Monday, August 7, 2017

Mapping VMware Updates and Tools to Build Numbers

VMware has always branded its software as GA, Update 1, Express Patch 4, etc etc. This makes it easy to discuss features and fixes among employees and customers alike. The challenge, as many of you know, is knowing the exact build numbers that correlate to these upgrades and patches. Those specific build numbers are often requested by TAMs, Support, and Engineering in order to ensure accurate recommendations when upgrade planning or troubleshooting.

Another challenge is knowing where in the stack of released versions you line up. If you're on vSphere 6.5.0b Patch 1, is that before or after Express Patch 1b? When did Update 1 come out again?

Luckily, VMware has made it easy for you to track down these build numbers, and know where you are in the greater timeline of releases. VMware Knowledge Base Article 1014508 is a hub of build numbers for most VMware products. Be sure to bookmark this page!

Table from KB1014508

You may notice a key component missing from this table, and that would be VMware Tools, VMware's guest operating system management and performance solution. VMware Tools can throw in some complexity since there are versions that come bundled with ESXi hosts, and there are separate build numbers for how ESXi sees it, vs how the Guest OS sees it. This can be overly complicated in mapping out. Here's the second page to bookmark:
https://packages.vmware.com/tools/versions 
Notice the 4 columns of information. As the page states, the columns represent the Tools Client registered build, the source ESXi build bundle, the GOS identified build, and the ESXi server build number. All in a public setting that easy to consume and report on.

Thanks for reading!

Share:

Saturday, March 18, 2017

Horizon 7.1 | Everything you need to know [Updated]

horizon71

VMware released the highly anticipated Horizon 7.1 this week and there are all sorts of enhancements and new features related to the next-gen virtual desktop infrastructure. Here's your one-stop-shop for everything you need to know.

[Update] Check out the new Horizon 7.1 Technical Overview Video on YouTube and ensure sure your environment is configured properly for a successful upgrade.

Horizon 7.1 Official Pubs including installation, upgrades, configuration, and administration.

See the official What's New post hosted on the VMware EUC Official Blog

Always review the Official Release Notes prior to upgrading your environment

Credit to Tony Huynh, VMware Director of Horizon Product Management and the EUC Technical Marketing Team

Enhancements to Horizon


  • Instant Clone (IC) updates

    • Instant clone support for RDS hosts provides the ability to rapidly provision RDS hosts and build out your RDSH farms.

    • Automated maintenance mode allows the administrator to schedule windows and put their RDS hosts in maintenance mode.

    • Multi-vLAN support for Instant Clones removes the limitation of 1 vLAN per 1 IC pool, and enables multiple vLANs per pool.

    • vGPU-backed Instant Clones provides the option to provision IC desktop pools with vGPU enabled.

    • Automatic deletion of Instant Clone parent VMs with host maintenance mode – currently, administrators must manually delete ParentVMs before ESX can go into maintenance mode. This feature eliminates the need for admin intervention.

  • Unauthenticated Access - allows users to directly access their RDSH applications without having to logon using Windows AD credentials. This preserves workflows for nurses and doctors using kiosk stations (Windows and Linux clients only).

  • RDSH Application Icon Customization - administrators can now customize the icon for their RDSH Applications.

  • Windows Server 2016 support for Horizon infrastructure - deploy Horizon Broker and Composer using Windows Server 2016.

  • Enterprise scale Cloud Pod Architecture (CPA) – increases the scale for CPA up to 75k sessions across 5 sites

  • Support for ADMX files - upgrade to ADMX files, which are used exclusively by Windows 10, 2012, 2016.

  • Support of tags for global entitlements in CPA – supports the use of tags to allow the administrator to control desktop accessed based on admin-specified attributes and extends support for global entitlement in CPA environments.

  • Protect full clone pools with vSphere VM encryption – for environments running vSphere 6.5 and above, VMware has qualified and now support encryption with full clone pools.

  • Horizon desktop restart – allows users to restart their virtual desktop from the client menu without administrative intervention.

  • Horizon PowerCLI updates – instead of requiring a separate package to support PowerShell, Horizon 7 now provides an integrated module included in VMware PowerCLI 6.5 R1.  These PowerCLI samples have now been posted to GitHub to be shared with community.

