Desktop), and then click Next. On the Publishing window, select Managed Computer Group, and then select the managed computer group from your location on which to publish the application. Click Next.
216
Manage Applications
6.
On the Display Name window, enter a Display Name if you want the name that is displayed to the user to be different that what is in the Name box on the Application Name window. Click Next. On the Icon window, select an icon for the application, and then click Next. Select the appropriate option (Desktop, Start Menu, Start Menu \Programs) for clients using AppPortal in desktop integrated mode on the Desktop Integration window, and then click Next. Select the appropriate option on the Graphics Acceleration window, and then click Next. The Use default option refers to the default Graphics Acceleration option setting on the Managed Applications Properties window.
7. 8.
9.
10. Select Enabled or Disabled to specify if this application is displayed on the client application list. 11. Use the Client Assignment window to assign this application to clients, and then click Next. 12. Set Permissions as appropriate and the Permissions window, and then click Next.
How to ...
Publish an Application 1. 2. 3. 4. 5. Navigate to the computer group where the desktop is to be published. Start New Application. Click Next on the Welcome to the Managed Application Wizard window. On the Application Name window, specify a friendly name for the application in the Name box, and then click Next. On the Application Type window, select the type of application (Program), and then click Next.
217
6.
On the Publishing window, select Managed Computer Group, and then select the managed computer group from your location on which to publish the application. Click Next. Complete the following information on the Defaults window, and then click Next: a) If the application to be published is a virtualized application package stored on a SoftGrid server, click Select SoftGrid Application. b) Enter a Path, or select the ellipses to browse. c) Enter any arguments that you want to have passed to the application when started in the Arguments box. d) If the application requires a working directory, type its path in the Working Dir box.
7.
8.
On the Display Name window, enter a Display Name if you want the name that is displayed to the user to be different that what is in the Name box on the Application Name window. Click Next. On the Icon window, select an icon for the application, and then click Next.
9.
10. Specify the applications window state when started, on the Startup window, and then click Next. 11. Select the appropriate option (Desktop, Start Menu, Start Menu \Programs) for clients using AppPortal in desktop integrated mode on the Desktop Integration window, and then click Next. 12. Select the appropriate option on the Graphics Acceleration window, and then click Next. The Use default option refers to the default Graphics Acceleration option setting on the Managed Applications Properties window. 13. Select Enabled or Disabled to specify if this application is displayed on the client application list. 14. Select Client Assignments to specific the clients that are to have access to this application. 15. Use the Client Assignment window to assign this application to clients, and then click Next. 16. Set permissions on the Permissions window, as appropriate and then click Finish.
218
Manage Applications
Publish Content
Traditionally in Windows networks, users have relied on network drive mappings, browsing, or corporate Web sites to get information. As networks grow in size and complexity these methods have become less efficient. Web based resources that are not located on the corporate network can require users to remember numerous and sometimes long URLs, or how to build efficient and effective search queries. Published content provides an easier way for users to access the information they need. When an administrator publishes content, the complete path to the resource is specified and is associated with an icon. This path can be in Universal Naming Convention (UNC) format or web based formats, such as http, https, ftp, ldap. The icon representing the content is passed down to the vWorkspace Client in the same manner as application and desktop icons. To access the content, the user simply clicks on the icon. The content path is passed to an application, based on Windows file type associations, capable of opening that type of content. For example, content using a UNC path would be opened with Windows Explorer, while content using http would be opened with Internet Explorer. The administrator has the option of specifying whether the application used resides on the client device or on a remote device. If you are using application deployment solution such as SoftGrid or Altiris, applications are published using the type Content. The process of publishing content is exactly the same as publishing an application hosted on a Terminal Server or desktop with the following exceptions: Type Select Content on the Application Type window of the Managed Application Wizard. Publishing Select Server if you want the content to be opened with an application installed on a Terminal Server. Use the Publishing window to select which Terminal Servers to use. Select Managed Computer Group if you want the content to be opened with an application installed on the client device. When this is chosen, the Application Restrictions, Virtual IP, and Workload Management windows are unavailable as they do not apply to desktops.
219
Path Enter the path to the content on the Defaults window. A UNC path can be either to a shared folder or a file within a shared folder.
Share, NTFS, and web permissions all apply when users try to access the content. Therefore, even though clients are listed in the published contents access control list, the client may still be denied access because of other permissions.
How to ...
Add Published Applications to a Terminal Server Add Published Applications to a Computer Group Modify Published Applications with Desktops Node Modify Published Applications on the Resources Node Duplicate a Published Application Delete a Published Application
Add Published Applications to a Terminal Server 1. 2. Open the vWorkspace Management Console. Expand Locations and then the location name where the Terminal Sever is located.
220
Manage Applications
3. 4. 5.
Click on the Terminal Servers node in which to add the existing published resources. In the information pane on the right, click on the Applications tab for the selected Terminal Server. Activate Select Applications to Publish on [Terminal_Server] from either the information pane toolbar, or the Publish Applications icon from the navigation pane toolbar, or from the context menu of the selected Terminal Server. A list of published resources is presented.
6.
Select each published resource you want to add to the server. To select a published resource, select the box to the left of Applications. Click Apply to make the changes without closing the window, or click OK to make the changes and to close the window.
7.
Add Published Applications to a Computer Group 1. 2. 3. 4. 5. Open the vWorkspace Management Console. Expand Locations and then the location name where the computer group is located. Expand the Desktops node. Select the name of the managed computer group. Use one of the following to activate the Select Applications to Publish: a) Right-click on the managed computer group.
221
b) Select the Managed Applications tab in the information pane, and then Actions| Select Applications to Publish in the information pane. c) Actions| Select Applications to Publish from the navigation pane. d) Click the Select Applications to Publish icon from the navigation pane. 6. 7. Select each published resource you want to add. To select all published resources, select the box to the left of Applications. Click Apply to make the changes without closing the window, or click OK to make the changes and to close the window.
Modify Published Applications with Terminal Servers Node 1. 2. 3. 4. 5. 6. 7. Open the vWorkspace Management Console. Expand Locations and then the location name where the Terminal Sever is located. Click on the Terminal Servers node in which to add the existing published resources. Click on the Applications tab located in the Terminal Servers information window pane. Right-click on the published resource to be modified, and then click Properties from the context menu. Navigate through the various windows to make the necessary changes. Click Apply to make the changes without closing the window, or click OK to make the changes and to close the window.
Modify Published Applications with Desktops Node 1. 2. 3. 4. 5. 6. 7. Open the vWorkspace Management Console. Expand Locations and then the location name where the computer group is located. Expand the Desktops node (you can also navigate to a specific datacenter or managed computer group). Click on the Managed Applications tab located in the Computer Services information pane. Right-click on the published resource to be modified, and then click Properties from the context menu. Navigate through the various tabs to make the changes, as appropriate. Click Apply to make the changes without closing the window, or click OK to make the changes and to close the window.
222
Manage Applications
Modify Published Applications on the Resources Node 1. 2. 3. 4. 5. Open the vWorkspace Management Console. Expand the Resources node, and then click on the Managed Applications node. Right-click on the published resource to be modified in the information pane, and then click Properties from the context menu. Navigate through the various tabs to make the changes, as appropriate. Click Apply to make the changes without closing the window, or click OK to make the changes and to close the window.
Duplicate a Published Application 1. 2. 3. 4. Open thevWorkspace Management Console. Navigate to the desired published application. Right-click on the published application, and select Duplicate from the context menu. Make the necessary changes using the appropriate windows.
5.
Click Apply to make the changes without closing the window, or click OK to make the changes and to close the window.
223
Delete a Published Application 1. 2. 3. 4. Open the vWorkspace Management Console. Navigate to the desired published application. Click the Delete on the toolbar or from the context menu. After reviewing the warning message, and then click Yes to delete or No to cancel.
224
10
Application Compatibility Enhancements
About Application Compatibility Enhancements How Redirect-IT Works Installation
2.
3.
226
Installation
Redirect-IT can only be installed on Microsoft Windows servers with Terminal Services installed in Application Server mode. The vWorkspace installer program installs Application Compatibility Enhancements (Redirect-IT) from the Power Tools for Terminal Servers features.
How to ...
Create a Registry Redirection Rule Create a File Redirection Rule Create a Folder Redirection Rule View a Redirection Rule Edit a Redirection Rule
Create a Registry Redirection Rule 1. Start the vWorkspace Management Console. It is best to run the vWorkspace Management Console from the Terminal Server where the application is installed, so that registry keys are available. 2. Right-click File & Registry Redirection from the navigation pane, and select New Redirection Rule.
OR
Select File & Registry Redirection from the navigation pane, and click the green + on the toolbar in the right pane.
227
3.
Select the Redirection Type Registry on the New Redirection Role window.
4. 5. 6. 7.
Type a new category or select an existing category from the drop-down list in the Category box. Enter a new name for the rule in the Rule Name box. Type a path and file name of the executable, or click the ellipses to browse to the executable in the Program box. Type the location of the registry key location that is to be redirected, or click the ellipses to browse to the location in the Original Registry Key box. Type the new path and file name, or click the ellipses to browse to the location where the key should be redirected in the New Registry Key box. Click OK.
8.
9.
Create a File Redirection Rule 1. Start the vWorkspace Management Console. It is best to run the vWorkspace Management Console from the Terminal Server where the application is installed, so that file is available.
228
2.
Right-click File & Registry Redirection from the navigation pane, and select New Redirection Rule.
OR
Select File & Registry Redirection from the navigation pane, and click the green + on the toolbar in the right pane. 3. 4. 5. 6. 7. 8. 9. Select the Redirection Type File on the New Redirection Role window. Type a new category, or select an existing category from the drop-down list in the Category box. Enter a new name for the rule in the Rule Name box. Type a path and file name of the executable, or click the ellipses to browse to the executable in the Program box. Type the path and file name of the existing location of the file, or click the ellipses to browse to the file in the Original File box. Type the path and file name, or click the ellipses to browse to the location where the file is to be redirected in the New File box. Select Copy original file(s) to new folder if it doesnt already exist, if appropriate.
10. Click OK. Create a Folder Redirection Rule 1. Start the vWorkspace Management Console. It is best to run the vWorkspace Management Console from the Terminal Server where the application is installed, so that file is available. 2. Right-click File & Registry Redirection from the navigation pane, and select New Redirection Rule.
OR
Select File & Registry Redirection from the navigation pane, and click the green + on the toolbar in the right pane. 3. 4. 5. 6. Select the Redirection Type Folder on the New Redirection Role window. Type a new category, or select an existing category from the drop-down list in the Category box. Enter a new name for the rule in the Rule Name box. Type a path and file name of the executable, or click the ellipses to browse to the executable in the Program box.
229
7. 8. 9.
Type the path and file name of the existing location of the folder, or click the ellipses to browse to the file in the Original Folder box. Type the path and file name, or click the ellipses to browse to the location where the folder is to be redirected in the New Folder box. Select Copy original file(s) to new folder if it doesnt already exist, if appropriate.
10. Click OK. View a Redirection Rule 1. Start the vWorkspace Management Console. It is best to run the vWorkspace Management Console from the Terminal Server where the application is installed, so that file is available. 2. 3. Select File & Registry Redirection from the navigation pane. View the details on the information pane.
Edit a Redirection Rule 1. Start the vWorkspace Management Console. It is best to run the vWorkspace Management Console from the Terminal Server where the application is installed, so that file is available. 2. 3. 4. Select File & Registry Redirection from the navigation pane. On the information pane, right-click on the Redirection rule that is to be changed, and then select Properties. Edit the redirection rule as appropriate.
230
11
Virtual IP
About Virtual IP Installation
About Virtual IP
Virtual IP enables each user instance of a legacy application to be bound to a distinct IP address. This allows many legacy applications to run concurrently and reliably on Terminal Servers. The following features are supported by Virtual IP: Virtual IP Assigns a unique IP address to each instance of a configured application running on Terminal Servers. Client IP Uses the client device IP address as a unique identifier for each instance of a configured application running on Terminal Servers. Virtual Loopback Assigns a unique loopback address to each instance of a configured application running on Terminal Servers. Logging Enables logging of Virtual IP activity on a Terminal Server.
Installation
Virtual IP can only be installed on Microsoft Windows servers with Terminal Services installed in Application Server mode. The vWorkspace installer program installs Virtual IP from the Power Tools for Terminal Servers features.
How to ...
Enable Virtual IP on a Terminal Server Configure Virtual IP Address Ranges Configure Applications
Enable Virtual IP on a Terminal Server You can enable Virtual IP on Terminal Servers by doing one of the following procedures, either using Terminal Server Properties or Virtual IP Server Configuration. Terminal Server Properties 1. 2. 3. Start the vWorkspace Management Console. Expand Locations, and then expand the location in which the Terminal Server is located. Expand Terminal Servers and right-click on the selected Terminal Server, and then select Properties.
232
Virtual IP
4. 5. 6. 1. 2.
Select the Virtual IP tab on the Terminal Servers Properties window. Select the Virtual IP features to be enabled, and then click OK. Repeat the above steps for each Terminal Server. Start the vWorkspace Management Console. Expand Virtual IP, and then click Server Configuration.
3.
Click Show only Virtual IP Enabled Servers or Show All Servers. Your selection controls which servers appear in the server list. Select the Virtual IP features to be enabled, by server, and then click Update Virtual IP Servers.
4.
Configure Virtual IP Address Ranges Each Terminal Server must be configured with an appropriate range of IP addresses. Follow these guidelines when configuring Virtual IP address ranges: Virtual IP address ranges must be compatible with the IP subnet to which the Terminal Server is attached.
233
Do not include IP addresses that are already statically assigned to other computers on the network. Do not include IP addresses that are part of existing DHCP server scopes. Do include enough IP addresses in the range to account for the maximum number of concurrent instances expected for a configured application. Start the vWorkspace Management Console. Expand the Virtual IP node, and click Address Range. Click Add in the Virtual IP Address Ranges pane.
4. 5. 1.
Enter the appropriate values for Starting Address, Ending Address, and Subnet Mask. Click OK. On the Virtual IP Address Ranges pane, click on the ellipses at the end of the Master Range or right-click on Master IP Range.
234
Virtual IP
2.
Right-click the Master Range, and select Add Server(s) to Master Range from the context menu.
3.
In the list of servers presented in the window, select the boxes associated with the servers to be added to the master range and press OK. Enter the number of addresses to allocate to each selected server and press OK. Right-click the Terminal Server that is to be modified from the Virtual IP Address Ranges pane, and then select the appropriate option. The options include: Remover Server Allocation for Server Set Allocations for All Servers in Master Range to Equally Allocate Addresses to All Servers in Master Range Manually Edit Ranges
4.
Configure Applications 1. 2. Expand the Virtual IP node, and then select Application Configuration. Click Show All Applications on the Virtual IP Applications pane.
235
3.
Select Virtual IP, Client IP, or Virtual Loopback for each application, as appropriate.
4.
236
12
vWorkspace Additional Components
Overview Password Reset Service Proxy-IT
Overview
The vWorkspace installation Additional Components features consist of the following: vWorkspace Management Console Password Reset Service RDP Gateway (Proxy-IT)
The vWorkspace Management Console is discussed in detail in the vWorkspace Management Console chapter. The other features are discussed in this chapter.
How to ...
Install the Password Reset Service Configure the Password Reset Service Configure Password Management in AppPortal Configure Password Management in Web Access
Execute the start.exe installation program. Click Next on the Welcome window. Accept the License agreement. Select Hosted Desktops and Terminal Servers (Enterprise Edition), and then Additional Components.
5. 6.
Select Password Reset Service. Click Next and complete the installation.
Configure the Password Reset Service Use the following steps to configure the Password Reset Service. 1. Use the following path to open the Password Manager Control Panel applet. Start | Control Panel | Provision Networks Password Manager 2. 3. On the General tab, enter the TCP Port. Click the Lock icon by Certificate Name.
4. 5. 6. 7. 8.
Select the certificate on the Select Certificate window, and then click OK. If you want to use logging, select the Logging tab and select Enable trace logging to the specified file. Enter the path and file name for the log file. Click OK on the Password Management Properties window. Start the vWorkspace Password Management Service.
Configure Password Management in AppPortal 1. 2. Open the AppPortal client. Use the following path to open the Farm Connections window: Actions | Manage Connections
239
3.
If you are configuring Password Management on an existing farm, do the following: a) Select Modify existing farm on the Select Farm window, and then select the farm that is to be edited from the list. b) Select Password Management from the left pane, and complete the information as appropriate. c) Click OK.
4.
If you are configuring Password Management on a new farm, do the following: a) Select Create new farm on the Select Farm window. b) Select Password Management from the left pane, and complete the information as appropriate. c) Click OK when you have entered the farm information as appropriate. Selecting OK closes the Select Farm window.
240
Configure Password Management in Web Access This option can only be configured as a global setting. 1. 2. Select Password Management under the Authentication options on the Web Access Management Console. Enter a Domain using the NetBIOS name of the Password Management server.
3. 4. 5. 6.
Enter the Server (FQDN). The host name, NetBIOS name, or IP address can be used in this field. Enter a Port number, and then click Add. The usual number to use is 443. Repeat the above steps to add multiple Password Management servers. Click Save Changes.
Proxy-IT
Non-Win32 RDP-capable client devices, such as a Mac, thin clients, or other devices running proprietary, open source, or third-party RDP client software, can leverage Proxy-IT to connect to a load-balanced Provision-IT Terminal Server farm without requiring additional client software. Proxy-IT is designed to deliver more connectivity options for accessing Microsoft Windows Terminal Servers from legacy, non-Win32, open source, or third-party RDP devices, with no differences for the make or the model. Multiple Proxy-IT servers can be clustered using Microsoft Network Load Balancing (NLB) or another third-party load balancing switch.
241
Proxy-IT listens for client requests on a configured TCP port, which is port 3389 by default.
It is recommended that the current version of Proxy-IT be used with Microsoft Session Directory to enable users to reconnect to their disconnected sessions.
How to ...
Install Proxy-IT 1. 2. 3. 4. 5. Execute the start.exe installation program. Click Next on the Welcome window. Accept the License agreement. Select the appropriate option on the Licensing Mode window. Select Additional Components, and then select RDP Gateway (Proxy-IT). If vWorkspace installation program detects an application Terminal Server, the Proxy-IT option is not available for selection. 6. Click Next and complete the installation.
Configure Proxy-IT 1. Open the vWorkspace Proxy-IT applet from the Control Panel.
242
2.
Complete the information on the Proxy-IT Properties window as appropriate, and then click Apply.
Enter the TCP port. The default is 3389. Enter a number of minutes. A value of 0 indicates that connections never time out.
Connection Broker Settings Connect to broker on this TCP port Connect to broker using SSL Enable NAT support for firewall traversal Server Logging
Use Add Server to add the IP addresses or host names. Enter the TCP port associated with the Connection Broker settings. Select if connecting using SSL. Select if network address translation is being used. Select to enable trace logging, and then enter the file name or use the folder button to browse to the file.
243
Proxy-IT Prerequisites
The following items are required: All Proxy-IT servers must be Microsoft Windows Enterprise Server 2003 and they can not be configured for the multi-users application mode. Proxy-IT uses RDP port 3389 for its service, making it impossible to administer the server remotely. However, you can remap the local RDP listener to alternative port, such as 3390 or 2290 to allow for remote administration. Administrators can connect to this server using mstsc.exe by adding the alternative port.
The RDP port needs to be remapped in the following registry location: HKLM\SYSTEM\CurrentControlSet\Control\TerminalServer\ WinStation \RDP-TCP
1. 2. 3. 4.
Value: PortNumber Type: REG_DWORD Data: 0x000003d3 (3389) Change this value to something else, such as 3390 or 2290. Reboot the server.
244
Install Proxy-IT
Install Proxy-IT according to the licensing scheme that you purchased. If the option for RDP Gateway (Proxy-IT) is not available, you have Terminal Services application mode installed. You must uninstall Terminal Services application mode before installing Proxy-IT. Use the following steps to use Proxy-IT with Session Directory Service. Enable Session Directory Service To enable Session Directory Services, you must enable the service on all of your Proxy-IT servers. Use the following steps to complete this task: 1. 2. 3. Open up the Services plug-in: Start | Run| Services.msc Scroll to the Terminal Services Session Directory and set it to automatic. Start the service. These steps need to be completed on all of your Proxy-IT servers. Enable Session Directory on Terminal Services Use the following steps to enable Session Directory Services on all of your Terminal Servers: 1. 2. Open the Terminal Services Configuration plug-in, and go to the Server Settings Node. Right-click on the Session Directory and select Enable. These steps need to be completed on all of your Terminal Servers.
245
3.
Enable the Session Directory Server setting, and then in Session Directory Server, type the name of the server where the Terminal Server Session Directory service is running. Enable the Session Directory Cluster Name setting, and then in Session Directory Cluster Name, type the name of the cluster to which the Terminal Server belongs. Optionally, enable the Terminal Server IP Address Redirection setting. This policy should only be applied to the Terminal Servers, so you may need to create a separate OU for them to reside.
4.
5.
Using Terminal Services 1. Open Terminal Services Configuration by using the following path: Start | Control Panel | Administrative Tools | Terminal Services Configuration 2. 3. 4. 5. 6. Click Server Settings in the console tree. Right-click Session Directory in the details pane, and then click Properties. Select the Join session directory checkbox. In Cluster name, type the name of the Terminal Server cluster. In Session directory server name, type the DNS name or IP address of the domain server where the Terminal Services Session Directory service is running. The server name must be a valid server name, and cannot be left blank. 7. Select an IP address and network adapter form the Network adapter and IP address session directory should redirect users to list.
246
8.
Optionally, unselect the IP address redirection (uncheck for routing token redirection) to have client devices reconnect to disconnected sessions by using the virtual IP address of the terminal server cluster. This option is selected by default, which enables clients to reconnect by using the individual IP addresses for the terminal servers in the Session Directory. You should unselect this option if clients have visibility only to the virtual IP address of the cluster and cannot connect to the IP address of an individual terminal server.
247
248
13
Virtualization Servers
Overview Virtualization Servers
Overview
Quest vWorkspace is able to provide a comprehensive list of provisioning, brokering, management, access, and security solutions, especially when implementing desktops that are to be managed as virtual machines. In order to provide this comprehensive functionality, the vWorkspace Connection Broker uses methods provided in the vendors Software Developer Kit (SDK) to pass commands and queries to the Virtualization Servers. A Virtualization Server is a Windows or Linux based computer system used to centrally manage one or more physical servers enabled with computer virtualization technology, and the virtual machines being hosted and executed on them. In Quest vWorkspace, support for the following virtualization server systems is offered: VMware VirtualCenter Server, Virtual Iron Virtualization Manager, and Parallels Virtuozzo Containers (master nodes). vWorkspace Connection Brokers integrate with virtualization servers by Software Developer Kits (SDK) provided by the vendor. The APIs are exposed as a Web service on virtualization servers that are accessed using the J2SE components installed on Connection Brokers. This Web site is protected using Secure Socket Layer (SSL) with VMware VirtualCenter Server requiring the virtualization servers digital server certificate to be placed into a keystore on the Connection Broker. Communication attempts fail without this keystore being placed on the Connection Broker. To enable vWorkspace Connection Brokers to work with virtualization servers, the following configuration steps must be completed. 1. Install the Integration with VMware VI3 and Virtual Iron, Integration with Microsoft Hyper-V, or the Integration with Parallels Virtuozzo subfeature on all Connection Brokers in the vWorkspace farm. If HTTPS is being used as the communication protocol between the Connection Broker and the virtualization server, a Java keystore containing the virtualization server, server certificate must be created on each Connection Broker in the vWorkspace farm. This is required for VMware VirtualCenter Server, but optional for Virtual Iron. 3. Add the virtualization server connections using the vWorkspace Management Console using the Virtualization Server wizard.
2.
250
Virtualization Servers
Virtualization Servers
Connections to virtualization servers are configured using the Virtualization Servers wizard located in the vWorkspace Management Console, a context menu option for Locations, or by selecting the Virtualization Servers icon from the toolbar. Once the Virtualization Servers option is selected, the system opens the Virtualization Servers window, if other virtualization servers have been defined, or the Virtualization Server wizard if no server have been defined. The following information is included on the Virtualization Servers window.
Type
The type of the virtualization server. The types are: Virtual Iron VMware VirtualCenter Server Parallels Virtuozzo
The alias name of the virtualization server. The Uniform Resource Locator (URL) path used by the Connection Broker to communicate with the virtualization server. This option opens the Virtualization Server wizard so that new virtualization server connections can be added.
New
251
Properties
This option allows the vWorkspace administrator to make changes to the configuration of the selected virtualization server. This option deletes the virtualization servers record from the database. This option updates the display list of virtualization server connection entries.
Delete Refresh
How to ...
Add Virtualization Server Connections The Virtualization Server wizard is used to add new entries to the virtualization server connections. Use the following information to complete the Virtualization Server wizard. 1. Open the vWorkspace Management Console and right-click on the Locations node and then select Virtualization Servers or, select the Virtualization Servers icon from the toolbar. The Virtualization Server wizard appears. If you have previously added virtualization servers, the Virtualization Servers window appears. To add a new virtualization server, click on the green plus sign (+), and the Virtualization Server wizard is presented. 2. Enter the appropriate information on the Name and System Type window, and then click Next.
252
Virtualization Servers
Enter the friendly name that is used when referring to the virtualization server. Select one of the virtualization server types.
3.
Enter the appropriate information on the Server URL/Name and Credentials window, and then click Next.
253
Server URL
Enter the URL path to the virtualization server. For Virtual Iron, the URL must be in the format: http://servername or IP Address OR tcp://servername or IP Address For VMware VirtualCenter Server, the URL must be in the format: https://servername or IP Address/sdk For Parallels Virtuozzo, the URL must be in the format: https://servername:port
254
Virtualization Servers
Name
Enter the name of a user account that has the required access permissions to the target server specified in the Server URL field. For a Windows domain account, use: DomainName\UserName Note: For a system type of Virtual Iron that is installed on Linux, the user names are case sensitive.
Enter the case sensitive password. Confirm the previously entered password.
4.
Enter the appropriate information on the Other Settings window, and then click Finish.
Shutdown Guest OS Use the drop-down list to specify the number of guest operation system shutdown commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of guest operation system restart commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of Update PNTools commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of Initialize Computer commands that can be sent to the virtualization server from the Connection Broker at one time.
Restart Guest OS
Update PNTools
Initialize
255
Connection Timeout
Use the drop-down to specify the amount of time that the Connection Broker waits for a response from the virtualization server. Default option is 30 Seconds. For medium to large production environments where the virtualization server is busy, you may need to set the Connection Timeout to two or three minutes. Note: A Connection Timeout error does not necessarily mean that the task requested by the Connection Broker has failed. It may be that the virtualization server is too busy to report the successful completion of the operation in a timely manner.
The following options are only supported on virtualization servers with the type of VMware VirtualCenter Server, Microsoft Hyper-V, and Parallels Virtuozzo. Note: The Clone option does not apply to Microsoft Hyper-V. Power On Use the drop-down list to specify the number of virtual machine power on commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of virtual machine power off commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of guest operation system suspend commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of guest operation system resume commands that can be sent to the virtualization server from the Connection Broker at one time.
Power Off
Suspend
Resume
256
Virtualization Servers
Reset
Use the drop-down list to specify the number of guest operation system reset commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of delete virtual machine operations that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of clone virtual machine operations that can be sent to the virtualization server from the Connection Broker at one time. Note: The Clone option does not apply to Microsoft Hyper-V.
Delete
Clone
257
258
14
VMware Integration
Overview Connect to VMware VirtualCenter Servers Disk and Memory Persistence Data Centers Computer Groups Power Management
Overview
The following VMware integrated features are available in vWorkspace: Import Datacenters from VirtualCenter. Manage virtual machine power states. Automated desktop and server provisioning using VMware VirtualCenter templates. Guest Windows OS customization. Distribute managed computers and servers across multiple resource pools and datastores. Configure memory and disk persistence.
VMware Integration
To configure disk and memory persistence for an individual computer, do one of the following: Set the options on the Configuration window, which is located on the Computer Properties window. This window is presented when selecting Properties for a computer, or when creating a new computer. Highlight the computer group in the navigation pane, and then click on the Summary tab in the information pane. Select Actions | Reconfigure. Highlight the computer group in the navigation pane, and then click on the Computers tab in the information pane. Right-click on the computer and select Reconfigure from the context menu. Set the Logoff Action properties for the computer, as appropriate. The Logoff Action property, if enabled, resets the computer when a user logs off.See Managed Computers for more information.
To configure disk and memory persistence for a computer group, do one of the following: Right-click on the computer group in the navigation pane, and then select Reconfigure Computers.
261
Highlight Desktops, and then select the Groups tab. Select Actions | Reconfigure Computers.
Highlight the computer group in the navigation pane and click on the Summary tab in the information pane. Select Actions | Reconfigure Computers.
Set the Logoff Action properties for the computer group, as appropriate. The Logoff Action property, if enabled, resets the computers in the group when users log off. See Computer Groups for more information
Data Centers
Data centers are used to organize and manage, as a single entity, datastores, templates, and virtual machines that are hosted on VMware ESX servers. Multiple data centers can exist in a single Vmware VirtualCenter Infrastructure. In order to manage the desktops hosted in the VMware VirtualCenter environment, the data centers must be imported into the vWorkspace database.
How to ...
Add a Data Center using the Datacenter Wizard 1. 2. 3. 4. From the Datacenter wizard Welcome window, click Next. Click Edit Virtualization Servers. The Virtualization Server wizard is presented. Click Next on the Welcome window. Enter the appropriate information on the Name and System Type window, and then click Next.
