Chapter 1: Fine-Tuning the End-User Experience 1 Configuring Active Directory 1 Creating an Organizational Unit (OU) 3 Creating Group Policy Objects (GPO) for Horizon View 3 Importing and applying Horizon View ADM templates 6 Enabling loopback policy 11 Configuring the policy settings 12 PCoIP Session Variables 12 PCoIP Client Session Variables 29 VMware Horizon URL Redirection 30 VMware View Agent configuration 32 Smartcard Redirection 33 Local reader access 33 True SSO configuration 34 View USB Configuration 37 Client Downloadable only settings 41 Agent Configuration 43 Agent Security 46 Unity Touch and Hosted Apps 47 VMware FlashMMR 48 View RTAV Configuration 48 View RTAV Webcam Settings 49 Scanner Redirection 51 Serial COM 53 PortSettings 53 View Agent Direct-Connection Configuration 55 VMware Blast 62 VMware View Client Configuration 69 VMware View USB Configuration 72 Settings not configurable by Agent 73 Scripting definitions 75 Security settings 78 VMware View Common Configuration 83 Log Configuration 85 Performance alarms 88 Security Configuration 92 VMware View Server Configuration 94 PCoIP tuning tool 96 Activating the profile 97 Managing profiles 98 Clear profile settings 98 Show session stats 98 Show session health 98 Teradici support tools 98 Monitoring the end-user experience 99 Summary 100 Chapter 2: Troubleshooting Tips 101 General troubleshooting tips 101 Looking at the bigger picture 101 Is the issue affecting more than one user? 102 Performance issues 102 User-reported performance issues 102 Non-VDI-related issues 103 Bandwidth, connectivity, and networking 104 Compute 105 Disk 106 Troubleshooting Horizon View issues 107 View general infrastructure issues 108 View infrastructure component issues 109 Fixing View Composer issues with the ViewDBChk tool 110 vRealize Operations for Horizon 111 Third-party management tools 113 Getting further help 113 Summary 114 Index 115

[ ii ] 1 Fine-Tuning the End-User Experience

So, now we have built our Horizon View infrastructure, deployed and optimized our virtual desktop operating system, and configured our user entitlements by means of creating Horizon View desktop pools. This means end users can now access their virtual desktop machines.

In this chapter, we will look at how to fine-tune the end-user experience, by which we mean how the desktop will perform and the features that will be made available to the users.

We have already talked about optimizing the virtual desktop operating system and how we tune the OS so that it behaves as a virtual desktop machine. However, now we will talk about fine-tuning and configuring the delivery protocol, as well as enabling and disabling certain functionalities relating to how the user interacts with their virtual desktop machine. By this, we mean configuring things, such as whether or not you can cut-and-paste text between the endpoint device running the client and the virtual desktop machine.

These configuration options are all centrally deployed and managed using active directory group policy.

Configuring Active Directory The behavior of a virtual desktop machine and how a user interacts with it is governed by an AD policy. As we mentioned previously, this policy configures things such as a graphics experience and cut-and-paste options, to name but a few. Fine-Tuning the End-User Experience

To make life easier, the templates for these policies have already been created and are shipped as part of the Horizon View software that was downloaded as part of the software downloads in Chapter 4, Installing and Configuring Horizon View, and can be found in the ZIP file named VMware-Horizon-View-Extras-Bundle-4.0.0-3616726.

The first thing to do is to unzip this file and save it to the shared software folder. You will see that it contains 15 Administrative Template (ADM) files, as shown in the following screenshot:

In the following section, we will look at the OU requirements for the deployment of virtual desktop machines and the things you need in place before you start to configure and tune your environment.

[ 2 ] Chapter 1

Creating an Organizational Unit (OU) The first thing you need to do is to create an Organizational Unit (OU) for your virtual desktop machines. It's best practice to have a separate OU for virtual desktop machines, so as to ensure that you don't end up applying the wrong policies to them-such as those used for your physical machines-which could potentially contain components that may impact performance, and vice versa. You don't want to apply VDI-based policies to the physical desktop estate.

Depending on your own environment, you may want to create an OU for different use cases. For example, you may want a different OU for each different department within your organization. This would then allow you to apply different VDI-based policies to each OU, for example, a particular department might use the high-end graphics, which would mean that PCoIP would need to be configured to deliver a richer end-user experience over that of a standard office user; or it could be a policy specific to LAN users, whereby the policy governs the behavior based on the available bandwidth of the network.

In the example lab, an OU called Horizon View Desktops has been created, to which the polices are going to be applied.

Creating Group Policy Objects (GPO) for Horizon View Now that you have created an OU for your virtual desktop machines, you can create group policy objects to link to that OU. In the example lab, the policy is called Horizon View Virtual Desktop Policy:

1. To start the configuration, click the Start menu button, or press the Windows key, and then click on the Administrative Tools icon to launch the admin tools:

[ 3 ] Fine-Tuning the End-User Experience

2. You will now see the Administrative Tools screen displayed, as shown in the following screenshot:

[ 4 ] Chapter 1

3. Double-click on Group Policy Management (1) to launch the Group Policy Management configuration screen, as shown in the following screenshot:

4. Expand out the folders for Forest:pvolab.com, Domains, and then pvolab.com. Click and highlight the Horizon View Desktops OU (2), and then right-click on it. From the contextual menu that appears, click the option for Create a GPO in this domain, and Link it here… (3).

[ 5 ] Fine-Tuning the End-User Experience

You will now see the New GPO dialog box, as shown in the following screenshot:

5. In the Name box (4), type in a name for the new policy. In the example lab, this is called Horizon View Virtual Desktop Policy. 6. Click OK once you have entered the name for the GPO. You will now return to the Group Policy Management configuration page, with the newly created policy displayed.

In the following section, we will add the Horizon View ADM templates to the policy.

Importing and applying Horizon View ADM templates Now that you have created a policy, the next step is to edit it and add the ADM templates so that you can start to configure the various policy options:

1. To do this, from the Group Policy Management configuration page, highlight the Horizon View Desktops OU (1), click and select the policy (2), and then right- click. From the contextual menu, click on Edit (3).

[ 6 ] Chapter 1

You will now see the Group Policy Management Editor configuration page, as shown in the following screenshot:

2. Expand the Computer Configuration and Policies folders. Then, click and select the Administrative Templates: Policy definitions option, right-click, and then from the contextual menu, select the option for Add/Remove Templates… (5).

[ 7 ] Fine-Tuning the End-User Experience

You will now see the Add/Remove Templates dialog box, as shown in the following screenshot:

3. Click the Add… button (6). You will now see a Windows Explorer dialog box from where you can navigate to and choose the templates that you want to add, as shown in the following screenshot:

[ 8 ] Chapter 1

4. Navigate to the location at which you saved the ADM template files. In the example lab, they are in the shared software folder on the file server. Once located, select all the .adm files, with the exception of the ViewPM.adm template. We will cover this template in Online Chapter, Managing User Environments in

Virtual Desktop Infrastructure available at h t t p s : / / w w w . p a c k t p u b . c o m / s i t e s / d e f

a u l t / f i l e s / d o w n l o a d s / 5 6 5 7 _ M a n a g i n g U s e r E n v i r o n m e n t s i n V i r t u a l D e s k t o p I n

f r a s t r u c t u r e . p d f, as this policy template provides options for managing user profiles. 5. Once selected, click the Open button. You will now see the templates that will be added in the Add/Remove Templates box, as shown in the following screenshot:

6. Click the Close button when you have selected all the templates and to return to the Group Policy Management Editor screen. You can now check that the templates have been added. 7. Under the Horizon View Virtual Desktop Policy, expand out Computer Configuration (7), and then the folders for Policies (8), Administrative Templates Policy definitions (9), and then Classic Administrative Templates (ADM) (10).

[ 9 ] Fine-Tuning the End-User Experience

In the right-hand pane, you will see all the different policy categories (11), as shown in the following screenshot:

In the example lab, we are going to add all the templates to the one policy just to illustrate the various different options. In your environment, and depending on your design, you may want to create different policies and apply different templates to different policies. Maybe this is on a departmental basis, or for different use cases, as we have previously mentioned. This is the recommended approach as it makes troubleshooting far easier.

In the following section, we will complete one final AD configuration task and configure the loopback policy.

[ 10 ] Chapter 1

Enabling loopback policy In a VDI model, and particularly with floating desktop assignments, you will have multiple users accessing the same desktop. So that any configuration changes that a user makes to one of the virtual desktop machines applies to all of the users that use that machine, we need to enable the loopback processing feature. This is particularly important if you are using virtual desktop machines in a kiosk-type environment:

1. To configure loopback mode, complete the following steps from the Group Policy Management Editor screen, as shown in the following screenshot:

2. From the Computer Configuration section (12), expand the folders for Policies (13), Administrative Templates (14), and then System (15). 3. Highlight Group Policy (16). You will see the policy options listed on the right. 4. Scroll down to User Group Policy loopback processing mode (17), click to select it, and then right-click to bring up the contextual menu. Click the Edit option (18).

[ 11 ] Fine-Tuning the End-User Experience

5. You will now see the Configure user Group Policy loopback processing mode configuration screen, as shown in the following screenshot:

6. Click the radio button for Enabled (19) to turn the policy on. You then have the option to configure the operation Mode (20). 7. With the Replace option, the user policy applied is just that which is associated with the computer. Any other user policies are ignored. Choosing the Merge option means that the policies applied are both the user- and the computer- related policies, where the computer policy wins in the event of a conflict.

Configuring the policy settings In this section, we are going to walk through all the different configurable policy options from the View adm templates that were added, starting with the PCoIP Session Variables policies.

For the first few policies, we will go into a bit more detail on how to enable and configure the policy, but as there are so many to cover, for the rest, we will briefly cover what the policy is used for and any configuration options available. For those policies that are simply enabled or disabled, we will cover what they do.

[ 12 ] Chapter 1

PCoIP Session Variables In this section, we are going to walk through the policy configuration options for the PCoIP protocol and how we can configure the best user experience.

The PCoIP Session Variables come in two categories: Overridable Administrator Defaults and Not Overridable Administrator Defaults. The policy settings for both are exactly the same and so the settings covered in this section will therefore apply to both:

1. From the Group Policy Management Editor screen, from the Computer Configuration section (1), expand the folders for Policies (2), Administrative Templates (3), Classic Administrative Templates (ADM) (4), and PCoIP Session Variables (5). Now click on Overridable Administrator Defaults (6).

You will now see all the different configuration settings listed in the right- hand pane, as shown in the following screenshot:

2. Double-click the first setting for Turn off Build-to-Lossless feature (7).

[ 13 ] Fine-Tuning the End-User Experience

One thing to quickly highlight for anyone that has used previous versions of View: before View 6, the default option for PCoIP build-to-lossless was that it was enabled, meaning that you needed more bandwidth for that level of image detail. In View 6, the default is for build-to-lossless to be disabled.

