Determine the access infrastructure required
The access infrastructure provides connectivity between the client access device and the infrastructure hosting the desktop sessions. The access infrastructure includes the LAN and WAN infrastructure, as well as components for dynamic desktop connection management. View relies heavily on bidirectional network communication for screen updates, so View sessions can be affected by the performance of the underlying network infrastructure.
A properly designed and sized access infrastructure might not be your responsibility to design or deploy, but it’s critical to understand the requirements. Those requirements are optimally identified by testing the applications and application groups using the proposed access protocol. Latency and bandwidth data acre also critical. The bandwidth and latency statistics, for example, might indicate that a remote office uses a link that cannot support the View use case. These scenarios will affect the final design.
Use assumptions very carefully and try to ensure they are only used in the very early stages of the design for estimates. Any assumptions must be validated as part of the design process.
Ensure the following are considered in the design:
- Remote Access and VPN Integration
- Firewall Integration
- Local and Wide Area networking
- Protocol Load Balancing
- Horizon View Security servers
- Horizon View connection servers
- Horizon View Transfer servers for local mode desktops
- Horizon View Administrator and role based delegated administration
Establish the accounts necessary for View Services (e.g View Composer, vCenter Server)
As with any solid, secure design, specific service accounts will be created within AD and used for specific roles. Generic accounts should never be used within an enterprise class design. VMware documentation states the following should be used to administer View components:
- vCenter Server
- Configure a user account in AD with permission to perform the operations in vCenter server that are necessary to support View Manager. If multiple vCenter instances are being used, ensure you have accounts for each vCenter instance.
- View Composer
- Create a user account in AD to use with View Composer. View composer requires the account to join linked-clone desktops to the AD domain. This account should not be a View administrative account. Ensure the account has the minimum privileges that it requires to create and remove computer objects in a specified OU container. This account does not require domain admin privileges
- View Connection, Security, Transfer Server
- Initially all users who are members of the local admin groups on the View connection server computer will be able to login to View Administrator. In View Administrator you can lock down the View Administrators
- View Composer DB
- An SQL or Oracle DB stores View Composer data. You create an admin account for the DB that you can associate with the View Composer user account
- View Events DB
- An SQL or Oracle DB stores View event data. You create an admin account for the DB that View Administrator can use to access the event data.
Determine the number of View Standard/Replica servers required for the design
A View connection server running on Windows Server 2008 R2 can support approximately 2000 tunnelled connections, however more (unspecified) direct connections are possible.
Tunnelled connections are secured using SSL therefore incur additional overhead which limits the number of sessions to 2000.
An early part of the design process is to determine the number and location of View connection servers. Each View connection sever provisioned with the minimum supported system specification will support 2000 users as already mentioned. Ideally, all View Connection servers will be deployed as VMs for ease of management. A minimum of 2 connections servers should be deployed with any instance for failover and redundancy purposes. VMware supports a maximum of 5 active connection servers per replication group because of JMS (Java messaging service) performance limitations. A further 2 connection servers can be added as ‘hot spares’ which can be managed in View Administrator. So 5+2.
View connection servers should reside on a secure internal network. View connection servers maintain an ADAM (AD LDS) DB of desktops and user entitlements. View connections servers must be part of the same AD forest as the authenticating users.
View connection servers can interface with multiple vCenter instances.
View connection servers must be installed on a dedicated system.
View connection servers handle the brokering feature of VMware View. View includes a dedicated ADAM DB that stores all the configuration information and most of the status information for the View connection servers. This DB is created during the first installation of the View connection server (the standard server) and is automatically replicated to the replica connection servers as and when they are added.
View connection servers redirect connections to View desktops. The sessions between the View client and the desktop can be tunnelled through the connections server or connected directly to the desktop. Each View connection server can accommodate the connection brokering needs for many thousands of View users. When administering large user estates, a good design principle is to keep one connections server free of connection brokering and make it a dedicated administration server. View connection servers can be configured to provision and mange desktops in multiple vCenter server instances. For example, one connection server that manages 2000 desktops, connecting to 2 vCenter instances each managing 1000 desktops each.
It’s worth noting that all View connection servers in a replication group can handle connection brokering and admin functions equally. There is no primary connection server.
Determine the number of View Security servers required for the design
View security servers are special instances of the View connection server that runs a subset of the connection servers components. Security servers are used to provide an additional layer of security between the internet and the internal network. A security server should reside in a DMZ and acts as a proxy host for connections in the trusted network. The Secure Gateway service handles SSL traffic for RDP, MMR and USB redirection. The PCoIP Secure Gateway server handles PCoIP traffic.
Security servers should not be domain joined, and should be hardened as with any internet facing Windows server.
Security servers are multi homed servers with one connection in the DMZ and one connection to the secure network.
A security server can only be associated with one connection server.
A connection server can be associated with multiple security servers.
The maximum number of concurrent sessions for a security server is 2000 sessions. This is only applicable when using a 64-bit 2008 R2 server with 10GB RAM.
Determine the number of View Transfer servers/repositories required for the design
View Transfer servers are a required component if local mode desktops are to be used in the design. The View Transfer server supports:
- Checkout operations
- Check-in operations
- View Connection server authorises checkout and check-in
- The transfer server transfers the virtual desktop files between the data centre and the local client device
- The transfer server synchronises the local desktop with the vCenter server version
- When using linked clones, the transfer server downloads View Composer based images to the local client device
- Does not have to be a domain member
- Must have 2 static IP addresses
- Should have 2 vCPUs
- Must have the LSI Logic Parallel SCSI driver (not the default!!!!)
Establish design characteristics of the Virtual Profile repository
You can configure a remote repository to store the user data and settings, application-specific data, and other user generated information in user profiles. If Windows roaming profiles are configured in your design, you can use an existing AD user profile path instead.
You can configure View Persona management without configuring Windows roaming profiles.
When creating a profile repository the following guidelines should be adhered to:
- The folder can be a shared folder on a server, a NAS device or a network server
- The shared folder does not have to be in the same domain as the connection server
- The shared folder must be in the same AD forest as the users who store profiles in the shared folder
- You must use a shared drive that is large enough to store the user profile information for your users. When designing large environments you should configure separate repositories for different desktop pools
Determine an appropriate load balancing solution for the design
In previous sections of this objective, we have discussed that multiple access servers are common place if not standard practise. When we have multiple connection and security servers VMware recommend front ending each type of connection server with a load balancer. Load balancers have several performance enhancements to include:
- High Availability
- Enhanced Reliability
- All connection requests use a single DNS name
- The load balancer must be able to detect connection/security server failures and remove the failed server node from the group