262
VMware Integration
Enter the friendly name that is used when referring to the virtualization server. Select VMware VirtualCenter Server.
5.
Enter the appropriate information on the Server URL/Name and Credentials window, and then click Next.
263
Server URL
Name
Enter the name of a user account that has the required access permissions to the target server specified in the Server URL field. For a Windows domain account, use: DomainName\UserName
Enter the case sensitive password. Confirm the previously entered password.
An error in the connection with a VMware VirtualCenter server is usually related to an incorrect VMware VirtualCenter connection configuration, or the absence of a keystore file on the machine in which you are running the Datacenter wizard. If an error occurs, check the VMware VirtualCenter connection configuration. If that is correct, check for a keystore file on this machine, at the following location: C:\Program Files\Quest Software\vWorkspace\VMware-Certs
6.
Enter the appropriate information on the Other Settings window, and then click Finish.
Shutdown Guest OS Use the drop-down list to specify the number of guest operation system shutdown commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of guest operation system restart commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of Update PNTools commands that can be sent to the virtualization server from the Connection Broker at one time.
Restart Guest OS
Update PNTools
264
VMware Integration
Initialize
Use the drop-down list to specify the number of Initialize Computer commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down to specify the amount of time that the Connection Broker waits for a response from the virtualization server. Default option is 30 Seconds. For medium to large production environments where the virtualization server is busy, you may need to set the Connection Timeout to two or three minutes. Note: A Connection Timeout error does not necessarily mean that the task requested by the Connection Broker has failed. It may be that the virtualization server is too busy to report the successful completion of the operation in a timely manner.
Connection Timeout
Power On
Use the drop-down list to specify the number of virtual machine power on commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of virtual machine power off commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of guest operation system suspend commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of guest operation system resume commands that can be sent to the virtualization server from the Connection Broker at one time.
Power Off
Suspend
Resume
265
Reset
Use the drop-down list to specify the number of guest operation system reset commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of delete virtual machine operations that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of clone virtual machine operations that can be sent to the virtualization server from the Connection Broker at one time.
Delete
Clone
Computer Groups
Computer groups are containers of desktops that can be managed together. The following computer groups properties are associated with VMware VirtualCenter Server.
VMWARE MANAGED COMPUTER GROUP PROPERTY Group Name System Type Datacenter Computer Administrative Account Enable/Disable
DESCRIPTION
Name of the managed desktop group. System type for the computers in this group. Datacenter in which the computers in this group belong. Name of the user account that is used when performing administrative tasks on the desktop computers within this group. Connection requests to computers in this group my be temporarily suspended, if enabled.
266
VMware Integration
DESCRIPTION
Used to permanently assign users to specific computers. The two types of user assignment are: Persistent A permanent desktop is assigned to the user. Temporary A free desktop is assigned on a temporary basis to the user, and then is available to be used again at user logoff. A client type can be assigned to the computers in the group based on the following: User Device Name Device Address Organizational Unit Group Note: Since users can be in more than one group or organization unit, administrators must manually assign individual computers to users if client assignment is based on Group or Organizational Unit. Assign computers using the Client Assignment window for the specified computer. See Managed Computers for more information on this window.
Used to restrict access to the computers in this group based on day and time. Automatically assigns users to local security groups. This policy is useful when provisioning desktop workspace to users that require elevated privileges.
Session Auto-Logoff
Automatically logs off user sessions. This policy is for users that start published applications and not full desktops. If enabled, vWorkspace automatically logs off when the last published application is closed. This eliminates the potential issue of applications remaining in memory, thus never really terminating.
Inactivity Timeout
Automatically suspends computers in the group when they are inactive. 267
DESCRIPTION
Automatically resets the computers in this group when the user logs off. Automatically expands the group to accommodate an increase in users to ensure there is always a minimum number of free computers available at all times. Schedule tasks to be completed at specified times. Specify the protocol for remote user sessions for this group, either RDP or RGS. Specify if bandwidth optimization is enabled or disabled for this computer group. Specify permissions for this computer group. Select from the options available as to the finish process for this group.
VMware customizations, available from the Managed Computer Group wizard, enable administrators to specify items such as where new computers are stored and how they are named. The following customization settings can be specified for each managed computer group that belongs to a VMware type data center.
VMWARE CUSTOMIZATION SETTING Template
DESCRIPTION Indicates the name of the virtual machine template in the VirtualCenter inventory that is used when adding new managed computers to the group. Indicates the name of the folder in the VirtualCenter inventory where newly created managed desktop computers are located.
Folder
268
VMware Integration
DESCRIPTION Specifies how newly created managed virtual machines are distributed among the available datastores in VirtualCenter. The options are: Equal The desktops are distributed equally across the selected datastores. Free Space The desktops are distributed across the selected datastores proportion to the available free space on the datastores. Weighted The desktops are distributed across the selected datastores based on the percentages specified. Manual The desktops to be created are specified for each datastore.
Datastore(s)
Indicates the names of the Resource Pools and Datastores and the allocation percentages of the VirtualCenter inventory selected for storage of newly created managed computers within this group. Base Name Indicates the base name that is used when constructing the Windows computer name that is assigned to the newly created managed desktop computers added to the group. Base Name Start Value Indicates the starting numeric value that is added to the base name when constructing the Windows computer name that is assigned to the newly created managed desktop computers added to the group. Base Name Increment Indicates the numeric value by which subsequent Windows computer names are incremented when new managed desktop computers are added to the group. Re-use Names Indicates whether previously generated Windows computer names can be reused if the managed desktop computer has been deleted.
Naming Conventions
Specifies the memory configuration used with this computer group. Specifies how the disk is configured for this computer group.
269
How to ...
Add Computer Groups to a VMware Type 1. Administrators can activate the Computer Group wizard from the vWorkspace, Desktops node any of the following ways: Expand the location to which the computer group is to be added, right-click on the Desktops node, and then select New Computer Group.
OR
Expand the location to which the computer group is to be added, and highlight the Desktops node. Select New Computer Group from the Actions menu on the toolbar in the navigation pane, from the New Computer Group icon in the toolbar of the navigation pane, or from the Actions menu on the Desktops information pane. 2. 3. 4. 5. Click Next on the Welcome to the Computer Group wizard. Enter the name of the computer group in the Group Name field on the Group Name window, and then click Next. Select VMWare VirtualCenter Server on the System Type window. Select the datacenter from the Datacenter window that this computer group belongs, and then click Next. If there are no datacenters listed, click Import and the Datacenter wizard is presented. Complete the wizard as follows: a) Click Next on the Welcome window of the Datacenter wizard. b) Select VMware VirtualCenter Server on the Virtualization Type window, and then click Next. c) Select the datacenter from the list on the Virtualization Server window, and then click Next. If there are no datacenters listed, click Edit Virtualization Servers, and the Virtualization Servers window appears. d) Click New on the Virtualization Servers window. e) Click Next on the Welcome window. f) Enter a name for the server and select VMware VirtualCenter Server on the Name and System Type window, and then click Next.
270
VMware Integration
g) Enter necessary information in the following format on the Server URL/Name and Credentials window, and then click Next.
Server URL Name https://servername or IP Address/sdk Enter the name of a user account that has the required access permissions to the target server specified in the Server URL field. For a Windows domain account, use: DomainName\UserName Password Confirm Password Enter the case sensitive password. Confirm the previously entered password.
h) Enter the appropriate information on the Other Settings window, and then click Finish.
Shutdown Guest OS Use the drop-down list to specify the number of guest operation system shutdown commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of guest operation system restart commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of Update PNTools commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of Initialize Computer commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of virtual machine power on commands that can be sent to the virtualization server from the Connection Broker at one time.
Restart Guest OS
Update PNTools
Initialize
Power On
271
Power Off
Use the drop-down list to specify the number of virtual machine power off commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of guest operation system suspend commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of guest operation system resume commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of guest operation system reset commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of delete virtual machine operations that can be sent to the virtualization server from the Connection Broker at one time. This function is only available with the system type of VMware VirtualCenter Server. Use the drop-down list to specify the number of clone virtual machine operations that can be sent to the virtualization server from the Connection Broker at one time.
Suspend
Resume
Reset
Delete
Clone
272
VMware Integration
Connection Timeout
Use the drop-down to specify the amount of time that the Connection Broker waits for a response from the virtualization server. Default option is 30 Seconds. For medium to large production environments where the virtualization server is busy, you may need to set the Connection Timeout to two or three minutes. Note: A Connection Timeout error does not necessarily mean that the task requested by the Connection Broker has failed. It may be that the virtualization server is too busy to report the successful completion of the operation in a timely manner.
i) Highlight the newly added server, and then click Close on the Virtualization Servers window. You are returned to the Datacenter wizard, Virtualization Server window. Highlight the server, and then click Next. j) Select the datacenter to import, and then click Finish to complete the Datacenter wizard. 6. Do the following on the Computer Administrative Account window: a) Specify an Account on the Desktop Administrative Account window. This account is used to perform administrative tasks. It must be a member of the local administrators group on the desktops. b) Enter the Password and then enter it again to confirm the administrative user account password, and then click Next. 7. On the Enable/Disable window, select Enabled or Disabled to specify if connection requests to computers in this group may be temporarily suspended, and then click Next. On the Client Assignment window, select Persistent or Temporary to specify how free computers are assigned at logon. If a client type is to be assigned to the computers in this group, select one of the following, and then click Next. User Device Name Device Address
273
8.
Since users can be in more than one group or organization unit, administrators must manually assign individual computers to users if client assignment is based on Group or Organizational Unit. Assign computers manually by using the Client Assignment window for the specified computer. See Managed Computers for more information on this window.
9.
On the Access Timetable window, click on the green grid to restrict access to the computers in this group. The Edit Timetable window appears. a) Click on the days and times, and then click Grant Permission or Deny Permission, as appropriate. b) Click OK. c) Click Next on the Access Timetable window.
10. Select Power Users, Administrators, or None to automatically add the users to one of those groups on the User Privileges window, and then click Next. 11. On the Session Auto-Logoff window, enter processes that if found to be running after the user closes all published applications, results in an automatic user session log off, and then click Next. 12. Select the option to automatically suspend computers in this group that are inactive, on the Inactivity Timeout window, and then click Next. 13. Select the checkbox on the Logoff Action window to automatically reset computers when a user logs off. If this option is enable for computers with nonpersistent disks, the disks are reverted to their original state at user log off. 14. To automatically expand the group based on a number of users, do the following on the Auto-Expand window: a) Select Enable auto-expansion. b) Enter a number of minimum computers to be available at all times. c) Enter a number of maximum computers to be available to this group. d) Click Next. 15. On the Task Automation window, select New. The Automated Task Wizard appears, or click Next to move to the next window without completing any automated tasks. 16. Click Next on the Welcome to the Automated Task Wizard.
274
VMware Integration
17. Complete the Automated Task Wizard: a) Enter a Name for this scheduled task, and then click Next. b) Select the Task, and then click Next. c) Select one of the parameters used to complete this task, and then click Next. d) Specify the schedule for this task to be completed, and then click Finish. 18. Select the appropriate session protocol, either RDP or RGS for this computer group on the Session Protocol window, and then click Next. 19. Specify if bandwidth optimization is to Enable or Disabled on the Bandwidth Optimization window, and then click Next. 20. Specify computer permissions for this group, as appropriate, and then click Next on the Permissions window. 21. On the Finish window, do one of the following: a) Select the Create new computers from a master template to add new desktops to the group and enter the number of desktops to create. Complete the process using the Add Computers tool. See Add Computers to a Computer Group for VMware. b) Select Import existing computers from VMware VirtualCenter to add computers by importing existing virtual machines and complete the process using Import Existing Computers into a Group. c) Select Do nothing. I will create or import computers later to create the desktops at a later time. 22. Click Finish. Once managed computer groups are established, their properties and policies can be viewed and modified from the vWorkspace Management Console simply by right-clicking on the managed computer group, and selecting Properties.
275
Add Computers to a Computer Group for VMware 1. Start the Add Computers tool by doing one of the following: a) Select the Create new desktops from a master template on the Finish window of the Computer Group wizard.
OR
b) Select the computer group from the vWorkspace Management Console and do one of the following: 2. 3. Right-click on the managed computer group and select Add Computers. Select the Add Computers icon from the navigation pane toolbar. Select Add Computers from the Actions menu on the navigation pane. Select Add Computers from the Actions menu on the information pane of the datacenter.
Click Next on the Welcome to the Add Computers Wizard window. Type a number into the Enter the number of computers to create field on the Number of Computers to Create window, and then click Next. Select a template from the list on the Template window, and click Next. If there are no templates listed or to update the list, click Import. Select a folder to which the new computers are placed on the Folder window, and click Next. If the list is empty or to update the list, click Import. Select one or more resource pools and datastores on the Resource Pools/Datastores window. This is where the virtual machine disk files are to be stored. If the list is empty or to update the list, click Import. a) To change the distribution method, click the Distribution button on the toolbar above the list of datastores. Complete the information on the Datastore Distribution Method window as appropriate. b) Click Next.
4.
5.
6.
7.
Select the method for assigning a computer name to the new desktop computers in Source on the Naming Conventions window. If Specify the base name is selected, do the following: a) Type the text string in the Base Name field.
276
VMware Integration
b) Select a value from the Start numeric value at and increment by fields. c) Select Re-use the names of deleted desktops, if appropriate. If Specify a text file containing names is selected, do the following: a) Type the path and file name of the text file containing the list of computer names in the Names File field. b) Enter a text string that is prepended to the beginning of computer names in the Prefix field, if appropriate. c) Enter a text string that is appended to the end of computer names in the Suffix field, if appropriate. 8. 9. Click Next. On the Sysprep Customizations window, do one of the following, and then click Next: a) To use Microsofts System Preparation tools, select Specify sysprep customizations. The computers in this group will be powered on after they are created. b) Select a sysprep from the list, or click New to create a new sysprep. See Create Sysprep Customizations for New Computers for more information. c) To not use Microsofts System Preparation tools, select Do not specify sysprep customizations. The desktops in this group will not be powered on after they are created. 10. Select the checkbox to reconfigure the computers memory and disk persistence after the cloning on the Configure Computers window, if appropriate, then do the following: a) Select Reconfigure Memory, and mover the slider to adjust for the memory value. b) Select Wait for users to log off before reconfiguring the computer, if appropriate. c) Select the Virtual Disks tab, and select Reconfigure Virtual Disks, and select First disk only or All disks. Select the Disk Mode, and set it to one of the following: Persistent Independent and Persistent Independent and Nonpersistent
11. Select either Start Immediately or Schedule for (and enter a date and time) on the Options window, and then click Next.
277
12. Review and confirm the information on the Finish window, and do one of the following: a) Click Back to make changes. b) Click Finish to create the desktops. c) Click Cancel to exit without saving the settings or creating the desktops.
278
VMware Integration
VMware Inventory
View:New
View:Existing
OK
How to ...
Import Existing Computers into a Group 1. 2. Open the vWorkspace Management Console. Select the computer to which the import is to be added, and start the Computer Group wizard by doing one of the following: Right-click on the computer group and select Import/Re-sync computers. Click the Import/Re-sync computers icon from the toolbar in the navigation pane.
279
Select Actions | Import/Re-sync computers from the menu on the navigation pane. Select Import/Re-sync computers from the Actions menu on the computer groups information pane. Select Import existing desktops from VMware from the Finish window of the Computer Group wizard, and then click Finish, if you are completing the Computer Group wizard.
3. 4. 5. 6. 7.
Complete the Import/Re-sync Desktops control options as appropriate. Select the appropriate options on the Select Action frame. Select the appropriate View option (New or Existing) on the VMware Inventory frame. Select the virtual machines that are to be imported on the VMware Inventory frame. Click OK to start the import.
Power Management
Managed computers that are members of VMware enabled data centers are considered to be power managed computers. This means that the power state can be changed, either automatically by the Connection Broker or manually by an administrator using the vWorkspace Management Console. vWorkspace Connection Brokers periodically query their configured VMware VirtualCenter servers for the current power state of managed computers running as virtual machines, using calls and functions provided by the VMware SDK.
280
VMware Integration
vWorkspace Connection Brokers can also submit commands to change the power state of a given virtual machine. For example, when a user attempts to connect to a managed computer running as a virtual machine and that virtual machine is powered off, the Connection Broker automatically sends a command to VirtualCenter to power on the machine. Once the virtual machine is powered on and the operating system has loaded, the user is then connected to the desktop and log on. The power states of VMware based virtual machines that can be manipulated with the vWorkspace Management Console are: Power On Powers the virtual machine on in the same way as using the power switch on a physical computer. Power Off Powers the virtual machine off in the same way as using the power switch on a physical computer. Reset Powers the virtual machine off and then on again in the same way as using the reset switch on a physical computer. Resume Reawakens a virtual machine that has been in a suspended state. Suspend Suspend saves the system state and working set of the virtual machine to disk before powering off. When resumed, the computer is returned to the state it was in before being suspended. This option is faster since the operating system does not have to go through the complete load and initialization process. Shut Down OS Gracefully shuts down the guest operating system in the same way as using the Shut Down function in Windows. Restart OS Same as the Restart option in Windows. Log Off User Logs the user off in a graceful manner. The user is prompted to save any unsaved data. Reset Session Closes all programs that are running and deletes the session from the server that is running Terminal Services. This can be used if a session is not functioning correctly, or if the session has stopped responding.
281
282
15
Virtual Iron Integration
Overview Data Centers Computer Groups Import Existing Desktops into a Group Power Management
Overview
This section describes the range of desktop management and provisioning features offered by vWorkspace for Virtual Iron environments.
Data Centers
Data centers are used to organize and manage as a single entity, datastores, templates, and virtual machines that are hosted on Virtual Iron servers. Multiple data centers can exist in a single Virtual Iron Infrastructure. In order to manage the desktops hosted in the Virtual Iron environment, the data centers must be imported into the vWorkspace database.
How to ...
Add a Data Center using the Datacenter Wizard 1. 2. 3. 4. From the Datacenter wizard Welcome window, click Next. Click Edit Virtualization Servers. The Virtualization Server wizard is presented. Click Next on the Welcome window. Enter the appropriate information on the Name and System Type window, and then click Next.
284
Enter the friendly name that is used when referring to the virtualization server. Select Virtual Iron.
5.
Enter the appropriate information on the Server URL/Name and Credentials window, and then click Next.
Server URL
Enter the URL path to the virtualization server. http://servername or IP Address OR tcp://servername or IP Address
285
Name
Enter the name of a user account that has the required access permissions to the target server specified in the Server URL field. For a Windows domain account, use: DomainName\UserName Note: For a system type of Virtual Iron that is installed on Linux, the user names are case sensitive.
Enter the case sensitive password. Confirm the previously entered password.
6.
Enter the appropriate information on the Other Settings window, and then click Finish.
Shutdown Guest OS Use the drop-down list to specify the number of guest operation system shutdown commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of guest operation system restart commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of Update PNTools commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of Initialize Computer commands that can be sent to the virtualization server from the Connection Broker at one time.
Restart Guest OS
Update PNTools
Initialize
286
Connection Timeout
Use the drop-down to specify the amount of time that the Connection Broker waits for a response from the virtualization server. Default option is 30 Seconds. For medium to large production environments where the virtualization server is busy, you may need to set the Connection Timeout to two or three minutes. Note: A Connection Timeout error does not necessarily mean that the task requested by the Connection Broker has failed. It may be that the virtualization server is too busy to report the successful completion of the operation in a timely manner.
Computer Groups
Computer groups are containers of desktops that can be managed together. Computer groups are containers of desktops that can be managed together. The following computer groups properties are associated with Virtual Iron.
VIRTUAL IRON MANAGED COMPUTER GROUP PROPERTY Group Name System Type Datacenter Computer Administrative Account Enable/Disable
DESCRIPTION
Name of the managed desktop group. System type for the computers in this group. Datacenter in which the computers in this group belong. Name of the user account that is used when performing administrative tasks on the desktop computers within this group. Connection requests to computers in this group my be temporarily suspended, if enabled.
287
DESCRIPTION
Used to permanently assign users to specific computers. The two types of user assignment are: Persistent A permanent desktop is assigned to the user. Temporary A free desktop is assigned on a temporary basis to the user, and then is available to be used again at user logoff. A client type can be assigned to the computers in the group based on the following: User Device Name Device Address Organizational Unit Group Note: Since users can be in more than one group or organization unit, administrators must manually assign individual computers to users if client assignment is based on Group or Organizational Unit. Assign computers using the Client Assignment window for the specified computer. See Managed Computers for more information on this window.
Used to restrict access to the computers in this group based on day and time. Automatically assigns users to local security groups. This policy is useful when provisioning desktop workspaces to users that require elevated privileges.
Session Auto-Logoff
Automatically logs off user sessions. This policy is for users that start published applications and not full desktops. If enabled, vWorkspace automatically logs off when the last published application is closed. This eliminates the potential issue of applications remaining in memory, thus never really terminating.
288
DESCRIPTION
Automatically expands the group to accommodate an increase in users to ensure there is always a minimum number of free computers available at all times. Schedule tasks to be completed at specified times. Specify the protocol for remote user sessions for this group, either RDP or RGS. Specify if bandwidth optimization is enabled or disabled for this computer group. Specify permissions for this computer group. Select from the options available as to the finish process for this group.
Virtual Iron customizations enable administrators to specify items such as where new desktop computers are stored and how they will be named. The following customization settings can be specified for each managed computer group that belongs to a Virtual Iron type data center.
VIRTUAL IRON CUSTOMIZATION SETTING Disk Group Distribution Method
DESCRIPTION Specifies how newly created managed virtual machines are distributed among the available disk groups in Virtual Iron datacenters. The options are: Equal The desktops are distributed equally across the selected datastores. Free Space The desktops are distributed across the selected datastores proportion to the available free space on the datastores. Weighted The desktops are distributed across the selected datastores based on the percentages specified. Manual The desktops to be created are specified for each datastore.
Disk Group(s)
Indicates the names and allocation of percentages of the disk groups in the Virtual Iron inventory selected for storage of newly created managed computers within this group. 289
DESCRIPTION Indicates the name of the virtual machine template in the Virtual Iron inventory that is used when adding new managed computers to the group. Indicates the base name that is used when constructing the Windows computer name that is assigned to the newly created managed desktop computers added to the group. Indicates the starting numeric value that is added to the base name when constructing the Windows computer name that is assigned to the newly created managed desktop computers added to the group. Indicates the numeric value by which subsequent Windows computer names are incremented when new managed desktop computers are added to the group. Indicates whether previously generated Windows computer names can be reused if the managed desktop computer has been deleted.
Base Name
Re-Use Names
How to ...
Add Computer Groups to a Virtual Iron Type Add Computers to a Computer Group for Virtual Iron
Add Computer Groups to a Virtual Iron Type 1. Administrators can activate the Computer Group wizard from the vWorkspace, Desktops node any of the following ways: Expand the location to which the computer group is to be added, right-click on the Desktops node, and then select New Computer Group.
OR
Expand the location to which the computer group is to be added, and highlight the Desktops node. Select New Computer Group from the Actions menu on the toolbar in the navigation pane, from the New Computer Group icon in the toolbar of the navigation pane, or from the Actions menu on the Desktops information pane.
290
2. 3. 4. 5.
Click Next on the Welcome to the Computer Group wizard. Enter the name of the computer group in the Group Name field on the Group Name window, and then click Next. Select Virtual Iron on the System Type window. Select the datacenter from the Datacenter window that this computer group belongs, and then click Next. If there are no datacenters listed, click Import and the Datacenter wizard is presented. Complete the wizard as follows: a) Click Next on the Welcome window of the Datacenter wizard. b) Select Virtual Iron on the Virtualization Type window, and then click Next. c) Select the datacenter from the list on the Virtualization Server window, and then click Next. If there are no datacenters listed, click Edit Virtualization Servers, and the Virtualization Servers window appears. d) Click New on the Virtualization Servers window. e) Click Next on the Welcome window. f) Enter a name for the server and select Virtual Iron on the Name and System Type window, and then click Next. g) Enter necessary information in the following format on the Server URL/Name and Credentials window, and then click Next.
Server URL Name https://servername or tcp://servername Enter the name of a user account that has the required access permissions to the target server specified in the Server URL field. For a Windows domain account, use: DomainName\UserName Password Confirm Password Enter the case sensitive password. Confirm the previously entered password.
291
h) Enter the appropriate information on the Other Settings window, and then click Finish.
Shutdown Guest OS Use the drop-down list to specify the number of guest operation system shutdown commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of guest operation system restart commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of Update PNTools commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of Initialize Computer commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down to specify the amount of time that the Connection Broker waits for a response from the virtualization server. Default option is 30 Seconds. For medium to large production environments where the virtualization server is busy, you may need to set the Connection Timeout to two or three minutes. Note: A Connection Timeout error does not necessarily mean that the task requested by the Connection Broker has failed. It may be that the virtualization server is too busy to report the successful completion of the operation in a timely manner.
Restart Guest OS
Update PNTools
Initialize
Connection Timeout
i) Highlight the newly added server, and then click Close on the Virtualization Servers window. You are returned to the Datacenter wizard, Virtualization Server window. Highlight the server, and then click Next.
292
j) Select the datacenter to import, and then click Finish to complete the Datacenter wizard. 6. Do the following on the Computer Administrative Account window: a) Specify an Account on the Desktop Administrative Account window. This account is used to perform administrative tasks. It must be a member of the local administrators group on the desktops. b) Enter the Password and then enter it again to confirm the administrative user account password, and then click Next. 7. On the Enable/Disable window, select Enabled or Disabled to specify if connection requests to computers in this group may be temporarily suspended, and then click Next. On the Client Assignment window, select Persistent or Temporary to specify how free computers are assigned at logon. If a client type is to be assigned to the computers in this group, select one of the following, and then click Next. User Device Name Device Address Organizational Unit Group
8.
Since users can be in more than one group or organization unit, administrators must manually assign individual computers to users if client assignment is based on Group or Organizational Unit. Assign computers manually by using the Client Assignment window for the specified computer. See Managed Computers for more information on this window.
9.
On the Access Timetable window, click on the green grid to restrict access to the computers in this group. The Edit Timetable window appears. a) Click on the days and times, and then click Grant Permission or Deny Permission, as appropriate. b) Click OK. c) Click Next on the Access Timetable window.
10. Select Power Users, Administrators, or None to automatically add the users to one of those groups on the User Privileges window, and then click Next.
293
11. On the Session Auto-Logoff window, enter processes that if found to be running after the user closes all published applications, results in an automatic user session log off, and then click Next. 12. To automatically expand the group based on a number of users, do the following on the Auto-Expand window: a) Select Enable auto-expansion. b) Enter a number of minimum computers to be available at all times. c) Enter a number of maximum computers to be available to this group. d) Click Next. 13. On the Task Automation window, select New. The Automated Task Wizard appears, or click Next to move to the next window without completing any automated tasks. 14. Click Next on the Welcome to the Automated Task Wizard. 15. Complete the Automated Task Wizard: a) Enter a Name for this scheduled task, and then click Next. b) Select the Task, and then click Next. c) Select one of the parameters used to complete this task, and then click Next. d) Specify the schedule for this task to be completed, and then click Finish. 16. Select the appropriate session protocol, either RDP or RGS for this computer group on the Session Protocol window, and then click Next. 17. Specify if bandwidth optimization is to Enable or Disabled on the Bandwidth Optimization window, and then click Next. 18. Specify computer permissions for this group, as appropriate, and then click Next on the Permissions window. 19. Do one of the following on the Finish window: a) Select the Create new computers from a master template to add new computers to the group and enter the number of desktops to create. Complete the process using the Add Computers tool. See Add Computers to a Computer Group for Virtual Iron. b) Select Import existing computers from Virtual Iron to add desktops by importing existing virtual machines and complete the process using Import Existing Desktops into a Group. c) Select Do nothing. I will create or import computers later to create the desktops at a later time.
294
20. Click Finish. Once managed computer groups are established, their properties and policies can be viewed and modified from the vWorkspace Management Console simply by right-clicking on the managed computer group, and selecting Group Properties. Add Computers to a Computer Group for Virtual Iron 1. Start the Add Computers tool by doing one of the following: a) Select the Create new desktops from a master template on the Finish window of the Computer Group wizard.
OR
b) Select the computer group from the vWorkspace Management Console and do one of the following: 2. 3. Right-click on the managed computer group and select Add Computers. Select the Add Computers icon from the navigation pane toolbar. Select Add Computers from the Actions menu on the navigation pane. Select Add Computers from the Actions menu on the information pane of the datacenter.
Click Next on the Welcome to the Add Computers Wizard window. Type a number into the Enter the number of computers to create field on the Number of Computers to Create window, and then click Next. Select a template from the list on the Template window, and click Next. If there are no templates listed or to update the list, click Import. Select a disk group or groups to which the new computers are placed on the Disk Groups window, and click Next. If the list is empty or to update the list, click Import. a) To change the distribution method, click the Distribution button on the toolbar above the list of datastores. Complete the information on the Datastore Distribution Method window as appropriate. b) Click Next.
4.
5.
6.
Select the method for assigning a computer name to the new desktop computers in Source on the Naming Conventions window.