3. You will now see the configuration dialog box, and the first thing to do is to set the policy to Enabled (8), as shown in the following screenshot:

4. Once enabled, click the Next Setting button to take you to the next policy. 5. On the next policy, Configure the maximum PCoIP session bandwidth, you can enter a figure in kilobits for the maximum session bandwidth (9), as shown in the following screenshot:

6. Click the Next Setting button to take you to the next policy.

[ 14 ] Chapter 1

7. On the Configure the PCoIP session MTU, you can enter an MTU size for the PCoIP packets (10):

8. Click the Next Setting button to take you to the next policy. 9. The next policy setting is to Configure the PCoIP session bandwidth floor. This allows you to enter a lower limit in kilobits (11), which is reserved for use by the PCoIP session, as shown in the following screenshot:

[ 15 ] Fine-Tuning the End-User Experience

10. Click the Next Setting button to take you to the next policy. 11. The next two policy settings are for the following options, and are simply Enabled or Disabled, and have no settings that you can configure specific values for. The settings are for the following: Enable/disable audio in the PCoIP session Enable/disable microphone noise and DC offset filter in PCoIP 12. Click the Next Setting button after each policy until you get to the Configure the PCoIP session audio bandwidth limit policy, as shown in the following screenshot:

13. The Configure the PCoIP session audio bandwidth limit policy allows you to set a limit on the amount of bandwidth that is used for the PCoIP audio stream. Enter a figure in kilobits in the box (12). 14. Click the Next Setting button to take you to the next policy.

[ 16 ] Chapter 1

15. The next policy is to Configure SSL connections to satisfy Security Tools and allows you to control how the SSL connection behaves, as shown in the following screenshot:

16. If you check the box for Disable connections from VMware View 5.1 (13), you can prevent the connection from previous versions of View. You can choose how the certificate is presented (14), followed by the name of the machine account used to search for the certificate (15).

[ 17 ] Fine-Tuning the End-User Experience

17. You can then choose the minimum key length (16) and the name of the certificate store to search for the CA certificate (17). 18. Click the Next Setting button to take you to the next policy. 19. The next policy is to Configure PCoIP session encryption algorithms. Check the relevant box/boxes to disable that particular encryption algorithm, as shown in the following screenshot:

You must have at least one algorithm enabled, so do not check all the boxes.

20. Click the Next Setting button to take you to the next policy.

[ 18 ] Chapter 1

21. You will now see the Configure SSL protocols screen, as shown in the following screenshot:

This setting allows you to restrict particular protocols. By default, this is set to TLS1.1:TLS1.2, meaning that these are enabled and other protocols are disabled.

22. Click the Next Setting button to take you to the next policy.

[ 19 ] Fine-Tuning the End-User Experience

23. You will now see the Configure PCoIP USB allowed and unallowed device rules policy. This allows you to define which USB devices are allowed by adding them to the authorization table (18), and those that are not allowed are added to the unauthorization table (19), as shown in the following screenshot:

24. Click the Next Setting button to take you to the next policy.

[ 20 ] Chapter 1

25. The next policy is to Configure the TCP port to which the PCoIP Server binds and listens, as shown in the following screenshot:

This policy allows you to change the PCoIP TCP port from the default port of 4172.

If you change this port setting, make sure that it's reflected in your View configuration, otherwise users may not be able to connect.

[ 21 ] Fine-Tuning the End-User Experience

26. Click the Next Setting button to take you to the next policy. 27. The next policy is to Configure the UDP port to which the PCoIP Server binds and listens, as shown in the following screenshot:

This policy allows you to change the PCoIP TCP port from the default port. As with the UDP port setting, make sure any changes are reflected in your View configuration, otherwise, users may not be able to connect.

[ 22 ] Chapter 1

28. Click the Next Setting button to take you to the next policy. The next policy allows you to Configure PCoIP virtual channels, as shown in the following screenshot:

By default, all virtual channels are enabled. For example, clipboard redirection would be implemented as a virtual channel.

[ 23 ] Fine-Tuning the End-User Experience

29. Click the Next Setting button to take you to the next policy:

30. The Configure clipboard redirection policy allows you to control the cut-and- paste function of the virtual desktop machine. You can configure the policy from the drop-down menu, selecting one of the following options: Disabled in both directions Enabled agent-to-client only (from virtual desktop to endpoint device) Enabled client-to-agent only (from endpoint device to virtual desktop) Enabled in both directions 31. Click the Next Setting button to take you to the next policy. 32. The next policy allows you to Configure PCoIP image quality levels.

This policy is important and should be used in conjunction with end-user acceptance testing, as well as being applied to groups of users based on their individual use case. For example, high-end graphics users will require a higher setting, whereas you don't need to give standard office workers high- end image quality.

It would also be dependent on network location too, as giving somebody high-end image quality on a poor network connection could impact other users and services on that network. This is where your infrastructure design becomes critical.

[ 24 ] Chapter 1

You can configure the following options:

Maximum image quality (27) Minimum image quality (28) Maximum frame rate (29)

These are shown in the following screenshot:

[ 25 ] Fine-Tuning the End-User Experience

33. Click the Next Setting button to take you to the next policy.

The next setting is to Configure frame rate vs image quality preference, as shown in the following screenshot:

34. The default setting is 50, so set in the middle. A setting of 100 means highest image quality, while a setting of 0 means the highest frame rate. 35. Click the Next Setting button to take you to the next policy.

The next couple of policy settings are for the following options and are simply enable or disable and have no settings that you can configure specific values for. The settings are as follows:

Enable access to a PCoIP session from a vSphere console Turn on PCoIP user default input language synchronization

36. The next policy is for Use alternate key for sending Secure Attention Sequence. Enabling this policy allows you to specify an alternative key to be used instead of the Insert key when using key strokes such as Ctrl + Alt + Insert. You can select the key from the drop-down menu. 37. Click the Next Setting button to take you to the next policy. 38. The next policy allows you to Disable sending CAD when users press Ctrl+Alt+Del. This policy is simply an enable or disable and has no configurable settings. 39. Click the Next Setting button to take you to the next policy.

[ 26 ] Chapter 1

40. The Configure the PCoIP transport header policy allows you to set the priority for transport header for PCoIP, as shown in the following screenshot:

41. From the drop-down menu, you have the option to configure High Priority, Low Priority, Medium Priority, or Undefined Priority. Medium is the default setting. 42. Click the Next Setting button to take you to the next policy. 43. You will now see the Configure PCoIP event log verbosity policy configuration screen, as shown in the following screenshot:

[ 27 ] Fine-Tuning the End-User Experience

44. Enter a value in the box. The default setting is 2. 45. Click the Next Setting button to take you to the next policy. 46. The Configure PCoIP event log cleanup by time in days policy allows you set a time for when the PCoIP event log is cleaned up. The default is set to 7 days, as shown in the following screenshot:

47. Click the Next Setting button to take you to the next policy.

[ 28 ] Chapter 1

48. The final policy is the Configure PCoIP event log cleanup size in MB. This allows you to set a size for the log file. The default size is 100 MB. If the log files grow bigger than the size that has been set, it will be deleted.

This policy setting is shown in the following screenshot:

Next, we will take a look at the PCoIP policy settings for the client session.

PCoIP Client Session Variables The next set of policy settings is for the PCoIP Client Session Variables and therefore consists of many of the same policy settings that we covered in the previous section.

As with the session variables, the PCoIP client variables come in two categories: Overridable Administrator Defaults and Not Overridable Administrator Defaults. The policy settings for both are exactly the same and so the settings covered in this section will, therefore, apply to both.

From the Group Policy Management Editor screen, from the Computer Configuration section (1), expand the folders for Policies (2), Administrative Templates (3), Classic Administrative Templates (ADM) (4), and PCoIP Client Session Variables (5).

[ 29 ] Fine-Tuning the End-User Experience

Now click on Overridable Administrator Defaults (6).

As previously mentioned, the settings for the client sessions are the same as those already covered in the previous section, so rather than cover all the same policies over again, please refer to the previous section for the configurable policy options and details of each setting.

You will now see all the different configuration setting listed in the right-hand pane, as shown in the following screenshot:

In the following section, we will take a look at the policy options for the VMware Horizon URL Redirection policy.

VMware Horizon URL Redirection In this section, we are going to walk through the policy configuration options for the URL content redirection feature.

1. From the Group Policy Management Editor screen, from the Computer Configuration section (1), expand the folders for Policies (2), Administrative Templates (3), Classic Administrative Templates (ADM) (4). Now click on VMware Horizon URL Redirection (5), as shown in the following screenshot:

[ 30 ] Chapter 1

2. You will see the policy options in the right-hand pane. Double-click on the first policy, IE Policy: Users can't disable URL Redirection plugin (6), as shown in the following screenshot:

3. To enable the policy, click the radio button for Enabled. 4. Click the Next Setting button to take you to the next policy.

The next couple of policy settings are for the following options, and are simply enable or disable, and have no settings that you can configure specific values for. The settings are:

IE policy: Automatically activate newly installed plugins URL Redirection Enabled

[ 31 ] Fine-Tuning the End-User Experience

The next five policy settings cover which particular protocols are being used and which URLs to redirect. The policies cover the following protocols:

URL Redirection Protocol HTTP URL Redirection Protocol HTTPS URL Redirection Protocol callto URL Redirection Protocol email URL Redirection Protocol [...]

Each of the preceding protocol policy settings have the same configuration options, as shown in the following screenshot:

The brokerHostname option allows you to configure the redirection policy for a specific Connection Server, while the remoteItem option allows you to choose a pool.

Both clientRules and agentRules allow you to specify a specific URL that, when it matches your entry, gets redirected.

In the following section, we will take a look at the policy options for the VMware View Agent.

VMware View Agent configuration The next set of policy options allows you to configure the View Agent. Click on Classic Administrative Templates (ADM) (1), and then click on VMware View Agent Configuration (2). You will then see the following screenshot, which outlines at a highlevel the available configuration options:

[ 32 ] Chapter 1

Let's now work through the policy headings within the agent configuration and look at each one in more detail, starting with Smartcard Redirection options.

Smartcard Redirection There are no policies directly under this folder, so expand the folder for local reader access and start the configuration as described in the following section.

Local reader access The configuration for Local reader access can be created using the following steps:

1. The first policy in this folder is for Allow applications access to Local Smart Card readers. This policy is a simple click on either the radio button for Enabled or Disabled to turn it on or off. 2. Click the Next Setting button to take you to the next policy.

[ 33 ] Fine-Tuning the End-User Experience

3. The next setting is for Local Reader Name. This setting allows you to specify the name of a local reader to enable local access, as shown in the following screenshot:

4. Click the Next Setting button to take you to the next policy. 5. The next setting is for Require an inserted Smart Card. This policy is again a simple click on either the radio button for Enabled or Disabled to turn it on or off, and allows local reader access to be enabled if there is a smart card inserted. 6. Click the Apply button to save the policy configuration. The next section to look at is for True SSO.

True SSO configuration The first policy option in this section is for Disable TrueSSO. This policy is a simple click on either the radio button for Enabled or Disabled to turn it on or off.

1. Click the Next Setting button to take you to the next policy for Certificate wait timeout, as shown in the following screenshot:

[ 34 ] Chapter 1

2. Enter a time in seconds that you want to wait for the certificate to arrive on the agent. 3. Click the Next Setting button to take you to the next policy.

The next policy setting is for Minimum key size, as shown in the following screenshot:

4. Enter the minimum key size that you want to use, and then click the Next Setting button to take you to the next policy.

[ 35 ] Fine-Tuning the End-User Experience

The next policy setting is for All key sizes, as shown in the following screenshot:

5. Enter a maximum of five different key sizes to be used, and then click the Next Setting button to take you to the next policy. 6. The next policy setting is for Number of keys to pre-create, as shown in the following screenshot:

7. Enter the number of keys you want to have already created, and then click the Next Setting button to take you to the next policy.