Unified Access Gateway (UAG) 2.9.1


  • Formerly known as Access Point

  • Blast Extreme Adaptive Transport (BEAT) support – supports a new release of Blast Extreme.

  • FIPs OVA - Separate OVA for FIPS-140-2 with restrictive functionality with only PSG support available in this release, BSG support will be released in patch v2.9.1

  • Admin User Interface (UI) - minimal UI enhancements

    • To make deployment and troubleshooting easy, new health status for services and backend resources using color coding has been added in the UI

    • Ability to change log levels from UI for ease of debugging

  • Access to on premise legacy apps - Supports access to on premise legacy apps using headers and Kerberos based authentication. UAG acts as Identity Bridge to convert SAML to Kerberos or headers for back end resources access.

  • Security enhancements - SLES 12 SP2 with updated opens’ version.

  • Hyper-V support - Provides additional flexibility and footprint for UAG in Microsoft environments. Current release only AirWatch uses cases has been qualified by QE. Horizon use cases to be qualified in future

Blast Extreme Updates

  • Blast Extreme Adaptive Transport (BEAT) – a new end-to-end protocol optimized for LAN and WAN environments, while delivering higher frame rates, faster file transfers and consuming up to 50% less bandwidth.

  • UDP-based transport is specially designed for low bandwidth, high latency, and high packet loss networks. UDP mode is only available with the Unified Access Gateway.

  • Over 4X faster file transfers for transcontinental connections and over 6X faster file transfers for intercontinental connections when compared to Horizon 7.0.2.

  • Automatically connects using UDP (primary) or TCP (secondary) transport protocol.

  • Intelligent error correction for increased data reliability.

  • Enterprise level security with SSL web sockets

    • AES encryption for TCP

    • DTLS encryption for UDP

  • Available across all Horizon desktop and mobile clients

Remote Experience Updates


  • Skype for Business (beta release) – with the new VMware Horizonâ Virtualization Pack for Skype for Business, customers can now communicate using rich audio and video codecs native to Skype. This initial release is only available for Windows clients. For more information, please refer to the Skype beta community page - https://communities.vmware.com/community/vmtn/beta/horizon-skype4business-beta/overview

  • User login enhancements – allows administrators to hide domain name from login list for increased security. Users can login using <domain name>/<user name> to access their desktops and apps.

  • Windows 10 Aero Peak and Aero Snap – allows users to take advantage of Windows 10 enhancements.

Horizon Client Updates

  • Windows 4.4 client updates

    • Support for Unauthenticated Access with Horizon Apps

    • Support for multiple proxy servers configured with proxy auto-config (PAC) file