295
If Specify the base name is selected, do the following: a) Type the text string in the Base Name field. b) Select a value from the Start numeric value at and increment by fields. c) Select Re-use the names of deleted desktops, if appropriate. If Specify a text file containing names is selected, do the following: a) Type the path and file name of the text file containing the list of computer names in the Names File field. b) Enter a text string that is prepended to the beginning of computer names in the Prefix field, if appropriate. c) Enter a text string that is appended to the end of computer names in the Suffix field, if appropriate. 7. 8. Click Next. On the Sysprep Customizations window, do one of the following, and then click Next: a) To use Microsofts System Preparation tools, select Specify sysprep customizations. The computers in this group will be powered on after they are created. b) Select a sysprep from the list, or click New to create a new sysprep. See Create Sysprep Customizations for New Computers for more information. c) To not use Microsofts System Preparation tools, select Do not specify sysprep customizations. The desktops in this group will not be powered on after they are created. 9. Select either Start Immediately or Schedule for (and enter a date and time) on the Options window, and then click Next.
10. Review and confirm the information on the Finish window, and do one of the following: a) Click Back to make changes. b) Click Finish to create the desktops. c) Click Cancel to exit without saving the settings or creating the desktops.
296
View:New
View:Existing
OK
297
Import Existing Desktops into a Group 1. 2. Open the vWorkspace Management Console. Select the computer to which the import is to be added, and start the Computer Group wizard by doing one of the following: Right-click on the computer group and select Import/Re-sync computers. Click the Import/Re-sync computers icon from the toolbar in the navigation pane. Select Actions | Import/Re-sync computers from the menu on the navigation pane. Select Import/Re-sync computers from the Actions menu on the computer groups information pane. Select Import existing desktops from Virtual Iron from the Finish window of the Computer Group wizard, and then click Finish, if you are completing the Computer Group wizard.
3. 4. 5. 6. 7.
Complete the Import/Re-sync Desktops control options as appropriate. Select the appropriate options on the Select Action frame. Select the appropriate View option (New or Existing) on the VMware Inventory frame. Select the virtual machines that are to be imported on the Virtual Iron Inventory frame. Click OK to start the import.
298
Power Management
Managed computers that are members of Virtual Iron data centers are considered to be power-managed computers. This means that the power state can be changed, either automatically by the Connection Broker or manually by an administrator using the vWorkspace Management Console. Power On Powers the virtual machine on in the same way as using the power switch on a physical computer. Power Off Powers the virtual machine off in the same way as using the power switch on a physical computer. Reset Powers the virtual machine off and then on again in the same way as using the reset switch on a physical computer. Shut Down OS Gracefully shuts down the guest operating system in the same way as using the Shut Down function in Windows. Restart OS Same as the Restart option in Windows. Log Off User Logs the user off in a graceful manner. The user is prompted to save any unsaved data. Reset Session Closes all programs that are running and deletes the session from the server that is running Terminal Services. This can be used if a session is not functioning correctly, or if the session has stopped responding.
299
300
16
Microsoft Hyper-V Integration
Overview Hyper-V Broker Helper Service Hosts Computer Groups Power Management
Overview
Virtual machines running on Microsoft Hyper-V servers are supported in vWorkspace. Virtual machines can be added from Hyper-V servers, and their power states controlled directly from the vWorkspace Management Console.
Installation Tips
If you plan to install and use the vWorkspace Connection Broker in conjunction with Microsoft Hyper-V, Microsoft .NET Framework 3.0 or higher and Windows PowerShell must be installed on the target computer. Otherwise, the setup program warns of the .NET 3.0 prerequisite, requiring you to install it before proceeding. Some vWorkspace releases offer the option to install .NET Framework 3.0 as part of the setup process. For Hyper-V servers, please note that the .NET Framework 3.0 and Windows PowerShell are standard features with Windows Server 2008. To enable it, run Server Manager and select the Features node. In the right pane, select Add Features.
302
The Broker Helper Service for Hyper-V listens on TCP port 9000, by default, for requests from the Connection Broker. An inbound rule must be created to allow for successful communication if the Windows Firewall with Advanced Security is enabled. Create a rule by using the Windows Firewall with Advanced Security management console from the start menu, or by entering the following command in an elevated command prompt.
Hosts
Hosts are used to organize and manage, as a single entity, datastores, templates, and virtual machines that are hosted on Microsoft Hyper-V servers. Multiple hosts can exist in a single infrastructure. In order to manage the desktops hosted in the Microsoft Hyper-V environment, the hosts must be added into the vWorkspace database. Add a Host using the Hyper-V Host Wizard 1. 2. From the Hyper-V Host wizard Welcome window, click Next. Enter the appropriate information on the Name and System Type window, and then click Next.
303
Enter the friendly name that is used when referring to the virtualization server. Select Microsoft Hyper-V.
3.
Enter the appropriate information on the Server URL/Name and Credentials window, and then click Next.
304
Server URL
Enter the URL path to the virtualization server. net.tcp://servername or IP Address:port Note: The default port for Microsoft Hyper-V is 9000.
Name
Enter the name of a user account that has the required access permissions to the target server specified in the Server URL field. For a Windows domain account, use: DomainName\UserName
Enter the case sensitive password. Confirm the previously entered password.
305
4.
Enter the appropriate information on the Other Settings window, and then click Finish.
Shutdown Guest OS Use the drop-down list to specify the number of guest operation system shutdown commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of guest operation system restart commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of Update PNTools commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of Initialize Computer commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down to specify the amount of time that the Connection Broker waits for a response from the virtualization server. Default option is 30 Seconds. For medium to large production environments where the virtualization server is busy, you may need to set the Connection Timeout to two or three minutes. Note: A Connection Timeout error does not necessarily mean that the task requested by the Connection Broker has failed. It may be that the virtualization server is too busy to report the successful completion of the operation in a timely manner. Power On Use the drop-down list to specify the number of virtual machine power on commands that can be sent to the virtualization server from the Connection Broker at one time.
Restart Guest OS
Update PNTools
Initialize
Connection Timeout
306
Power Off
Use the drop-down list to specify the number of virtual machine power off commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of guest operation system suspend commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of guest operation system resume commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of guest operation system reset commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of delete virtual machine operations that can be sent to the virtualization server from the Connection Broker at one time.
Suspend
Resume
Reset
Delete
Computer Groups
Computer groups are containers of desktops that can be managed together. The following computer groups properties are associated with Microsoft Hyper-V.
HYPER-V MANAGED DESKTOP GROUP PROPERTY Group Name System Type Computer Administrative Account Enable/Disable
DESCRIPTION
Name of the managed desktop group. System type for the computers in this group. Name of the user account that is used when performing administrative tasks on the desktop computers within this group. Connection requests to computers in this group my be temporarily suspended, if enabled. 307
DESCRIPTION
Used to permanently assign users to specific computers. The two types of user assignment are: Persistent A permanent desktop is assigned to the user. Temporary A free desktop is assigned on a temporary basis to the user, and then is available to be used again at user logoff. A client type can be assigned to the computers in the group based on the following: User Device Name Device Address Organizational Unit Group Note: Since users can be in more than one group or organization unit, administrators must manually assign individual computers to users if client assignment is based on Group or Organizational Unit. Assign computers using the Client Assignment window for the specified computer. See Computer Groups for more information on this window.
Used to restrict access to the computers in this group based on day and time. Automatically assigns users to local security groups. This policy is useful when provisioning desktop workspace to users that require elevated privileges. The options are: Power Users Administrators None
308
DESCRIPTION
Automatically logs off user sessions. This policy is for users that start published applications and not full desktops. If enabled, vWorkspace automatically logs off when the last published application is closed. This eliminates the potential issue of applications remaining in memory, thus never really terminating.
Inactivity Timeout Task Automation Session Protocol Bandwidth Optimization Permissions Finish
Automatically suspends computers in the group when they are inactive. Schedule tasks to be completed at specified times. Specify the protocol for remote user sessions for this group, either RDP or RGS. Specify if bandwidth optimization is enabled or disabled for this computer group. Specify permissions for this computer group. Select from the options available as to the finish process for this group.
How to ...
Add Computer Groups to a Microsoft Hyper-V Type 1. Administrators can activate the Computer Group wizard from the vWorkspace, Desktops node any of the following ways: Expand the location to which the computer group is to be added, right-click on the Desktops node, and then select New Computer Group.
OR
Expand the location to which the computer group is to be added, and highlight the Desktops node. Select New Computer Group from the Actions menu on the toolbar in the navigation pane, from the New Computer Group icon in the toolbar of the navigation pane, or from the Actions menu on the Desktops information pane. 2. 3. Click Next on the Welcome to the Computer Group wizard. Enter the name of the computer group in the Group Name field on the Group Name window, and then click Next.
309
4. 5.
Select Microsoft Hyper-V on the System Type window. Do the following on the Computer Administrative Account window: a) Specify an Account on the Desktop Administrative Account window. This account is used to perform administrative tasks. It must be a member of the local administrators group on the desktops. b) Enter the Password and then enter it again to confirm the administrative user account password, and then click Next.
6.
On the Enable/Disable window, select Enabled or Disabled to specify if connection requests to computers in this group may be temporarily suspended, and then click Next. On the Client Assignment window, select Persistent or Temporary to specify how free computers are assigned at logon. If a client type is to be assigned to the computers in this group, select one of the following, and then click Next. User Device Name Device Address Organizational Unit Group
7.
Since users can be in more than one group or organization unit, administrators must manually assign individual computers to users if client assignment is based on Group or Organizational Unit. Assign computers manually by using the Client Assignment window for the specified computer. See Managed Computers for more information on this window.
8.
On the Access Timetable window, click on the green grid to restrict access to the computers in this group. The Edit Timetable window appears. a) Click on the days and times, and then click Grant Permission or Deny Permission, as appropriate. b) Click OK. c) Click Next on the Access Timetable window.
9.
Select Power Users, Administrators, or None to automatically add the users to one of those groups on the User Privileges window, and then click Next.
310
10. On the Session Auto-Logoff window, enter processes that if found to be running after the user closes all published applications, results in an automatic user session log off, and then click Next. 11. Select the option to automatically suspend computers in this group that are inactive, on the Inactivity Timeout window, and then click Next. 12. On the Task Automation window, select New. The Automated Task Wizard appears, or click Next to move to the next window without completing any automated tasks. 13. Click Next on the Welcome to the Automated Task Wizard. 14. Complete the Automated Task Wizard: a) Enter a Name for this scheduled task, and then click Next. b) Select the Task, and then click Next. c) Select one of the parameters used to complete this task, and then click Next. d) Specify the schedule for this task to be completed, and then click Finish. 15. Select the appropriate session protocol, either RDP or RGS for this computer group on the Session Protocol window, and then click Next. 16. Specify if bandwidth optimization is to Enable or Disabled on the Bandwidth Optimization window, and then click Next. 17. Specify computer permissions for this group, as appropriate, and then click Next on the Permissions window. 18. On the Finish window, do one of the following: a) Select Import existing computers from Hyper-V hosts to add computers by importing existing virtual machines and complete the process using Import Existing Computers into a Group. b) Select Do nothing. I will create or import computers later to create the desktops at a later time. 19. Click Finish. Once managed computer groups are established, their properties and policies can be viewed and modified from the vWorkspace Management Console simply by right-clicking on the managed computer group, and selecting Properties.
311
312
DESCRIPTION If selected, managed desktop computers are removed from the selected managed desktop group if they no longer exist in the data center. This control displays a list of folders and virtual machines available in the Microsoft Hyper-V data center inventory. If selected, displays a list of virtual machines that have not yet been imported into the managed desktop group. If selected, displays a list of virtual machines that have previously been imported into the managed desktop group. If selected, the chosen virtual machines are imported into the current managed desktop group as managed desktop computers. The Initialize Computer task is automatically started for each desktop computer successfully imported.
View:New
View:Existing
OK
Cancel
If selected, the Import/Re-sync selections are discarded, and the window is closed.
How to ...
Import Existing Desktops into a Group 1. 2. Open the vWorkspace Management Console. Select the computer to which the import is to be added, and start the Computer Group wizard by doing one of the following: 3. 4. Right-click on the computer group and select Import/Re-sync computers. Click the Import/Re-sync computers icon from the toolbar in the navigation pane. Select Actions | Import/Re-sync computers from the menu on the navigation pane. Select Import/Re-sync computers from the Actions menu on the computer groups information pane.
Complete the Import/Re-sync Desktops control options as appropriate. Select the appropriate options on the Select Action frame.
313
5. 6. 7.
Select the appropriate View option (New or Existing) on the VMware Inventory frame. Select the virtual machines that are to be imported on the Microsoft Hyper-V Inventory frame. Click OK to start the import.
Power Management
The power states of Microsoft Hyper-V based virtual machines that can be manipulated with vWorkspace are: Power On Powers the virtual machine on in the same way as using the power switch on a physical computer. Power Off Powers the virtual machine off in the same way as using the power switch on a physical computer. Reset Powers the virtual machine off and then on again in the same way as using the reset switch on a physical computer. Resume Reawakens a virtual machine that has been in a suspended state. Suspend Suspend saves the system state and working set of the virtual machine to disk before powering off. When resumed, the computer is returned to the state it was in before being suspended. This option is faster since the operating system does not have to go through the complete load and initialization process. Shut Down OS Gracefully shuts down the guest operating system in the same way as using the Shut Down function in Windows. Restart OS Same as the Restart option in Windows. Log Off User Logs the user off in a graceful manner. The user is prompted to save any unsaved data. Reset Session Closes all programs that are running and deletes the session from the server that is running Terminal Services. This can be used if a session is not functioning correctly, or if the session has stopped responding.
314
17
Parallels Virtuozzo Integration
Overview About Parallels Virtuozzo Computer Groups Power Management
Overview
This section describes the range of desktop management and provisioning features offered by vWorkspace for Parallels Virtuozzo Containers version 4.0 environments.
316
Computer groups can be added to locations by selecting Desktops from the location in the vWorkspace Management Console. For more information on Parallel Virtuozzo computer groups, see Computer Groups. Add computers to the established computer groups by using the Add Computers wizard. See Add Computers to a Computer Group for Parallels Virtuozzo for more information.
Parallels Virtuozzo Containers disables the startup of certain Microsoft Windows services by default, including ones that are required for vWorkspace. You need to set the type to Enterprise, to prevent the disabling of certain Window services. Please also refer to the Parallels Virtuozzo knowledge base article, http://kb.parallels.com/1007, for more information.
How to ...
Import Virtuozzo Slave Nodes Add Independent Virtuozzo Nodes
Import Virtuozzo Slave Nodes 1. 2. 3. Click Next on the Import Virtuozzo Nodes Welcome window. Click Edit Virtualization Servers on the Master Node window. The Virtuozzo Master Node wizard is presented. Click Next on the Virtuozzo Master Node Wizard Welcome window.
317
4. 5.
Click Next on the Welcome window. Enter the appropriate information on the Name and System Type window, and then click Next.
Enter the friendly name that is used when referring to the virtualization server. Select Parallels Virtuozzo.
6.
Enter the appropriate information on the Server URL/Name and Credentials window, and then click Next.
318
Server URL
Name
Enter the name of a user account that has the required access permissions to the target server specified in the Server URL field. For a Windows domain account, use: DomainName\UserName
Enter the case sensitive password. Confirm the previously entered password.
7.
Enter the appropriate information on the Other Settings window, and then click Finish.
Shutdown Guest OS Use the drop-down list to specify the number of guest operation system shutdown commands that can be sent to the virtualization server from the Connection Broker at one time.
319
Restart Guest OS
Use the drop-down list to specify the number of guest operation system restart commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of Update PNTools commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of Initialize Computer commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down to specify the amount of time that the Connection Broker waits for a response from the virtualization server. Default option is 30 Seconds. For medium to large production environments where the virtualization server is busy, you may need to set the Connection Timeout to two or three minutes. Note: A Connection Timeout error does not necessarily mean that the task requested by the Connection Broker has failed. It may be that the virtualization server is too busy to report the successful completion of the operation in a timely manner.
Update PNTools
Initialize
Connection Timeout
Power On
Use the drop-down list to specify the number of virtual machine power on commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of virtual machine power off commands that can be sent to the virtualization server from the Connection Broker at one time.
Power Off
320
Suspend
Use the drop-down list to specify the number of guest operation system suspend commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of guest operation system resume commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of guest operation system reset commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of delete virtual machine operations that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of clone virtual machine operations that can be sent to the virtualization server from the Connection Broker at one time.
Resume
Reset
Delete
Clone
Add Independent Virtuozzo Nodes 1. 2. Click Next on the Virtuozzo Independent Node Wizard Welcome window. Enter the appropriate information on the Name and System Type window, and then click Next.
321
Enter the friendly name that is used when referring to the virtualization server. Select Parallels Virtuozzo.
3.
Enter the appropriate information on the Server URL/Name and Credentials window, and then click Next.
322
Server URL
Name
Enter the name of a user account that has the required access permissions to the target server specified in the Server URL field. For a Windows domain account, use: DomainName\UserName
Enter the case sensitive password. Confirm the previously entered password.
4.
Enter the appropriate information on the Other Settings window, and then click Finish.
Shutdown Guest OS Use the drop-down list to specify the number of guest operation system shutdown commands that can be sent to the virtualization server from the Connection Broker at one time. 323
Restart Guest OS
Use the drop-down list to specify the number of guest operation system restart commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of Update PNTools commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of Initialize Computer commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down to specify the amount of time that the Connection Broker waits for a response from the virtualization server. Default option is 30 Seconds. For medium to large production environments where the virtualization server is busy, you may need to set the Connection Timeout to two or three minutes. Note: A Connection Timeout error does not necessarily mean that the task requested by the Connection Broker has failed. It may be that the virtualization server is too busy to report the successful completion of the operation in a timely manner.
Update PNTools
Initialize
Connection Timeout
Power On
Use the drop-down list to specify the number of virtual machine power on commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of virtual machine power off commands that can be sent to the virtualization server from the Connection Broker at one time.
Power Off
324
Suspend
Use the drop-down list to specify the number of guest operation system suspend commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of guest operation system resume commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of guest operation system reset commands that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of delete virtual machine operations that can be sent to the virtualization server from the Connection Broker at one time. Use the drop-down list to specify the number of clone virtual machine operations that can be sent to the virtualization server from the Connection Broker at one time.
Resume
Reset
Delete
Clone
Computer Groups
Computer groups are containers of computers that can be managed together. The following managed computer groups properties are associated with Parallels Virtuozzo.
PARALLELS VIRTUOZZO MANAGED COMPUTER GROUP PROPERTY Group Name System Type Computer Administrative Account
DESCRIPTION
Name of the managed desktop group. System type for the computers in this group. Name of the user account that is used when performing administrative tasks on the desktop computers within this group.
325
DESCRIPTION
Connection requests to computers in this group my be temporarily suspended, if enabled. Used to permanently assign users to specific computers. The two types of user assignment are: Persistent A permanent desktop is assigned to the user. Temporary A free desktop is assigned on a temporary basis to the user, and then is available to be used again at user logoff. A client type can be assigned to the computers in the group based on the following: User Device Name Device Address Organizational Unit Group Note: Since users can be in more than one group or organization unit, administrators must manually assign individual computers to users if client assignment is based on Group or Organizational Unit. Assign computers using the Client Assignment window for the specified computer. See Managed Computers for more information on this window.
Used to restrict access to the computers in this group based on day and time. Automatically assigns users to local security groups. This policy is useful when provisioning desktop workspace to users that require elevated privileges.
Session Auto-Logoff
Automatically logs off user sessions. This policy is for users that start published applications and not full desktops. If enabled, vWorkspace automatically logs off when the last published application is closed. This eliminates the potential issue of applications remaining in memory, thus never really terminating.
326
DESCRIPTION
Automatically suspends computers in the group when they are inactive. Automatically expands the group to accommodate an increase in users to ensure there is always a minimum number of free computers available at all times. Schedule tasks to be completed at specified times. Specify the protocol for remote user sessions for this group, either RDP or RGS. Specify if bandwidth optimization is enabled or disabled for this computer group. Specify permissions for this computer group. Select from the options available as to the finish process for this group.
How to ...
Add Computer Groups to a Parallels Virtuozzo Type 1. Administrators can activate the Computer Group wizard from the vWorkspace, Desktops node any of the following ways: Expand the location to which the computer group is to be added, right-click on the Desktops node, and then select New Computer Group.
OR
Expand the location to which the computer group is to be added, and highlight the Desktops node. Select New Computer Group from the Actions menu on the toolbar in the navigation pane, from the New Computer Group icon in the toolbar of the navigation pane, or from the Actions menu on the Desktops information pane. 2. 3. 4. Click Next on the Welcome to the Computer Group wizard. Enter the name of the computer group in the Group Name field on the Group Name window, and then click Next. Select Parallels Virtuozzo on the System Type window.
327
5.
Do the following on the Computer Administrative Account window: a) Specify an Account on the Desktop Administrative Account window. This account is used to perform administrative tasks. It must be a member of the local administrators group on the desktops. b) Enter the Password and then enter it again to confirm the administrative user account password, and then click Next.
6.
On the Enable/Disable window, select Enabled or Disabled to specify if connection requests to computers in this group may be temporarily suspended, and then click Next. On the Client Assignment window, select Persistent or Temporary to specify how free computers are assigned at logon. If a client type is to be assigned to the computers in this group, select one of the following, and then click Next. User Device Name Device Address Organizational Unit Group
7.
Since users can be in more than one group or organization unit, administrators must manually assign individual computers to users if client assignment is based on Group or Organizational Unit. Assign computers manually by using the Client Assignment window for the specified computer. See Managed Computers for more information on this window.
8.
On the Access Timetable window, click on the green grid to restrict access to the computers in this group. The Edit Timetable window appears. a) Click on the days and times, and then click Grant Permission or Deny Permission, as appropriate. b) Click OK. c) Click Next on the Access Timetable window.
9.
Select Power Users, Administrators, or None to automatically add the users to one of those groups on the User Privileges window, and then click Next.
10. On the Session Auto-Logoff window, enter processes that if found to be running after the user closes all published applications, results in an automatic user session log off, and then click Next.
328
11. Select the option to automatically suspend computers in this group that are inactive, on the Inactivity Timeout window, and then click Next. 12. To automatically expand the group based on a number of users, do the following on the Auto-Expand window: a) Select Enable auto-expansion. b) Enter a number of minimum computers to be available at all times. c) Enter a number of maximum computers to be available to this group. d) Click Next. 13. On the Task Automation window, select New. The Automated Task Wizard appears, or click Next to move to the next window without completing any automated tasks. 14. Click Next on the Welcome to the Automated Task Wizard. 15. Complete the Automated Task Wizard: a) Enter a Name for this scheduled task, and then click Next. b) Select the Task, and then click Next. c) Select one of the parameters used to complete this task, and then click Next. d) Specify the schedule for this task to be completed, and then click Finish. 16. Select the appropriate session protocol, either RDP or RGS for this computer group on the Session Protocol window, and then click Next. 17. Specify if bandwidth optimization is to Enable or Disabled on the Bandwidth Optimization window, and then click Next. 18. Specify computer permissions for this group, as appropriate, and then click Next on the Permissions window.
329
19. On the Finish window, do one of the following: a) Select the Create new computers from a master template to add new desktops to the group and enter the number of desktops to create. Complete the process using the Add Computers tool. See Add Computers to a Computer Group for Parallels Virtuozzo. b) Select Import existing computers from Virtuozzo nodes to add computers by importing existing virtual machines and complete the process using Import Existing Computers into a Group. c) Select Do nothing. I will create or import computers later to create the desktops at a later time. 20. Click Finish. Once managed computer groups are established, their properties and policies can be viewed and modified from the vWorkspace Management Console simply by right-clicking on the managed computer group, and selecting Properties. Add Computers to a Computer Group for Parallels Virtuozzo 1. Start the Add Computers tool by doing one of the following: a) Select the Create new desktops from a master template on the Finish window of the Computer Group wizard.
OR
b) Select the computer group from the vWorkspace Management Console and do one of the following: 2. 3. Right-click on the managed computer group and select Add Computers. Select the Add Computers icon from the navigation pane toolbar. Select Add Computers from the Actions menu on the navigation pane. Select Add Computers from the Actions menu on the information pane of the datacenter.
Click Next on the Welcome to the Add Computers Wizard window. Type a number into the Enter the number of computers to create field on the Number of Computers to Create window, and then click Next. Select a template from the list on the Template window, and click Next. If there are no templates listed or to update the list, click Import.
4.
330
5.
Select a folder to which the new computers are placed on the Folder window, and click Next. If the list is empty or to update the list, click Import. Select one or more Virtuozzo network devices from the Nodes/Network Devices window. This is where the computers should be created. If the list is empty or to update the list, click Import. a) To change the distribution method, click the Distribution button on the toolbar above the list of datastores. Complete the information on the Datastore Distribution Method window as appropriate. b) Click Next.
6.
7.
Select the method for assigning a computer name to the new desktop computers in Source on the Naming Conventions window. If Specify the base name is selected, do the following: a) Type the text string in the Base Name field. b) Select a value from the Start numeric value at and increment by fields. c) Select Re-use the names of deleted desktops, if appropriate. If Specify a text file containing names is selected, do the following: a) Type the path and file name of the text file containing the list of computer names in the Names File field. b) Enter a text string that is prepended to the beginning of computer names in the Prefix field, if appropriate. c) Enter a text string that is appended to the end of computer names in the Suffix field, if appropriate.
8. 9.
Click Next. On the Sysprep Customizations window, do one of the following, and then click Next: a) To use Microsofts System Preparation tools, select Specify sysprep customizations. The computers in this group will be powered on after they are created. b) Select a sysprep from the list, or click New to create a new sysprep. See Create Sysprep Customizations for New Computers for more information.
It is important that you make sure your sysprep configuration is accurate and works on a machine that is visible to you. If the sysprep information is incorrect, you may have a machine that requires user input, but you will have no way of connecting to it. 331
c) To not use Microsofts System Preparation tools, select Do not specify sysprep customizations. The desktops in this group will not be powered on after they are created. 10. Select either Start Immediately or Schedule for (and enter a date and time) on the Options window, and then click Next. 11. Review and confirm the information on the Finish window, and do one of the following: a) Click Back to make changes. b) Click Finish to create the desktops. c) Click Cancel to exit without saving the settings or creating the desktops.
332
View:New
View:Existing
OK
How to ...
Import Existing Computers into a Group 1. 2. Open the vWorkspace Management Console. Select the computer to which the import is to be added, and start the Computer Group wizard by doing one of the following: Right-click on the computer group and select Import/Re-sync computers. Click the Import/Re-sync computers icon from the toolbar in the navigation pane.
333
Select Actions | Import/Re-sync computers from the menu on the navigation pane. Select Import/Re-sync computers from the Actions menu on the computer groups information pane. Select Import existing desktops from VMware from the Finish window of the Computer Group wizard, and then click Finish, if you are completing the Computer Group wizard.
3. 4. 5. 6. 7.
Complete the Import/Re-sync Desktops control options as appropriate. Select the appropriate options on the Select Action frame. Select the appropriate View option (New or Existing) on the VMware Inventory frame. Select the virtual machines that are to be imported on the Parallels Virtuozzo Inventory frame. Click OK to start the import.
Power Management
The power states of Parallels Virtuozzo managed computers that can be manipulated with vWorkspace are: Power On Powers the virtual machine on in the same way as using the power switch on a physical computer. Shut Down OS Gracefully shuts down the guest operating system in the same way as using the Shut Down function in Windows.
334
18
Non-Power Managed Data Centers
Overview Computer Groups Computer Groups Add Computers to a Computer Group Power Management
Overview
This chapter describes in detail the broad range of desktop management and provisioning features offered by vWorkspace for the type Other/Physical (non-power managed computers), which are managed computers that are hosted on physical hardware, such as PC blades or high-end engineering workstations.
Computer Groups
Computer groups are containers of desktops that can be managed together. The following managed computer groups properties are associated with Other/Physical type (non-power managed data centers).
OTHER TYPE MANAGED COMPUTER GROUP PROPERTY Group Name System Type Computer Administrative Account Enable/Disable
DESCRIPTION
Name of the managed desktop group. System type for the computers in this group. Name of the user account that is used when performing administrative tasks on the desktop computers within this group. Connection requests to computers in this group my be temporarily suspended, if enabled.
336
DESCRIPTION
Used to permanently assign users to specific computers. The two types of user assignment are: Persistent A permanent desktop is assigned to the user. Temporary A free desktop is assigned on a temporary basis to the user, and then is available to be used again at user logoff. A client type can be assigned to the computers in the group based on the following: User Device Name Device Address Organizational Unit Group Note: Since users can be in more than one group or organization unit, administrators must manually assign individual computers to users if client assignment is based on Group or Organizational Unit. Assign computers using the Client Assignment window for the specified computer. See Computer Groups for more information on this window.
Used to restrict access to the computers in this group based on day and time. Automatically assigns users to local security groups. This policy is useful when provisioning desktop workspaces to users that require elevated privileges.
Session Auto-Logoff
Automatically logs off user sessions. This policy is for users that start published applications and not full desktops. If enabled, vWorkspace automatically logs off when the last published application is closed. This eliminates the potential issue of applications remaining in memory, thus never really terminating.
Task Automation
337
OTHER TYPE MANAGED COMPUTER GROUP PROPERTY Session Protocol Bandwidth Optimization Permissions Finish
DESCRIPTION
Specify the protocol for remote user sessions for this group, either RDP or RGS. Specify if bandwidth optimization is enabled or disabled for this computer group. Specify permissions for this computer group. Select from the options available as to the finish process for this group.
How to ...
Add Computer Groups to Other/Physical Type 1. Administrators can activate the Computer Group wizard from the vWorkspace, Desktops node any of the following ways: Expand the location to which the computer group is to be added, right-click on the Desktops node, and then select New Computer Group.