[ 36 ] Chapter 1

The final policy is for Minimum validity period required for a certificate, as shown in the following screenshot:

8. Enter a time in minutes that is used for a certificate's validity period when being reused. 9. Click the Apply button to save the policy configuration. The next section to look at is for View USB Configuration.

In the following section, we are going to look at the USB configuration policy options.

View USB Configuration The next set of policies we are going to look at is for configuring the behavior of USB devices.

1. Click on the VMware View Agent Configuration option from the configuration window on the left, and then click View USB Configuration. From the right- hand pane, double-click on the first policy, Exclude Vid/Pid Device. 2. This policy allows you to exclude a USB device from being connected to your virtual desktop machine, by entering the Vendor ID (Vid), and Product ID (Pid) of the device. 3. As well as entering the ID of the product, there are also two other options you can use in the command. Adding m to the command configures the client setting to merge with agent setting, and adding o allows the agent setting to override the client setting.

[ 37 ] Fine-Tuning the End-User Experience

An example command is shown here:

o:vid-1058_pid-07a8

Enter the device details in the Exclude Vid/Pid Device box, as shown in the following screenshot:

4. The device in the given example is for a Western Digital My Passport 1 TB external USB hard drive, which we have excluded and set the agent to override the client.

You can find the Vendor ID and Product ID of a device by looking at its properties in the Windows Device Manager. Click on the Details tab, and then from the drop-down menu, select the Hardware Ids option.

5. Click the Next Setting button to take you to the next policy.

[ 38 ] Chapter 1

6. The next setting is the Include Vid/Pid Device option, and is the opposite of the previous exclude setting. With this setting, you can specify a specific device that you do want to allow to be connected to your virtual desktop machine.

7. As with the command option in the exclude setting, enter the device details in the Include Vid/Pid Device box, as shown in the previous screenshot. 8. Click the Next Setting button to take you to the next policy. 9. The next setting is the Exclude Device Family option, and allows you to exclude a specific family, or type, of devices. For example, with this setting, you can specify that you don't want to allow any storage device to be connected to your virtual desktop machine.

[ 39 ] Fine-Tuning the End-User Experience

The configuration dialog box is shown in the following screenshot:

10. Enter the family of devices' details in the Exclude DeviceFamily box, as shown in the previous screenshot. You also add the merge and override options. 11. Click the Next Setting button to take you to the next policy. 12. The next setting is the opposite of the previous setting, and is the Include Device Family option, allowing you to include a specific family of devices. For example, with this setting you can specify that you want to allow any storage device to be connected to your virtual desktop machine. 13. As with the previous configurations, enter the family of devices' details in the Include DeviceFamily box. 14. Click the Next Setting button to take you to the next policy. 15. The final policy setting in this section is the Exclude All Devices option. As the name suggests, enabling this policy, will exclude all devices from being connected from the end user's client device to the virtual desktop machine, unless they are included in one of the include policies. 16. This setting is disabled by default, meaning that all devices that are allowed can be used, unless specifically included by one of the previous exclude settings. 17. Click the Apply button to save the policy configuration. The next section to look at is the View USB configuration client downloadable policy

[ 40 ] Chapter 1

Client Downloadable only settings The next set of policies we are going to look at configuring the behavior of USB devices on the client device and are based on the agent configuration. The agent does not enforce these policies, but instead, its job is to pass the information to the client for the client to decide how the policy should be enforced and how the USB devices behave.

1. Click on the VMware View Agent Configuration option from the configuration window on the left, and then click View USB Configuration. Now click on Client Downloadable on Settings. 2. In the right-hand pane, double-click on the first policy, Exclude Vid/Pid Device from Split, as shown in the following screenshot:

3. By enabling this policy, you can exclude the component devices of a particular USB device from being treated as separate devices for device filtering. As with the previous USB policy configuration, enter the device details in the Exclude Vid/Pid Device from Split box. 4. This is part of the device filtering feature that was covered in Chapter 2, An Overview of Horizon View Architecture and Components. 5. Click the Next Setting button to take you to the next policy. 6. The next policy setting is for Split Vid/Pid Device. This allows you to configure the component devices of a composite USB as separate devices for filtering.

[ 41 ] Fine-Tuning the End-User Experience

7. Enter the device details in the Split Vid/Pid Device box. There is also an additional command that you can enter to exclude components from redirection by specifying their interface number in decimal, including any leading zero. So, if we go back to the previous example, you might enter something like:

o:vid-1058_pid-07a8(exintf:001)

8. In this example, you specify that the agent setting will override the client setting and will also exclude the component that uses interface 001. 9. Click the Next Setting button to take you to the next policy. 10. The next eight policy settings are all configured in the same way. First, simply click on the radio button for either Enabled or Disabled to turn the policy on or off. These policies configure the following options: Allow Other Input Devices Allow HID-Bootable Allow Audio Input Devices Allow Audio Output Devices Allow Keyboard and Mouse Devices Allow Video Devices Allow Smart Cards Allow Auto Device Splitting

Once enabled, you can then choose how the specific device behaves by selecting one of the following options from the drop-down menu, as shown in the following screenshot:

As this is the last policy setting, click the Apply button to save the policy configuration. The next section to look at is for the Agent Configuration policies.

[ 42 ] Chapter 1

Agent Configuration In this section, we are going to look at the agent configuration policy settings and how that policy configures things such as the authentication and environmental setting in the agent:

1. Click on the VMware View Agent Configuration option from the configuration window on the left, and then click Agent Configuration. In the right-hand pane, double-click on the Force MMR to use software overlay. This policy is either enabled or disabled by clicking the appropriate radio button, and there are no other configurable options to choose from. 2. By default, the multi media redirection feature will try and use hardware overlay to play back video in order to give better performance. If you have a configuration that uses multiple displays, then hardware overlay will only use one of those displays, typically the display that was used to start Windows Media Player in the first place. If you then drag Windows Media Player to one of the other screens, that video just shows as a black box. By enabling this policy by clicking the radio button for Enabled, you can force MMR to use a software- based overlay rather than hardware, allowing it to work on all of your displays. 3. Click the Next Setting button to take you to the next policy. 4. In the next policy setting, you can configure multi media acceleration. Again, this policy is switched on and off by clicking the radio button for enabled or disabled. 5. With this policy, you can configure MMR to be enabled on the agent. MMR sends multimedia data from specific codecs on the virtual desktop machine through a TCP socket to the client running on the endpoint device. The sent data is decoded on the client and then played.

MMR will only work if the endpoint device running the client is able to support the overlay function that MMR uses, and also if the endpoint client device has the resources to run the decoding process. This is where choosing the correct client device becomes important in this use case. For example, a zero client would not be able to support this feature.

6. Click the Next Setting button to take you to the next policy. 7. In the AllowDirectRDP policy, you can configure whether or not non-View- based clients are allowed to connect directly to a virtual desktop machine using the RDP protocol. Clicking the radio button for Enabled means that you can connect using RDP. This is the default setting. Disabling this feature means that only View connections from the client and the View web page will be allowed. 8. Click the Next Setting button to take you to the next policy.

[ 43 ] Fine-Tuning the End-User Experience

9. The next setting, AllowSingleSignon, allows you to configure single sign-on to the virtual desktop machine, and again is simply either enabled or disabled. 10. Clicking the radio button for Enabled means that when a user enters their credentials in the View Client or the View web page Portal, they will automatically be authenticated to their virtual desktop machine. If you disable this feature, the user will be prompted to enter their credentials again once the connection to their virtual desktop machine has been made.

If you enable this policy setting, you need to make sure that the Secure Authentication component of the agent is installed on the desktop and is enabled by default.

11. Click the Next Setting button to take you to the next policy. 12. The ConnectionTicketTimeout policy allows you to set a time in seconds for which the View connection ticket is valid. The connection ticket is used by View Clients when connecting to View Agent and is used for verification and single sign-on purposes. 13. To configure the policy, enter a value in the ConnectionTicketTimeout box. The default setting is 900 seconds. 14. Click the Next Setting button to take you to the next policy. 15. In the next policy setting, for CredentialFilterExceptions, you can enter specific executable files that are not allowed to load the agent CredentialFilter. Filenames must not include a path or suffix. Enter the details in the CredentialFilterExceptions box. 16. Click the Next Setting button to take you to the next policy. 17. The next three settings are either enabled or disabled and have no configurable options. Simply click on either the radio button for Enabled or Disabled to turn them on or off. 18. These policies are for the following options: Connect using DNS Name Disable Time Zone Synchronization: Determines weather the time zone of the View desktop is synchronized with that of the connected client Toggle Display Settings Control: You can disable the Settings page of the Display Control Panel when a View Client is connected over PCoIP 19. Click the Next Setting button after each policy setting. After the last one, you will see the to take you to the next policy.

[ 44 ] Chapter 1

12. The next three policy settings are for CommandsToRunOnConnect, CommandsToRunOnReconnect, and CommandsToRunOnDisonnect. 13. Click on either the radio button for Enabled or Disabled to turn them on or off. Once they are enabled, you can configure the commands that you want to run by clicking on the Show… button (1), as shown in the following screenshot:

22. When you click the Show… button (1), you will see the Show Contents dialog box, as shown in the following screenshot:

[ 45 ] Fine-Tuning the End-User Experience

23. Enter the commands into the Value box (2). In this policy, the commands that you enter will run whenever the client connects, reconnects, or disconnects. 24. Click the Next Setting button to take you to the next policy. 25. The next option is for ShowDiskActivityIcon. Click on either the radio button for Enabled or Disabled to turn the policy on or off. Once enabled, this policy simply shows a disk activity icon in the system tray of the virtual desktop machine. 26. Click the Next Setting button to take you to the next policy. 27. The final policy settings in this section are for Single sign-on retry timeout. Enabling this policy then gives you the option of specifying a time (in milliseconds) after which single sign-on is retried. The default value is set to 5000 milliseconds. 28. As this is the last policy setting, click the Apply button to save the policy configuration.

The next section to look at is the Agent Security policy.

Agent Security There is just the one policy setting, Accept SSL encrypted framework channel, as shown in the following screenshot:

[ 46 ] Chapter 1

You have three options from the drop-down menu for accepting SSL:

Enable: Enables SSL, allowing legacy clients to connect without SSL Disable: Disables SSL completely Enforce: Enables SSL, but refuses connections from legacy clients

As this is the only policy setting, click the Apply button to save the policy configuration.

Unity Touch and Hosted Apps Perform the following steps to configure policies:

1. To configure these policies, click on the VMware View Agent Configuration option from the configuration window on the left, and then click Unity Touch and Hosted Apps. 2. You will see that there are three different policy settings you can configure. In the right-hand pane, double-click on the Enable Unity Touch policy. 3. The first policy, Enable Unity Touch, enables a feature for users who access their virtual desktop machine from a tablet device, making it easier to use the interface on the device. This feature will be covered in more detail in Chapter 10, Horizon View Client Options. 4. To enable this policy, simply click the radio button for either Enabled or Disabled and there is nothing else to configure. By default, this policy is set to Enabled. 5. Click the Next Setting button to take you to the next policy. 6. The next policy setting is for Enable system tray redirection for Hosted Apps. This policy is simply either Enabled or Disabled, so there is nothing else to configure. When enabled, this policy determines whether or not the system tray should be redirected when using View Hosted Apps. 7. Click the Next Setting button to take you to the next policy. 8. The final policy is for Enable user profile customization for Hosted Apps. Again, this policy is simply either Enabled or Disabled by clicking the appropriate radio button and there is nothing else to configure. When enabled, this policy will perform the following customization tasks: Generate the user's profile Customize the Windows theme Run registered startup applications

By default, this policy is Disabled.