    • Hide domain list and server URL from client UI for enhanced security

    • Support <domain>/<user name> format in username field

    • Desktop restart option from client menu

    • Resolution helper to show the resolution of virtual desktop

    • Aero snap-assist mode in Windows 10

    • Support for Aero Peak

  • Mac 4.4 client updates

    • Biometric authentication support with Touch ID

    • Touch bar integration for enhanced user experience

    • Hide domain list and server URL from client UI for enhanced security

    • Support <domain>/<user name> format in username field

    • Desktop restart option from client menu

    • Automatic client update

  • Linux 4.4 client updates

    • Unauthenticated Access for Horizon Apps

    • Support for Ubuntu 16.0 x86_64

    • Support for RHEL 7.3 x86_64

    • Hide domain list and server URL from client UI for enhanced security

    • Support <domain>/<user name> format in username field

    • Desktop restart option from client menu

    • USB redirection UI for Horizon Apps

  • iOS 4.4 client updates

    • New widget to easily launch Desktops and Apps

    • Push default user name to client with Airwatch using AppConfig

    • Hide domain list and server URL from client UI for enhanced security

    • Support <domain>/<user name> format in username field

    • Desktop restart option from client menu

    • Support App Transport Security (ATS) for enhanced security

  • Android 4.4 client updates

    • Support for multiple monitors (2 monitors) – Tech Preview

    • Immersive full screen experience and system mouse icon

    • Hide domain list and server URL from client UI for enhanced security

    • Support <domain>/<user name> format in username field

    • Desktop restart option from client menu

    • Preservation of sidebar and touch ball position

    • Connect to PCoIP secure gateway with FQDN

  • Chrome 4.4 client updates

    • Support for multiple monitors (2 monitors) – Tech Preview

    • Hide domain list and server URL from client UI for enhanced security

    • Support <domain>/<user name> format in username field

    • Desktop restart option from client menu

    • Connect to PCoIP secure gateway with FQDN

  • HTML 4.4 Access

    • UX redesign for enhanced user experience

    • Hide domain list from client UI for enhanced security

    • Support <domain>/<user name> format in username field

    • DPI Sync to deliver extremely sharp graphics and text

    • Desktop restart option from client menu

    • Support for multiple monitors (2 monitors with 2560*1600) – Tech Preview

  • Windows 10 4.4 UWP client updates

    • Support for Xbox One device

    • PCoIP General Availability

    • Pin Horizon client to start menu

    • Launch UWP client from Workspace ONE portal with vIDM integration

    • Screen rotation support for enhanced user experience

    • Enhanced stability and performance with H.264 codec of Blast Protocol

Horizon for Linux Updates

  • Support for USB redirection – Tech Preview

  • Support for CDR – Tech Preview

  • SSO with Ubuntu 14.04 and 16.04

  • Keyboard layout and locale sync-up

  • Support RHEL 7.3 x84_64 as guest OS

  • Support Cent OS 7.3 x84_64 as guest OS

  • Support for SUSE Linux Enterprise Desktop/Server 12 SP2 as guest OS

Share:

Tuesday, January 17, 2017

My Top 10 Horizon View Tips

If you're just getting started with managing a Horizon View environment, or if you're looking for ways to make the most of your new environment, then head on over to the VMware TAM Blog to see my Top 10 List for a successful Horizon View deployment. This post covers the basics for the core Horizon Infrastructure, so no mention of app virtualization or profile management. Those may come later if there's enough demand.

vmware-horizon-network-port
Share:

Wednesday, November 16, 2016

Horizon Linux VM (pre-packaged) [Updated]

I'm excited to share what I've been working on the last several weeks. Recently I posted over on my Github a new project I'm working called Horizon Linux VM. It's a pre-packaged Ubuntu OVA that automates most of the customization and configuration needed for a Linux Desktop Template to be used in a VMware Horizon 7 environment. The project is now an official VMware Fling. 

screen-shot-2016-11-17-at-3-37-06-pm

Check out the Ubuntu OVA for Horizon on VMware Flings

In short, it's an OVA built from Ubuntu's mini.iso (to keep footprint down) that has the below key features (full changelog available on Github)

  • Built from Ubuntu’s mini.iso for a minimal footprint

  • Installs the MATE desktop environment

  • Downloads and installs the latest Open VM Tools packages

  • Installs Horizon Agent dependencies

  • Installs Winbind (optional)

  • Configures krb5.conf

  • Configures smb.conf

  • Joins the domain (optional)

  • Optimizes login screen for VDI
Share:

Thursday, November 3, 2016

Send Time Machine backups to a VM hosted in Windows

I've successfully configured Time Machine backups over my home network using VMware Workstation, Ubuntu, and a 1 TB WD drive. A big thanks to HowToGeek for their Raspberry Pi post for the inspiration and to Netatalk's Wiki. Here we go!

screen-shot-2016-11-03-at-8-44-29-am:: Prerequisites


  • Windows (using Windows 10 in this tutorial)

  • VMware Workstation (using 12.5 Pro)

  • Linux ISO (using Ubuntu 16.04 mini.iso)

  • Dedicated backup drive (using a 1TB WD) formatted as HFS+

  • macOS Seirra

:: Prepare your drive


Format your hard drive to be HFS+. This can be done by booting to any linux live disk and using gparted. You'll likely need to install hfsprogs and hfsplus to enable the formatting.

When attached to your Windows Host system, Windows won't mount this drive in Explorer, but you can still see it in Windows Disk Management to ensure it's working properly. Here it shows as Disk 0screen-shot-2016-11-02-at-9-22-21-pm

Choose a mount point that your backup server will use for the drive. I'll use /media/tm
Choose a user that will connect to your backup server from the Mac. <your-user>

Save these for later.