OR
Expand the location to which the computer group is to be added, and highlight the Desktops node. Select New Computer Group from the Actions menu on the toolbar in the navigation pane, from the New Computer Group icon in the toolbar of the navigation pane, or from the Actions menu on the Desktops information pane. 2. 3. 4. 5. Click Next on the Welcome to the Computer Group wizard. Enter the name of the computer group in the Group Name field on the Group Name window, and then click Next. Select Other/Physical on the System Type window. Do the following on the Computer Administrative Account window: a) Specify an Account on the Desktop Administrative Account window. This account is used to perform administrative tasks. It must be a member of the local administrators group on the desktops. b) Enter the Password and then enter it again to confirm the administrative user account password, and then click Next.
338
6.
On the Enable/Disable window, select Enabled or Disabled to specify if connection requests to computers in this group may be temporarily suspended, and then click Next. On the Client Assignment window, select Persistent or Temporary to specify how free computers are assigned at logon. If a client type is to be assigned to the computers in this group, select one of the following, and then click Next. User Device Name Device Address Organizational Unit Group
7.
Since users can be in more than one group or organization unit, administrators must manually assign individual computers to users if client assignment is based on Group or Organizational Unit. Assign computers manually by using the Client Assignment window for the specified computer. See Managed Computers for more information on this window.
8.
On the Access Timetable window, click on the green grid to restrict access to the computers in this group. The Edit Timetable window appears. a) Click on the days and times, and then click Grant Permission or Deny Permission, as appropriate. b) Click OK. c) Click Next on the Access Timetable window.
9.
Select Power Users, Administrators, or None to automatically add the users to one of the groups on the User Privileges window, and then click Next.
10. On the Session Auto-Logoff window, enter processes that if found to be running after the user closes all published applications, results in an automatic user session log off, and then click Next. 11. On the Task Automation window, select New. The Automated Task Wizard appears. 12. Click Next on the Welcome to the Automated Task Wizard. 13. Complete the Automated Task Wizard: a) Enter a Name for this scheduled task, and then click Next. b) Select the Task, and then click Next.
339
c) Select one of the parameters used to complete this task, and then click Next. d) Specify the schedule for this task to be completed, and then click Finish. 14. Select the appropriate session protocol, either RDP or RGS for this computer group on the Session Protocol window, and then click Next. 15. Specify if bandwidth optimization is to Enable or Disabled on the Bandwidth Optimization window, and then click Next. 16. Specify computer permissions for this group, as appropriate, and then click Next on the Permissions window. 17. On the Finish window, select one of the following: a) Add computers to this group now. b) Do nothing now. I will add computers later. 18. To complete the process, do one of the following: a) Click Back to make changes. b) Click Finish to create the desktops.
Because vWorkspace computer groups with the type of Other/Physical (non-power managed) do not use or communicate with virtual management servers, one of the following methods must be provided to identify the computers that are to be added to a computer group during the Add Computers process.
340
Browse
DESCRIPTION Locates computers to be added by browsing the Microsoft Windows Network. Multiple items can be selected by using Ctrl+Shift+Click or Shift+Up/Down. Locates computers to be added by sending a filtered query, using Active Directory Services Interface (ADSI) to Active Directory. User must specify the following: Domain The name of the Windows domain that the query is to be sent. Display The object type to display, Organizational Units, Computers, or both. Filter The specified name or partial name using a wildcard (*).
341
Enter Name
DESCRIPTION Locates computers to be added by specifying the Windows computer name or IP address. Type the Windows Computer name or IP address of the computer to be added, and click Add. The Connection Broker attempts to resolve the name to an IP address. This is the name that is displayed on the vWorkspace Management Console.
342
DESCRIPTION Locates computers to be added by specifying a range of IP addresses. The user enters a starting IP address in the From field and ending one in the To field. The name that is displayed on the vWorkspace Management Console is: Computer_www.xxx.yyy.zzz (which is the address range entered.)
Power Management
The power states of non-power managed computers that can be manipulated with vWorkspace are: Stand By Machines are partially powered down to save energy, and only critical components received power.
343
Wake Up Only for machines that are configured to listen for Wake on LAN (WOL) packets, the Connection Broker sends the machine a WOL packet. Shut Down OS Gracefully shuts down the guest operating system in the same way as using the Shut Down function in Windows. Restart OS Same as the Restart option in Windows. Log Off User Logs the user off in a graceful manner. The user is prompted to save any unsaved data. Reset Session Closes all programs that are running and deletes the session from the server that is running Terminal Services. This can be used if a session is not functioning correctly, or if the session has stopped responding.
344
19
vWorkspace Client
vWorkspace Client Overview vWorkspace Client Interfaces vWorkspace Client Packages vWorkspace Client Configuration Multiple Monitor Support Manage AppPortal Connections
346
vWorkspace Client
The AppPortal must be installed and configured before users are able to connect to their vWorkspace infrastructure.
Quest vWorkspace also offers a full-functioning version of the vWorkspace Client for Windows CE 5.0 for use on Windows CE based thin client terminals. To enable thin client users to connect to a vWorkspace enabled infrastructure, Windows-based terminal manufacturers must embed the vWorkspace Client on to their devices. The vWorkspace packages available are: VASCLIENT32 Includes AppPortal and the Web Access. VASCLIENT32T Includes the Web Access, but not the AppPortal.
348
vWorkspace Client
PNTray.exe is an executable that runs from the taskbar when an application or desktop is connected, and is included on all packages of the vWorkspace client. The PNTray provides a context menu for access to various applets used in managing connections, sessions, and printing options. See About the PNTray on page 369 for more information.
349
How to ...
Create a New Farm Connection 1. Start AppPortal from the desktop.
OR
Start | Programs | Quest Software| vWorkspace | vWorkspace Client 2. 3. 4. Select Actions | Manage Connections. The Select Farm window appears. Click Create a new farm, and then click Next. Do one of the following: a) To manually create a farm, select the manual option, and then click Next. The system displays the Connectivity window. See Manage AppPortal Connections for information on completing this process.
OR
b) To download the configuration file, select Download the configuration file from a central server, and then click Next. The New Configuration window appears. c) Complete the following fields on the New Configuration window.
350
Select the Protocol of HTTP, HTTPS, or File. Enter the URL. Verify the File field is config.xml. Select one of the Proxy Server options. Click OK.
vWorkspace Client
5.
Complete any further information on the property windows, and then click Finish. Some information is grayed out and unavailable to be changed.
351
352
vWorkspace Client
Connectivity Settings
DESCRIPTION Three separate connection locations are available from the drop-down list. Use Rename to specify the location name, such as Office or Home.
These settings are used to communicate with the Connection Broker, and are configured separately for each Location. Protocol TCP Port Use either HTTP or HTTPS. Use to specify the port in which the Connection Broker listens on for inbound connection requests.
353
DESCRIPTION Use Add to enter the host name, FQDN or IP address for a Connection Broker. Use the arrow buttons to change the order in which the connections are attempted.
CONNECTION OPTIONS These settings are used to specify secure network communications. Enable NAT Support for Firewall Traversal Use this when vWorkspace enabled Terminal Servers are located behind a firewall that is using Network Address Translation and Alternative Addressing. Use SSL/TLS encryption of RDP session traffic is used. Use this to enter the FQDN or IP address of the Quest vWorkspace SSL Gateway server. This option is only available when Enable RDP over SSL/TLS is selected. PROXY SERVER These settings are used when the vWorkspace client device is located behind a NAT enabled firewall and Socks Proxy Servers are used to gain access to the outside network. Use the default from the system internet settings Enter an address manually Use if the proxy settings are the same as those used by Internet Explorer. Use to indicate the address as entered. The address must be entered in the following format:
port = TCP port number the Socks Proxy Server is listening on.
354
vWorkspace Client
DESCRIPTION
CONNECTION OPTIONS FOR LOCATION These settings are used to specify secure network communications. Enable NAT Support for Firewall Traversal Use this when vWorkspace enabled Terminal Servers are located behind a firewall that is using Network Address Translation and Alternative Addressing. Use SSL/TLS encryption of RDP session traffic is used. Use this to enter the FQDN or IP address of the Quest vWorkspace SSL Gateway server. This option is only available when Enable RDP over SSL/TLS is selected.
355
DESCRIPTION
These settings are used when the vWorkspace client device is located behind a NAT enabled firewall and Socks Proxy Servers are used to gain access to the outside network. Use the default from the system internet settings Do not use a proxy server Enter an address manually Use if the proxy settings are the same as those used by Internet Explorer. Use if you do not want to set a proxy server. Use to indicate the address as entered. The address must be entered in the following format:
proxy_serve_rname:port proxy_serve_rname = host name, FQDN, or IP address of the Socks Proxy Server. port = TCP port number the Socks Proxy Server is listening on.
Do not use proxy server for addresses beginning with: Use to list proxy server exclusions. Use semicolons (;) to separate the entries.
356
vWorkspace Client
Credentials Settings
DESCRIPTION Uses credentials from the Windows credentials cache on the client device. To use this option, Enable Credentials Pass-Through (Settings | Authentication) must be enabled.
Uses the Kerberos authentication protocols. To use this option, the client device must be a member of Microsoft Windows Active Directory domain and the user must log onto the device using their domain user account and password.
357
DESCRIPTION Uses the NT LAN Manager authentication protocols. The Username, Password, and Domain information is entered, and the user is not prompted for this information during a connection attempt. The Save credentials (encrypted) option allows the AppPortal to read the cached credentials from disk, and does not prompt users for them. This option is only available if the Use the following credentials option is selected.
Display Settings
DESCRIPTION Sets the remote session window size during a non-seamless window connection.
358
vWorkspace Client
DISPLAY SETTINGS FIELD Colors Display the connection bar when in full screen mode
DESCRIPTION Sets the remote session color depth during a non-seamless window connection. Displays a connection bar when the session is in full screen mode. Pin Connection Bar option disables the connection bars auto-hide feature.
Span multiple monitors when in full screen mode Enable Smart Sizing
Sets the add-on feature to enable multiple monitor display. Smart Sizing is functional when connecting to a Managed Computer. The session screen size and color depth are automatically adjusted to settings in the guest operating system. Enables the remote applications window size and color depth to be dynamically adjusted to match those of the client device, allowing the remote application to have the same look and feel as if it were installed on the client device. This setting also enables session sharing, which allows multiple remote applications to run through a single session, given those applications are installed on the same Terminal Server or Managed Computer.
359
DESCRIPTION Bring to Local Computer runs sound files in your Remote Desktop session and plays them on your local computer. Leave at Remote Computer runs sound files in your remote desktop session and plays them only on the remote computer. Dont play disables all sound in remote desktop sessions.
360
vWorkspace Client
DESCRIPTION These options apply to Windows shortcut key combinations, such as Alt+Tab. On the local computer configures your connection so that Windows shortcut keys always apply to your local desktop. On the remote computer configures your connection so that Windows shortcut keys always apply to the desktop of the remote computer. In full screen mode only configures your connection so that Windows shortcut keys apply to the remote computer only when the connection is in full screen.
LOCAL DEVICES These settings determine which client side devices are available to the remote applications or desktops. Disk drives Serial ports Printers Local disk drives. Local serial ports. Local printers. Standard Window print drives are used for printing, so the appropriate drivers need to be installed on both the client devices and the remote computer. Smart card connections for authentication. Devices that are attached to a USB port on a client device can synchronize with applications running in a remote session. Remote printing using a single print driver. Enables redirection of copy and paste functionality. Enables support for applications that require the use of a microphone. This option is part of the Experience Optimization Package. See Bidirectional Audio for more information.
361
USER EXPERIENCE SETTINGS FIELD Choose your connection speed to optimize performance
DESCRIPTION The options are: Modem 28 Kbps Modem 56 Kbps Broadband (128 Kbps - 1.5 Mbps) LAN (10 Mbps or higher) Custom
362
vWorkspace Client
DESCRIPTION These options are used to create a custom setting: Bitmap caching Desktop background Menu and window animation Show contents of window while dragging Themes Note: Bitmap caching can assist in reducing bandwidth requirements. The other features require additional bandwidth.
Optimizations
These options are used to automatically enable optimizations when logged on to the remote computer: Graphics Acceleration Local Text Echo Multimedia Redirection
363
DESCRIPTION The FQDN or IP address of the Quest vWorkspace Password Management Server. The TCP port to which the Quest vWorkspace Password Management Server has been configured. This is usually 443.
364
vWorkspace Client
DESCRIPTION This option controls where the placement of shortcut icons occurs when the AppPortal is started in Desktop Integration mode: Desktop Start Menu Start Menu \ Programs Note: The placement of shortcuts when either Start Menu or Start Menu \ Programs are selected depends on whether Windows is using the Standard or Classic start menu.
365
Auto-Launch Settings
DESCRIPTION This option is used to specify applications that are to be launched automatically when AppPortal is started. This option is for AppPortal in desktop integrated mode, or if a farm is connected to automatically at startup. Note: Only the first application found is automatically launched.
366
vWorkspace Client
How to ...
Start the AppPortal in Desktop Integrated Mode 1. Use one of the following options: Start | All Programs |Quest Software| vWorkspace | AppPortal (Desktop-Integrated)
OR
Start | Run and then type C:\Program Files\ Quest Software\vWorkspace\pnap32.exe/di The AppPortal is an icon on the Windows toolbar status area.
367
ACTIONS MENU OPTION Manage Connections Change Current Location Logon as a Different User Change Password Refresh Application Set Close
DESCRIPTION Select to start the Farm Connections window to create new or modify existing infrastructure connections. Select when a connection to the currently selected farm needs to be made using different location settings. Select when the user wants to log into the selected farm using a different set of credentials. Select to submit a password change request to the Quest vWorkspace Password Management Server. Select to have the AppPortal update the displayed list of applications in the users application set. Select to exit AppPortal. This option does not close any sessions the user might have to a Terminal Server or a managed computer.
368
vWorkspace Client
Center Align Captions Large Icons Always on Top Hide When Minimized
The following options are available from the vWorkspace section of the PNTray, when the AppPortal is in normal mode: Manage Connections Open Session Status Use this option to view the sessions that are active on Terminal Servers, and the applications that are running in each session. Terminal Server sessions, when selected, can then be changed using the buttons of Disconnect, Logoff, and Full Screen. Applications can be terminated by using Terminate, without logging off from the session. Change Current Location Logon as Different User Change Password Authentication Enable Credentials Pass-Through Refresh Application Set Restore AppPortal Client Close AppPortal Client
The following options are available from the Print-IT section of the PNTray, when the AppPortal is in normal mode: PDF Publisher Options Save PDF File E-mail PDF File
370
vWorkspace Client
Preview before printing Apply Additional Printer Properties Native printer options, such as finishing and stapling are presented when this option is selected.
Client Properties
The following options are available the AppPortal is in Desktop Integrated Mode. This option replaces the Action and Settings AppPortal menu options. See Manage AppPortal Connections for more information on the AppPortal menu options.
DESCRIPTION The display name of the farm. The connection status. The name of the location settings used to make the connection. The user name that is logged in. If Yes, application set icon shortcuts have been configured. If No, application set icon shortcuts have not been configured.
371
FARM CONNECTIONS OPTION Connect/Refresh Shortcuts Disconnect/Remove Shortcuts Logon as a Different User Change Current Location Change Password
DESCRIPTION Connects or to refreshes a selected farm. Disconnects and removes application set icon shortcuts from the clients Desktop, Start Menu, or Start Menu \ Programs. Allows the user to log on to a selected farm using a different set of credentials. Allows the user to connect to the selected farm using different location settings. Allows the user submit a password change request using the Quest vWorkspace Password Management Server. Presents users with a display listing the name and location of their application set icon shortcuts.
372
20
vWorkspace User Sessions
Overview of User Access Manage Terminal Server Sessions User Access Options in the Resources Node
374
View Users Connected to Terminal Servers 1. 2. 3. 4. Open the vWorkspace Management Console. Expand the Locations node, and then the expand location to which the Terminal Server is located. Highlight the Terminal Servers node. To connect to a specific Terminal Server: a) Double-click on the Terminal Server object. b) Click on the Users tab in the Terminal Servers information pane. 5. To connect to all Terminal Servers: a) Double-click on each Terminal Server object. b) Click on the Terminal Servers node. c) Click on the Users tab in the Terminal Servers information pane. 6. The following information can be viewed:
Server Domain Session User Session ID State The NetBIOS name of the Terminal Server to which the user is connected. The NetBIOS name of the Windows domain to which the users account belongs. The name of the users session as assigned by the Terminal Server. The user account name used to log on to the session. The numerical session ID assigned to the users session by the Terminal Server. The state of the Terminal Server session. The options are: Active Disconnected Idle Down
375
7.
View Terminal Server Sessions 1. 2. 3. 4. Open the vWorkspace Management Console. Expand the Locations node, and then the expand location to which the Terminal Server is located. Highlight the Terminal Servers node. To view a session on a specific Terminal Server: a) Double-click on the Terminal Server object. b) Click on the Sessions tab in the Terminal Servers information pane. 5. To view sessions for all Terminal Servers: a) Double-click on each Terminal Server object. b) Click on the Terminal Servers node. c) Click on the Sessions tab in the Terminal Servers information pane.
376
6.
377
7.
Reset
View Client Information for an Active Session 1. 2. 3. 4. 5. 6. 7. Open the vWorkspace Management Console. Expand the Locations node, and then the expand location to which the Terminal Server is located. Highlight the Terminal Servers node. Double-click on the Terminal Server object. Expand the Terminal Server container object. Click on the active session. Click on the Information tab in the information pane.
378
8.
View Terminal Server Processes 1. 2. 3. 4. Open the vWorkspace Management Console. Expand the Locations node, and then the expand location to which the Terminal Server is located. Highlight the Terminal Servers node. To view a session on a specific Terminal Server: a) Double-click on the Terminal Server object. b) Click on the Processes tab in the Terminal Servers information pane. 5. To view sessions for all Terminal Servers: a) Double-click on each Terminal Server object. b) Click on the Terminal Servers node. c) Click on the Processes tab in the Terminal Servers information pane.
379
6.
7.
View Terminal Server Applications 1. 2. 3. Open the vWorkspace Management Console. Expand the Locations node, and then the expand location to which the Terminal Server is located. Highlight the Terminal Servers node.
380
4.
To view a session on a specific Terminal Server: a) Double-click on the Terminal Server object. b) Click on the Applications tab in the Terminal Servers information pane.
5.
To view sessions for all Terminal Servers: a) Double-click on each Terminal Server object. b) Click on the Terminal Servers node. c) Click on the Applications tab in the Terminal Servers information pane.
How to ...
Create New Additional Customization Settings 1. 2. 3. 4. Open the vWorkspace Management Console. Expand Resources, and then select Additional Customizations. Click on the Toggle Client Assignment List Display button to change the display view, as appropriate. Activate New (green plus sign) from the toolbar of the information pane, or right-click on the Additional Customizations node to activate it. Enter a name for the customization in the Name box on the General tab of the New Additional Customizations Properties window.
5.
381
6.
7.
To specify the drive letters that should not be visible to users, select Hide Specified Drive Letter on the Drive Restrictions tab, and then click Drive Letters.
382
8.
Select the Network Resources tab and choose Delete pre-existing Network Drive Mappings and Delete pre-existing Network Printer Mappings, as appropriate.
9.
Click OK.
10. Click the Client Assignment tab to assign the application restriciton. 11. Click the plus (+) sign to assign, and the Client Assignment window appears. 12. Select from the list, and then click OK. Use the green plus (+) sign to add clients that are not included in the Client Assignment window. Use CTRL to select more than one client to assign. 13. Click OK to close the window and save your assignments.
Application Restrictions
vWorkspace Application Restrictions is an access control system that allows administrators to increase the overall security, reliability, and integrity of their Terminal Server environments. Some of the advantages include: Guards against application spoofing. Fights against virus infections. Prevents users from executing unauthorized programs.
383
Grants access to applications by time and day. Locks down the Terminal Server.
Installation
The Application Access Control (ACC) module is installed using the vWorkspace installation program, and is a subfeature of Application and Host Restrictions (Block-IT). Application and Host Restrictions (Block-IT) can be installed on a Microsoft Windows Server where Terminal Services, Application Server Mode, has been enabled. Application and Host Restrictions (Block-IT) is not currently supported for vWorkspace Managed Computers.
Hash Checking
For each individual executable or module in the Application List, a unique binary hash is computed and stored in the vWorkspace database. A binary hash is like a fingerprint; it is used to verify the authenticity of a program executable at start time. Enabling hash checking prevents users from renaming the files associated with a restricted program. Hash checking can be disabled for a particular Application List. Disabling hash checking is often practical for a systemwide application update. For example, if an update to an application is being installed to one Terminal Server at a time, hash checking can be temporarily disabled until the update has been installed to all the servers and the application version has been made consistent across the entire farm. Once new hashes are computed for the updated program executables, the can hash checking be reenabled.
384
Path Checking
Path checking restricts users from copying files to a new location. Path checking can be disabled for various purposes. For example, if the same application is installed to different target folders on different Terminal Servers, full path checking may fail depending on which Terminal Server the user logs on to. However, this particular scenario can be mitigated by maintaining multiple file groups for the same application, where each file group is associated with a particular target folder.
Termination
You can choose to automatically terminate applications if they are still running outside of the access hours, even if they were started during an allowed time slot.
385
APPLICATION RESTRICTION Application restrictions update interval (minutes) Deny access to unmanaged apps, as well as apps belonging to conflicting file groups
DESCRIPTION This property determines the intervals at which the vWorkspace client checks for possible changes to application restrictions. If selected, this property allows access only to those applications and desktops that are published and on Terminal Servers, OR Have been defined on the Application List with a permission of Allow. If an application is listed twice with different permissions (allow and deny), users are denied access to the application.
This property allows administrators to edit the message that appears when a user is denied access to a program. This property allows administrators to configure the default assignment when creating new Application List entries. The options are Allow or Deny.
Default assignments
Hash settings
This property determines the default setting for hash checking when creating new Application List entries. The options are Unconfigured, Use Hash, or Ignore Hash.
Path settings
This property determines the default setting for path checking when creating new Application List entries. The options are Unconfigured, Use Full Path, or Ignore Full Path.
APPLICATION ACCESS CONTROL SERVER GROUPS PROPERTIES Add Group Remove Group Group
DESCRIPTION
This button adds a new group name to the list of groups. This button removes a group of servers. The name of the defined server groups are listed. To edit, select the group name, and then click the ellipses.
Servers in Group
The names of the Terminal Servers that are members of the group are displayed. To edit, select the group of servers, and then click the ellipses.
387
DESCRIPTION This field is used to group multiple applications into a single category. For example, if an accounts payable, accounts receivable, and payroll applications are written as separate programs, they can be grouped into a category of Accounting.
This field is the user friendly name for the application. This field is used to provide descriptive details about the application restriction being created. This field is optional.
Server Group
This field is for the Application Access Control Server Group to which the Application Restriction is assigned.
388
APPLICATION RESTRICTIONS PROPERTIES Automatically terminate application(s) if still running outside access hours Ignore Hashes
DESCRIPTION This checkbox, if selected, terminates applications that are running outside of the access hours. SeeTermination for more information. This checkbox, if selected, does not use hash checking. See Hash Checking for more information.
This checkbox, if selected, does not use full path checking. See Path Checking for more information.
Application List This section identifies which files are to be associated with the Application Restriction. Show Full Paths Add Files Add Folder Remove This checkbox, if selected, displays complete paths to the listed files. This button adds files to the list. This button adds all files contained in the folder. This button removes files that are selected from the listed files.
How to ...
Assign Clients to the Client List Unassign Clients from the Client List View Client Properties Schedule Access Hours
389
Assign Clients to the Client List 1. 2. Click the + from the toolbar of the Application Restrictions information window pane. Select from the list of available clients on the Select Clients window. Use Ctrl or Shift to make multiple selections.
Unassign Clients from the Client List 1. 2. Click the - from the toolbar of the Application Restrictions information window pane. Select from the list of available clients on the Select Clients window. Use Ctrl or Shift to make multiple selections.
View Client Properties 1. Click on Client Properties to view details about the selected client.
Schedule Access Hours 1. Click on the Schedule icon to edit Application List access.
A separate schedule can be defined for each client in the list. Schedule options include:
Allow All Deny All Edit Schedule Select this option to allow unlimited access to the Application List Select this option to deny unlimited access to the Application List. Select this option to specify the exact hours of the days and the days of the week to allow access to the Application List.
390
Color Schemes
A Windows color scheme can be assigned to vWorkspace clients by administrators. The color scheme is used when connecting to applications or desktops hosted from vWorkspace enabled Terminal Servers.
How to ...
Assign a Color Scheme 1. 2. 3. 4. Open the vWorkspace Management Console. Expand Resources, and then select Color Schemes. Click on the Toggle Client Assignment List Display button to change the display view, as appropriate. To select a color scheme, and do one of the following: a) Right-click on the color, and then select Assign to. b) Click the Assign to icon (the icon with the blue circle and a white plus sign) from the toolbar. Color schemes are listed in alphabetical order. 5. 6. Add or remove clients in the Select Clients window. Click OK.
Drive Mappings
Administrators can assign network drive mappings to vWorkspace clients for use when they are connecting to applications and desktops hosted from vWorkspace enabled Terminal Servers. Assigning drive mappings through the vWorkspace Management Console has the following advantages: Domain administrative rights are not required. Knowledge of scripting languages or command line syntax is not required. Drive mappings are only applied when connecting to vWorkspace enabled Terminal Servers and do not take effect when connecting to other computers. More flexibility in how mappings are assigned.
391
How to ...
Create a New Drive Mapping 1. 2. 3. Open the vWorkspace Management Console. Expand Resources. Do one of the following: a) Select Drive Mappings, and then activate the New Drive Mappings command by clicking + on the toolbar in the information pane. b) Right-click Drive Mappings, and select New Drive Mappings.
4.
Drive Letter
392
Use if specific credentials are required and are different from those of the user. Note: This option is not available if the Mapping Type is set to SUBST.
Environment Variables
Administrators can assign environment variables to vWorkspace clients when connecting to applications or desktops hosted from vWorkspace enabled Terminal Servers. These environment variables are created automatically when the users session is logged on, and are cleared when the user logs off.
How to ...
Create a New Environment Variable 1. 2. 3. Open the vWorkspace Management Console. Expand the Resources node. Do one of the following: a) Select Environment Variables, and then select the New Environment Variables command by clicking + on the toolbar in the information pane. b) Right-click on Environment Variables, and then select New Environment Variables. 4. The properties associated with environment variables are listed below:
Name Value Client Assignments tab The name for the environment variable. The desired value for the environment variable. Use to assign or unassign environment variables to vWorkspace clients.
393
Host Restrictions
The Host Restrictions tool allows administrators to assign access control rules to restrict user access to IP based network hosts. Host Restrictions work at the network layer, intercepting requests from applications to connect to particular IP addresses on particular TCP ports. The Host Restrictions allows or denies connections by parsing the access control rules table maintained in system memory. Host Restrictions rules apply only to those specified by the administrator; they do not apply to all program executables running on the Terminal Server.
How to ...
Create Host Restrictions 1. 2. 3. Open the vWorkspace Management Console. Expand the Resources node, and then select Host Restrictions. Select + on the toolbar in the information pane, or the context menu of the Host Restrictions node.
394
4. 5. 6. 7.
Use the drop-down list to select a Category on the General tab on the New Host Restriction Properties window. If the restriction is by host name or FQDN, select Name as the Host Type, and enter the host name or FQDN in the Host Name box. If the restriction is by IP address, select IP Address as the Host Type, and enter the target IP address in the Host IP Addr: box. Enter the port or ports to be used in the Ports box. Separate multiple port numbers with commas, a hyphen for a range of ports, and an asterisk (*) for all ports.
8.
If the Host Type is Name and the IP address or addresses associated with the name are known, click Add and enter the IP address on the Enter IP Address window. Repeat as needed. If the Host Type is Name and the IP address or addresses associated with the name are unknown, click Resolve to IP Address(es), and then select Auto-Resolve to repeat name resolution.
9.
10. Click Apply. 11. Select the Client Assignments tab to assign the restriction. 12. Click OK. Modify Host Access Applications 1. 2. 3. 4. Open the vWorkspace Management Console. Expand the Resources node, and then select Host Restrictions. Click the Toggle Client Assignment List Display icon on the toolbar of the information pane to change the view, as appropriate. Click the Edit Host Restrictions Applications icon on the toolbar of the information pane.
5.
Enter a file name for the executable of the application in the Executable Name box on the Host Access Control Applications window, and then click Add. Repeat the above step as appropriate to add all executables. Click OK.
6. 7.
395
Registry Tasks
The Registry Tasks tool allows administrators to add, delete, or modify registry keys in the HKEY_CURRENT_USER registry hive without manually loading and editing each users ntuser.dat registry hive, or writing complex registry editing scripts.
The vWorkspace Management Console should be started from a Terminal Server when working with Registry Tasks. A non-Terminal Server computer may not have the registry keys and hives that need to be manipulated.
How to ...
Modify a Registry Tasks Key 1. 2. 3. Open the vWorkspace Management Console. Expand the Resources node, and then select Registry Tasks. Click the Toggle Client Assignment List Display icon on the information pane to change the view, as appropriate.
396
4.
Select + on the toolbar of the information pane, or the context menu of the Registry Tasks node.
5. 6. 7. 8. 9.
Type a description in the Description field on the General tab of the New Registry Task window. Select the appropriate task, Add Key or Delete Key, in the Action section. Navigate to the appropriate key or subkey in the Browse for Registry Key or Value section. If you are adding a key, enter the name in the Key field. Click Apply.