[ 47 ] Fine-Tuning the End-User Experience

As this is the final policy setting, click the Apply button to save the policy configuration and move on to the following section, for Flash redirection.

VMware FlashMMR To configure the Flash policies, perform the following steps:

1. To configure these policies, click on the VMware View Agent Configuration option from the configuration window on the left, and then click VMware FlashMMR. 2. You will see that there are two different policy settings you can configure. In the right-hand pane, double-click on the Enable Flash multi-media redirection policy. 3. The first policy, Enable Flash multi-media redirection, enables a Flash multimedia redirection on the agent. This policy is simply either enabled or disabled by clicking the appropriate radio button and there is nothing else to configure. 4. Click the Next Setting button to take you to the next policy. 5. The final setting in this section is for minimum rectangle size to enable FlashMMR. This setting allows you to configure the minimum rectangle size for redirection, using the following syntax format: xxx,yyy, where xxx is the width of the rectangle in pixels, and yyy is the height of the rectangle in pixels. 6. As this is the final policy setting, click the Apply button to save the policy configuration and move on to the following section, for Real-time Audio Video (RTAV) configuration.

View RTAV Configuration To configure the RTAV policies, perform the following steps:

1. Click on the VMware View Agent Configuration option from the configuration window on the left, and then click View RTAV Configuration. 2. In the right-hand pane, double-click on the Disable RTAV policy. 3. This policy is simply either enabled or disabled by clicking the appropriate radio button and there is nothing else to configure. By selecting the Enable option, the RTAV feature will be switched off. 4. Click the Apply button to save the policy configuration and move on to the other RTAV configuration settings, this time for webcams.

[ 48 ] Chapter 1

View RTAV Webcam Settings In the previous policy, you either enabled or disabled RTAV. If you enabled it, you now have some additional configuration options:

1. To configure the webcam policies, click on the VMware View Agent Configuration option from the configuration window on the left, and then click View RTAV Configuration. Then, click the folder below for View RTAV Webcam Settings. 2. In the right-hand pane, double-click on the Max frames per second policy. You will now see the following screenshot:

3. In this policy, you can set the frame rate for RTAV. The maximum frame rate is 25, and the minimum is 1. 4. Click the Next Setting button to take you to the next policy.

[ 49 ] Fine-Tuning the End-User Experience

5. The next two policy settings are for Resolution – Max image height in pixels and Resolution – Max image width in pixels. These settings allow you to set the maximum image height and width for an image that is captured using a webcam. Enter a value in the box for both screens, as shown in the following screenshot:

6. Click the Next Setting button to take you to the next policy. 7. The final two policy settings are for Resolution – Default image resolution height in pixels, and Resolution – Default image resolution width in pixels. These settings allow you to set the default image height and width for an image. Enter a value in the box for both screens, as shown in the following screenshot:

[ 50 ] Chapter 1

8. Click the Apply button to save the policy configuration and move on to the set of policies for Scanner Redirection.

Scanner Redirection A new option for redirecting scanners was introduced with Horizon View 6.0 and allows you to control the behavior of a scanner in a virtual desktop machine.

1. From the Group Policy Management Editor, click on the VMware View Agent Configuration option from the configuration window on the left, and then click on the Scanner Redirection option. 2. There are four policy settings in total. In the right-hand pane, double-click on the first policy for Disable functionality. The first three are simply enabled or disabled by clicking the appropriate radio button and have no other settings that you can configure specific values for. These first three policies are as follows: Disable functionality: Enables or disables scanner redirection Lock Config: Locks the settings interface so users cannot change the scanner configuration. Hide Webcam: Webcams can be used as virtual scanners when redirected using the View Agent. This option prevents that webcam from appearing as an option in the scanner selection menu

[ 51 ] Fine-Tuning the End-User Experience

The fourth option is to configure the Default Scanner, as shown in the following screenshot:

In this policy, you can configure options for either a TWAIN scanner or a WIA scanner. You have the following options for how the scanner is selected:

None: No scanner is automatically selected

Autoselect: Automatically connects the scanner currently plugged into the endpoint device

Last used: Selects the last scanner that you had connected

[ 52 ] Chapter 1

Specified: If you select this option then you also need to add the scanner details in the Specified scanner box

3. Click the Apply button to save the policy configuration and move on to the set of policies for Serial COM.

Serial COM The Serial COM policy settings control the serial port redirection feature in View:

1. From the Group Policy Management Editor, click on the VMware View Agent Configuration option from the configuration window on the left, and then click on the Serial COM option. Next, in the right-hand pane, double-click on the first policy for Local settings priority. 2. The first three are simply enabled or disabled by clicking the appropriate radio button and have no other settings that you can configure specific values for. These first three policies are as follows: Local settings priority: When enabled, the local program settings override the policy settings Disable functionality: Serial port is not redirected Lock configuration: When enabled, the user interface containing the program settings is locked, and the end user cannot access them 3. The fourth option is to configure the Bandwidth limit. This allows you to define the transfer speed between the agent and the client when redirecting the serial port. You enter a number in kilobytes, with 0 meaning there is no limitation set. 4. Click the Apply button to save the policy configuration and move on the other Serial COM configuration settings, this time for which ports to use and apply this policy.

PortSettings In the previous policy, you configured the behavior of the serial redirection feature. If you enabled it, you now have the ability to configure the actual ports.

1. To configure the webcam policies, click on the VMware View Agent Configuration option from the configuration window on the left, and then click Serial COM. Then click the folder below for PortSettings. You will have a number of PortSettings options, which are all configured in exactly the same way as we are about to describe.

[ 53 ] Fine-Tuning the End-User Experience

2. In the right-hand pane, double-click on the PortSettings1 policy, as shown in the following screenshot:

[ 54 ] Chapter 1

3. On this configuration screen, you can configure the source port, the destination port, and whether or not to make this connection automatically. You then have a number of troubleshooting options to choose from. 4. Click the Apply button to save the policy configuration and move on to the View Agent Direct-Connection Configuration policy settings.

View Agent Direct-Connection Configuration The final set of policies within the View Agent category is for controlling the View Agent Direct Connection Configuration feature.

1. From the Group Policy Management Editor, click on the VMware View Agent Configuration option from the configuration window on the left, and then click on the View Agent Direct-Connection Configuration option (1). Next, in the right-hand pane, double-click on the first policy for HTTPS Port Number (2), as shown in the following screenshot:

[ 55 ] Fine-Tuning the End-User Experience

2. You will now see the policy for HTTPS Port Number. Enter a port number for the TCP port that View should listen for incoming connections from the View Client. 3. Click the Next Setting button to take you to the next policy. 4. In the Session Timeout policy, enter a time for the user to keep the session open after logging in, as shown in the following screenshot. 5. Click the Next Setting button to take you to the next policy. 6. The next policy is the Disclaimer Enabled policy to enable or disable the disclaimer screen and is simply an enable or disable the policy, with no configuration options. 7. Click the Next Setting button to take you to the next policy. 8. You will now have the option, in the Disclaimer Text policy screen, to enter the text you want to display to the end users when they log in. 9. Enter the text in the Disclaimer Box, as shown in the following screenshot:

10. Click the Next Setting button to take you to the next policy.

[ 56 ] Chapter 1

11. The next three policy settings are for the following options and are simply enabled or disabled by clicking the appropriate radio button to switch the policies on or off. There are no other settings that you can configure specific values for. The policies are for the following: Applications Enabled: Supports launching applications on RDS hosts Client setting: AutoConnect Client setting: AlwaysConnect 12. Click Next Setting to move to the next policy setting, once you have configured the three policies. 13. The next policy setting is for Client setting: ScreenSize. Enter a value for the screen size. This policy will override any client settings. 14. Click the Next Setting button to take you to the next policy. 15. In the next two policy settings, you can set external port numbers. The first is for External PCoIP Port and the other is for External RDP Port, as shown in the following screenshot:

[ 57 ] Fine-Tuning the End-User Experience

16. Enter the port numbers into the respective configuration boxes and then click the Next Setting button to move on to the next policy setting. 17. The next policy is to set an External Blast Port. Enter a port number in the box, as shown in the following screenshot:

18. Click the Next Setting button to take you to the next policy. 19. In the External IP Address policy setting, you can enter an IP address for an external address when the address doesn't match the virtual desktop machines and is typically used in an environment where you use NAT.

[ 58 ] Chapter 1

20. Enter an IP address for the External IP Address in the box, as shown in the following screenshot:

21. Click the Next Setting button to take you to the next policy. 22. The next policy is for External Framework Channel Port and is only required if the externally exposed port number does not match the port the service is listening on.

[ 59 ] Fine-Tuning the End-User Experience

23. Enter an External Framework Channel Port in the box, as shown in the following screenshot:

24. Click the Next Setting button to take you to the next policy. 25. The next four policy settings are for the following options, and are simply enabled or disabled by clicking the appropriate radio button. There are no other settings that you can configure specific values for. The policies are as follows:

USB Enabled Multimedia redirection (MMR) Enabled

Please note that MMR does not work correctly if the client system's video display hardware does not have overlay support, and is supported for XP and Vista desktop sources.

Reset Enabled: Allows the client to perform an operating system level reboot USB AutoConnect: Connects USB devices to the desktop when they are plugged in

26. Click the Next Setting button to take you to the next policy.

[ 60 ] Chapter 1

27. With the Client Credential Cache Timeout policy, you can set a time for how long a user should use a saved password. The default setting is not to save passwords. 28. Click the Next Setting button to take you to the next policy. 29. In the User Idle Timeout policy, you can set the length of time that the end user can remain idle for before the session is protected. The default setting is 900 seconds, and entering a value of -1 means that the session will never become idle. 30. Click the Next Setting button to take you to the next policy. 31. The next policy is for Client Session Timeout. In this policy, you can set a length of time that the session is kept active if the client is not connected. The default setting is 10 hours. 32. Click the Next Setting button to take you to the next policy for X509 Certificate Authentication, as shown in the following screenshot:

33. When enabled, you then need to choose the authentication option from the drop- down menu (3). You can choose from Allowed, Disabled, or Required. 34. Click the Next Setting button to take you to the next policy.

[ 61 ] Fine-Tuning the End-User Experience

35. The next policy is for X509 SSL Certificate Authentication Enabled. When enabled, this policy is used to determine weather Smart Card X.509 certificate authentication is enabled via a direct SSL connection for the View Client. 36. Click the Next Setting button to take you to the final policy in this section. 37. This policy, Client Config Name Value Pairs, allows you to configure values to pass to the client, as shown in the following screenshot:

38. Once this is enabled, click the Show… button (4). This will bring up the Show Contents dialog box, where you can enter the values. 39. Click the Apply button to save the policy configuration. The next section we will look at covers the policies used to configure the Blast protocol.