:: Setting up the dedicated backup server


I run my personal servers on a Windows 10 box under VMware Workstation. It's plain simple, easy to administer and maintain, and works great for home needs. Because I like dedicating my servers to individual VMs, I wanted a small VM to attach my 1 TB backup drive to - something with a small footprint as I won't need to interact with the OS much. This is why I chose to use Ubuntu's mini.iso

  1. In Workstation, create a new VM using the mini.iso. The only 'options' I chose to install with it were opensshserver for management, and samba (might use this in the future). My VM uses 512 MB of RAM and 1vCPU.

  2. Obtain HFS+ support by running
    sudo apt-get install hfsprogs hfsplus

  3. Let's take a moment to add our disk to the VM. I chose for my VM to have direct access to the physical disk as its primary purpose will be for backups.screen-shot-2016-11-02-at-9-25-48-pm
    screen-shot-2016-11-02-at-9-26-09-pm

  4. Now boot the VM back up, and mount the drive
    sudo mount -t hfsplus -o force,rw /dev/sd* /media/tm

    You should also add this to /etc/fstab so it mounts properly at boot
    /dev/sd* /media/tm hfsplus force,rw,user,auto 0 0

  5. Setup permissions for your user that will connect to the server
    sudo chown -R root:users /media/tm
    sudo chmod -R g+rwx /media/tm
    sudo usermod -a -G users <your-user>

  6. Once that's done, follow Netatalk's Wiki on setting up v3.1.10 (current at time of writing) on Ubuntu 14.04 (my server is using Ubuntu 16.04 and I can attest it works). Here are the commands for reference:
    sudo apt-get install build-essential libevent-dev libssl-dev libgcrypt11-dev libkrb5-dev libpam0g-dev libwrap0-dev libdb-dev libtdb-dev libmysqlclient-dev avahi-daemon libavahi-client-dev libacl1-dev libldap2-dev libcrack2-dev systemtap-sdt-dev libdbus-1-dev libdbus-glib-1-dev libglib2.0-dev libio-socket-inet6-perl tracker libtracker-sparql-1.0-dev libtracker-miner-1.0-dev

    wget http://prdownloads.sourceforge.net/netatalk/netatalk-3.1.10.tar.gz

    tar -xf netatalk-3.1.10.tar.gz

    cd netatalk-3.1.10

    ./configure --with-init-style=debian-systemd --without-libevent --without-tdb --with-cracklib --enable-krbV-uam --with-pam-confdir=/etc/pam.d --with-dbus-sysconf-dir=/etc/dbus-1/system.d --with-tracker-pkgconfig-version=1.0

    make

    sudo make install

     
  7. Now edit your /etc/nsswitch.conf and append mdns4 mdns to the end of the hosts file so it looks like this
    hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 mdns

     
  8. Create the file /etc/avahi/services/afpd.service with the below contents
    <?xml version="1.0" standalone='no'?><!--*-nxml-*-->
    <!DOCTYPE service-group SYSTEM "avahi-service.dtd">
    <service-group>
       <name replace-wildcards="yes">%h</name>
       <service>
         <type>_afpovertcp._tcp</type>
         <port>548</port>
       </service>
       <service>
         <type>_device-info._tcp</type>
         <port>0</port>
         <txt-record>model=TimeCapsule</txt-record>
       </service>
    </service-group>
     

  9. Setup the Netatalk AFP File Server config file /usr/local/etc/afp.conf
    [<your-user>]
     path = /home/<your-user>
     rolist = <your-user>
    
    [Global]
     mimic model = TimeCapsule6,106
    
    [Time Machine]
     path = /media/tm (or whatever your mount point is)
     time machine = yes

  10. Run the init scripts in this order
    sudo /etc/init.d/avahi-daemon start

    sudo service netatalk start
  11. Add services to default runlevels
    sudo update-rc.d avahi-daemon defaults
    sudo update-rc.d netatalk defaults

  12. Back on your Mac, add your Ubuntu machine to /etc/hosts
    x.x.x.x <ubuntu-hostname>

  13. At this point, you should be able to connect to the server via hostname. From Finder Window, press command+K and enter the server address afp://<ubuntu-hostname> 

  14. Open Time Machine Preferences and select the Time Machine disk
If you don't see your disk in Time Machine preferences, ensure that it was mounted as read/write on the backup server. Good luck!
Share:

Monday, October 3, 2016

Head over to the TAM Blog

Recently I posted an article over at VMware's TAM Blog about working around Kiosk Mode for an iPad using Horizon. Given there is no official Kiosk Mode for iPads, we work around this using a pre-determined username and password that all kiosk users would use. The iPad is then put into Guided Access mode to lock the iPad to the Horizon Client app. This configuration is likely best suited for use of a known set of users where individual profiles/accounts aren't necessary.