10. Select the Client Assignments tab, and use Assign or Unassign to select the appropriate vWorkspace clients. 11. Click OK. Modify a Registry Tasks Value 1. 2. Open the vWorkspace Management Console. Expand the Resources node, and then select Registry Tasks.
397
3. 4. 5. 6. 7.
Click the Toggle Client Assignment List Display icon on the information pane to change the view, as appropriate. Select + on the toolbar of the information pane, or the context menu of the Registry Tasks node. Type a description in the Description field on the General tab of the New Registry Task window. Select the appropriate task, Add Value or Delete Value, in the Action section. Navigate to the appropriate key or subkey in the Browse for Registry Key or Value section. a) If you are deleting a value, select it from the list, and then click OK. b) If you are adding a value, enter the name in the Value Name box. c) If you are modifying an existing value, select the value from the list of values in the right-hand pane, and then change the Value Name, Value Type, or Value boxes as appropriate.
8. 9.
Select the type of registry value from the Value Type box, and then click Apply. Select the Client Assignments tab, and use Assign or Unassign to select the appropriate vWorkspace clients.
Scripts
Scripts are files that are used to automate repetitive tasks. They can be simple text files or more complex written in a specific programming language. vWorkspace administrators can easily assign scripts to vWorkspace clients using the Scripts option in the vWorkspace Management Console. Some advantages include: Administrators do not need to have domain administrative rights. Editing the registry on each Terminal Server is not necessary. Modifying the usrlogon.cmd command script on each Terminal Server is not necessary. Use any Windows executable to write the script, such as bat, cmd, or exe. Increased flexibility and control over how the scripts are assigned.
398
The following considerations should be used when working with scripts on vWorkspace enabled Terminal Servers: It is best to use a singe method to start the script. Troubleshooting can be difficult if scripts are started using different methods. The scripts used in the vWorkspace Management Console and scripts started using other methods should not interfere with each other. The simplest form of a script should be used for the task. Do not write a complex script to carry out a task that can be accomplished using a command line script.
How to ...
Assign a Script 1. 2. 3. 4. Open the vWorkspace Management Console. Expand the Resources node, and then select Scripts. Click the Toggle Client Assignment List Display icon on the information pane to change the view, as appropriate. Do one of the following: a) Click the + on the toolbar of the information pane. b) Right-click on the Scripts node, and then select New Script. 5. 6. 7. Type the complete path and file name in the Script box on the New Script Properties window, or use the ellipses to browse to the script. Select the Client Assignments tab and add or remove clients as appropriate. Click OK.
Time Zones
A date and time stamp that is placed on opened files, messages, and scheduled meetings is based upon an application location, which can be a Terminal Server in a time zone that is different from the user. The Time Zones tool allows administrators to assign appropriate time zones to users.
How to ...
Assign a Time Zone 1. 2. Open the vWorkspace Management Console. Expand the Resources node, and then select Time Zones.
399
3. 4. 5.
Click the Toggle Client Assignment List Display icon on the information pane to change the view, as appropriate. Select the appropriate time zone from the alphabetical list. Do one of the following: Right-click on the time zone and select Assign to.
OR
Click the Assign to icon (the icon with the blue circle and a white plus sign) from the toolbar in the information pane. 6. 7. Add or remove users in the Select Clients window. Click OK.
User Policies
The User Policies tool provides a way for vWorkspace administrators to better control user desktop environments connected to Terminal Servers. The following settings can be controlled with User Policies: Windows Components Windows Explorer, and Help and Support Center Start Menu and Taskbar Control Panel and Display System Ctrl+Alt+Del options and Logon
The Properties option of User Policies allow administrators to select which policy template is used to create new user policies. Two user policies are provided with vWorkspace, Default Admin and Default User, which contain settings that are commonly implemented for administrators and users. These policies can be modified and duplicated as appropriate. vWorkspace administrators can also add new policy templates.
How to ...
View User Policies Properties Create User Policies Modify User Policies
Open the vWorkspace Management Console. Expand the Resources node. Right-click User Policies, and then select Properties.
4. 5.
Select the policies that are to be used as the default templates for new user policies. Click Policy Templates to import or remove policy templates.
Create User Policies 1. 2. 3. 4. Open the vWorkspace Management Console. Expand the Resources node, and then click User Policies. Click on the Toggle Client Assignment List Display button in the information pane to change the display view, as appropriate. Select + on the toolbar of the information pane, or right-click on User Policies, and then select New User Policy.
5. 6.
Enter a Name for the new user policy on the General tab of the Properties window. Select the appropriate policy settings on the Policy Settings tab. The boxes associated with each setting are three-way toggles; checked enables the setting, unchecked disables the setting, gray indicates the setting is not influenced by this policy.
7.
Select the Templates tab and click Policy Templates, and then select Import, Remove, or Rename policy templates.
401
8. 9.
Select the Client Assignments tab to Assign or Unassign the user policies. Click OK.
Modify User Policies 1. 2. 3. 4. 5. Open the vWorkspace Management Console. Expand the Resources node, and then click User Policies. Click on the Toggle Client Assignment List Display button on the information pane to change the display view, as appropriate. Double-click the policy that is to be modified. Change the entries, as appropriate, on the Policy Settings tab in the General tab. The boxes associated with each setting are three-way toggles: checked enables the setting, unchecked disables the setting, gray indicates the setting is not influenced by this policy. 6. 7. 8. Select the Templates tab and click Policy Templates, and then select Import, Remove, or Rename policy templates. Select the Client Assignments tab to Assign or Unassign the user policies. Click OK.
User Profiles
User Profiles (MetaProfiles-IT) is an alternative to roaming profiles. User Profiles eliminate potential profile corruption and accelerates logon and logoff times by combining the use of a mandatory profile with a custom persistence layer designed to preserve user profile settings between sessions. See User Profiles for more information.
Client Settings
Client settings are used to define automatic device connection and optimizations when users log on to a remote computer. Client settings can be configured and assignments and permissions defined. Client settings are set to Undefined by default. The following properties and settings are defined on the Client Settings Properties window.
402
OPTIONS This name is used for organizational purposes and is displayed on the vWorkspace Management Console. Undefined Bring to Local Computer Do Not Play Defer Setting to End USer
403
USB Devices
Serial Ports
Smart Cards
Universal Printers
Clipboard
Microphone
Multimedia Redirection
How to ...
Define Client Settings Properties 1. 2. Open the vWorkspace Management Console. Expand the Resources node, and do one of the following to open the Client Settings Properties window: 3. 4. 5. Highlight Client Settings and click New (green + sign) on the information pane. Highlight Client Settings and click New Client Settings from the toolbar of the navigation pane. Right-click on Client Settings and select New Client Settings.
Enter a name for these settings. The name is for administrative purposes, and is displayed on the vWorkspace Management Console. Select the settings, as appropriate, and then click Apply. Click OK to close the window.
Wallpapers
A Windows wallpaper can be assigned to vWorkspace clients by administrators. The wallpaper is used when connecting to applications or desktops hosted from vWorkspace enabled Terminal Servers.
How to ...
Assign Wallpapers 1. 2. Open the vWorkspace Management Console. Expand Resources, and then select Wallpapers.
405
3. 4.
Click on the Toggle Client Assignment List Display button on the information pane to change the display view, as appropriate. To select a wallpaper, do one of the following: a) Right-click on the style, and then select Assign to. b) Click the Assign to icon (the icon with the blue circle and a white plus sign) from the toolbar.
5. 6.
Change Wallpaper Properties Wallpaper properties are available via their context menu. 1. 2. 3. 4. Open the vWorkspace Management Console. Expand Resources, and then select Wallpapers. Right-click on the selected wallpaper, and select Properties. Change the property as appropriate.
Wallpaper Full Path The full path and file name of the wallpaper. Note: Each Terminal Server must have a copy of the bit-mapped image file for the defined wallpapers. It needs to be in the same location as the one displayed here. Three options: Centered Tiled Stretched Client Assignments tab A list of vWorkspace clients to whom the wallpaper is assigned. You can assign or unassign wallpaper from this list.
Default Style
406
Add New Wallpaper 1. 2. 3. Open the vWorkspace Management Console. Expand Resources. Right-click on the Wallpaper node, and then select New Wallpaper.
OR
Select the green plus sign (+) from the toolbar.
407
408
21
User Profiles
Overview of User Profiles User Profiles Properties Configure User Profiles Mandatory User Profile Define User Profiles
User Profiles may be temporarily used in conjunction with existing local and roaming profiles until the relevant data has been completely exported from these profiles. Users whose data has been exported can then be reconfigured to use a mandatory profile. User Profiles is a subfeature of Power Tools for Terminal Servers and is only available for both Terminal Services (Application Server Mode) is installed on a Windows server, and VDI environments.
410
User Profiles
User Profiles is also a subfeature of PNTools for the Managed Desktop. See PNTools for more information on installation.
2.
3.
4.
5.
6.
7.
411
User Profile properties can be configured after components have been installed on the appropriate servers. User Profiles can be accessed by expanding the Resources node of the vWorkspace Management Console. Then, the Properties menu option is available one of the following ways: Highlight User Profiles and click on the Properties icon in the toolbar. Right-click on User Profiles and select Properties.
The following is a list of properties that can be configured. General Storage Servers Silos Permissions
General
412
User Profiles
DESCRIPTION The level of compression used when storing user profile element data to the storage server. The options are: High Medium Low None
Log Level
The level of logging that takes place inside of the profile. The options are: Detailed Basic
Refresh Interval
The interval, in minutes, that checks are made for User Profiles configuration changes.
Storage Servers
A Storage Server is a Windows file server running the Quest vWorkspace User Profiles Storage Service. This service receives and stores the users compressed data subset from the Quest vWorkspace User Profiles Agent service running on the Terminal Servers when the user logs off. It also retrieves the users compressed data subset and sends it to the Quest vWorkspace User Profiles Agent service when the user logs on. The User Profiles data subsets are typically in the range of 50 to 200 KB per user. User Profiles Storage Service should be installed on a Windows server that is configured and optimized as a file server. This service is unavailable for installation if the vWorkspace installation program detects that Terminal Services (Application Server Mode) is installed on a Windows server. The Quest vWorkspace User Profile Storage Service is listed under Peripheral Server Extensions in the list of features during setup.
413
DESCRIPTION The NetBIOS name of the computer which vWorkspace User Profile Storage Service has been installed. Note: The storage server name can not include: , \ * + = | : ; ? < > " <space>.
Base Folder
The root or base folder where the user profile element data is stored. The specified folder is created if it does not already exist. Default value is C:\MetaProfiles.
Global Folder
The name of the folder where the profile elements defined as global is copied. This folder is created as a subfolder of the Base Folder. Default is Global.
TCP Port
The TCP listening port that the vWorkspace User Profile Storage Server is configured to listen on. Default value is 80.
414
User Profiles
Silos
A silo is a logical group of Terminal Servers that have a common role or purpose, and have User Profiles installed on them. Exportable registry subkeys and shell folders can be marked for the Scope of either Global or Silo specific. If registry subkeys and folders are only located on a few specified servers, then those servers should be grouped together into a single silo, the registry subkey should be marked Silo. For example, if Microsoft Office is only installed on some Terminal Servers in the farm, then it makes sense to only import and export the registry subkey HKCU\Software\Microsoft\Office when users access those servers. Or, if registry subkeys and folders are located on every server, such as if Adobe Acrobat Reader is installed on all the Terminal Servers, then it makes sense to always import and export the registry subkey HKCU\Software\Adobe\Acrobat Reader and select Global as the Scope.
Before a Terminal Server can participate in a silo, the User Profiles component must be installed on the server.
Silo properties can be edited from the User Profiles | Properties option, as well as from an individual User Profile by using the Edit Silos button.
415
Permissions
Permissions enable administrators to allow or deny actions for activities within the vWorkspace Management Console. Users and groups of users who are selected as system administrators have implicit allow permissions for all actions, and may add and remove other system administrators. See Administration for more information on using permissions.
How to ...
Configure User Profiles Properties 1.
416
User Profiles
2. 3.
Expand the Resources node, and then highlight User Profiles. Do one of the following to open the User Profiles Properties window: Right-click on User Profiles and select Properties. Highlight the User Profiles option, and then select the Properties icon from the toolbar.
4. 5.
Define the Compression level, Log level, and Refresh interval as appropriate on the General window and then click Next. Define Storage Servers by clicking New on the Storage Server window and then do the following: a) Enter a name for the Storage Server, and then click OK. b) Click in the columns on the ellipses to change the Base Folder, Global Folder, and TCP Port settings. Base Folder is to where the profiles are saved. It should be a local path on the server. Global Folder is the name of the folder for Global settings/profiles. TCP Port is set to 80 as the default, but it is recommended that it be changed.
6.
Setup Silos by clicking New on the Members window, and then do the following: a) Click Next on the Welcome window of the Silo wizard.
417
b) Enter a name for this silo group, and then click Next. c) Click Add Terminal Servers or Add Computer Groups to define the silo. Select the appropriate Terminal Server or computer group from the Select window, and then click OK. Terminal Servers and computer groups can only be added to one silo at a time. d) Click Next on the Members window. e) Select the User Profile Storage Server from the list, and then click Finish. The silo you just added appears on the list. f) Click Next on the Silos window.
7.
Use a specialized local or domain user account for purposes of profile management.
User Profiles
Create the mandatory user profile in which users are logging in to on one of the Terminal Servers. Make the mandatory user profile as generic as possible. Use the User Profiles, Manage-IT, and other management features within the vWorkspace Management Console to control user profiles. Remember to rename ntuser.dat to ntuser.man to make the HKCU registry hive mandatory (read-only). Use the System Control Panel applet to copy the mandatory user profile to the target Terminal Servers and set Permitted to Use to Everyone. Add a MAN extension to the root folder name of the mandatory user profile to make it read-only (use folder redirection user profile elements with User Profiles to give users write access to needed folders). Assign the mandatory user profile to the appropriate user accounts in Active Directory.
How to ...
Modify a Users Profile Path in Active Directory 1. 2. 3. Open Active Directory Users and Computers MMC snap-in. Locate the user object that is to be modified using Browse or Find. Right-click on the user object, and then select Properties.
419
4.
Click on the Terminal Services Profile tab. The Terminal Services Profile path can be set via Active Directory Group policy if the domain controllers are Windows Server 2003 Service Pack 1 and appropriate hotfixes have been applied.
5. 6.
In the Profile Path box, enter the local file system path to the mandatory user profile. Click OK.
Visual Basic scripting can be used to automatically modify the profile path for existing users. The sample below is from Microsoft TechNet Script Center Library.
420
User Profiles
USER PROFILE ELEMENT PROPERTY Category Type Registry Key/Special Folder Logon Processing
DESCRIPTION The user definable name used to associate one or more elements with each other. The User Profile element being configured as a Registry Key or a Special Folder. The input box used to specify which registry key or special folder is to be exported. If this setting is Synchronous, all elements must be retrieved and merged before the users Window desktop is presented. If this setting is Asynchronous, not all registry keys, files, and folders need to be present prior to the presentation of the users Window desktop.
421
DESCRIPTION This setting specifies if the User Profile element is applied on a Global or a Silo basis. Global is all Terminal Servers in the vWorkspace infrastructure. Silo is only those that are members of a specified Terminal Server group. If Silo is selected, a Silo input box appears. See User Profiles Properties for more information on defining Silos.
How to ...
Define a Registry Key in User Profiles 1. Open the vWorkspace Management Console from the desktop of a Terminal Server that is known to have the appropriate body of registry keys. Expand the Resources node, and then select the User Profiles. Select New User Profile from the context menu of User Profiles, or click the New icon, which is the green plus sign (+) in the information pane toolbar. Type a new Category name or select an existing one from the list. This is used only for organization within the console. 5. 6. 7. 8. In the Type box, make sure Registry Key is selected. Type the desired Registry Key path and name or use the registry icon to browse to it. Select Asynchronous or Synchronous in the Logon Processing field. Select Global or Silo in the Scope box. If Silo is selected, use the Silo box to identify the group that will use this profile element or Edit Silos to add a new silo. See User Profiles Properties for more information on adding silos.
2. 3.
4.
422
User Profiles
9.
To assign this User Profile to a user, complete the Client Assignments tab as appropriate.
10. To assign permissions to this User Profile, complete the Permissions tab as appropriate. 11. Click OK to save your changes and close the window, or click Apply to save your changes and move to another tab.
423
How to ...
Define a Special Folder User Profile Element 1. Open the vWorkspace Management Console from the desktop of a Terminal Server that is known to have the appropriate body of registry keys. Expand the Resources node, and then highlight the User Profiles node in the navigation pane. Select New User Profile from the context menu of User Profiles, or click the New icon, which is the green plus sign (+) in the information pane toolbar. Type a new Category name or select an existing one from the list. In the Type box, make sure Special Folder is selected. Type the desired Special Folder path and name, or use the folder icon to browse to it. Select Global or Silo in the Scope box. If Silo is selected, use the Silo box to identify the group that will use this profile element or Edit Silos to add a new silo. See User Profiles Properties for more information on adding silos 8. To assign this User Profile to a user, complete the Client Assignments tab as appropriate. a) Click the green plus (+) button. The Select Groups window appears. To add a group, do the following: a) Select the Groups tab. b) Select a Domain by using the drop-down list. c) Select the group or groups (use Ctrl to multi-select) in the Select the Group(s) section. d) Click OK. To add a user, do the following: a) Select the Active Directory tab. b) Select a Domain by using the drop-down list. c) Select the appropriate options under the Display section. d) Enter a specific name or a partial name in the Filter section. If you only use an asterisk (*), all possible options are presented. e) Click Refresh. f) Select your options from the list. (Use Ctrl to multi-select).
424
2. 3.
4. 5. 6. 7.
User Profiles
g) Click OK. 9. To assign permissions to this User Profile, complete the Permissions tab as appropriate.
10. Click OK to save your changes and close the window, or click Apply to save your changes and move to another tab.
425
426
22
vWorkspace Web Access
About Web Access Installation Web Access Management Console Use Web Access Integration with Juniper Networks Secure Access Web Access and Smart Cards
428
Installation
The following is a list of requirements for vWorkspace Web Access. Web Access can be placed in the DMZ or a secured subnet.
Hardware Server class hardware that meets the minimum requirements of selected operating system. One or more 100 Mbps or 1000 Mbps Ethernet adapters. Implemented as a virtual machine is an option. Operating System Windows 2000 Server (Standard or Advanced) Windows Server 2003 (Web, Standard, or Enterprise) Microsoft .NET Framework Optional Windows Components Version 2.0.50727 (with 3.0 support) ASP.NET Enable network COM+ access Internet Information Services (Common Files, Internet Information Services Manager, World Wide Web Service) Optional Microsoft Network Load Balancing Third-party load balancing appliance X.509 server certificate (if the Web site requires SSL encryption) X.509 trusted root certificate (if used with vWorkspace SSL Gateway)
429
How to ...
Install Web Access The following steps need to be completed on all designated Web Access servers. 1. 2. 3. Ensure all the required software components are installed. Execute start.exe, and select Web Access. Click Next and complete the installation.
430
Global Settings
The following settings can be specified on a global basis:
Authentication Windows Domains Two-Factor Authentication Credentials Pass-Through Password Management Client Identification User Experience Local Resources Display Performance
431
User Interface
Configuration Settings
General
Farm Settings
Farm settings can also inherit their settings from the global settings. This is done by selecting Inherit the global settings. The following settings can be specified by Farm:
Authentication Windows Domain Two-Factor Authentication Credentials Pass-Through Connectivity Connection Broker Firewall/VPN Proxy Server User Experience Local Resources Display/Performance
Configuration
Complete the following configuration tasks in the presented order. Configure Farms Configure the Connectivity Settings Configure the Authentication Settings Configure the User Experience Settings Configure the User Interface Settings Configure the Web Access Application
432
Configure Farms
How to ...
Add or Remove a Farm 1. Click Add/Remove Farms in the left pane of the Web Access Management Console. Use the following URL to display the Web Access Management Console. Servername is replaced with the host name, FQDN, or IP address of your web server: http://servername/Provision/Web-IT/Admin 2. Enter the name of the infrastructure in the Farm field.
3. 4. 5. 6.
Click Add, and then Save Changes. Repeat the above steps until you have added all of the farms. Use the Up and Down arrows to move the added farms. Farms are displayed to users in the order they appear on this list. Select Log users on to all configured farms if users log on to all the defined farms using the same credentials. Users are not presented with a list of farms to choose from if this option is selected.
433
The Firewall/SSL VPN settings are used to determine the way in which users connect to Terminal Servers and managed computers. There are three address translation options that can be used, and which one is used depends upon server side firewalls, if network address translation is being used, as well as SSL encryption. The options are:
Normal Address vWorkspace clients connect to the vWorkspace Terminal Servers and managed computers using their IP address. No address translation occurs and the target computers IP address is visible. Use this option if there are no firewalls between the client and target servers, and Network Address Translation is not being used. Alternative Address vWorkspace clients are assigned an alias IP address that is routeable across the Internet. Firewall rules are constructed to allow inbound connections using the alternative address. The firewall then forwards the packets to the target servers using their real IP addresses. The private IP addresses used by the servers is not exposed to the Internet. Use this option for connections to Provision-IT Terminal Servers and the servers are protected by a firewall with Network Address Translation enabled. SSL Gateway Use this option to encrypt the RDP session traffic. Note: If you are using SSL Gateway in conjunction with Web Access, you must specify both the internal and external Web Access access URLs on the Firewall/SSL VPN section of the Web Access Management console. See Set Firewall/SSL VPN by Farm for more information.
How to ...
Set Connection Brokers by Farm Set Firewall/SSL VPN by Farm Set Proxy Server Settings by Farm
Set Connection Brokers by Farm 1. Do one of the following: a) Click Manage Farms in the left-hand pane, and then select Connection Brokers from the right-hand pane.
434
b) Select the farm from the drop-down list in the left-hand pane, and then select Connection Brokers from the left-hand pane from the appropriate farms setting.
2.
Enter the host name, FQDN, or IP address of the Connection Broker in the Server List field, and then click Add. Use FQDN when using https protocol. Repeat step 2 to add other Connection Brokers as appropriate. You need to use multiple Connection Brokers if you are using fault tolerance or load balancing.
3.
4. 5. 6. 7. 8.
Click Up or Down in the Server List field to move the order of the Connection Brokers. Enter the port number in the XML Port field. Select HTTP or HTTPS from the drop-down list in the Protocol field. Click Save Changes. Repeat this process for each farm that has been added.
Set Firewall/SSL VPN by Farm 1. Do one of the following: a) Click Manage Farms in the left-hand pane, and then select Firewall/SSL VPN from the right-hand pane. b) Select the farm from the drop-down list in the left-hand pane, and then select Firewall/SSL VPN from the left-hand pane.
435
2. 3.
Select the Default Address Translation Setting. Use this option when the IP addresses for users is unknown. Enter information pertaining to Custom Address Translation Settings. Use this option when the IP addresses for users is known. Enter SSL Gateway Settings. Select the Enable NAT support for firewall traversal if Network Address Translation is being used on a firewall that is between the SSL Gateway and vWorkspace Terminal Servers. Enter the external URL used to access Web Access remotely in the Web Access Access URL (external users) box. For example: https://webit.mycompany.com
4.
5.
436
6.
Enter internal URL used to access Web Access locally in the Web Access Access URL (internal users) box. For example: http://webit.mycompany.com
If you are using SSL Gateway in conjunction with Web Access, you must specify both the internal and external Web Access access URLs on the Firewall/SSL VPN section of the Web Access Management console.
7.
Set Proxy Server Settings by Farm 1. Do one of the following: a) Select Use default from the system internet settings. b) Select Do not use a proxy server. c) Select Enter an address manually and complete the following: Enter the Proxy Server and Port. Enter any addresses that are not to be used for the proxy server.
2.
437
How to ...
Set Windows Domain Set Two-Factor Authentication Set Credentials Pass-Through Set Password Management Set Client Identification
Set Windows Domain 1. Select Allow user to choose from the list of domains for users to choose a domain. If this checkbox is not selected, the domain field is not displayed to users, and the user is logged on to the first domain in the list. Enter the NetBIOS form of the Windows domain name in the Domain field, and click Add. Use the Up and Down arrows to move the domains. The order in which the domains display is the order in which they appear on the Web Interface Logon page. 4. Click Save Changes.
2. 3.
2.
OR
b) RADIUS (RSA ACE/Server, Secure Computing RemoteAccess)
438
3.
If you selected Secure Computing PremierAccess, complete the following information: Specify the path and file name to the Secure Computing PremierAccess configuration file in the Configuration File Location box.
4.
If you selected RADIUS (RSA ACE/Server, Secure Computing RemoteAccess), complete the following information: RADIUS Server RADIUS Port RADIUS Secret Key Use Encrypted authentication (CHAP) or Use Unencrypted Authentication (PAP)
5.
Set Credentials Pass-Through This setting allows users to automatically log in to their vWorkspace farm using the same credentials as their client device. This setting should only be used in environments where network security is not a concern, such as with LAN users.
439
To use this setting, Enable Integrated Windows Authentication must be turned on in Advanced Internet Options of Internet Explorer, and the Microsoft IIS web server must be a member of a domain in the Active Directory forest containing the users account. 1. Select Enable credentials pass-through to use Integrated Windows Authentication with the Web Interface.
2.
Enter the part of the IP address that is common to all client devices on a subnet in the Intranet Address Prefix field, and then click Add. Repeat step 2 to add all subnets. Use the Up and Down arrows to arrange the display of the Intranet Address Prefixes. Enter Excluded Prefixes to deny the use of credentials pass-through to client devices having a specified IP address. Repeat step 5 to add all IP addresses. Use the Up and Down arrows to arrange the display of the Excluded Prefixes. Click Save Changes.
3. 4. 5. 6. 7. 8.
Set Password Management This option can only be configured as a global setting. 1. 2. Enter a Domain using the NetBIOS name of the Password Management server. Enter the Server (FQDN). The host name, NetBIOS name, or IP address can be used in this field.
440
3. 4. 5.
Enter a Port number, and then click Add. The usual number to use is 443. Repeat the above steps to add multiple Password Management servers. Click Save Changes.
Set Client Identification This option can be configured only as a global setting. 1. Select Query client name and IP address if the name and IP address of the client can be queried and sent to the Connection Broker. Once sent to the Connection Broker the published desktops and applications that are assigned to the client based on Device Name or Device IP Address can be presented. 2. Click Save Changes.
Each setting has a checkbox that allows users to override the settings as configured by the Web Interface administrator.
How to ...
Set Local Resources Set Display
441
Set Local Resources 1. Select Local Resources from the User Experience section.
2. 3. 4. 5.
Select Allow user to override local resource settings, if appropriate, to allow users to personalize their own sessions. Complete the Remote Computer Sound options, as appropriate. Complete the Apply Windows key combinations options, as appropriate. Select the following options, as appropriate:
Redirect Drives Select if users need access to the disk drives on their physical device. Select if users needs to print to autocreated client printers using native print drivers. Select if users need access to devices attached to the serial ports on their physical device. Select if users are required to log on to their session using a Smart Card attached to their physical device. Select if users need access to USB devices.
Redirect Printers
Redirect Devices
442
Select if users need to print by autocreated client printers using the Universal print driver. Select if users need to redirect the local computer microphone when connecting to a Terminal Server. Select if users need to redirect the local computer clipboard when connecting to a Terminal Server.
Redirect Microphone
Redirect Clipboard
6.
2.
Complete the Display Settings. a) Select Allow user to override the display settings, if appropriate. b) Complete the Screen Resolutions options, as appropriate.
Window Sizes These settings only apply when seamless window connections are used.
443
This setting allows users to minimize, maximize, or close the session by use of a connection bar, when connecting in full screen mode. This setting is available when Full Screen is chosen for Screen Resolution. This setting pins the remote desktop connection bar.
This setting is used when connection to managed computers that are VMware virtual machines. This setting enables the remote session screen size and color depth to match the settings of the physical client device, when connecting to managed applications hosted on vWorkspace enabled Windows Terminal Servers. This setting is available when Full Screen is chosen for Screen Resolution. This setting enables the display area to span across two monitors.
c) Select a Color Depth option from the drop-down list. This setting is not used with seamless window connections. 3. Click Save Changes.
444
2.
Complete the Performance options. a) Select Allow user to override local resource settings, if appropriate, to allow the user to personalize their own sessions. b) Select the following options, as appropriate. Enable Enable Enable Enable Enable wallpaper full window drag animation themes bitmap caching
c) Select the following optimization options, as appropriate: 3. Enable local text echo Enable graphic acceleration Enable multimedia redirection
Messages Controls the content of messages presented to the user. Downloads Controls the available download links as displayed in the Download Center. The downloads section is also used to specify which client to use, and whether to allow users to select which client to use. The options are as follows: Do not automatically download and install a client (normal operation). Allow the user to select which client to use (e.g. Windows or Java Client). Automatically download and install either the Windows client or the Java client.
When the Windows client is selected, a client version and location can be specified. In this case, it checks whether the vWorkspace Windows client is installed on this machine. If the specified version or later version is not installed, it attempts to automatically download the client from the specified location using Microsoft ActiveX. The autodownload operation only works on browsers that support ActiveX, and if ActiveX is enabled in Internet Options of the browser. Additionally, a static link can be displayed in the Web Access interface that allows the user to manually download and install the Windows client. Miscellaneous Controls the display of the IP address of the vWorkspace client device when a connection to the Web Interface server is made, and whether to automatically start a specified (or single) application when the user logs on successfully.