VMware Blast In the next set of policy settings, we are going to configure the settings for when users connect to their virtual desktop machine using the Blast protocol:

[ 62 ] Chapter 1

You will now see all the different configuration settings listed in the right- hand pane, as shown in the following screenshot:

2. Double-click on the first policy for Max Session Bandwidth. You will now see the Max Session Bandwidth policy, as shown in the following screenshot. This also shows the Min Session Bandwidth, as this is configured in the same way:

3. With these policy settings, you can set the maximum and minimum session bandwidth (in kilobits) that is reserved for the Blast protocol.

[ 63 ] Fine-Tuning the End-User Experience

4. Click the Next Setting button to take you to the next policy. 5. The next policy is for setting the Max Frame Rate. Enabling this setting limits the number of screen updates that take place every second. You can then enter the number of frames per second in the Options section. 6. Click the Next Setting button to take you to the next policy. 7. The next policy is for setting the UDP Protocol. Enabling this setting means that the UDP protocol is used for Blast. If the policy is set to Disabled or Not Configured, the TCP protocol will be used instead. 8. To configure this policy setting, click the radio button for Enabled, and then in the Options section, check the box for Enable UDP, as shown in the following screenshot:

9. Click the Next Setting button to take you to the next policy, for configuring H264. 10. With this policy, you can configure the H264 encoding feature. If the policy is set to Enabled or Not Configured, then H264 will be used. Otherwise, Jpeg/Png will be used.

[ 64 ] Chapter 1

11. To configure this policy setting, click the radio button for Enabled, and then in the Options section, check the box for Enable H264 Encoding, as shown in the following screenshot:

12. Click the Next Setting button to take you to the next policy, for configuring Screen Blanking. 13. This policy setting allows you to configure the screen blanking of the virtual machine from being visible in the virtual machine console. When enabled, a black screen will be visible from the console, but when disabled, you will be able to see the virtual desktop machines desktop from the console, displaying everything the user sees. 14. To configure this policy setting, click the radio button for Enabled, and then in the Options section, check the box for Enable Screen Blanking. 15. Click the Next Setting button to take you to the next policy, for configuring Session Garbage Collection.

[ 65 ] Fine-Tuning the End-User Experience

16. This policy allows you to configure two options. First, the Interval (ms) option to configure how often the garbage collector runs, and second, the Threshold (s) setting, which determines the age that an abandoned session must reach before it gets deleted, as shown in the following screenshot:

17. Click the Next Setting button to take you to the next policy setting, for configuring the Image Quality. 18. In the Image Quality policy, you can control the image quality of the remote display. 19. There are two different profiles to select from, low or high. The low profile is used when areas of the screen are changing often, for example when scrolling around a screen.

[ 66 ] Chapter 1

20. In contrast, the high-quality profile is used to refine regions of the screen that change less, such as static screen content when using something like Microsoft Word, where it's just a small amount of text that is changing. This would result in a better final image. The options are shown in the following screenshot:

21. Click the Next Setting button to take you to the next policy. 22. In the HTTP Service policy, you can enter the port for secured HTTPS traffic. Enter the port number in the Secured (HTTPS) port box, under the options section. 23. Click the Next Setting button to take you to the next policy. 24. The Audio Playback policy allows you to either enable or disable the audio playback for the session. By default, this policy is enabled.

[ 67 ] Fine-Tuning the End-User Experience

25. Click the Next Setting button to take you to the next policy, to configure the behavior of the clipboard.

26. The Configure clipboard redirection policy allows you to control the cut-and- paste function of the virtual desktop machine. 27. You can configure the policy from the drop-down menu options for the following: Disabled in both directions Enabled client to server (from virtual desktop to endpoint device) Enabled in both directions Enabled server to client only (from endpoint device to virtual desktop)

This is shown in the following screenshot:

28. Click the Next Setting button to take you to the next policy. 29. Click the Apply button to save the policy configuration. The next section we will look at are the policies used to configure the View Client configuration settings.

[ 68 ] Chapter 1

VMware View Client Configuration In this section, we are going to look at the View Client policy settings.

You will now see all the different configuration settings listed in the right- hand pane, as shown in the following screenshot:

[ 69 ] Fine-Tuning the End-User Experience

The following screenshot shows the configuration options that are available:

2. We are going to start at the top level and work through the policy settings. Click on VMware View Client Configuration and then double-click the first policy for Disable time zone forwarding. 3. This policy is simply enabled or disabled by clicking the appropriate radio button, and there are no other configurable options. 4. Click the Next Setting button to take you to the next policy. 5. The Tunnel proxy bypass address list allows you to configure a tunnel proxy bypass list. Enter addresses of proxy servers that you want to exclude from being used. 6. Click the Next Setting button to take you to the next policy. 7. The next policy, the Determines if the VMware View Client should use proxy.pac (deprecated) policy, is for View 4.x client versions and earlier, so you can ignore this policy as we are using the latest version.

[ 70 ] Chapter 1

8. Click the Next Setting button to take you to the next policy. 9. In the URL for View Client online help policy, you can specify an alternative address for help pages, as shown in the following screenshot:

10. Click the Next Setting button to take you to the next policy. 11. The next two policies, Redirect smart card readers in Local Mode and Delay the start of replications when starting the View Client with Local Mode, are no longer required given that local mode was removed back in Horizon 6. 12. Click the Next Setting button to take you to the next policy. 13. In the Disable toast notifications policy, you simply enable or disable this policy by clicking the appropriate radio button. 14. This setting disables the toast notifications from the View Client. Enable this setting if you do not want the user to see toast notifications pop up in the corner of their screen. 15. Click the Next Setting button to take you to the next policy. 16. You will now see the Enable relative mouse policy, which again is a policy that you can either enable or disable.

[ 71 ] Fine-Tuning the End-User Experience

17. This setting enables relative mouse mode from the View Client for PCoIP desktops. Enable this setting if you want the user to always use relative mouse mode with PCoIP desktops. Relative mouse mode improves mouse behavior for certain graphics applications and games. If the remote desktop does not support relative mouse mode, then this setting will not be used. 18. Click the Next Setting button to take you to the next policy. 19. The next policy option is Disable desktop disconnect messages and is either enabled or disabled. It configures whether or not messages that are usually shown when the desktop is disconnected should be disabled. 20. Click the Next Setting button to take you to the next policy. 21. The final policy option is Default value of the 'Hide the selector after launching an item' checkbox. This policy has the options of either being enabled or disabled. 22. Click the Apply button to save the policy configuration. The next section we will look at covers the policies used to configure the View USB configuration settings. 23. Click the Apply button to save the policy configuration. The next section we will look at covers the policies used to configure the View Client configuration settings.

VMware View USB Configuration The View USB configuration for the View Client contains exactly the same policy options as the View Agent configuration for USB section that we covered previously in this chapter, except now they apply to the client.

For example, these policy options, which are applied to the client machine, could be used for something such as split settings, where you need to direct View to split a device's functions between the client and virtual desktop machines. In this case, client settings don't need to be configured on every client, but instead can be configured using a GPO, which is then applied to the desktop pool.

When the end user logs in to their virtual desktop machine, the client configuration is downloaded to the client machine and applied only to the client and not to the agent running on the virtual desktop machine.

[ 72 ] Chapter 1

Rather than cover every policy option again, please refer to that section for the policy details. The following screenshot shows the available policy options:

Also under the USB configuration section, is Settings not configurable by agent, which we will look at in the following section.

Settings not conﬁgurable by Agent In this set of policies, you can configure settings that are not configurable by the agent:

1. From the Group Policy Management Editor screen, from the Computer Configuration section, expand the folders for Policies, Administrative Templates, Classic Administrative Templates (ADM), VMware View Client Configuration, and View USB Configuration. 2. Then click on the Settings not configurable by Agent option. You will see the policy settings in the right-hand pane.

[ 73 ] Fine-Tuning the End-User Experience

3. Double-click the first policy for Exclude Path. The Exclude Path and Include Path policy settings are shown together in the following screenshot, as they are configured in a similar way by entering a path value in the Options box:

4. This policy allows you to either exclude or include a device at a specified hub or port path from being forwarded. 5. Click the Next Setting button to take you to the next policy. 6. The next two policy settings are for the following options and are simply enabled or disabled by clicking the appropriate radio button. They have no other settings that you can configure specific values for. The policies are as follows: Disable Remote Configuration Allow Device Descriptor Failsafe behavior 7. Click Apply to complete the configuration for these policies. In the following section, we will look at the policy options for Scripting Definitions.

[ 74 ] Chapter 1

Scripting definitions In the next set of policies, we are going to look at the scripting definitions:

1. From the Group Policy Management Editor screen, in the Computer Configuration section, expand the folders for Policies, Administrative Templates, Classic Administrative Templates (ADM), and VMware View Client Configuration. 2. Then, click on Scripting definitions, and from the policy options shown in the right-hand pane, double-click the first policy for Server URL. 3. By enabling this policy, you then enter a URL for the connection server that is used by the client when the end user logs in. Type the server URL in the Options box, as shown in the following screenshot:

4. Click the Next Setting button to take you to the next policy.

[ 75 ] Fine-Tuning the End-User Experience

5. In the Logon UserName policy setting, enter a username for the client to use during the login process. Enter the name in the box, as shown in the following screenshot:

6. Click the Next Setting button to take you to the next policy. 7. In the Logon DomainName policy setting, enter a domain name for the client to use during the login process. 8. Click the Next Setting button to take you to the next policy. 9. In the Logon Password policy setting, enter a password for the client to use during the login process. Enter the name in the box under the Options section.

Be aware, though, that this password is stored in AD as plain text.

10. Click the Next Setting button to take you to the next policy. 11. In the DesktopName to select policy setting, you can enter the name of the default desktop that you want to be used during the login process. 12. Click the Next Setting button to take you to the next policy.

[ 76 ] Chapter 1

13. In the DesktopLayout policy setting, you can choose how the desktop is displayed to the user when they connect. You can have full screen, multi-monitor, large window, or small windows. Choose one from the drop-down menu, as shown in the following screenshot:

14. Click the Next Setting button to take you to the next policy. 15. The next policy setting is for Locked Guest Size. Enabling this policy allows you to lock the screen resolution of the remote desktop and will, therefore, disable the autofit function.

These settings do not apply when using the RDP protocol.

16. You then have the option of entering the resolution you want to fix the remote desktop at by entering a width and a height value. The maximum resolution is 4096 x 4096, and the minimum resolution is 640 x 480. 17. Click the Next Setting button to take you to the next policy.

[ 77 ] Fine-Tuning the End-User Experience

18. The next five policy settings are for the following options, and are simply enabled or disabled and have no settings that you can configure specific values for. The policies are as follows: Suppress error messages (when fully scripted only) Automatically connect if only one launch item is entitled Disable 3rd-party Terminal Services plugins Connect all USB devices to the desktop on launch Connect USB devices to the desktop when they are plugged in 19. Click Apply to complete the configuration for these policies. In the following section, we will look at the policy options for Security settings.

Security settings In the next set of policies, we are going to look at the various different security settings:

1. From the Group Policy Management Editor screen, from the Computer Configuration section, expand the folders for Policies, Administrative Templates, Classic Administrative Templates (ADM), VMware View Client Configuration. 2. Then, click on Security Settings, and from the policy options shown in the right- hand pane, double-click the first policy for Display option to Log in as current user. 3. This policy allows you to automatically check a box and log in as the currently logged-in user, as well as enter your credentials if they are different for your virtual desktop machine. 4. Click the Next Setting button to take you to the next policy. 5. Next, you will see the Default value of the 'Log in as current user' checkbox, which allows you to have this box automatically checked so users are forced to log in as the current user. 6. Click the Next Setting button to take you to the next policy. 7. In the Server Trusted For Delegation policy, you can add the details for connection servers that are allowed to have credentials delegated to them.