Head over to the VMware TAM blog to check it out and other great posts from the Technical Account Manager program!
Share:

Tuesday, September 27, 2016

Deploying Linux VDI Pools with Horizon 7 [Updated]

Interested in a pre-packaged Ubuntu OVA for Horizon 7? See my latest project here!

:: This post has been updated to included changes for Horizon 7.1 and Ubuntu 16.04. Any Horizon 7.1 specific callouts will be in GREEN ::

One of the more popular posts on That Virtual Boy has been Deploying Linux VDI Pools with Horizon 6. That post was written when Linux and VDI were just getting acquainted. Horizon has grown up a bit and we're now at Horizon version 7.0.2 which means we have plenty of new enhancements and capabilities to bring to the table. In this post, we're going to cover what has changed for Linux in Horizon since that last article, and then we'll dive right into the process of building out a Virtual Linux Desktop Infrastructure (VLDI? yeah.. I'm sticking with it!)

#VLDI

:: What's changed since the last article


  • No more 32bit Linux desktops. x64 Architecture is required.

  • Support for NVIDIA GRID vGPU, vSGA, RHEL 7.1 and Ubuntu 14.04

  • View Agent installation of JRE 8 is now automated

  • Blast Protocol changed from using port 5443 to 22443

  • Support for Clipboard Redirection (clipboard memory size also configurable)

  • Support for Single Sign On (SSO) >> Only for SLED, RHEL, and CentOS

  • Support for Smart Card Redirection with SSO

  • Support for SLED 11 SP3/SP4

  • Support for HTML Access 4.0.0 on Chrome

  • Support for CentOS 7.1

  • Support for SLES 12 SP1

  • Support to check dependency packages unique to your distro before installing the Horizon Agent

  • Support to use the Subnet option of /etc/vmware/viewagent-custom.conf to specify the subnet used for Linux Desktop connection with multiple subnets connected

  • Support for H.264 encoder software

  • Support for managed virtual machines (woot!)

  • Support for Horizon Client for iOS/Android (woot! woot!)

  • Support for Automated full-clone desktop pools (<insert triple woot!>)

  • RHEL 7.3, CentOS 7.3, SLED 12 SP2, and SLES 12 SP2 support

  • Linux Agent Single Sign On (SSO) for Ubuntu 14/16

  • Client Drive Redirection (CDR) available as tech preview

  • USB Redirection available on Ubuntu 14/16 as tech preview

  • Keyboard Layout/Locale Synchronization supported on Windows Client

VMware docs tell us that changes have been made in Horizon 7 to how Linux desktops are managed - they're now vCenter managed instead of UNmanaged desktops (Horizon 6). This will require us to perform one of two actions to our existing Linux Desktops:

  1. Upgrade to 7.0.2 and retain the unmanaged VM.

  2. Upgrade to 7.0.2 and convert the VM to a managed VM.

NOTE: Linux desktops still have to be deployed to a Manual Pool, similar to the process followed in my Horizon 6 post, unless creating an automated Full Clone pool which this article will cover.

:: Getting Started

Before jumping in, there are a few prerequisites that should be considered.

  1. Will your Linux Desktops be using 2D graphics or 3D graphics? Currently only RHEL 6.6/6.7/6.8 and 7.2 can utilize 3D graphics. See VMware Pubs for more info.

  2. Confirm supportability for your desired guest distro.

  3. Ensure vSphere is version 5.5 u3 (for Horizon 7.0.x), or 6.0 u2 (for Horizon 7.1) or later

  4. Best stick with the latest Horizon Client available for the client machines. See what's new with Horizon Client 4.2 here. (Latest Client Downloads Here)

  5. Verify Ports
    screen-shot-2016-09-19-at-12-04-59-pm

  6. Verify recommended vCPU and vRAM sizing based on your configuration needs.

:: Preparing our Parent Image


Some call this the Golden Image, or the VDI Template.. I will refer to this as the Parent.