How to ...
Set Content Layout Options Set Look & Feel Options Set Messages Options Set Downloads Options Set Miscellaneous Options
446
a) Select Allow user to override the application set layout, if appropriate. b) Select Present apps in flat format (No folders) to display all the published resources on one page. c) Select the Default application layout style from the following options: Details Icons List Tree (The application search feature is unavailable to users with this view.) Accordion (The application search feature is unavailable to users with this view.) Content width (move the slider to display the appropriate pixels)
d) Enter a number of columns in the Divide apps evenly among field. The default is 3. e) Enter a number of columns in the Divide List view applications evenly among field, which is only applicable to the List application layout style. The default is 2. 2. Click Save Changes.
447
Set Look & Feel Options 1. Complete the following fields on the Color Scheme window as appropriate.
2.
Click Upload New Logo Graphic to change the current header logo.
448
a) Click Browse to open the file that is to be used for the new logo. b) Click Upload New Logo. 3. 4. 5. Select a Page Background Color from the Select Color drop-down list. Select a Color Scheme. There are 9 different color schemes available. Click Save Changes.
449
Set Messages Options 1. To modify a message, type new text or type additional text, and then click Save Changes. This section is used to modify text and messages that is displayed in various areas of Web Access.
450
a) Select Do not automatically download and install a client, if appropriate. b) Select Allow the user to select which client to use, if appropriate. c) Select Automatically download and install the following client: and choose the client, if appropriate. d) Select Always display a link to download and install the vWorkspace client for Windows and enter a File Path, as appropriate. e) Add up to five additional download links by entering the text string to be used as the display label in the Text field, and the location and file name in the Path field. 2. Click Save Changes.
Set Miscellaneous Options 1. Select Display source IP address on login page to display the IP address of the vWorkspace client device when connected to the Web Interface server. This is used for troubleshooting and support purposes.
451
2.
Complete the Application Auto-Launch section as follows: a) Select Launch Applications Automatically to start a published application or desktop at logon. b) If you selected Launch Applications Automatically, you can select one of the following options: Auto-Launch When There Is Only One Application Auto-Launch Specific Application, and enter the name in the Name Of Application field.
The name of the specified application to be started must match the exact name of the published application. 3. Click Save Changes.
VDI Retry Interval Defines the wait period between connection attempts of a virtual desktop that is powering up. If this setting is not specified, it uses a pre-set default value that is specified in web.config, a web-application configuration file which is automatically installed.
How to ...
Set the General Options 1. Complete the following: a) Select Display detailed error messages and Enable error logging, if appropriate. It is recommended that this option is only selected as directed by Quest Software support personnel. b) Enter a number of minutes in the User Session Time-Out field. c) Enter a number of seconds in the VDI Retry Interval field. 2. Click Save Changes.
453
The information displayed on the Web Access Login window in the Login, Info Center, Downloads, and Preferences sections on the Web Access Login window depends upon the settings configured in the Web Access management console. Some examples of the Web Access login window are listed below:
454
Once a user successfully authenticates their log on, a list of published resources or application set, is presented. An application set is not presented if a user has not been assigned a published resource. The view of the application set is based upon settings made in the Web Access management console, Content Layout. A toolbar is accessible on the Application Set window that offers the following options:
Refresh
Change Password
Help
455
The search feature is unavailable to users with the Tree or Accordion view. Users enter the search terms into the search box, and then click the search button. A list of possible applications are presented. The Clear option is used to clear the search results and return to the full set of applications.
Preferences
Users are permitted to change some settings in Web Access based upon the settings made by the Web Access administrator. Users can select the Preferences option, and they are presented with the following window with access to changing settings as indicated by the administrator.
456
TAB General
SETTINGS Change your layout: Default application layout style Content width Divide apps evenly among Divide List View applications evenly among Display apps in flat format (no folders) Remember farm selection for login Currently selected farm: Apply settings to: (specify settings for all farms or a specific farm)
457
TAB Display
SETTINGS Color Depth (These settings are not used when making seamless window connections.) Screen Resolution Disable connection bar This setting allows users, by use of a connection bar, to minimize, maximize, or close the session when connecting in full screen mode. Pin connection bar This setting pins the remote desktop connection bar. Enable smart sizing This setting is used when connected to managed computers that are VMware virtual machines. Enable seamless mode This setting enables the remote session screen size and color depth to match the settings of the physical client device when connecting to managed applications hosted on vWorkspace enabled Windows Terminal Servers. Span multiple monitors when in full screen mode This setting enables the display area to span across two monitors. Apply Settings to: (specify settings for all farms or a specific farm).
Local Resources
Remote computer sound Apply Windows key combinations Connect automatically to these devices when logged on to the remote computer: Drivers Printers Com Ports Smart Cards USB Devices Universal Printers Microphone Clipboard Apply Settings to: (specify settings for all farms or a specific farm).
458
TAB Performance
SETTINGS Allow the following: Desktop background Show contents of window while dragging Menu and window animation Themes Bitmap caching Optimizations: Enable local text echo Enable graphic acceleration Enable multimedia redirection Reconnect if connection is dropped Apply settings to: These setting can be applied to all farms, or a specified one.
Change Password
Users can securely change their password while connecting over the Internet. However, for security reasons, it is recommended that SSL encryption is required on the Web Access server if this feature is used across the Internet. The Web Access must be configured to use Password Management server. Users choose a domain if the administrator has specified any domains in the Password Management section of the Admin Console. If domains have not been specified by the administrator, users are not able to change their passwords.
459
Users will need to provide the following: Username Old Password New Password Confirm New Password Domain
Help
Users have access to a basic help menu. Help is available for the following topics: Authentication Logging On Logging Out Changing Your Password Configuring the Application Set
460
How to ...
Create Custom Headers 1. 2. 3. 4. 5. Open the Juniper Secure Access Central Manager. Under Resource Policies, select Web | SSO Cookies/Headers. Click New Policy. Enter a name for the policy. Specify your Web Access URL in the Resources section. For example: http://servername/provision/web-it/* Enter the host name, FQDN, or IP address of your web server in the above URL.
6.
Select the role to which the policy should apply in the Roles section. If you are not certain as to which policy or policies to apply, select Policy applies to All roles.
461
7.
8.
Enter each header name and value from the following table in the Headers and values section. Click Add after adding each header name and value.
HEADER NAME PN_Username PN_Password PN_Domain VALUE <USER> <PASSWORD> MYDOMAIN (use the relevant domain to which your users authenticate)
9.
Click Save Changes. If all configurations have been completed correctly (such as Secure Access roles, permissions), users are presented with their applications when using Web Access.
462
If your Web Access implementation has multiple farms that users can authenticate to and get applications from, there are two different ways this can be configured: 1. If users are to be presented with applications for all configured farms, select Log users on to all configured farms on the Farms window in the Web Access Management Console.
OR
2. If users can log in to only one specified farm, add that information to the Header and values section. See step 8 for more information. For example:
HEADER NAME PN_Farm VALUE MYFARM
a) If a farm has been previously selected and saved in the Web Access Custom User Settings, open the Settings window and unselect Remember farm selection for login. b) Your Juniper users are presented with applications only from that farm.
IIS cannot be used in conjunction with Secure-IT, because the connection to Web Access is terminated by Secure-IT. See About the SSL Gateway for more information on Secure-IT.
IIS server must have an SSL web server certificate from Certificate Authority that has also issued the smart card certificate. Client machines that are not joined to your domain are prompted twice to authenticate; to authenticate to IIS and to authenticate when an application is started.
How to ...
Configure Web Access for Smart Cards 1. 2. Join the IIS server to your domain. Select Enable the Windows directory server mapper on the Web Sites Properties window, Directory Security tab. The Web Sites Properties window is found at the following path: Start | Administrative Tools | Internet Information Services | Web Sites folder | Properties (context menu) 3. Do the following to enable a web server certificate from the certificate authority: a) Open Properties for ssomain.aspx. by using the following path from your web server on the IIS Manager: Web Sites | Default Web Site | Provision | Web Access b) Open the File Security tab and click Edit under Secure communications. c) Select the following on the Secure Communications window: Require secure channel (SSL) Require 128-bit encryption Require client certificates Enable client certificate mapping
464
4.
Complete the following Credentials Pass-Through settings on the Web Access Management Console. These settings can be done at the Farm or Global level. a) Select Enable credentials pass-through. b) Select Use Kerberos authentication. c) Select Initial Authentication Only. d) Add an asterick (*) to the Intranet Address Prefix section to enable all IP addresses. e) Click Save Changes.
465
466
23
vWorkspace and the SSL Gateway
About the SSL Gateway SSL Gateway Configuration Installation Configuration Options
The SSL Gateway can also be used with the Web Interface. The web browser requests destined to the Web Interface server are SSL encrypted at the client workstations and sent through the corporate firewall on TCP port 443. Once received by the SSL Gateway, the data is decrypted and forwarded to the destination Web Interface server on TCP port 80. Outbound responses from the Web Interface server passing through the SSL Gateway are encrypted and forwarded to the clients web browser.
Installation
The SSL Gateway requires the following: Windows 2000 Server (Standard or Advanced) Windows Server 2003 (Standard or Enterprise) One or more X.509 web server certificates (depending upon configuration) Trusted root certificate from the issuing CA installed into the Windows machine store of the SSL Gateway for certificates that have been installed on the Web Interface or Connection Broker servers.
Microsoft IIS can exist with the SSL Gateway, but it is not required.
468
The SSL Gateway can be placed in the DMZ network or a protected internal network, and it can be installed on a physical or virtual machine. The SSL Gateway can exist with the Web Interface, and third-party balancing can be used.
The SSL Gateway should not be installed on Terminal Servers. The only exception would be for proof of concept purposes.
How to ...
Install the SSL Gateway 1. 2. 3. Execute the start.exe installer program. Select either Enterprise Edition or Desktop Services Addition licensing mode. Select Connectivity Features | SSL Gateway on the Custom Setup window.
469
DESCRIPTION
This checkbox enables SSL encryption of RDP session traffic between the vWorkspace client and vWorkspace enabled Terminal Servers and Managed Computers. The IP address for the SSL Gateway for inbound requests is selected from the drop-down list.
Local Port
The TCP port number to be used for SSL encryption of RDP session traffic. Default is 443. Note: If Microsoft IIS exists on the SSL Gateway, the port 443 might already be in use.
Certificate Name
This field is for selection of the web server certificate that is to be used by the SSL Gateway for inbound SSL-encrypted RDP session traffic. Note: Only certificates installed in the Windows machine store are recognized.
Web Interface Proxy Local IP Address This checkbox enables secure web browser traffic between the vWorkspace client and the Web Interface web server. The IP address for the SSL Gateway for inbound Web Interface SSL requests is selected from the drop-down list. Local Port The TCP port number to be used for SSL encryption of the Web Interface session traffic. Default is 443. Note: If Microsoft IIS exists on the SSL Gateway, the port 443 might already be in use. Destination Host(s) The SSL Gateway forwards requests through the IP address, host name, or FQDN of the Web Interface web server. Use commas to separate entries.
470
DESCRIPTION The TCP port number that the Web Interface web server listens on. Default is 80.
Enable SSL
This checkbox decrypts and then forwards packets. Unselect this checkbox, and the packet is sent without being decrypted.
Certificate Name
This field is for selection of the web server certificate that is to be used by the SSL Gateway for inbound SSL-encrypted RDP session traffic. This field is only for use if the Enable SSL checkbox is selected. Note: Only certificates installed in the Windows machine store are recognized.
Connection Brokers Proxy Local IP Address This checkbox indicates secure traffic between the vWorkspace client and the Connection Broker servers. The IP address for the SSL Gateway for inbound Connection Broker SSL requests is selected from the drop-down list. Local Port The TCP port number for SSL encryption of Connection Broker traffic. Default is 443. Note: If Microsoft IIS exists on the SSL Gateway, the port 443 might already be in use. Destination Host(s) The SSL Gateway forwards requests through the IP address, host name, or FQDN of the Connection Broker server. Use commas to separate entries. The TCP port number that the Connection Broker servers listen on. Default is 80.
Dest. Port
471
DESCRIPTION If this checkbox is selected, the SSL Gateway decrypts inbound SSL packets before forwarding them to the Connection Broker servers. If this checkbox is not selected the SSL Gateway will not encrypt SSL packets for inbound Connection Broker servers.
Certificate Name
This field is for selection of the web server certificate that is to be used by the SSL Gateway for inbound SSL-encrypted RDP session traffic. This field is only for use if the Enable SSL checkbox is selected. Note: Only certificates installed in the Windows machine store are recognized.
DESCRIPTION
This number is the amount of time a session can be inactive before the SSL Gateway terminates it. Default is 0 (no time out).
Server Logging Enable to Trace login to the specified file If this checkbox is selected, logging for troubleshooting is enabled. The name and location for this file is entered into the text box. You can also use Browse.
Configuration Options
The following configuration options discussed in this section are: AppPortal Access Web Interface Access AppPortal and Web Access
472
AppPortal Access
This option describes a setup when a single point of entry is needed for users connecting from external networks, and the vWorkspace client is accessed by the AppPortal.
The SSL Gateway is the only access point to the vWorkspace infrastructure. Remote clients gain access to the system using a single FQDN. Only one firewall access rule is required to permit inbound connections to the SSL Gateway on TCP port 443.
The SSL Gateway, if situated in the DMZ, requires additional firewall rules to allow the SSL Gateway to communicate with the Connection Brokers and the virtual machines.
How to ...
Configure AppPortal Access 1. 2. Use the following path to access the applet: Control Panel | Provision Networks Secure-IT Complete the RDP Proxy section as follows: a) Select Local IP Address, and then select an IP address from the drop-down list. b) Enter the Local Port.
473
c) Click the Lock icon to select the web server certificate used by the SSL Gateway for inbound SSL-encrypted RDP session traffic. Only certificates installed in the Windows machine store are recognized. 3. Complete the Connection Broker Proxy section as follows: a) Select Local IP Address, and then select an IP address from the drop-down list. b) Enter the Local Port. c) Enter the IP address, host name, or FQDN of the Web Interface web server that the SSL Gateway forwards requests. Use commas to separate entries. d) Click the Lock icon to select the web server certificate used by the SSL Gateway for inbound SSL-encrypted RDP session traffic. Only certificates installed in the Windows machine store are recognized.
Both the RDP and the Connection Broker proxies can share the same IP address and TCP port.
4.
Configure a farm connection using AppPortal | Manage Connections, or by right-clicking on the farm from the vWorkspace Management Console. Enter the FQDN of the Connection Broker proxy in the Server List on the Connectivity tab. Select Enable RDP over SSL/TLS, and then enter the FQDN of the RDP proxy in the SSL Gateway Server field.
5. 6.
474
The Web Interface is configured with the FQDN of the SSL Gateway for any client devices whose IP address is not part of the corporate LAN. Remote clients gain access to the system using a single FQDN. Only one firewall access rule is required to permit inbound connections to the SSL Gateway on TCP port 443.
The SSL Gateway, if situated in the DMZ, requires additional firewall rules that permit the SSL Gateway to communicate with the Web Interface and the virtual machines.
475
Alternatively, the SSL Gateway and the Web Interface can be in the DMZ. Additional rules are required to permit the SSL Gateway to communicate with the virtual machines, and the Web Interface to communicate with the Connection Broker.
If you are using SSL Gateway in conjunction with Web Access, you must specify both the internal and external Web Access access URLs on the Firewall/SSL VPN section of the Web Access Management console. See Set Firewall/SSL VPN by Farm for more information.
How to ...
Configure the Web Interface 1. 2. Use the following path to access the applet: Windows Control Panel | Provision Networks Secure-IT Complete the RDP Proxy section as follows: a) Select Local IP Address, and then select an IP address from the drop-down list. b) Enter the Local Port. c) Click the Lock icon to select the web server certificate used by the SSL Gateway for inbound SSL-encrypted RDP session traffic. Only certificates installed in the Windows machine store are recognized.
476
3.
Complete the Web Interface Proxy section as follows: a) Select Local IP Address, and then select an IP address from the drop-down list. b) Enter the Local Port. c) Enter the IP address, host name, or FQDN of the Web Interface web server that the SSL Gateway forwards requests. Use commas to separate entries. d) Select Enable SSL. e) Click the Lock icon to select the web server certificate used by the SSL Gateway for inbound SSL-encrypted RDP session traffic. Only certificates installed in the Windows machine store are recognized.
Both the RDP and the Connection Broker proxies can share the same IP address and TCP port.
4. 5. 6.
Click OK. Start the vWorkspace Web Access Management Console. Select the farm from the drop-down list, and then click Firewall/SSL VPN.
477
7.
a) Select SSL Gateway as the Default Address Translation Setting. The Custom Address Translation Settings are for internal, LAN based users. You can add address prefixes to prevent them from unnecessarily starting SSL encrypted RDP connections. b) Enter the SSL Gateway FQDN/IP Address. c) Enter the TCP Port.
478
d) Enter an Access URL for both external users and internal users. For example: Web Access Access URL (external users) https://webit.mycompany.com Web Access Access URL (internal users) http://webit.mycompany.com
If you are using SSL Gateway in conjunction with Web Access, you must specify both the internal and external Web Access access URLs on the Firewall/SSL VPN section of the Web Access Management console. See Set Firewall/SSL VPN by Farm for more information.
8.
479
The SSL Gateway and the Web Interface, if situated in the DMZ, require additional firewall rules to permit the SSL Gateway to communicate with the virtual machines and the Connection Broker, and for the Web Interface to communicate with the Connection Broker.
If you are using SSL Gateway in conjunction with Web Access, you must specify both the internal and external Web Access access URLs on the Firewall/SSL VPN section of the Web Access Management console. See Set Firewall/SSL VPN by Farm for more information.
There are two possible ways to configure the use of the AppPortal and Web Interface. One option allows all three proxies to share the same IP address and SSL certificate, but the Web Interface and the Connection Broker proxies have different TCP ports. This allows the SSL Gateway to distinguish HTTP connections going to the Web Interface from HTTP connections going to the Connection Broker. A second option is for all three proxies to use the same TCP port, but the Connection Broker has a different IP address and SSL certificate.
How to ...
Configure AppPortal and Web Interface 1. Use the following path to access the applet: Windows Control Panel | Provision Networks Secure-IT
480
2.
To configure using the same IP address and SSL certificate: a) Enter the same IP address in the RDP Proxy, Web Interface Proxy, and Connection Broker Proxy fields. b) Enter the same Local Port for RDP Proxy and Web Interface Proxy, and a different Local Port for the Connection Broker Proxy.
3.
Complete the other fields as appropriate, and then click Apply to make the changes without closing the window, or click OK to make the changes and to close the window.
c) Configure a farm connection using AppPortal | Manage Connections, or by right-clicking on the farm from the vWorkspace Management Console. d) Enter the FQDN of the Connection Broker proxy in the Server List on the Connectivity tab. e) Select Enable RDP over SSL/TLS, and then enter the FQDN of the RDP proxy in the SSL Gateway Server field, and then click OK.
Both proxies may share the same FQDN, but the Connection Broker proxy is set to a different TCP port.
481
4.
To configure using the same TCP port: a) Enter the same TCP Port number in the RDP Proxy, Web Interface Proxy, and Connection Broker Proxy fields. b) Complete the other fields as appropriate, and then click OK.
c) Configure a farm connection using AppPortal | Manage Connections, or by right-clicking on the farm from the vWorkspace Management Console. d) Enter the FQDN of the Connection Broker proxy in the Server List. e) Enter the FQDN of the RDP Proxy in the SSL Gateway Server field. f) Click OK.
The RDP and Web Interface proxies can share the same IP Address, TCP Port, and Certificate Name. The Connection Broker Proxy is bound to a different IP Address and Certificate Name.
482
24
Universal Printing
About Print-IT Print-IT Components Universal Print Driver Options Universal Network Print Services Options Print-IT Printer Properties
About Print-IT
Quest vWorkspace Print-IT is a single driver printing solution that satisfies both client side and network printing needs in a Terminal Server environment. In addition to its driver independent approach to printing, benefits also include: A reduction in network bandwidth utilization. The ability to inherit the properties of manufacturer specific print drivers such as supported trays, paper sizes, and margins.
Print-IT is a universal print driver solution designed for Windows Terminal Servers and all versions of Citrix XenApp and Citrix Presentation Server. Print-IT features and benefits include: Support for both EMF and PDF modes of printing. No requirement for Adobe Acrobat Reader on the client. No requirement for the server side fonts to be preinstalled on the client. Size optimized print streams. Adaptive compression technology (multiple compression algorithms for color and black and white images). Bandwidth usage control and intelligent font embedding (only fonts that do not exist on the client are embedded inside the print stream). Partial font embedding (only the used portion of fonts are embedded inside the print stream). Excellent print quality. Incredible print performance and reliability. Page level streaming for instant printing of large size documents. Support for native printer features, such as bins, paper sizes, margins, and print quality. Support for private printer features, such as manufacturer specific features of stapling and watermarks. Support for the RAW data type. Multiple printer naming options. Synchronous or asynchronous printer creation, which ensures the creation of at least one printer before the server side application is started. Clientless support for LAN connected print servers.
484
Universal Printing
Clientless support for remote site print servers in situated and distributed environments. Support for virtually any printer make and model.
Print-IT Components
The primary Print-IT components are: Universal Print Driver Part of the Power Tools for Terminal Servers in Custom Setup. The option, Power Tools for Terminal Servers, only appears if Terminal Services is detected by the vWorkspace installer. Universal Network Print Services Part of the Peripheral Server Extension option in Custom Setup. The option, Peripheral Server Extension, only appears if Terminal Services is not detected by the vWorkspace installer.
Universal Network Print Server Extensions Installs on existing dedicated Windows network print servers. Eliminates the need of installing large numbers of drivers on Terminal Servers and managed computers by using a single universal print driver to create shared network printers. Also improves network print performance by taking advantage of the highly efficient compression engine found in the vWorkspace Universal Print Driver. Universal Print Relay Service for Remote Sites Installs on remote site and branch office network print servers and works in conjunction with Universal Network Print Server Extensions to extend the benefits of the universal printing architecture across the enterprise. Includes encryption, compression, and bandwidth usage control for high performance and security.
486
Universal Printing
When the Print-IT universal print driver does not support a specialized feature of a printer or the driver is not compatible with a print device, autocreated printers can be assigned to clients using the native driver for that printing device. The network printer auto-creation mode is a clientless mode; it does not require installing the Print-IT client software on the client supporting devices of all types.
Autocreating shared network printers for vWorkspace clients using the vWorkspace Universal Print Driver involves the following items: Install vWorkspace Universal Network Print Server Extensions on to the Windows-based print servers. Install and share the desired printers on the Windows based print servers as normal. Add the Windows based print servers as Print-IT print servers using the Manage Print-IT Printers option on the vWorkspace Management Console. Select the printers to be defined as Print-IT printers using the Manage Print-IT Printers option on the vWorkspace Management Console. Assign the Print-IT printers to the appropriate vWorkspace clients from the vWorkspace Management Console.
487
Administrators can also configure several preferences and performance parameters including the printer naming convention, print bandwidth upper limit, and compression options. To enable the autocreation of client printers, the following criteria must be met: The Universal Client Printer Auto-Creation feature must be installed on to every Terminal Server to which users connect. The Client Printer Auto-Creation options, at least one, must be enabled on every Terminal Server to which users connect. The Print-IT software must be installed on the client device, which is installed as part of the vWorkspace Client installation. The Auto-Creation options, at least one, must be enabled in the Print-IT client. The Universal Printers virtual channel must be enabled in the vWorkspace client, Microsoft Terminal Services client, or Citrix ICA client.
To print to an autocreated client printer, the user simply selects the Print command, and a list of printers is presented to them. Print preview is also available by selecting the Preview before printing from the PNTray menu.
488
Universal Printing
Print-IT Properties
When the Universal Client Printer Auto-Creation or Universal Network Printer Auto-Creation options of Print-IT are installed on a Terminal Server, the vWorkspace Print-IT Properties Control Panel applet is used to control the servers print settings. Below is a description of the tabs and options that are available.
General Tab
DESCRIPTION The options are PDF or EMF. Note: It is recommended that you use EMF, as it is a more robust printing mechanism.
489
DESCRIPTION Auto-create default printer Creates a printer mapping only to the default printer on the client device. Note: By selecting the Auto-create default printer option, any other Client Printer Auto-Creation options that are also selected do not apply. Auto-create local printers Creates a printer mapping for all of the local printers defined on the client device. Auto-create network printers Creates a printer mapping for every network printer defined on the client device. Inherit auto-creation settings from client Autocreates printers based on the Print-IT properties set on the client device.
Auto create only default printer synchronously Requires the mapping to the clients default printer to be completed before presenting the application or desktop window to the user. Auto create all printers synchronously Requires every printer on the client device to be mapped before presenting the application or desktop window to the user. This is the slowest method for login. Auto create all printers asynchronously Allows the presentation of the application or desktop window to the user without requiring printer mappings to be made first. This allows for the fastest login.
490
Universal Printing
DESCRIPTION Auto-create printers with full permissions Elevates user permissions to Full Control for all mapped printers. This is sometimes a requirement for printing with certain legacy applications. Delete auto-created printers when sessions disconnect Causes all mapped printers to be deleted from the server if a users session is disconnected. Enabling this feature can improve the reliability of printing in a multi-user environment. Synchronize default printer on client and server Enables synchronizing the settings of the default printer in the users Terminal Server session with those of the default printer of the session running on the client device.
Compression Tab
Controls when and to what extent compression is applied to the printer output. The options on the window depend on the Print Data Format, either PDF or EMF, that is chosen on the General tab.
491
EMF Format
PMF Format
492
Universal Printing
DESCRIPTION Data Compression controls the level of compression used for text. Level choices include: No compression Minimum (best speed) Low Medium High Maximum (smallest size) JPEG Image Compression controls the level of compression used for graphic images. Selectable Level options are: No compression Minimum (best quality) Low Medium High Maximum (smallest size)
493
DESCRIPTION Black & White Image Compression controls the algorithm used for compressing text and graphics. Algorithm choices include: Default compression CCITT Fax Group 4 Color Image Compression controls the algorithm and quality level of compression used for color images. Selectable Algorithm options are: Automatic (recommended) Default compression 256 compression JPEG compression Selectable options for Quality Level are: Maximum (largest file size) High Medium Low Minimum (smallest file size) Remove duplicate images, if selected, embeds the image once inside the print stream for the purpose of minimizing the use of bandwidth. For example, an image of a logo embedded in a header would only be embedded once.
Naming Tab
The Naming tab is used to control which client printer naming convention to use when naming autocreated client printers.
494
Universal Printing
DESCRIPTION Printer Name [Session #] Printer Name [Client Name:Session #] Printer Name [User Name:Session #] [Client Name:Session #] Printer Name [User Name:Session #] Printer Name Printer Name [User Name] [User Name] Printer Name
495
Bandwidth Tab
Use the bandwidth control slider to limit the amount of bandwidth consumed for printing purposes with each user session on the Terminal Server.The range is between 5 Kbps and 2 Mbps.
The maximum value set on the Terminal Server takes precedent; if there is a higher value set at Print-IT client properties.
496
Universal Printing
Upgrade Tab
Auto Client Upgrade Options can be used to upgrade older versions of Print-IT on the client device with a newer one. To enable this capability, select Automatically upgrade clients to new version, and enter the path and file name of the Print-IT client installer package in the input box, or browse to it by clicking the folder icon. This location needs to be the same on the local machine of each server running the Print-IT server.
You should not select this option if you are using vWorkspace Enterprise or Desktop Services editions, as Print-IT is already built into the vWorkspace client.
Logging Tab
The settings on this tab are used to enable trace logging for Print-IT printers and the Print-IT Print Monitor. If options are enabled, use the input boxes to enter or browse to identify the path and file name of log files. This tab is primarily used by Quest vWorkspace Support to assist in troubleshooting.
497
License Tab
The License tab is only used when Print-IT has been purchased on a per server basis and is not using concurrent user licensing modes.
498
Universal Printing
DESCRIPTION Filters the display of servers by type. Available types include: Terminal Servers Citrix MetaFrame Servers Provision Networks Servers Custom Server List
Propagate
When selected, Print-IT settings are propagated to all the servers that were selected.
Notification Tab
The Notification tab is used when administrators want a customized print notification to be sent to user sessions.
499
PRINT-IT PROPERTY NOTIFICATION TAB Display notification below when printing Title Message
DESCRIPTION Select this option when a printing notification message is desired. Type the text that is to be displayed on the title bar of the message window. Type the text for the print notification message.
PDF Publisher
This option enables the creation of a PDF file of any print job that is sent to the PDF printer.
500
Universal Printing
PRINT-IT PROPERTY PDF PUBLISHER Create the Print-IT PDF Publisher on this server Show Print-IT PDF Publisher menu items on client
DESCRIPTION When selected, autocreates a PDF Publisher printer for each user session on this server. When selected, a PDF publisher options menu item is added to the Print-IT section of the PNTray context menu.
501
CLIENT PROPERTIES GENERAL TAB Auto-Create Options Auto-create default printer only Creates a printer mapping to the default printer only, on the client device. Auto-create local printers Creates a printer mapping for each local printer defined on the client device. Auto-create network printers Creates a printer mapping for each network printer defined on the client device. Auto-create specified printers only Creates only the printers selected by the user. Performance Options Use Printer Properties Cache Allows printer properties from previous sessions to be cached and used, instead of having to reenumerate them each time a session is set up.