[ 78 ] Chapter 1

8. To add the server details, click the Show… button and then enter the details in the Show Content box, as shown in the following screenshot:

9. Click the Next Setting button to take you to the next policy. 10. In the Certificate verification mode policy, you can configure how the client checks the certificate. From the drop-down menu, you can choose from the following three verification mode options: Full Security: All certificate errors are reported to the user and they are not allowed to connect to the server No Security: No certificate checking is performed

[ 79 ] Fine-Tuning the End-User Experience

Warn But Allow: Default option, where the user is warned but allowed to proceed if the server certificate is self-signed:

11. Click the Next Setting button to take you to the next policy. 12. The next three policy settings are for the following options and are simply enabled or disabled by clicking the appropriate radio button and have no other settings that you can configure specific values for. The policies and settings are as follows: Enable Single Sign-On for smart card authentication: Requires the View Client to store the encrypted smart card PIN in memory momentarily before submitting it to the View Connection Server Enable jump list integration: Adds a jump list to the View Client icon in the taskbar on Windows 7 and later to allow users to easily connect to recent View Connection Servers and remote desktops Allow command line credentials: Allows a password or PIN to be provided via command-line parameters

12. Click the Next Setting button to take you to the next policy. 13. You will now see the Enable SSL encrypted framework channel policy, where you can configure how SSL encryption is handled. From the drop-down menu, you can choose from the following three options: Enable: Enables SSL and allows fallback to desktops with no SSL support

[ 80 ] Chapter 1

Disable: Disables SSL altogether Enforce: Will actively refuse to connect to desktops that have no SSL support

This is shown in the following screenshot:

15. Click the Next Setting button to take you to the next policy. 16. The next four policy settings are for the following options, and are simply enabled or disabled and have no settings that you can configure specific values for. These policies are also for View Client versions 4.x and earlier. The settings are as follows: Ignore incorrect SSL certificate common name (hostname field) Ignore bad SSL certificate date received from the server Ignore unknown certificate authority problems Ignore incorrect usage problems

17. Click the Next Setting button to take you to the next policy.

[ 81 ] Fine-Tuning the End-User Experience

18. The last policy setting is the Configures SSL protocols and cryptographic algorithms policy, where you can configure a cipher list to restrict the use of certain cryptographic algorithms and protocols before establishing an encrypted SSL connection. The list is made up of at least one cipher string.

Cipher strings are case sensitive.

This policy is shown in the following screenshot:

19. Click Apply to complete the configuration for these policies. In the following section, we will look at the policy options for VMware View Common Configuration.

[ 82 ] Chapter 1

VMware View Common Configuration The final set of policies are common configuration options policies:

1. To configure these, from the Group Policy Management Editor screen, from the Computer Configuration section, expand the folders for Policies, Administrative Templates, Classic Administrative Templates (ADM) (1), and then click on VMware View Common Configuration (2):

There are a number of policies within this section, and the following screenshot shows each individual policy:

[ 83 ] Fine-Tuning the End-User Experience

2. Let's look at the first policy. On the right-hand pane, double-click the first policy, Enable extended logging. This policy is simply either enabled or disabled by clicking the appropriate radio button. Enabling this policy means that both trace and debug events will be added to the log files. 3. Click the Next Setting button to take you to the next policy. 4. Next is the policy for Disk threshold for log and events in Megabytes. This policy allows you to configure a minimum amount of disk space available for storing log files and event information. Once the threshold is reached, the logging stops.

5. Enter a value in MB for the amount of remaining disk space. The default value is set to 200 MB, as shown in the following screenshot:

6. Click the Next Setting button to take you to the next policy. 7. The next policy is the Override the default View Windows event generation policy. There are three different configurable options, as follows: 0: Event log entries are only produced for View events (no event log entries are generated for log messages) 1: Event log entries are produced in View 4.5 (and earlier) compatibility mode. Event log entries are not produced for standard View events. Event log entries are based solely on log file text. 2: Event log entries are produced in View 4.5 (and earlier) compatibility mode, with View events also being included.

[ 84 ] Chapter 1

7. Enter a value for this policy setting in the box under the Options section. 8. Click Apply to complete the configuration for these policies. In the following section, we will look at the policy options for Log Configuration.

Log Configuration In this section, we are going to look at the configuration options for the log files:

1. To configure these, from the Group Policy Management Editor screen, in the Computer Configuration section, expand the folders for Policies, Administrative Templates, Classic Administrative Templates (ADM), and then finally, VMware View Common Configuration. Now click on the Log Configuration folder. 2. You will see the policies listed in the right-hand pane. Double-click the first policy, for configuring the Number of days to keep production logs, as shown in the following screenshot:

3. Enter the number of days you want to keep the log files. The default setting is 7 days.

[ 85 ] Fine-Tuning the End-User Experience

4. Click the Next Setting button to take you to the next policy. 5. In the Maximum number of debug logs policy, you can enter a value for the number of log files you want to keep. When a file gets to its maximum size, then another log file is created, up to the maximum number you have configured to be kept. Any new logs created after this point mean that the oldest file gets deleted.

Enter the number of log files you want to keep the log files for, as shown in the following screenshot:

6. Click the Next Setting button to take you to the next policy. 7. In the Maximum debug log size in Megabytes policy, you can enter the size you want as the maximum log file size.

[ 86 ] Chapter 1

Enter the size, in MB, of debug log files in the box, as shown in the following screenshot:

8. Click the Next Setting button to take you to the next policy. 9. In the Log directory policy, you can enter your own directory to store the log files. Enter a directory in the box, as shown in the following screenshot:

[ 87 ] Fine-Tuning the End-User Experience

10. Click the Next Setting button to take you to the next policy.

11. In the final policy setting, the Send logs to a Syslog server policy, you can enter the details of a Syslog server to send the server logs to. Enter the details of the server, such as a VMware Log Insight Server, in the box, as shown in the following screenshot:

12. Click Apply to complete the configuration for these policies. In the following section, we will look at the policy options for Performance alarms.

Performance alarms The following are the steps for configuring performance alarms:

1. To configure the performance alarms options, from the Group Policy Management Editor screen, in the Computer Configuration section, expand the folders for Policies, Administrative Templates, Classic Administrative Templates (ADM), and then finally, VMware View Common Configuration. Now click on the Performance Alarms folder.

[ 88 ] Chapter 1

2. You will now see the policies listed in the right-hand pane. Double-click the first policy for configuring the CPU and Memory Sampling Interval in Seconds policy, as shown in the following screenshot:

3. Enter the number of seconds you want to check the CPU and memory. It's worth noting that the more frequent the timing, the more output will be written to the log files. 4. Click the Next Setting button to take you to the next policy.

[ 89 ] Fine-Tuning the End-User Experience

5. The next two policies are the Overall CPU usage percentage to issue log info policy, and the Overall Memory usage percentage to issue log info policy, where you can set a percentage value for when the CPU and memory usage starts to be logged. These policies are shown together in the following screenshot:

6. Enter the percentage in the boxes for the CPU usage and then the memory usage policies. 7. Click the Next Setting button to take you to the next policy.

[ 90 ] Chapter 1

8. The next two policies are the Process CPU usage percentage to issue log info policy, and the Process Memory usage percentage to issue log info policy, as shown in the following screenshot:

9. In this policy, you can set a percentage value for when the CPU and memory usage for an individual process starts to be logged. Enter the percentage in the boxes for the CPU usage and then the memory usage policies. 10. Click the Next Setting button to take you to the next policy. 11. In the Processes to check, comma separated name list allowing wild cards and exclusion policy, you can create a list of queries that correspond to the names of the processes you want to be examined. In order to filter the list, you can use wildcards in each query: (*): That matches zero or more characters (?): That matches exactly one character (!): That can be used as a prefix to a query in order to exclude any results from the query

[ 91 ] Fine-Tuning the End-User Experience

10. Enter the query in the box, as shown in the following screenshot:

13. Click Apply to complete the configuration for these policies. In the following section, we will look at the policy options for the Security Configuration settings.

Security Configuration

1. To configure the security configuration options, from the Group Policy Management Editor screen, from the Computer Configuration section, expand the folders for Policies, Administrative Templates, Classic Administrative Templates (ADM), and then finally, VMware View Common Configuration. Now click on the Security Configuration folder. 2. You will now see the policies listed in the right-hand pane. Double-click the first policy for configuring the Type of certificate revocation check policy. 3. In this policy, you can configure what type of revocation check is performed on the SSL certificate. From the drop-down menu, choose one of the following options: EndCertificateOnly None

[ 92 ] Chapter 1

WholeChain WholeChainButRoot

These options are shown in the following screenshot:

4. Click the Next Setting button to take you to the next policy. 5. In the next policy, Only use cached revocation URLs, the options are either to enable or disable the policy by clicking the appropriate radio button. There are no other options to configure. 6. Click the Next Setting button to take you to the next policy. 7. The final policy setting in this section is for Revocation URL check timeout milliseconds, where you can set a time, in milliseconds, for the check to take place. 8. Click Apply to complete the configuration for these policies. In the following section, we will look at the policy options for the VMware View Server Configuration settings.

[ 93 ] Fine-Tuning the End-User Experience

VMware View Server Configuration

1. To configure the VMware View Server configuration options, from the Group Policy Management Editor screen, in the Computer Configuration section, expand the folders for Policies, Administrative Templates, Classic Administrative Templates (ADM) (1), and then finally, click on the VMware View Server Configuration folder (2), as shown in the following screenshot:

2. Double-click the first policy for Windows Password Authentication Mode. From the drop-down menu box, select the authentication mode, as shown in the following screenshot:

[ 94 ] Chapter 1

3. Click the Next Setting button to take you to the next policy. 4. The next policy is for Recursive Enumeration of Trusted Domains. This policy is simply either enabled or disabled by clicking the appropriate radio button, and there are no other configurable options. 5. Enabling this policy determines whether or not every domain trusted by the domain in which the server resides is enumerated. In order to establish a complete chain of trust, the domains trusted by each trusted domain are also enumerated, and so the process continues until all the trusted domains have been discovered. The View Connection Server then uses this information to make sure that all trusted domains are available to the client when they log in.

[ 95 ] Fine-Tuning the End-User Experience

6. Click the Next Setting button to take you to the next policy. 7. The final policy is Enumerate Forest Trust Child Domains. This policy is simply either enabled or disabled by clicking the appropriate radio button, and there are no other configurable options. When enabled, this policy determines whether or not the child domains in a forest get enumerated. 8. Click Apply to complete the configuration for these policies

We have now completed our look at the various policy options and configuration options. In the following section, we are going to take a brief look at how we can tune the protocol dynamically on the virtual desktop machines.

PCoIP tuning tool The final thing we are going to cover in this chapter is how you can dynamically tune the virtual desktop machines using the PCoIP tuning tool. You can download this tool from the following web page link: h t t p : / / t i n y u r l . c o m / o c q x y k n.

One of the things that this tuning tool enables is the ability to change settings on the fly rather than manually editing policies. As you can see from the number of policies, there is a large number of different configurable options.