  1. First, create a new VM. We'll be using Ubuntu 14.04 x64. Notice my vRAM configuration. 10 MB is the minimum vRAM size recommendation for a machine that is configured with a single monitor at the lowest resolution.
    screen-shot-2016-09-26-at-10-13-25-am

  2. Make any necessary network configurations to gain network access, and ensure the VM is fully patched. You'll want to ensure you can ping your Connection Servers by FQDN.
    [gallery ids="1714,1712,1711" type="rectangular"]

  3. Now we'll install VMware Tools. Previously, we just mounted the ISO from ESXi and installed it. However, VMware now recommends installing Open VM Tools - a tools package managed through the OS's native packaging system. This is actually a much better way to manage Tools for Linux desktops. Follow along with the Ubuntu 14.04 Open VM Tools Guide Here. For Horizon 7.1 and Ubuntu 16.04, open-vm-tools-desktop is already in the Ubuntu repositories, so all you need to do is type 'apt-get install open-vm-tools-desktop' and skip the rest of this step.

    1. Starting at Step 2 from the guide, we download the VMware Package Keys in order to add the deployPkg Tools Plugin.

cd ~
mkdir vmw_pckg_keys
cd vmw_pckg_keys
wget -r --no-parent --reject "index.html*" http://packages.vmware.com/tools/keys/

** Be sure to include the trailing  /  otherwise you'll be downloading everything from packages.vmware.com.

Ensure you see both keys listed in your directory, then import them.
sudo apt-key add VMWARE-PACKAGING-GPG-DSA-KEY.pub
sudo apt-key add VMWARE-PACKAGING-GPG-RSA-KEY.pub

Create the tools-install.list by first going to su, then entering the data below
sudo su -
echo "deb http://packages.vmware.com/packages/ubuntu precise main" > /etc/apt/sources.list.d/vmware-tools/list
screen-shot-2016-09-21-at-3-55-33-pm

Then run apt-get update and install the package
# apt-get update && apt-get install open-vm-tools-dploypkg

Then either log out and back in, or reboot

You can verify your tools version by running
vmware-toolbox-cmd -v
screen-shot-2016-09-21-at-4-00-45-pm

:: System OS Tweaks


  1. Set Default Run Level to 5
    sudo vi /etc/init/rc-sysinit.conf

    Change this line to runlevel 5
    env DEFAULT_RUNLEVEL=5

    screen-shot-2016-09-27-at-3-25-47-pm

  2. On an Ubuntu machine that was configured to authenticate with an OpenLDAP server, set the fully qualified domain name on the machine.

  3. Edit the nsswitch.conf file to improve the VM's network outage recovery capability
    vi /etc/nsswitch.conf

    Change this line to
    hosts: cache db files dns

  4. Install Dependency Packages for Horizon Agent (Ubuntu 14.04)
    wget http://launchpadlibrarian.net/201393830/indicator-session_12.10.5+15.04.20150327-0ubuntu1_amd64.deb
    sudo dpkg -i ./indicator-session_12.10.5+15.04.20150327-0ubuntu1_amd64.deb
    Screen Shot 2016-09-27 at 3.35.24 PM.png


For Ubuntu 16.04


apt-get install python-dbus python-gobject

:: Configure Ubuntu to Integrate with Active Directory


NOTE: I will be installing and using Winbind. A good reference for doing this can be found here. For Ubuntu 16.04 on Horizon 7.1, you will also need to install libnss-winbind and libpam-winbind
"With the Winbind solution, the step to join the domain will fail because each cloned VM has a different host name. Each cloned VM needs to run the following command to rejoin the domain" - so we will add this to our logon scripts. << Per Documentation


sudo /usr/bin/net ads join -U <domain user>%<domain password>

  1. Update /etc/hosts to include the Domain Server
    screen-shot-2016-09-27-at-3-46-25-pm

  2. Edit /etc/krb5.conf to look like this
    [libdefaults]
    ticket_lifetime = 600
    default_realm = YOURDOMAIN
    default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
    default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
    [realms]
    YOURDOMAIN = {
    kdc = IP of your AD 
    default_domain = YOURDOMAIN
    }
    [domain_realm]
    .yourdomain = YOURDOMAIN
    yourdomain = YOURDOMAIN
    [kdc]
    profile = /etc/krb5kdc/kdc.conf
    [logging]
    kdc = FILE:/var/log/krb5kdc.log
    admin_server = FILE:/var/log/kadmin.log
    default = FILE:/var/log/krb5lib.log