502
Universal Printing
CLIENT PROPERTIES BANDWIDTH TAB Enables the user to specify the amount of bandwidth available for printing, however, the maximum amount of bandwidth is set on the Terminal Server Print-IT properties. CLIENT PROPERTIES LOGGING TAB Enables logging for troubleshooting purposes.
How to ...
Setup Print-IT Printers Add Network Printers Assign Printers to Clients Universal Print Relay Service for Remote Sites Option
503
Setup Print-IT Printers 1. 2. 3. Open the vWorkspace Management Console. Expand the Resources node, and then click Printers. Click Manage Print-IT Printers on the toolbar of the information pane. It is the computer icon with the letter U.
4. 5. 6. 7.
Click Add on the Print-IT Servers on the Manage Print-IT Printers window. Type the NetBIOS name or IP address of the Windows print server or browse to it by using the ellipses on the Add Print Server window. Click Add on the Print-IT Printers on frame to select printers to be created as Print-IT printers. Browse to the Microsoft Windows Network and select the printer or printers in the Select Network Printer window. You may select printers shared from any Windows server, not just those with Print-IT installed on them. Use Ctrl to make multiple selections.
8.
Add Network Printers If a device or print feature is incompatible with Print-IT, use the following steps to configure autocreation of network printers using their native drivers. 1. 2. Open the vWorkspace Management Console. Expand the Resources node, and then click Printers.
504
Universal Printing
3.
Click Manage Network Printers on the toolbar of the information pane. It is the computer icon with the letter N.
4. 5. 6. 7. 8.
Click Add on the Print Server frame on the Manage Network Printers window. Type the NetBIOS name of the Windows print server or use the ellipses to browse to it, on the Add Print Server window. To select printers to be autocreated, select the desired server from the list in the Print Servers frame. Select each print to be autocreated in the Shared Printers on frame. Click Close to complete the task.
Printers created using native Microsoft Windows print drivers are named using the names that appear in the Printer and Faxes folder of the client device. However, once they are added to the vWorkspace database, the name can be changed.
Assign Printers to Clients Print-IT and Network Printers must be assigned to vWorkspace clients before they can be autocreated. 1. 2. 3. 4. Open the vWorkspace Management Console. Expand the Resources node, and then click Printers. Click Toggle Client Assignment List Display on the toolbar of the information pane to change the layout. Select a printer or printers from the list of Network Printers or Universal Printers. You may select printers shared from any Windows server, not just those with Print-IT installed on them.
505
5. 6.
Use Assign to assign the printers to clients. Click OK to close the Select Clients window.
The process of deploying the Universal Print Relay Service for Remote Sites involves the following items: Install the Universal Print Relay Service for Remote Sites on the print servers at each remote site. Use the Print-IT Remote Site Relay Control Panel applet to configure network communication parameters and identify the printers that are to be exported to vWorkspace clients when connecting to a vWorkspace infrastructure Terminal Server.
506
Universal Printing
Import the exported network printers from each remote site. Each imported printer is created as a Print-IT printer and shared from a designated Print-IT print server. Assign the Print-IT printers to the appropriate vWorkspace clients.
Mutual machine level authentication can be configured using an assigned shared pass phrase. Once authenticated, the Print-IT Remote Site Relay server and Print-IT Network Print server can encrypt the print data before it is passed across the WAN link, eliminating the requirement for complex Windows or Kerberos trust relations and obtaining commercial server certificates. Universal Print Relay Service for Remote Sites can be configured to use any port that security administrators allow to be open on the firewalls.
How to ...
Configure Universal Print Relay Service for Remote Sites Add Print-IT Remote Relay Servers Import Remote Printers Assign Remote Printers to Clients
Configure Universal Print Relay Service for Remote Sites 1. Open the Print-IT Remote Site Relay applet from the Control Panel. The system opens the Print-IT Remote Site Relay Properties window. Complete the following information on the General tab.
Remote Site Relay Information This section is used to configure the network communication protocol and security used by Universal Print Relay Service for Remote Sites on this server. TCP Port Enter a port number. Default is 82. Secret Pass Phrase Enter a secret pass phrase for mutual machine level authentication when Use Encryption is selected. A maximum of 20 alphanumeric characters is allowed.
2.
507
Use Encryption
Select for encryption between the Print-IT Remote Site Relay server and the Print-IT print server. Select the maximum amount of network bandwidth allowed for passing print data to an exported printer on the Print-IT Remote Site Relay server from a Print-IT server. The bandwidth limit is set on a per exported printer basis, allowing each printer to receive the maximum bandwidth limit.
Bandwidth Control
3.
Complete the following information on the Export List tab. a) Select the printer or printers to be exported to the Print-IT print servers. The list of printers that appear here are the ones that have been installed and shared on the Print-IT Remote Site Relay server. b) Select Properties to set printing preferences for each printer. c) Select Use Printer Properties Cache, if appropriate.
4.
Complete the Logging tab if you need to enable trace logging for troubleshooting.
508
Universal Printing
5.
Click OK.
After making configuration changes using the Print-IT Remote Site Relay Control Panel applet, it may be necessary to restart the vWorkspace Print-IT Remote Site Relay service for the changes to be implemented.
6. 7.
Click Add. Enter the name or IP address of the Print-IT Remote Site Relay server to be added or browse to select it using the ellipses, and then click OK. Select Add new site on the Add Relay Server window, and then click OK.
509
8.
9.
Enter the name for the new site on the New Printer Relay Site window, and then click OK.
10. Enter the two letter suffix to be used to identify the site, and then click OK. 11. Enter and confirm the secret Pass Phrase to be used for authentication to the Print-IT Remote Site Relay server, and then click OK. 12. Set the TCP Port number to the appropriate value. 13. Set the Bandwidth limit for printing. If a value selected here is higher than the limit defined on the Print-IT Remote Site Relay server, the relay servers value is used. 14. Repeat step 6 to step 11 for each additional remote Print-IT Remote Site Relay servers. 15. Click OK to complete the task. Import Remote Printers 1. 2. 3. 4. 5. 6. 7. 8. 9. Open the vWorkspace Management Console. Expand the Resources node, and then select Printers. Click the Manage Print-IT Printers icon from the toolbar of the details window. Click Site Relay on the Manage Print-IT Printers window. Select the Import Remote Printers tab. Select the Print-IT Remote Site Relay server that is to be used to import the Relay Sites and Relay Servers listed. Select the Print-IT server from the list of Print-IT Servers in which the imported printers are to be created. Click Import Now to start the import process. Review the message box confirming the import process has been initiated, and then click OK.
10. Click Close to close the Print-IT Relay Servers window. 11. Click Close on the Manage Print-IT Printers window. Assign Remote Printers to Clients Printers imported from Print-IT Remote Site Relay servers are assigned to vWorkspace clients in the same manner as Universal Printers and Network Printers. Imported printers are listed under Universal Printers on the details pane of the Resource | Printers section of the vWorkspace Management Console, and have the two letter remote site suffix appended to their names. 1. 2.
510
Open the vWorkspace Management Console. Expand Resources, and then click Printers.
Universal Printing
3.
Do one of the following: a) Right-click on the printer in the navigation pane to which users are to be assigned, and select Assign option. b) Highlight the printer in the navigation pane, and then click the Assign icon, which is the plus sign inside a blue circle.
4.
Select the client or clients for the assignment from the list, and then click OK. You can multiselect by using the Ctrl button.
Printer properties for Print-IT printers can be viewed and edited by right-clicking on the printer.
511
512
Universal Printing
Identifies the name of the Print-IT print server hosting this printer. This property is read-only. Displays the name of the Print-IT printer as it appears to the vWorkspace client. The Print-IT Printer Name can be changed.
Controls whether or not this printer is to be published in Active Directory. Choose between PDF and EMF.
513
Performance Options
Provides controls that influence printing performance. The specific controls depend on the Print Data Format selected. For PDF format the available controls are: B & W Image Compression Color Image Compression Color Image Quality Level Duplicate Images Removal For EMF format, the available controls are: Data Compression Level JPEG Image Compression Level
Client Assignments
Use to view or modify the list of vWorkspace clients to which this printer is assigned.
6.
OR
Click Cancel to close without saving changes.
514
25
USB Devices
About USB Devices USB Redirection USB-IT
USB Redirection
USB Redirection enables the use of virtually any USB connected device (PDAs, local printers, scanners, cameras, headsets) to be used in conjunction with VDI. Users can connect multiple USB devices and then decide which devices to share.
USB keyboards and mice are automatically excluded and are not shared. However, USB composite keyboards are not automatically excluded.
Requirements
USB Redirection needs to be installed on a VDI machine along with PNTools. An Enterprise, VDI, or Power Tools license is also required to use this feature.
516
USB Devices
Share
Selecting this option makes the device available to the server. When a device is shared, it is unavailable to the client machine. Selecting this option makes the device unavailable to the server, which makes it available to the client machine. Selecting this option excludes this device from being shared. See Note in Auto-connect devices.
Unshare Exclude
Unexclude
517
Properties
Selecting this option displays the USB Device Properties window. The ability to add an optional nickname for the device is included in the properties. Information on this window includes: Nickname Name Location Serial Number Information Status
Auto-share devices
Selecting this checkbox allows the connected devices to automatically be shared with the server. Note: If a user is going to select this option and they are using a USB keyboard or mouse, they need to exclude those devices before selecting this checkbox. The keyboard and mouse will not function locally on the client while being shared.
Devices are listed with their name, current status, and if they are shared (indicated with a checkmark) or excluded (indicated with an X). To share a device using the system tray, click on it. To exclude a device using the system tray, use CTRL + left-click.
518
USB Devices
519
Selecting this option enables the device on the server. Selecting this option disables the device on the server. Selecting this option excludes the device from being automatically connected. See Auto-connect devices.
Selecting this option allows the device to be automatically connected. Selecting this option displays the USB Device Properties window. Selecting this checkbox allows devices to be automatically connected when they are available to the server. Selecting this checkbox allows the system tray to be used.
520
USB Devices
Devices are listed with their name, current status, and if they are shared (indicated with a checkmark) or excluded (indicated with an X). To share a device using the system tray, click on it. To exclude a device using the system tray, use CTRL + left-click. The option Advanced is used to display the Control Panel applet. The server-side system tray appears like this:
521
How to ...
Manage USB Devices USB Redirection needs to be installed on the VDI machine, in addition to PNTools. 1. 2. Open the USB Redirection Control Panel applet. As devices are plugged in, they appear on the device list. Highlight a device from the list and select one of the options, as appropriate. If users are using a USB keyboard or mouse, prior to selecting the Auto-share devices checkbox, they need to exclude those devices, If those devices are not excluded on the list, they do not function on the client while being shared.
USB-IT
USB-IT enables Terminal Server and Citrix Presentation Server clients to seamlessly access their USB-based handhelds over RDP and ICA connections. With USB-IT, the Blackberry Desktop Manager, the Palm Desktop, and the ActiveSync software can be installed and published on the server. Users can instantly access to their handhelds for the purpose of synchronizing e-mail, calendar, contacts, and other personal information with back-end messaging and collaboration systems such as Microsoft Exchange and Lotus Domino. USB-IT supports all BlackBerry models; Palm and OEM handhelds running Palm OS; and Windows CE-based Pocket PC devices. USB-IT requires a plug-in on the client, which when installed, registers automatically with the ICA and RDC (Remote Desktop Connection) clients. Third-party WIN32 RDP clients capable of loading a virtual channel driver also can use USB-IT. In order to take advantage of USB-IT, the appropriate components must be installed on the client devices and Terminal Servers as follows: Terminal Servers USB-IT is installed onto Terminal Servers by selecting the PDA Redirection (USB-IT) feature listed under Power Tools for Terminal Servers. vWorkspace Client (AppPortal and Web Interface) PDA Redirection (USB-IT) is automatically installed when the vWorkspace client software is installed.
522
USB Devices
Citrix ICA and Microsoft RDP clients A separate installation package is available for download to install PDA Redirection (USB-IT) on client devices. The packages are available on the Quest vWorkspace Web site in the Power Tools Clients section of the Quest vWorkspace download Web site: pnusbcli.cab, pnusbcli.exe, or pnusbcli.msi.
How to ...
Configure USB-IT 1. Start the USB-IT Control Panel applet (Terminal Servers).
2. 3. 4.
Select the Devices tab. Select the class of handhelds. Click Add.
523
5. 6. 7. 8.
Specify the maximum number of device instances that are to be supported simultaneously on the server. Repeat the process for other handhelds, as appropriate. Repeat process on all Terminal Servers or Citrix Presentation Servers, as appropriate. Select USB Handhelds in the vWorkspace client, AppPortal using the following path: Manage Connections | Local Resources |
524
26
Workload Management and Performance Optimization
About Workload Management Performance Optimization View VM Optimization Results
526
527
DESCRIPTION This counter measures the average number of hardware interrupts that were received and serviced by the processor each second. Interrupts per second is an indirect indicator of the activity of hardware devices in the system that generate interrupt requests, such as the system clock, disk drives, and network interface cards. These devices generate interrupt requests when they complete a task or need attention from the processor. Each serviced interrupt request consumes CPU time, so an excessive amount can degrade system performance and can be an indicator of a malfunctioning device.
This counter measures the percentage of memory being used by the system. This counter measures the size, in bytes, of the paged pool. The paged pool is an area of physical memory used by the system for objects that can be written to disk (paged) when they are not being actively used.
This counter measures the total number of process contexts currently running on the system. This counter measures the total number of user sessions for which the operating system is currently storing computer state information. This counter measures the overall rate at which faulted pages are handled by the processor. This counter includes both hard faults (where the memory page has to be retrieved from disk) and soft faults (where the data is stored elsewhere in physical memory). A page fault occurs when a process requires code or data that is not in its space in physical memory. Most processors can handle large numbers of soft faults without consequence. However, hard faults can cause significant performance delays.
This counter measures the number of pages written to or read from disk to resolve hard page faults.
528
DESCRIPTION This counter measures the number of requests to the redirector that are currently queued for service. If this counter is much larger than the number of NICs installed on the system, then network throughput is likely becoming a bottleneck.
Group Terminal Servers by their hardware configuration and applications hosted on them. Workload evaluators can be created and optimized for specific hardware or application groups.
How to ...
Create Workload Evaluators Assign Workload Evaluators to Servers Assign Workload Evaluators to Managed Applications
Create Workload Evaluators The Number of Users counter is the default workload evaluator assigned by the system, and its values can not be modified. 1. 2. Open the vWorkspace Management Console, and select the Workload Evaluators node. Start New Workload Evaluator by right-clicking on Workload Evaluators, or the green + icon on the toolbar of the navigation or information panes.
530
3. 4. 5. 6. 7.
Enter a name for the new workload evaluator in the Name box, on the New Workload Evaluator Properties window. Enter a description for the new workload evaluator in the Description box. This is optional. Select Report full load when at least one counter has reached its maximum value, if appropriate. Select the counter to be used by clicking in the Assigned column. Set the minimum value for each counter selected by clicking on its current value in the Min Value column, and then type a new value in the input box and click OK. Set the maximum value for each counter selected by clicking on its current value in the Max Value column, and then type a new value in the input box and click OK. Set the weight value for each counter selected by clicking on its current value in the Weight column, and then select a new value from the drop-down list.
8.
9.
10. Click OK to complete the task of creating a new workload evaluator. Assign Workload Evaluators to Servers 1. 2. 3. 4. 5. 6. 7. Open the vWorkspace Management Console. Expand the Locations node, and then expand the location in which the Terminal Server is located. Expand the Terminal Servers node, and then highlight the Terminal Server. Activate the context menu for the server object that the workload evaluator is to be assigned, and select Properties. Click the Workload Management tab from the [Server_name] Properties window. Select the desired workload evaluator from the Workload Evaluator drop-down list box. Click OK to complete the task.
Assign Workload Evaluators to Managed Applications You may need to assign workload evaluators to specific published applications if the number of instances of the application must be restricted due to licensing constraints or the application consumes a lot of system resources. 1. 2. 3. Open the vWorkspace Management Console. Expand the Resources node, and then Managed Applications node. Open the Properties for the desired published application.
531
4. 5. 6.
Click on Workload Management on the Managed Applications Properties window. Select the workload evaluator from the Workload Evaluator drop-down list. Click OK to complete the task.
Performance Optimization
CPU and Memory Optimization (Max-IT) is a Power Tools for Terminal Server used to improve application response time and increase overall server capacity by streamlining and optimizing the use of virtual memory and CPU resources in a multi-user environment.
Max-IT should not be installed on the same machine as the Connection Broker.
532
From a CPU management perspective, the thread priorities of interest are Waiting, Ready, and Running. In the case of a word processor, the latter could be waiting for user input. As soon as it receives input, it is ready to run, and as soon as the processor becomes free, it runs. Given two threads in the Ready state, the scheduler always favors the process with the higher priority level over the other.
CPU Utilization Management ensures that each running process receives CPU resources to enable it to run smoothly and coexist alongside CPU hungry and rogue applications by implementing the following: A fixed share of CPU resources is reserved to NT Authority. By default, this share is 20 percent. The target percent CPU time is then computed as follows, where Reserved is the percent CPU share reserved for NT Authority: (100 - Reserved) / (number of active processes) The average percent CPU time is calculated for each active process. Those processes whose average percent CPU time has fallen below the target percent CPU time have their priority levels set to Normal. Those processes whose average percent CPU time has risen above the target percent CPU time have their priority levels set to Below Normal. Those processes whose average percent CPU time has fallen to zero have their priority levels set to Above Normal. The above process is then repeated every several hundred milliseconds. The default setting is 100 milliseconds.
533
When two or more modules are loaded, each having the same preferred base address, a memory space conflict occurs. The operating systems memory manager has to resolve this conflict by relocating one of the conflicting modules into another base address. It then has to recalculate all the offset addresses defined within the module relative to this new base address. Relocating DLLs and performing the necessary fix-up operations is taxing on system resources. The loader has to relocate hundreds of DLLs and modify a significant portion each code. This leads to more memory consumption, excessive copy on write operations, and additional CPU cycles. This runtime overhead can be very damaging to the performance of a system and should be avoided. When multiplied by the number of users on a Terminal Server, this overhead can have implications on performance and application response times.
vWorkspace Virtual Memory Optimization significantly increases the performance and capacity of a Terminal Server by performing two optimization techniques: module rebasing and module rebinding. Module Rebasing A process by which colliding DLLs are identified and relocated to unique base addresses within the virtual memory spaces of their respective programs. This technique drastically reduces virtual memory requirements, page file usage, and I/O operations. Module Binding Fine-tunes the import section of a given module according to the new base addresses of the rebased DLLs. This technique accelerates application load times and yields further reductions in virtual memory requirements and page file usage.
The Virtual Memory Optimization system continuously monitors which DLLs are being loaded by applications and identifies the DLLs that cause collisions. When a future request is made to load the module, it automatically loads in a new base address to avoid conflict. After collecting sufficient data, Virtual Memory Optimization can then further enhance performance by permanently rebasing the colliding DLLs and perform the necessary code fix-up operations. Some of the benefits include: DLLs that have been optimized by Virtual Memory Optimization no longer require relocations or fixes by the loader. Less physical memory is consumed. Working set trimming no longer requires that working sets be swapped out to the paging file (copy on write) before the trimming can occur.
534
Significant reductions in the overhead associated with relocation and fix-up operations. When multiplied by the number of users on a Terminal Server, the results can be an overall capacity increase of 25 to 30 percent.
535
5.
6. 7.
General
GENERAL TAB VIRTUAL MEMORY OPTIMIZATIONS Analysis Interval Specifies the sampling interval for detecting memory load address collisions. At the specified interval, Max-IT VM Optimization takes a snapshot of what applications are loaded into memory and detects any load address collisions. Applications that are started and then closed within the sampling interval are not included in the analysis.
537
GENERAL TAB Optimization Time Specifies what time of day virtual memory optimizations are applied. The optimizations applied are based on the settings found on the VM Default Optimizations and VM Exception Files tabs. Applying virtual memory optimizations has the potential for consuming large amounts of system resources and should be performed at a time when user activity will be low. CPU Utilization Management Sampling Interval (Milliseconds) Determines how often process average calculations are performed and priority adjustments are made. Shorter intervals result in a more even distribution of processor time, but at the expense of higher system overhead. Determines the number of sampling points used when calculating average percent CPU time of processes.
VM Default Optimization
538
VM DEFAULT OPTIMIZATION TAB Applications (EXE, etc.) The two optimization options available for applications are: Allow applications to load rebased modules (rebasing). Allow applications to be bound and to load bound modules (binding). Modules (DLL,OCX, etc.) The two optimization options available for modules are: Allow modules to be rebased (rebasing). Allow modules to be bound (binding).
VM Exception Files
Some applications and modules do not work properly when rebased or bound, such as any executable or module file that has been digitally signed. This is because the rebasing and binding information is written to the alternate data stream of the file. Because of this file modification, the binary hash the digital certificate was based on is no longer valid and the file is rendered unusable. These files must be excluded from rebasing and binding.
539
The Applications and Modules tabs include a list of preconfigured executable and module files that are known to have problems with rebasing and binding. Use the Add, Remove, or Browse buttons to modify the list. After adding a file, select it from the list and use the buttons to the right to control the level of optimization to apply. The optimization option buttons are: Rebasing Only Binding Only Rebasing and Binding No Optimizations
CPU Policy
The CPU Policy tab is used to control how CPU Utilization adjustments are applied.
540
CPU POLICY TAB Policy Type Policy type is used to control how CPU allocation rules are applied. The three policy types are: User/Group CPU rules can be assigned based on any combination of user accounts, group accounts, or Active Directory Organizational Units. OS CPU Allocation OS CPU Allocation is used to guarantee the operating system will have a minimum percentage of the systems total CPU time. The default value is 20%. Application CPU utilization rules can be assigned to specific applications. User/Group Rules This tab is used to view or modify CPU Allocation when Policy Type is set to User/Group. The Add and Remove buttons are used for users, groups, and organizational units. The Up and Down arrow buttons are used to adjust priority for user entries who are also members of a listed group or OU. Entries higher in the list take precedence over lower ones. For each entry, use the CPU Allocation column to set the minimum guaranteed CPU time allotment. There are three ways CPU Allocation can be modified: 1. Double-click on the CPU Allocation column and select a value from the context menu. 2. Click on the ellipses to the right of the CPU Allocation column and select a value from the context menu 3. Click on the existing value in the CPU Allocation column, and hold down the left mouse button, to drag and adjust the value.
541
CPU POLICY TAB Application Rules This tab is used to view or modify CPU Allocation when Policy Type is set to Application. Use the Add or Remove buttons to add or remove an application entry name. Use the CPU Allocation column to set minimum guaranteed CPU time allotment for the selected application. There are three ways CPU Allocation can be modified: 1. Double-click on the CPU Allocation column and select a value from the context menu. 2. Click on the ellipses to the right of the CPU Allocation column and select a value from the context menu 3. Click on the existing value in the CPU Allocation column, and hold down the left mouse button, to drag and adjust the value. Application Executables This tab is used to build a list of executable program files and associate them with the appropriate application entries defined on the Application Rules tab when Policy Type is set to Application. Use the Add button to add an executable, identify its parent process (if any), and associate it with an application rule. Files may be entered individually or you can choose to select all the files contained in a specified folder. Use the Remove button to remove an application executable entry. Use the Up and Down arrow buttons to adjust priority for application executables that are included in multiple rules. Entries higher on the list take precedence over lower ones. Allocation Type This tab controls whether CPU allocation rules are based on percentages or shares. Percentage CPU allocation by percentage guarantees the user, group, or application a minimum percentage of the available CPU time. Available CPU time is 100% - OS CPU Allocation. Shares Each entry is given a percentage of CPU time based on the number of shares assigned to the entry divided by the total number of assigned shares. For example, if user A is assigned 25 shares and user B is assigned 50 shares, then user A is allocated 33.3% of the available CPU time and user B is allocated 66.7%.
542
Advanced
This tab is used to reset the exception lists to the default values.
How to ...
Set the Max-IT Policy for Specific Servers 1. 2. 3. Open the vWorkspace Management Console. Expand the Performance Optimization, and the Servers node. Right-click on the server object, and select Max-IT Server Policy from the context menu.
543
4.
Click on the tab associated with the portion of the policy that needs to be different from the Master Policy, and click Use these settings for server [server_name]. Enter the changes as appropriate, clicking Apply for each tab that is changed.
5.
6.
How to ...
View Session Summary Information View Results for a Specific Session View Results per Application
544
View Session Summary Information 1. 2. 3. 4. Open the vWorkspace Management Console. Expand the Performance Optimization and Servers nodes. Expand the desired server object. Click on the Optimization Sessions container object. The Optimization Summary by Session graph is displayed in the information pane on the right. The vertical axis displays the cumulative amount (in megabytes) of memory savings. The horizontal axis displays the date and time of each optimization event.
To avoid unnecessary recalculations by Max-IT, binding should be delayed until the graph is flat.
View Results for a Specific Session 1. 2. 3. 4. 5. Open the vWorkspace Management Console. Expand the Performance Optimization and Servers nodes. Expand the desired server object. Expand the Optimization Sessions container object. Click on the appropriate date and time to display a graph showing the current (blue) and possible (green) virtual memory savings. Under the Optimization Sessions container object each optimization event is listed in chronological order by the date and time of its occurrence. View Results per Application 1. 2. 3. 4. Open the vWorkspace Management Console. Expand the Performance Optimization and Servers nodes. Expand the desired server object. Click on the Optimized Applications container object. The Per-Application Virtual Memory Usage and Savings graph is displayed in the right panel.
Vertical Axis Horizontal Axis Red bar Displays memory in kilobytes. Displays the name of the executables. Shows the amount of virtual memory used by the executable before rebasing. 545
Yellow bar
Shows the amount of virtual memory used by the executable after rebasing. Represents the current memory savings as a result of optimization. Represents the possible memory savings as a result of optimization.
Blue bar
Green bar
Ideally, the blue and green bars for all executables should be equal. At this point it is safe to implement binding as long as no changes are made to the applications installed on the servers.
546
Appendix A
Best Practices
Listed in this section are recommendations for best practice procedures.
General
Keep VDI naming conventions and workstation names to be created below 15 characters. Put in AV directory scanning exception for the locally cached database folder C:\Program Files\ Quest Software\vWorkspace\Database on the Connection Broker.
547
Services
When manually starting vWorkspace services, always start the Provision Networks Database Manager service first. It retrieves configuration data stored in the database. This ensures the latest configuration settings are obtained. Next, start the Provision Networks Registry Service. It applies the configuration settings to the registry. The start order for the remaining services does not matter because those remaining services have the latest configuration. Set the recovery method to Restart the service for the first failure for the following services. Provision Networks Database Manager Service Provision Networks Registry Service Provision Networks Connection Broker Service
Connection Broker
The Connection Broker needs enough resources to support the login, authentication, and SQL query tasks that it must perform. A DuoCore processor with 2 GBs of RAM should suffice for a Connection Broker on a physical server (for a large farm). Dual processors and 2 GBs of RAM should suffice for a Connection Broker on a virtual machine. Turn on farm database caching once the farm is configured properly. This will speed up database information retrieval for Provision Networks services. When changing settings within the vWorkspace Management Console, all changes are done directly on the database. Set the virtual memory high and low threshold to be equal to prevent fragmentation of the pagefile.
Sysprep Template
VMware VirtualCenter places its sysprep files in the following location: InstallFilesPath=C:\sysprep\i386 Always use FQDN for the domain name. Always use the format domain\username when entering domain credentials.
548
VirtualCenter Server
If you encounter issues creating desktops, you should first restart the VirtualCenter server or, at the very least, restart the VMware VirtualCenter Server service. On your VirtualCenter server, be sure to populate the C:\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\sysprep\xp with the appropriate Windows XP Professional sysprep files. Do the same corresponding sysprep file setup for Windows Server 2003 if it is used for virtual machine creation. Prior to creating any virtual machines in a managed computer group, make sure that VirtualCenter can successfully deploy a virtual machine from the template using guest OS customizations. a) Set the Inventory view to Virtual Machines and Templates. b) Navigate to the template, right-click and select Deploy Virtual Machine from this Template. c) The Deploy Template Wizard starts. Mimic the responses that are to be used to create a virtual machine within the Add Desktops Wizard (in the vWorkspace Management Console). On the Select Guest Customization Option window, select Customize Using the Customization Wizard. Mimic the responses needed to create the sysprep template during the Add Desktops Wizard. d) It is a good idea to observe the sysprep mini-setup by opening a console to the newly cloned virtual machine. Information can be gleaned from the command prompt during the mini-setup for troubleshooting purposes by pressing Shift + F10 (while the screen focus is on the console). e) If you receive the error, Unable to communicate with the remote host, since it is disconnected, 30 seconds or so after creating a virtual machine through the Add Desktops Wizard, the template has been orphaned and needs to be reregistered in VirtualCenter. Restarting the VirtualCenter server may accomplish this task.
VirtualCenter Templates
Do not add the workstation to a domain to avoid group policies from being pushed down. Install the latest version of VMTools which is compatible with your VirtualCenter.
549
Some AV software prevents VMTools from installing VMwares version of the mouse, network, and display drivers. VMTools installation fails if this is the case. If CD autoplay features are disabled, VMTools fails because VirtualCenter loads VMTools as a CD prior to installing it.
Turn on Remote Desktop and Remote Assistance under System properties. If Remote Desktop is denied, the managed computer hangs on the Initialize task. To correct remove from group, enable Remote Desktop, and import into the group. Remote Assistance is enabled to allow shadowing.