Once you have the tool downloaded, launch it on the virtual desktop machine you want to tune. It's probably worthwhile doing this on your parent image and with an end user so that you can not only get their feedback, but also get their buy-in for the solution.

With the tool launched, you will see that there are a number of options to choose from, as follows:

Activate Profile Manage Profiles Clear Profile Settings Show Session Stats Show Session Health

[ 96 ] Chapter 1

These options are shown in the following screenshot:

In the following sections, we will briefly cover what each option is used to configure.

Activating the profile The activate profile settings allow you to activate one of the preset profiles. Each profile is based on a different use case and there are three already built to choose from: one for a default user, one for a WAN-based user, and the final one for a task worker.

By selecting one of the present profiles, the settings for things such as session bandwidth, image quality, or frame rate will be updated and changed to a setting that matches that particular use case.

To activate a profile, you will need to reboot the virtual desktop machine.

[ 97 ] Fine-Tuning the End-User Experience

Managing profiles The manage profiles option allows you to adjust the settings of a particular profile. You can dynamically change image quality, frames per second, and bandwidth, and switch on build-to-lossless. You can choose from the pre-built profiles or create a new one and then save it.

Clear profile settings This will clear the profile settings and restore them to defaults.

Show session stats This option shows you real-time usage statistics for things such as bandwidth, frames per second, latency, and CPU utilization, allowing you to understand what a particular virtual desktop machine is consuming. By clicking this option, you effectively switch it on, and it will then appear on the desktop so you can monitor it.

Show session health As with the session stats option, by clicking this option, you effectively switch it on and it will then appear on the desktop. It gives you a health score for the PCoIP session to give you an indication of where there might be a problem. For example, the latency score might be low, indicating a higher latency between the client and the virtual desktop.

For a more in-depth overview of performance, capacity planning, and troubleshooting, it's worth installing something such as vRealize Operations for Horizon, which comes as part of the VMware Horizon Enterprise edition product, or consider a third-party user experience monitoring tool such as Liquidware Labs Stratusphere UX.

Teradici support tools In addition to the VMware and other third-party solutions, Teradici (the inventor of the PCoIP protocol) also have a number of tools to assist with the tuning experience, including a network bandwidth calculator, PCoIP statistics viewer.

To access the tools, click on the following link: http://tinyurl.com/qacpzr4.

[ 98 ] Chapter 1

You will need to have a Teradici support account, which you can create for free, to access these tools.

Monitoring the end-user experience Once you have tuned the desktop performance, you should consider deploying an end-user experience monitoring solution to ensure that the initial experience and performance is maintained and the solution is running at its best.

We have already mentioned vRealize Operations for Horizon; however, this tool is better at monitoring the infrastructure components.

A more focused end-user experience monitoring tool would be something such as Liquidware Labs Stratusphere UX, which goes deeper into what the end user is doing, such as application launch times, application crashes, and a complete breakdown of the login process. A screenshot of Stratusphere is shown here:

[ 99 ] Fine-Tuning the End-User Experience

The advantage of the Liquidware Labs tools is that Stratusphere UX is based on the same product that was potentially used during the assessment phase, and therefore gives you the ability to compare assessment data with the production environment and easily demonstrate the improvements made.

Summary In this chapter, we have looked at how to start fine-tuning the performance of the virtual desktop machines and the end-user experience.

To do this, we have covered how to prepare Active Directory with Horizon View-specific policies and administrative templates, to define how the virtual desktop machines behave, as well as the overall end-user experience.

We then went on to walk through each individual policy setting, explaining what it does and the different configuration options.

Finally, we looked at some of the many tools that are available to help with the tuning process, and how to monitor the user experience.

In the following chapter, we will look at how we have many user profiles in a Horizon View environment using View Persona Management and user environment management.

[ 100 ] 2 Troubleshooting Tips

As you have learned throughout this book, a successful VDI or end-user computing project is made up of multiple components, and its success comes down to delivering a good user experience and not just simply whether it is working or not. As such, it is important to have a well-defined methodology and the tools to be able to adequately diagnose and fix issues within your environment. In this chapter, we are going to cover some of the troubleshooting techniques and other methods for monitoring the end-user experience within Horizon View.

General troubleshooting tips In this first section, we are going to briefly look at some of the more general things to look at around the end users, and then the supporting infrastructure components, such as a disk, networking, and connectivity.

Looking at the bigger picture The common issue when introducing any VDI technology is that it can quickly become the point of blame when an issue occurs within your environment. You need to remember that the Horizon View technology is just one component of the overall infrastructure, along with the desktop that the user is utilizing. Just because the desktop is sitting within a VDI environment doesn't always mean it's a View issue. It could well be a desktop, network, or application issue that would have occurred in a physical environment too.

When a user reports an issue, or you notice an issue within the infrastructure, you will need to think logically as to which component within the infrastructure is the likely cause and where you will start your troubleshooting journey. Maybe it is a storage issue, or maybe it's a Windows issue and not anything to do with VDI at all! Troubleshooting Tips

Is the issue affecting more than one user? A good place to start examining any issues within your environment is by understanding who is experiencing the issue and whether more than one user has reported the same issue. If you try and recreate the issue, do you get the same results? Can another user with the same permissions and the same resources recreate the issue?

If you find that the issue is really only related to a single user, then consider the type of issue they are having. The following lists some examples:

What device are they connecting from? What connection are they connecting over, and have they tried with PCoIP, RDP, or Blast? Could it be a bandwidth or connection reliability issue? Could a port be blocked? Do they have a specific application or permission requirements? Are they entitled to the correct pools?

If you believe the issue relates to something to do with their desktop, then maybe consider refreshing it; this is the beauty of VDI, you could simply rebuild a new desktop and not spend hours trying to troubleshoot and fix application or OS issues if a simple refresh could resolve it.

If the issue is affecting more than one user, consider seeing if a fix could be applied to the base image and then rolled out to your desktop pools to simplify the process of resolving the issue.

Performance issues This is probably one of the widest subject areas to look at when troubleshooting your View environment. Performance issues could relate to so many areas and aspects, and in some cases, could also be down to personal opinions.

User-reported performance issues If your users are reporting poor performance, then ask them to try and be more specific, rather than just saying, “It's slow.” Is it taking a long time to log in, or is it an application that is taking longer than expected to load? Keep a log of the issue, along with the time and date the issue occurred or whether it's an ongoing issue.

[ 102 ] Chapter 2

Ask the users the following when the issue occurs:

How are they measuring the performance? At what time of day do they experience the problem? Are they doing something specific when they experience the problem? Are they connecting from somewhere specific or from a specific device when they have the issue?

Wherever possible, try to visit the end user and understand their issue first-hand. This will enable you to the get to the bottom of the issue with ease. Hopefully, as we discussed in Chapter 3, Design and Deployment Considerations, you will have engaged the end users early and they will be positive, on-board with the overall solution, and willing to help.

Non-VDI-related issues Performance issues on a desktop can be caused by many factors, regardless of whether or not they are virtual or physical desktops. Common areas for consideration include the following:

Extended logon times Application crashes Long application load times Operating system crashes Poor application performance Permission errors

As previously mentioned, many of these issues can and will occur whether the desktop is virtualized or not, but in the virtualized environment, they may be easier to resolve. For example, if you find you are getting OS or application crashes, consider patching these elements to the latest updates and recomposing the image for all users. This could take a lot longer and be a lot more difficult with a physical desktop estate.

Maybe login times or application load times are suffering due to a CPU performance issue; with physical desktops, you would be stuck with the hardware unless you replace or upgrade the constrained components, but in a VDI environment, you can consider tweaking the spec at the push of a button, as long as you have the underlying resources.

[ 103 ] Troubleshooting Tips

The important point to understand is that generic desktop issues will still exist regardless, so use the VDI platform to your advantage to help resolve these. We have worked with so many organizations that have deployed, that once the solution is implemented, they tend to forget about generic desktop support and spend far too much time digging deep into the VDI architecture infrastructure looking for faults when the answer may be a simple Windows OS or application issue.

Bandwidth, connectivity, and networking Networking-related issues can often be the most difficult to get to the bottom of. Where possible, ensure that you work closely with your networking team to ensure there is suitable end-to-end monitoring in place.

While your users are connecting on a LAN, you would hope there would be plenty of bandwidths, and latency would be low enough, and therefore, connectivity would be reliable. If you are struggling on a LAN consider the following:

Has anything on the network changed? Is the user connecting via a wired or wireless network? Have you configured PCoIP for QoS on your switches? Is the network currently reliable? Are you seeing any dropped packets between any of the following: Clients to the core switching Clients to servers Clients to VDI desktops

Is the latency as expected? Even on the LAN, in larger environments, bandwidth could be an issue; have you considered the sum of the bandwidth required for your client devices to VDI desktops? Are you routing between networks? Do the routers work at a suitable performance level? Are the load balancers sized correctly for your environment?

When your users are connecting over a WAN, it can sometimes be more difficult to troubleshoot or guarantee connection quality.

[ 104 ] Chapter 2

For remote or branch offices, ensure that the Internet connection is suitably sized, where possible, ensure that you have configured QoS for the PCoIP protocol end-to-end, and ensure that you have suitably configured the PCoIP policy to cope with the reduced bandwidth availability.

When troubleshooting issues, investigate the relevant logs on the client and on the View connection servers, as well as any intermediary components such as the load balancers and routers.

The following list contains some of the more common faults that a user will report:

Black Screens: This is commonly caused by ports blocking the PCoIP protocol somewhere in the chain. Check that the PCoIP port is open, such as port 4172. Disconnections: High latency and dropped packets will cause the users to be disconnected from their desktops. Ensure that you allow enough time for users to reconnect before refreshing desktops. Poor Resolution Images: Due to the nature of the protocol, if there is low bandwidth, users may complain about low-quality images. Consider limiting the image build options in the user policy.

Compute CPU and memory issues on your host servers can have a large knock-on effect on the experience for your users. As with most technical solutions, we would recommend that while you are going through your initial testing and roll out, you document your baseline for key performance characteristics, such CPU and memory utilization, and deeper metrics such as CPU ready times.

With these baselines in your toolkit, it makes it easier to compare when you have issues to find out what could be causing the problem. Likewise, using technology such as vRealize Operations for Horizon will help you understand performance utilization over time, or maybe a third-party product such as Liquidware Labs Stratusphere, which can provide both the baseline metrics (measured during the assessment phase) and the ongoing management of the entire user experience.

[ 105 ] Troubleshooting Tips

Within your VDI infrastructure, you don't want to be experiencing any memory overcommit; consider how much memory is allocated to your virtual desktops and the total memory within your hosts. Ideally, you want to ensure that your total allocated memory is less than the total in your hosts minus one host, in the case of failure or maintenance. If you are experiencing performance issues related to memory or CPU, check if memory is being swapped for any of the VMs. Is there any ballooning within the environment? Understand what your CPU Ready characteristics are. The acceptable CPU Ready figures within your VDI environment will vary based on the environment and users. Generally speaking, you are going to want to keep CPU Ready below 5% per allocated CPU, with 10% at peak.

It can be very easy when growing your VDI solution from the initial design to forget to sanity check these metrics and keep an eye on them as you grow, and all of a sudden you may find you have a compute performance-related issue.

Disk As we have previously mentioned, the disk solution deployed is a key component for a successful VDI deployment. You need to be able to keep an eye on the disk performance, which is key to avoiding issues in the future.