Enter the following at the shell to test kerberos authentication:
kinit username@DOMAIN

screen-shot-2016-09-27-at-4-06-32-pm

Use the command klist to verify you received a ticket.
Screen Shot 2016-09-27 at 4.08.55 PM.png

3. Edit /etc/samba/smb.conf to look like below

[global]
workgroup = domainname
password server = hostname of domain controller
wins server = IP of wins server
realm = DOMAIN
security = ads
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/bash
winbind use default domain = false 
winbind offline logon = false
winbind separator = +
allow trusted domains = Yes

4. Edit /etc/nsswitch.conf once again to include winbind
passwd: compat winbind 
shadow: compat 
group: compat winbind
Screen Shot 2016-09-27 at 4.16.47 PM.png


Restart Samba and Winbind.
sudo service smbd restart && sudo service winbind restart

Assuming those come up alright, let's join the domain:
net ads join -U username%password
screen-shot-2016-09-27-at-4-37-28-pm

Then test the join using:
net ads testjoin
screen-shot-2016-09-27-at-4-39-30-pm

Now let's test winbind:
wbinfo -u (This will list your AD users)
wbinfo -g (This will list your AD Groups)
screen-shot-2016-09-27-at-4-43-05-pm

:: Configure Single Sign-on (SSO)


Unfortunately SSO is not yet supported for Ubuntu Guests.It is currently supported with RHEL 6.6/6.7/6.8, CentOS 6.6, 6.7, 6.8, and SLED 11 SP3/SP4. As of Horizon 7.1, SSO is now supported with Ubuntu 14.04 and Ubuntu 16.06.

  1. Be sure you set winbind use default domain in your smb.conf to be true

  2. Follow the steps here to set this up for your supported distro.

:: Additional User Experience Tweaks


If you'd like to perform additional tweaks to the system like adjusting the launcher Icon sizes, Disable Shopping Suggestions, or customizing the theme, check out this post with lots of great tips and tricks. Note some items like default wallpaper will require additional default-user tweaking.

NOTE: The docs recommend using a gnome desktop session for increased performance.
screen-shot-2016-09-28-at-9-14-25-am

Speaking of default user, we need to adjust the default login screen to allow domain users to enter their credentials, as well as ensure they get a profile upon logging in. I don't know why VMware docs fail to include any of this information. But if you don't follow these steps, your final desktop will have only two login options: the admin user you created, and Guest login. There won't be an option for domain users to login.

  1. To have every new user get a home directory upon logging in, have sudoer type:
    echo 'session required pam_mkhomedir.so skel=/etc/skel/ umask=0022' >> /etc/pam.d/common-session
    Screen Shot 2016-09-28 at 2.37.46 PM.png

  2. To adjust the login screen to allow domain users, remove Guest login, and hide previously logged in accounts, have sudoer type:
    echo 'greeter-show-manual-login=true' >> /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf
    
    echo 'greeter-hide-users=true' >> /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf
    
    echo 'allow-guest=false' >> /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf
    Screen Shot 2016-09-28 at 12.02.10 PM.png

:: Install the Horizon Agent


  1. Download the appropriate Horizon Agent for Linux Installer

  2. Unpack the tarball
     tar -xzvf <horizon_agent_filename>
    screen-shot-2016-09-28-at-9-23-06-am

  3. Navigate to the extracted folder and run the shell script as super user
    sudo ./install_viewagent.sh -A yes
    
    screen-shot-2016-09-28-at-9-26-50-am


    1. NOTE: if you're upgrading the agent on an existing Horizon Linux VM, you don't have to uninstall the agent first. The installer will handle that for you.