If Windows Firewall is turned on, the following ports need to be opened. These firewall openings are best executed with GPOs. File and Print Sharing associated ports UDP 137, UDP 138, UDP 445, TCP 139, and TCP 445. Remote Administration ports TCP 139 and TCP 445. Remote Desktop TCP 3389. Connection Broker (communication to the Data Collector Service ) TCP 5203, TCP 5201.
Uninstall any out-of-date version of PNTools. (Optional) Install the latest version of PNTools. This enables the virtual machine to be ready for logon sooner (obviates the need to install PNTools from the console after virtual machine creation). When Print-IT or USB-IT needs to be configured differently than the default settings, you must install PNTools on the template, as it would be unwieldy to individually install and configure Print-IT or USB-IT on each managed virtual machine. If this method is used, four registry values need to be removed after installing PNTools on the template, if this managed computer has been added to a managed computer group. These values uniquely identify the virtual machine to the managed computer group and if left in place, prevent cloned virtual machines from joining the managed computer group. These registry values are listed below. HKLM\Software\Provision Networks\Common\ComputerID HKLM\Software\Provision Networks\Common\PublicKey HKLM\Software\Provision Networks\Common\VMStatusInterval HKLM\Software\Provision Networks\Common\LLMServerList
550
If USB PDA redirection is utilized, make sure to add the Handheld Device Redirection feature for the PNTools. It is not added with the default install of PNTools. Also, in Device Manager, see if the USB-IT Host Controller (under Universal Serial Bus Controllers) is working correctly. If not, the files usbd.sys and usbhub.sys may need to be added to the C:\Windows\system32\drivers directory prior to adding the Handheld Device Redirection feature. Disable unneeded services, like the Indexing Service, unless there is a strong reason to enable them. Install Antivirus software and keep it current. In todays world of viruses that are efficient at exploitation and replication, an OS installation routine has to merely initialize the network subsystem to be vulnerable to attack. By deploying virtual machines with up-to-date antivirus protection, this exposure is limited. Keep the antivirus software current every month by converting the templates to virtual machines, powering on, and updating the signature files. Ensure the Antivirus is configured so that it does not block the TCP ports: UDP 137, UDP 138, UDP 445, TCP 139, TCP 445, TCP 3389, TCP 5201,TCP 5203.
Install the latest operating system patches, and stay current with the latest releases. Operating system vulnerabilities can increase exposure to exploitation significantly, and current antivirus software isnt enough to keep exposure to a minimum. When updating antivirus software, apply any relevant OS patches and hotfixes. Use the template Notes field to store update records. This is a good way to keep information about the maintenance of the template in the template itself, and the Notes field is a great place to keep informal update records. Plan for VMware ESX Server capacity for template management. The act of converting a template to a virtual machine, powering it on, accessing the network to obtain updates, shutting down, and converting back to template requires available ESX Server resources. Make sure there are ample resources for this very important activity.
Use a quarantined network connection for updating templates. The whole point of keeping antivirus and operating systems current is to avoid exploitation, so leverage the ability of ESX Server to segregate different kinds of network traffic, and apply updates in a quarantined network.
551
Use the same datastore for storing and for powered on templates. During the process of converting templates to virtual machines, do not deploy the template to another datastore. It is faster and more efficient to keep the template files in the same place before and after the update. Install the VMware Tools in the template. The VMware Tools include optimized drivers for the virtualized hardware components that use fewer physical host resources. Installing the VMware Tools in the template saves time and reduces the chance that a sub optimally configured virtual machine will be deployed to your production ESX Server infrastructure. Use a standardized naming convention for templates. Some inventory panel views do not offer you the opportunity to sort by type, so create a standard prefix for templates to help you identify them by sorting by name. Also, be sure to include enough descriptive information in the template name to know what is contained in the template.
Defragment of the guest OS file system before converting to template is important. Most operating system installation programs create a highly fragmented file system even before the system begins its useful life. Remove Nonpresent Hidden Devices from Templates. This problem likely occurs only if you convert existing physical images to templates. Windows stores configuration information about certain devices, notably network devices, even after they are removed from the system. Refer to Microsoft TechNet article 269155 for removal instructions. Use Folders to organize and manage templates. Folders can be both an organizational and security container. Create Active Directory groups that map to VirtualCenter roles, rather than assign VirtualCenter roles to individual user accounts. Disable COM ports to decrease unnecessary context switches.
Failover Protection
On VMware VirtualCenter, a single cluster of available servers provides a larger pool of hardware to support the environment and provide better fault tolerance. Within this cluster, create at least two Resource Pools, one for Infrastructure (Servers/Brokers) and one for VDI. Create appropriate resource allocations for each. Employ at least two Connection Brokers in a farm. Make sure the vWorkspace clients are configured with all the Connection Brokers in the farm.
552
The Connection Broker directs a user to a temporary, permanently assigned desktop until the original is brought back online. Any user shell folders that need to be persisted should be redirected to a network location, such as Application Data, Personal (users home directory) and My Pictures subfolder, Desktop, Start Menu and its subfolders (Programs and Startup), Favorites, History, NetHood, PrintHood, SendTo, Cookies, and Templates. Redirection is done through GPOs or scripting.
High Availability
If two or more Connection Brokers are VMware virtual machines and DRS is utilized, a rule should be set to separate the brokers between physical ESX servers at all times. SQL database: SQL clustering may be implemented to achieve SQL HA. Maintain a reserve of managed computers (temporary) in case one ESX server fails and desktops are unavailable (assuming VMwares HA is not utilized). This excess capacity can easily be calculated by dividing the number of concurrent computers needed by the number of ESX servers housing the managed computers. For example, if you have business requirements for 100 concurrent managed computers implemented using 12 ESX servers hosting the virtual desktops, then divide 100 12 = 8 reserve desktops. Therefore, provision 100 + 8 = 108 desktops to ensure adequate desktop resources. Allocate those reserve desktops evenly among the ESX servers.
Other Protections
Create an SQL maintenance plan to backup the vWorkspace database regularly. Ensure that both the VirtualCenter and the vWorkspace Database are set for simple recovery within the SQL Management Console to minimize the maintenance and backup requirements.
553
554
Appendix B
About the Config.xml File
The config.xml file controls client settings on the AppPortal. If you choose to configure this file, there are a few items that need to be considered. A template file is located in the following folder on your Connection Broker Server: \Program Files\Provision Networks\Provision-IT. It is also located on your Web Access server at: \Inetpub\wwwroot\Provision\Web-IT. One of the following methods need to be done for autoconfiguration of the file. Method One 1. Create a DNS Entry (A record or CNAME) and assign the name provision or optionally, vworkspace, which is actually a Web Server located on your network. Place the configured config.xml file in the root of the Web Server: IIS: \Inetpub\wwwroot Apache: edit the 000-default file and look for DocumentRoot (found in /etc/apache2). Method Two 1. Create a login script or push out a Registry Setting to your client computers. The registry setting is: HKLM\Software\Provision Networks\Provision-IT Client Value: AutoConnectURL Type: REG_SZ Data: http://www.domain.com 2. If you have multiple config.xml files for multiple farms, use the following registry key: HKLM\Software\Provision Networks\Provision-IT Client Value: AutoConnectURL Type: REG_MULTI_SZ Data: (One Per Line)
2.
555
http://www.domain1.com/config.xml http://www.domain1.com/provconf/myconfig.xml https://ssl.domain.com/config.xml 3. 4. Install the Quest vWorkspace Client. Start the client.
The following table lists the config.xml file settings, a description of some of the settings, and associated values.
CONFIG.XML FILE SETTING FarmName VALUES Default = New Farm Connection DESCRIPTION Farm Name can be anything, but once connected, it takes the name of the actual farm set in the vWorkspace Management Console. Tells AppPortal to retrieve or not to retrieve the farm name from the server. Tells the Provision Client to prompt for a location, such as Office or Home. This is specified in the Locations section of the config.xml file. See Location Section of Config.xml. Three different locations for a farm connection are supported. The one selected in this setting is the default location.
OverrideFarmName
0=Off 1=On
PromptForLocation
DefaultLocation
SeamlessMode
0 = Off 1 = On Default = 1
DesktopWidth
Custom width for connections. Does not apply if SeamlessMode is set to 1 (on).
556
DESCRIPTION Custom height for connections. Does not apply if SeamlessMode is set to 1 (on).
FullScreen
ColorDepth
8 to 32 Default = 8
AudioMode
0 = Sound on local computer. 1 = Do not play sound. 2 = Sound on remote computer. Default = 0
KeyboardHook
RedirectDrives
RedirectPrinters
0 = Do not redirect local printers. (This is not Universal Printers.) 1 = Redirect local printers. Default = 0 557
VALUES 0 = Do not redirect local COM ports. 1 = Redirect local COM ports. Default = 0
DESCRIPTION
RedirectSmartCards
RedirectHandhelds
0 = Do not redirect local handheld devices. 1 = Redirect local handheld devices. Default = 0
RedirectUniversalPrinters
0 = Do not redirect local Universal Printers. 1 = Redirect local Universal Printers. Default = 0
RedirectMicroPhone
RedirectClipBoard
558
DESCRIPTION
EnableFullWindowDrag
0 = Do not enable windows content while dragging. 1 = Enable windows content while dragging. Default = 0
EnableAnimation
EnableThemes
EnableBitmapCaching
HideSettings
0 = Do not hide the Provision Client settings. 1 = Hide the Provision Client settings. Default = 0
Used to control whether users can see the settings for their vWorkspace Client.
559
EnableKerberos
0 = Do not enable Kerberos ticket authentication. 1 = Enable Kerberos ticket authentication. Default = 0
KerberosMode
DisallowSaveCredentials
0 = Allow clients to save their credentials within the vWorkspace Client. 1 = Do not allow clients to save their credentials within the vWorkspace Client. Default = 0
PasswordManagement Server
String
Fully qualified domain name or SSL certificate name of the Password Management Server. Do not include https or port numbers. For example: pwdmgr.domain.com
PasswordManagement Port
560
VALUES 0 = Do not use Password Management Server. 1 = Use Password Management Server. Default = 0
DESCRIPTION Password Management Server must be setup and functional on a member server of the domain.
DIShortcutLocations
EnableSmartSizing
0 = Do not use smart sizing on desktop connections. 1 = Use smart sizing on desktop connections. Default = 0
AutoReconnect
0 = Do not auto reconnect to a session if disconnected or dropped. 1 = Auto reconnect to a session if it is disconnected or dropped. Default = 0
DisplayConnectionBar
0 = Do not display the connection bar when using full screen. 1 = Display the connection bar when using full screen. Default = 0
561
VALUES 0 = Do not pin the connection bar. 1 = Pin the connection bar. Default = 0
DESCRIPTION
EnableLocalTextEcho
0=Disable 1=Enable
EnableGraphicsAcceleration
0=Disable 1=Enable
EnableMultimediaRedirection
0=Disable 1=Enable
AutoLaunchAppN
AppName, N = 1 to 10
A total of 10 autolaunched applications are available, but the data is the name of the managed application within the vWorkspace Management Console, Resources | Managed Applications. Note: The vWorkspace Client only starts the first application found; it does not start multiple applications.
562
Protocol
0 = http 1 = https
RDPonSSL
0 = No RDP over SSL 1 = Use RDP over SSL (Protocol must be set to 1 and SSLGateway set). Default = 0
SSLGateway
Secure-IT server listed as FQDN or NetBIOS name, depending on SSL Certificate name.
563
VALUES 0 = Do not enable NAT translation for firewall connections. 1 = Enable NAT translation for firewall connections Default = 0
DESCRIPTION Only for Terminal Servers. An alternative IP address must be set in the vWorkspace Management Console for each Terminal Server. To set an alternative IP address, use the following path: Infrastructure | Servers | Terminal Servers Right-click on the Terminal Server and select Properties. Select the Connectivity tab, IP Address.
ProxyServer ProxyServerBypassList
String String
IP: port of proxy server to use for connections. Refer to Microsoft documentation for proxy exceptions.
564
Glossary
This glossary contains some definitions that are from Microsoft and VMware publications.
A
ACE Access Control Entry An entry in an access-control list (ACL) that contains a set of access rights and a security identifier (SID) that identifies a trustee, such as a user or group, for whom the rights are allowed, denied, or audited. Access Control List A list of access-control entries (ACEs) that define the security protections on an object. There are two kinds of ACLs that can appear in an object's security descriptor: a discretionary ACL (DACL) that controls access to the object, and a system ACL (SACL) that controls auditing of attempts to access the object. The process required to log on to a computer locally. Authentication requires a valid user name and password. An access token is created if the information provided matches the account in the database.
ACL
Authentication
C
Client A software application that requests the services, data, or processing of another application or computer (known as the server).
Connection Broker (from VMware glossary) A server that allows connections between remote users and virtual desktops and provides authentication and session management.
D
Desktop See Virtual Desktop.
565
DMZ (demilitarized zone) (from the VMware glossary) A logical or physical subnetwork that connects internal servers to a larger, untrusted network (usually the Internet) and provides an additional layer of security and gives administrators more control over who can access network resources. DNS Domain Name System A hierarchical naming system used for locating domain names on the Internet and private TCP/IP networks. A domain is a logical collection of resources. It consists of computers, printers, computer accounts, user accounts, and other related objects.
Domain
F
Forest A collection of one or more Windows 2000 Active Directory trees, organized as peers and connected by two-way transitive trust relationships between the root domains of each tree. Fully Qualified Domain Name The complete domain name for a specific computer (host) on the Internet. It provides enough information so that it can be converted into a physical IP address. The FQDN consists of host name and domain name.
FQDN
G
Group Policy An administrators tool for defining and controlling how programs, network resources, and the operating system operate for users and computers in an organization.
H
Hot Fixes A software patch that repairs components without the user having to restart the computer.
Hosted Desktop or Desktop A virtual or physical computer, usually deployed inside a secure data center, running a Windows desktop or server operating system such as Windows XP, Windows Vista, or Windows Server 2003.
566
K
Kerberos Authentication Protocol The default authentication mechanism in most Active Directory forests.
L
LAN Local Area Network A computer network that connects computers in a small geographical area, such as in a building or on a campus. Lightweight Directory Access Protocol The standard Internet communications protocol used to communicate with Active Directory. The fine-tuning of a computer system, network or disk subsystem in order to more evenly distribute the data and processing across available resources.
LDAP
Load Balancing
O
OU Organizational Unit An Active Directory container object used within domains. An organizational unit is a logical container into which users, groups, computers, and other organizational units are placed. It can contain objects only from its parent domain. An organizational unit is the smallest scope to which a Group Policy object can be linked, or over which administrative authority can be delegated.
P
Physical Desktop A physical machine, such as a conventional PC or blade, running a desktop or server operating system such as Windows XP, Windows Vista, or Windows Server 2003.
R
RDP (remote desktop protocol) (from VMware glossary) A multichannel protocol that allows a user to connect to a computer remotely.
567
S
Scalability Refers to how much a system can be expanded. The term by itself implies a positive capability. For example, "the device is known for its scalability" means that it can be made to serve a larger number of users without breaking down or requiring major changes in procedure. A program or sequence of instructions that is interpreted by another program or application rather than by the computer processor. A computer in a network shared by multiple users.
Script
Server
T
Thin client (from VMware glossary) A device that allows a user to access virtual desktops but requires little memory or disk drive space. Application software, data, and CPU power resides on a network computer and not on the client device. A type of object within a process that runs program instructions. Using multiple threads allows concurrent operations within a process and enables one process to run different parts of its program on different processors simultaneously.
Thread
U
Universal Group A universal group can appear in access-control lists (ACLs) anywhere in the forest, and can contain other universal groups, global groups, and users from anywhere in the forest.
568
UNC
Universal Naming Convention In a network, it is used to identify a shared file in a computer without having to specify the specific storage device on which it is located. In Windows operating systems, the UNC can be used instead of the local naming system. The UNC name format is: \\servername\sharename\path\filename. The idea behind UNC is to provide a format so that each shared resource can be identified with a unique address.
V
vWorkspace Software for provisioning, managing, and delivering desktop workspaces from a central infrastructure. Provides automation of desktop management tasks such as auto-provisioning and power management of virtual machines. Also offers scalable and intelligent connection brokering capabilities, as well as multiple client connectivity options.
vWorkspace Management Console The vWorkspace Management Console provides management and administrative functions to vWorkspace administrators using a graphical user interface. Virtual Desktop (From VMware glossary) A desktop operating system that runs on a virtual machine. A virtual desktop is indistinguishable from any other computer running the same operating system.
vWorkspace enabled desktop infrastructure A desktop infrastructure consisting of virtual and/or physical desktops, and managed using vWorkspace. VM An acronym that denotes a virtual machine.
W
WAN Wide Area Network A computer network that connects computers across long distances.
569
570
INDEX
A access control list scheduling access hours for users 390 add computers tool about 173 Parallels Virtuozzo 330 VMware 276 adding new locations 117 additional components about 238 installation 60 additional customizations Resources node 381 administration about 88 adding a new administrator 91 editing settings 92 removing an administrator 92 setting permissions 92 application access control installing 384 properties 387 application access control server groups 386 application restrictions application access control server groups 386 assigning clients to the client list 390 hash checking 384 how application restrictions work 384 path checking 385 properties 385 Resources node 383 scheduling access hours for users 390 termination of applications 385 unassigning clients to the access control list 390 AppPortal about 346 actions menu 367 configuring new connection 350 connection properties 352 connectivity tab 353 credentials tab 357 desktop integration mode 371 desktop integration tab 365 display tab 358 experience tab 362 local resources tab 360 password management tab 364 PNTray 369 settings menu 369 using via the SSL Gateway 473 App-V/SoftGrid import wizard 106 App-V/SoftGrid node about 104 editing imported application properties 109 editing properties 106 establishing server connections 104 importing applications 106 authentication settings about 437 setting client identification 440 setting credentials pass-through 439 setting password management 440 setting two-factor authentication 438 setting Windows domain 437 B bidirectional audio 75 Block-IT about 24 installing application access control 384 C client connectivity about 17 Microsoft Windows 18 Windows CE thin client 18 client packages 62 client settings about 402 defining properties 405 Clients node about 98 client types 99 defining clients by device address 100 defining clients by device name 101 defining clients by groups 100 defining clients by organizational unit 101 defining clients by users 99
571
color schemes 391 computer group wizard 163 computer groups add computers tool 173 adding published applications 221 adding to Microsoft Hyper-V 309 adding to Parallels Virtuozzo 327 adding to Virtual Iron 290 adding to VMware 270 customizations 172 modifying properties 170 Parallels Virtuozzo 325 properties 164 property of other type 336 task automation 171 viewing logs 170 viewing tasks 170 Virtual Iron 287 config.xml about 555 location section 563 configuration settings about 452 setting general options 453 connect to an existing database 95 Connection Brokers about 8 adding a new Connection Broker 151 installation 48 node 150 permissions 152 properties 141 removing 152 setting by farm for Web Access 434 workload management 526 connectivity settings about 433 Control Panel Print-IT applet 501 CPU and Memory Optimization(Max-IT) about 532 how it works 533 installing 535 create a new database and DSN 93 D data centers about non-power managed 336 data collector service about 199
572
Desktops modifying published applications 222 node 157 properties 141 setting properties 158 starting new applications 206 terminologies 162 disk and memory persistence 260 documentation conventions xxiv feedback xxvi download page 46 drive mappings 391 E environment variables 393 experience optimized protocol about 26 bidirectional audio 75 graphics acceleration 81 latency reduction 79 multimedia redirection 81 optimization settings 75 overview 74 requirements 74 F Farm node 96 farm settings about 432 adding and removing 433 feedback document xxvi File & Registry Redirection node about 113 file redirection rule creating 228 folder redirection rule creating 229 G global settings about 431 H hash checking 384 host restrictions about 394 creating 394 modifying 395
hosted desktops and terminal servers (enterprise edition) about 5 hosted desktops only(desktop services edition) about 6 Hyper-V See Microsoft Hyper-V I initialize computer about 195 common failures 196 triggers 196 installation 64 additional components 60 application access control 384 CPU and Memory Optimization 535 peripheral server extensions 59 SQL server 42 SSL Gateway 58 terminal servers 55 vWorkspace client 63 Web Access 429 installation requirements about 36 desktop services 36 terminal services 36 L latency reduction 79 licensing about 26 experience optimized protocol 26 load-balancing about 526 locations about 116 adding new locations 117 deleting 141 node options 116 properties 141 Locations node about 98 M managed computer groups deleting 170 publishing a managed desktop 216 viewing 169 managed computers about 173
properties 174 publishing an application 217 viewing 192 viewing logs 193 viewing tasks 192 mandatory user profiles about 418 assigning 419 Max-IT about 532 how it works 533 master policy settings 536 setting the policy for specific servers 543 MetaProfiles-IT about 410 about silos 415 assigning mandatory user profiles 419 features and benefits 410 how it works 411 mandatory user profiles 418 storage servers 413 See User Profiles Microsoft Active Directory Group Policy settings about 197 Microsoft Hyper-V about 302 adding a host 303 adding computer groups 309 broker helper service 302 computer group properties 307 importing existing desktops 312 installing tips 302 power management 314 module binding about 534 module rebasing about 534 MSI Packages about 109 adding a new package 109 multimedia redirection 81 multiple monitor support 351
573
N non-power managed data centers about 336 adding a computer group 338 adding computers 340 power management 343 properties 336 O optimized settings 75 other servers adding 158 permissions 159 properties 141, 159 other/physical type about 336 See non-power managed data centers P Packaged Applications node about 104 Parallels Virtuozzo adding computer groups 327 adding computers to a managed computer group 330 adding independent nodes 321 computer groups 325 importing existing desktops 332 importing slave nodes 317 power management 334 password reset service about 238 configuring 239 installing 238 path checking 385 peripheral server extensions installation 59 permissions about 89 setting 92 user profiles properties 416 PNTools about 198 installing 201 PNTray about 369 Print-IT options 370 power management Microsoft Hyper-V 314 non-power managed data centers 343
574
Parallels Virtuozzo 334 Virtual Iron 299 VMware 280 power tools suite for terminal servers (standard edition) Block-IT 24 features 24 Manage-IT 24 Max-IT 25 MetaProfiles-IT 25 Print-IT 25 Redirect-IT 25 TimeZones-IT 25 USB-IT 26 VIP-IT 26 pre-installation checklist 33 Print-IT about 484 about the Control Panel applet 501 adding network printers 504 adding printers to remote relay servers 509 assigning printers to clients 505 assigning remote printers to clients 510 autocreating network printers 486 components Universal Network Print Services 485 Universal Print Driver 485 configuring remote site relay 507 Control Panel applet properties 489 features and benefits 484 importing remote printers 510 overview universal client printer auto-creation 485 Universal Network Print Server Extensions 486 universal network printer auto-creation 485 printer properties 512 setting up Print-IT printers 504 Universal Client Printer Auto-Creation 488 Universal Network Print Server Extensions 503 Universal Print Relay Service for Remote Sites 506 viewing and editing properties 512 Print-IT properties bandwidth tab 496
compression tab 491 general tab 489 license tab 498 logging tab 497 naming tab 494 notification tab 499 PDF publisher tab 500 server farm tab 498 upgrade tab 497 product suites hosted desktops and terminal services (enterprise edition) 3 hosted desktops only (desktop services edition) 4 power tools suite for terminal servers (standard edition) 4 standalone power tools for terminal servers 5 Proxy-IT about 241 configuring 242 installing 242 publish content about 219 published application deleting 224 duplicating 223 Q Quest vWorkspace contacting support xxvi download page 46 R Redirect-IT about 226 creating a file redirection rule 228 creating a folder redirection rule 229 creating a registry redirection rule 227 how Redirect-IT works 226 installing 227 registry redirection rule creating 227 registry tasks about 396 modifying 396 modifying a value 397 remote control session viewing from Computers tab 193 viewing from User Sessions 30
Resources node about 101 about the Printers window 511 additional customizations 381 application restrictions 383 assigning workload evaluators to managed applications 531 client settings 402 color schemes 391 drive mappings 391 environment variables 393 host restrictions 394 modifying published applications 223 registry tasks 396 scripts 398 starting new applications 207 time zones 399 user policies 400 wallpapers 405 S scripts about 398 assigning 399 Secure Sockets Layer Gateway about 468 See SSL Gateway silos about 415 SSL Gateway about 468 accessing by AppPortal 473 accessing by AppPortal and the Web Interface 478 accessing by the Web Interface 475 configuring 469 configuring AppPortal access 473 configuring for both AppPortal and Web Interface access 479 configuring the Web Interface access 476 installing 468 standard desktops only(desktop services edition) benefits 22 features 9 storage servers about 413 special folder in user profiles 423 support contacting Quest vWorkspace xxvi
575
sysprep customization about 188 creating 189 T task automation about 171 adding 171 automated task wizard 171 TCP/IP ports requirements 16 terminal servers adding 153 adding permissions 157 adding published applications 220 assigning workload evaluators to servers 531 installation 55 properties 141 removing 157 server wizard 154 setting properties 157 viewing applications 380 viewing processes 379 viewing sessions 376 viewing users connected 375 workload management 529 Terminal Servers node about 153 modifying published applications 222 starting new applications 206 terminal services enhancements Provision-IT 5 Secure-IT 5 Web Access 6 termination of applications 385 time zones about 399 assigning 399 U Universal Client Printer Auto-Creation 485, 488 Universal Network Print Server Extensions 503 adding network printers 504 assigning printers to clients 505 setting up Print-IT printers 504
Universal Network Printer Auto-Creation 485 Universal Print Driver about 199 Universal Print Relay Service for Remote Sites 506 adding remote relay servers 509 assigning remote printers to clients 510 configuring 507 importing remote printers 510 USB Redirection about 516 USB-IT about 522 configuring 523 how it works 523 user experience settings about 441 setting display 442 setting local resources 441 setting performance 444 user interface settings about 445 setting content layout options 446 setting download options 451 setting look & feel options 448 setting miscellaneous options 451 setting text options 450 user passwords changing in the Web Access 459 user policies about 400 creating 401 modifying 402 viewing properties 400 user profile elements properties 420 User Profiles about 410 about registry elements 420 about special folders 423 assigning mandatory user profiles 419 configuring properties 416 defining a registry key 422 defining special folders 424
576
features and benefits 410 how it works 411 mandatory user profiles 418 properties 411 silo wizard 417 silos 415 storage servers 413 V VAS client 32 package 348 VAS client 32T package 348 virtual access client VAS client 32 package 348 VAS client 32T package 348 Virtual IP about 232 adding a master range 234 configuring applications 235 configuring virtual IP address ranges 233 enabling 232 installing 232 modifying address range allocations 235 VIP-IT 26 Virtual IP node about 113 Virtual Iron adding a data center 284 adding computer groups 290 adding computers to a computer group 295 computer groups 287 creating data centers 284 customizations 289 importing existing desktops into a group 297 monitoring the cloning process 298 power management 299 virtual memory optimization about 533 benefits 534 manually applying 546 module binding 534 module rebasing 534 viewing results for a specific session 545 viewing results per application 545 viewing session summary information 545
Virtualization Server wizard 145, 252 virtualization servers about 145, 250 adding connections 145, 252 configuring 251 VMware adding a datacenter 262 adding computer groups 270 adding computers to a managed computer group 276 customizations 268 datacenters 262 disk and memory persistence 260 importing existing desktops 278 modifying keystore registry entries 41 monitoring the cloning process 280 power management 280 SSL certificate 39 viewing keystore registry entries 41 vWorkspace implementation considerations 32 pre-installation checklist 33 vWorkspace client AppPortal 346 client packages 62 configuring 349 executable files 349 installation 63 overview 346 Web Access 347 vWorkspace database about 14 vWorkspace Management Console about 84 administration 88 Clients node 98 connect to an existing database 95 Connections Brokers node 150 create a new database and DSN 93 Farm node 96 first time use 92 icons 87 installation 61 Locations node 98 menu options 87 monitoring the cloning process for Virtual Iron 298 monitoring the cloning process for VMware 280 object nodes 96
577
Packaged Applications node 104 permissions 89 Resources node 101 Terminal Servers node 153 viewing and editing Print-IT printer properties 512 viewing client information for an active session 378 viewing terminal server applications 380 viewing terminal server processes 379 viewing terminal server sessions 376 viewing users connected to terminal servers 375 W wallpapers about 405 adding new wallpaper 407 assigning 405 changing properties 406 Web Access about 428 adding and removing farm settings 433 application set searching 455 authentication settings 437 changing user passwords 459 changing user settings 456 configuration settings 452 configuring smart cards 464 connecting to the interface 453 connectivity settings 433 farm settings 432 global settings 431 installing 429 management console 430 setting client identification 440 setting connection brokers by farm 434 setting content layout options 446 setting credentials pass-through 439 setting display 442 setting download options 451 setting firewall/SSL VPN by farm 435 setting general options 453 setting local resources 441 setting look & feel options 448
578
setting miscellaneous options 451 setting password management 440 setting performance 444 setting text options 450 setting two-factor authentication 438 setting Windows domain 437 smart card authentication 463 user experience settings 441 user interface 445 using help 460 using via the SSL Gateway 475 Web Interface about 64 See Web-IT wizards App-V/SoftGrid import 106 automated task 171 certificate export 40 computer group 163 Microsoft Hyper-V Host 303 MSI Packages 109 new locations 117 server wizard 151 silo 417 sysprep customization 188 task automation 171 virtualization servers 145, 252 Workload Evaluators node about 113 workload management about 526 assigning workload evaluators to managed applications 531 assigning workload evaluators to servers 531 counters 526 creating workload evaluators 530 guidelines 529 how it works 526 terminal servers 529 Wyse Thin OS about 20 configuration 20