In the example lab environment, we are using a Tintri storage array, which is ideal for deploying in a VDI environment. As well as providing the capacity and performance required, being VM-aware storage, it also allows you to review the performance statistics over time. Tools like this are invaluable to you to avoid performance issues, or when the worst does happen, to be able to quickly identify where the issue lies. Ensure you understand the tools that are available to you with your storage vendor.

How much latency is acceptable within your environment is going to very much depend on the users; also, consider what will happen as you scale up the solution. While we may say that disk latency of less than 25 ms is generally acceptable, it doesn't mean that a user that has been using a desktop with sub-25 ms latency would be happy or not even notice that all of a sudden they were experiencing 25ms latency or more. Likewise, if a user is completing disk-intensive processes, 25 ms may be simply be too much for the user to start with.

[ 106 ] Chapter 2

The following screenshot shows the Tintri management console and disk measuring operations:

Having covered some of the more general troubleshooting tips around the infrastructure components, in the following section, we are going to look at Horizon View-specific issues.

Troubleshooting Horizon View issues There are a number of components that we have discussed throughout this book, which makes up your Horizon View infrastructure, and while they are generally very reliable, they can, of course, fail at some point, with serious knock-on effects. Wherever possible, you should be ensuring that your solution is highly available, and where not possible, ensure that the components are sufficiently monitored, using components such as vRealize Operations for Horizon.

[ 107 ] Troubleshooting Tips

View general infrastructure issues The first port of call when troubleshooting your Horizon View infrastructure should be the event log within the Horizon View Administrator console. You can quickly and easily access the event log by clicking alerts in the top left-hand corner of the screen:

You should also utilize the dashboard view in View Administrator to get a quick overview of the health of your environment. This screen will show you the health of all the key components within your infrastructure, such as vCenter, hosts, View connection servers, View security servers, desktops, RDS hosts, datastores, and more.

This is a great resource to start troubleshooting infrastructure issues within your Horizon View environment.

Also, you should not forget the simplest of troubleshooting steps when experiencing issues with your Horizon View infrastructure, such as the following:

Are all the servers, desktops, hosts, and so on contactable on the network? Are all the required services started? Is there sufficient free space on all servers? Are the memory and CPU maxed out? Have you checked all the events logs?

[ 108 ] Chapter 2

Consideration also needs to be given to the backend database systems and the effect that would be felt if they were to go offline. Ensure your SQL solution is reliant and the same as all other components if you are having issues with your vCenter or View Composer. Ensure you check the SQL server for the following:

Sufficient resources Are the services started? Are the correct ports open? Is there enough free disk space for the database and logs?

View infrastructure component issues Of course, there may be issues that arise, which are outside of those that we have discussed so far. Where Horizon View is very good in these situations is with error reporting, which quickly allows you to easily pinpoint the issue. Unfortunately, though, sometimes the corrective actions can be quite cumbersome and manual to implement.

Issues you may see that require specific corrective actions are as follows:

Manual removal of a View connection server or security server after loss of a component or OS corruptions Manual removal of VDI desktops or whole pools Recovery of Horizon View from a backup Recovery of a persistent disk from a backup Persistent disks running out of space for users

We aren't going to cover all the specific corrective actions for all of these processes here, as we could write an entire book to do them justice, but there are some great knowledge-base articles already available on VMware's KB site at the following address: http://kb.vmware.com/.

One issue that we will cover briefly, and one that does come up fairly often, is with View Composer and inconsistencies in the database that lead to provisioning errors. VMware has a tool to address this called the ViewDBChk tool, which we will cover in the following section.

[ 109 ] Troubleshooting Tips

Fixing View Composer issues with the ViewDBChk tool Provisioning errors can occur when there are inconsistencies between the LDAP, vCenter server, and View Composer databases, and are often caused by editing a virtual desktop machine directly in the vCenter server inventory, or restoring a virtual desktop machine from a backup.

The ViewDBChk tool allows View administrators to scan for machines that cannot be provisioned and also allows you to remove invalid database entries. This then allows the connection server to re-provision desktops without any errors.

You will find the ViewDBChk tool in the View folder that gets created at install time. The folder can be found by navigating to C:\Program Files\VMware\VMware View\Server\Tools\bin.

The tool is command-line driven and has a number of parameters for each of the functions you can perform. These are listed in the following screenshot:

[ 110 ] Chapter 2

For example, to run the command to remove a machine from a desktop pool, at the command prompt, type the following command:

ViewDbChk --removeMachine --desktopName

In the following section, we are going to look at some of the additional tools available for monitoring and managing the environment. vRealize Operations for Horizon vRealize Operations for Horizon is available as part of Horizon Enterprise or as a separate product. Where vRealize Operations differs from most monitoring tools is in its analytics engine. Most monitoring tools are based around setting thresholds for key values, such as CPU or memory consumed. The issue with these kinds of alarms is that by simply stumbling over a threshold value, it doesn't necessarily mean there is an issue. Sometimes, it is within the normal parameters of the applications in use, or potentially, the problem could be one of the resources not being consumed when it should be.

With the analytics engine included within vRealize Operations, it is able to learn and understand what the normal working parameters of your environment are; from this, it is then able to alert you when an error occurs that falls outside these parameters. It is also able to track growth and consumption over time to pre-empt an issue prior to it occurring. vRealize Operations for Horizon should be installed, where possible, at the beginning of your project. vRealize Operations is deployed simply via a single virtual appliance or vApp, and when deployed and configured, it starts listening and learning about your environment.

There are three key metrics tracked with vRealize Operations; these are, Health, Risk, and Efficiency:

Health reports on the current health status of your environment. Items that could affect health would be high packet loss, component failure, disk capacity at a critical level, and more. Risk indicates an issue within your environment, which, if left unintended, could very well become an issue to the health of your environment.

[ 111 ] Troubleshooting Tips

Efficiency reports on considerations such as overprovision, which, if rectified, could help you get more out of your environment to maximize the investment. An example of this would be VMs with overprovisioned CPU or memory:

vRealize Operations for Horizon also includes specific features to ensure you fully understand the health of your Horizon View environment, including the full visibility of the PCoIP protocol, as well as integration for health monitoring with the View connection server, View Security, and more.

The analytics engine of vRealize Operations will learn about your environment and understand what is normal, raising alarms based on dynamic thresholds for your environment rather than meaningless static thresholds.

Within vRealize Operations, a smart alerts feature is also incorporated, which allows you to quickly understand the root cause of an issue within your infrastructure and the recommended remediation actions to resolve the issue.

[ 112 ] Chapter 2 Third-party management tools As well as the VMware monitoring solutions, there are other solutions available. One that is worth mentioning is Liquidware Labs Stratusphere UX, as this is designed more with the end users in mind and monitors the entire end-user experience:

It also provides the assessment features that are essential in planning and designing an environment.

Getting further help There are a number of resources available if you are struggling to get to the bottom of an issue with Horizon View. First and foremost, we would recommend logging a call as early as possible with VMware Support to get the best assistance possible to resolve your issue.

There are also a large amount of resources online, such as blogs. Google VMware Planet V12N for a list of VMware bloggers that may have suitable resources.

There is also the VMware Community, which has a wealth of resources available at h t t p s : /

/ c o m m u n i t i e s . v m w a r e . c o m.

[ 113 ] Troubleshooting Tips

Finally, and possibly the most useful resource, is the VMware knowledge base, as we have mentioned previously in this chapter. At the time of writing this, there are 300 specific support topics related to Horizon View, including video how-to guides, alongside step-by- step resolution guides.

Summary In this chapter, we have covered some of the methods and areas to consider when troubleshooting issues within your Horizon View environment. Consideration should be given to the bigger picture to ensure that you fully understand the issues the user is facing and which area of the user's desktop experience could be causing these issues. Where possible, use monitoring tools such as vRealize Operations for Horizon to find the root cause of the problem. There are a number of areas within Horizon View you should check if you believe you have infrastructure problems; these include the dashboard, and the event log, within Horizon View Administrator.

Finally, we covered getting further help from VMware Knowledge Base.

We have now reached the end of this book, and upon reaching this point, you should now have a greater understanding of the architecture of the Horizon suite and how to design your end-user computing solution. You should also understand the stages and details involved with rolling out Horizon View for your users, including installing the various components, and configuring, designing, and building the desktop images and pools. You will have learned about the various methods to layer your applications to your desktops using technology such as ThinApp, RDSH-published applications, and App Layers.

Designing and rolling out any end-user computing solution to any organization is a task that must be taken with care and understanding for the users, and we hope the elements that we have covered within this book will better equip you for the tasks ahead.

[ 114 ] Index

A vRealize Operations 111, 112 Active Directory P configuring 1, 2 PCoIP tuning tool Group Policy Objects (GPO), creating for Horizon about 96 View 3, 5, 6 profile settings, clearing 98 Horizon View ADM templates, applying 6, 8, 9, profile, activating 97 10 profiles, managing 98 Horizon View ADM templates, importing 6, 8, 9, 10 reference link 96 loopback policy, enabling 11, 12 session health, displaying 98 Organizational Unit (OU) 3 session stats, displaying 98 Administrative Template (ADM) 2 performance issues about 102 C user-reported performance issues 103 policy settings configuration command about 12 View USB configuration 39 PCoIP client session variables 29 PCoIP session variables 13, 14, 15, 16, 17, 18, E 20, 22, 23, 24, 26 end-user experience VMware Horizon URL redirection 30 monitoring 99 VMware View Agent configuration 32 F T faults, reporting Teradici support tools black screens 105 about 98 disconnections 105 reference link 98 poor resolution images 105 third-party management tools 113 troubleshooting tips H VDI technology 101 Horizon View issues, troubleshooting about 101 general infrastructure issues 108 bandwidth 104 infrastructure component issues 109 compute 105, 106 infrastructure issues 109 connectivity 104 Horizon View Virtual Desktop Policy 3 disk performance 106, 107 Horizon View issue type 102 issues, troubleshooting 107 networking 104 Horizon non-VDI-related issues 103, 104 performance issue 102 View Agent Direct 61 View Agent Direct-Connection configuration 55, V 56, 57, 58, 60 View USB configuration View RTAV configuration 48 about 37, 39 View RTAV, webcam settings 49 client downloadable only settings 41, 42 View USB configuration 37, 38 ViewDBChk tool VMware Blast 62, 63, 64, 65, 67 about 109 VMware FlashMMR 48 used, for fixing View Composer issue 110, 111 VMware View Client configuration 69, 70 VMware Community VMware View common configuration 83, 85 reference link 113 VMware View Server configuration 94 VMware Support VMware View Client configuration help resources 113, 114 about 69, 70 VMware View Agent configuration VMware View USB configuration 72 about 32 VMware View USB Configuration, settings not agent configuration 43, 44, 46 configurable by Agent 73 agent security 46 VMware View Common configuration scanner redirection 51, 53 about 83, 84 serial COM policy settings 53 log configuration 85, 86 serial COM, port settings 53 performance alarms, configuring 88, 90 smart redirection, local reader access 33 security configuration 92 smartcard redirection 33 VMware View USB Configuration SSO configuration 36, 37 scripting definitions 75, 76, 77 true SSO configuration 34 security settings 78, 81 Unity Touch and Hosted Apps 47 VMware reference link 109

Table of Contents