    2. There are special parameters you can use on the install command. For example, if you are upgrading the agent on an existing Horizon Linux Desktop, etc. See the doc here for available commands.

:: Configure Options for Horizon Agent


The Horizon Agent configuration file allows us to make certain tweaks such as Build to Lossless, support left-handed mouse devices, specify max Blast bandwidth, etc. The list is available here. For the purpose of this article, the only option we will modify is the RunOnceScript since we're using Winbind. We'll need each clone to run the Domain Join command after being created.

  1. Create the script and place it /opt. I'm calling mine join_domain.sh. You'll also want to chmod 777 the file so there aren't any issues running the script later.
    screen-shot-2016-09-28-at-1-32-15-pm

  2. Now modify /etc/vmware/viewagent-custom.conf to look like below. Be sure to uncomment the line, as well as the RunOnce Timeout if desired.
    Screen Shot 2016-09-28 at 1.33.25 PM.png

  3. For example Blast Settings, see the configurations here

  4. Unlike traditional Windows VDI desktops, the Linux Console is viewable from the vSphere Console, even when a user is logged in. To make the console blank when a user is logged in, you need to modify the Linux VM's VMX file by adding the line
    RemoteDisplay.maxConnections = "0"

  5. At this point, our Parent VM should be complete. You can shut it down and convert it to a Template, or clone it to a Template to be used in the section below.

:: Creating the Desktop Pool


Horizon 7.0.2+ now supports two methods for managing Linux Desktop Pools

  1. Manual Desktop Pool with vCenter VMs (similar to how we did in Horizon 6)

  2. Automated full-clone desktop pool

In this post, we'll use automated full-clone pools. Assuming you've been following along, our Parent image should be good to go with the necessary prerequisites. Now we need to create the customization spec in vCenter.

  1. In the vSphere Web Client,  go to Policies and Profiles > Customization Specification Manager

  2. Click Create a New Specification

  3. Select Linux as the Target OS

  4. Let's name this Linux_VDI_Custom_Spec 

  5. Complete the form as follows

    Setting
    Value
    Target Virtual Machine OS
    Linux
    Computer Name
    Use the Virtual Machine Name
    Domain
    Specify the domain of the View environment
    Network Settings
    Use Standard Network Settings
    Specify DNS
    Enter a valid address




    Screen Shot 2016-09-28 at 10.24.47 AM.png

Now lets jump over to Horizon Administrator

  1. Catalog > Desktop Pools > Add

  2. Choose Automated Desktop Pool 

  3. Pick your assignment preference. I'll use Floating.

  4. Choose Full virtual machines

  5. Enter your Pool ID and Display Name. Mine will be Legion of Doom (to pair nicely with my Hall of Justice Instant Clone pool!)

  6. For Desktop Pool Settings, choose
       Default display protocol:  VMware Blast
       Allow users to chose protocol:  No
       3D Renderer:  Manage using vSphere Client for 2D (unless you've configured the VM for 3D graphics)
    Screen Shot 2016-09-28 at 10.31.12 AM.png

  7. For Provisioning Settings, specify the names manually
    screen-shot-2016-09-28-at-10-33-54-am

  8. Finish the rest of the prompts and review the Ready to Complete page. Check the box to Entitle Users after the wizard finishes, and click Finish
    screen-shot-2016-09-28-at-10-54-53-am

  9. At this point, you should see the VMs in vCenter and the cloning operation status. Horizon Administrator should also show the VMs as Provisioning
    screen-shot-2016-09-28-at-10-58-51-am

:: Verify all the things



  1. We want to make sure our RunOneScript worked. Verify with your Active Directory that the desktops were properly joined to the Domain. You should also see the DNS Name being reported in Horizon Administrator and showing Available
    screen-shot-2016-09-28-at-11-31-19-am

  2. Launch the Horizon Client and verify you can load the desktop and that it reads the new DNS name
    screen-shot-2016-09-28-at-11-32-57-am
    Screen Shot 2016-09-28 at 3.23.05 PM.png
    ubuntu_vdi_domain_logon

  3. If your login changes from earlier were done correctly, we should be able to login as one of our domain users (username@domain).

Thanks for reading!
Share:

Follow by Email