vWorkspace 7.5

Transcription

vWorkspace 7.5

vWorkspace
7.5
Administration Guide
©
2012 Quest Software, Inc. ALL RIGHTS RESERVED.
This guide contains proprietary information protected by copyright. The software described in
this guide is furnished under a software license or nondisclosure agreement. This software may
be used or copied only in accordance with the terms of the applicable agreement. No part of
this guide may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying and recording for any purpose other than the purchaser's
personal use without the written permission of Quest Software, Inc.
If you have any questions regarding your potential use of this material, contact:
Quest Software World Headquarters
LEGAL Dept
5 Polaris Way
Aliso Viejo, CA 92656 USA
www.quest.com
email: [email protected]
Refer to our Web site for regional and international office information.
Patents
This product includes patent pending technology.
Trademarks
Quest, Quest Software, the Quest Software logo, and MessageStats are trademarks and
registered trademarks of Quest Software, Inc in the United States of America and other
countries. For a complete list of Quest Software's trademarks, please see
http://www.quest.com/legal/trademark-information.aspx. Other trademarks and registered
trademarks are property of their respective owners.
Disclaimer
The information in this document is provided in connection with Quest products. No license,
express or implied, by estoppel or otherwise, to any intellectual property right is granted by
this document or in connection with the sale of Quest products. EXCEPT AS SET FORTH IN
QUEST'S TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS
PRODUCT, QUEST ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS,
IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL QUEST BE LIABLE FOR ANY DIRECT,
INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING,
WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS
OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN
IF QUEST HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Quest makes no
representations or warranties with respect to the accuracy or completeness of the contents of
this document and reserves the right to make changes to specifications and product
descriptions at any time without notice. Quest does not make any commitment to update the
information contained in this document.
Quest vWorkspace Administration Guide
Updated - January 2012
Software Version - 7.5
CONTENTS
ABOUT THIS GUIDE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . XIII
OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . XIV
CONVENTIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . XIV
ABOUT QUEST SOFTWARE . . . . . . . . . . . . . . . . . . . . . . . . . . XV
CONTACT QUEST SOFTWARE . . . . . . . . . . . . . . . . . . . . . XV
VWORKSPACE
RESOURCES . . . . . . . . . . . . . . . . . . . . . . . . . XV
CONTACT QUEST SUPPORT . . . . . . . . . . . . . . . . . . . . . . . . XVI
CHAPTER 1
INTRODUCTION TO VWORKSPACE . . . . . . . . . . . . . . . . . . . . . . . . 1
VWORKSPACE
OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . 2
BENEFITS OF VWORKSPACE . . . . . . . . . . . . . . . . . . . . . . 4
VWORKSPACE
COMPONENTS . . . . . . . . . . . . . . . . . . . . . . . . 5
VWORKSPACE
CORE COMPONENTS . . . . . . . . . . . . . . . . . . 5
VWORKSPACE
PERIPHERAL COMPONENTS . . . . . . . . . . . . . . 7
vWorkspace Reporting Database
Web Access . . . . . . . . . . . . . . .
Secure Gateway . . . . . . . . . . . .
Password Reset Service. . . . . . .
Proxy IT . . . . . . . . . . . . . . . . .
VWORKSPACE
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.7
.8
.8
.8
.8
ENABLING COMPONENTS . . . . . . . . . . . . . . . 8
Virtual Desktop Extensions (PNTools)
Hyper-V Catalyst . . . . . . . . . . . . . .
Instant Provisioning . . . . . . . . . . . .
Quick Start Wizard . . . . . . . . . . . . .
Broker Helper Service . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.9
.9
.9
10
10
COMPONENTS FOR VIRTUAL WORKSPACE MANAGEMENT . . . . .10
Application Restrictions . . . . . . . . . . . . . . . . .
Virtual Computer Management Tasks . . . . . . .
Desktop Group and Individual Desktop Policies
Desktop and Application Publishing . . . . . . . . .
User Environment Control . . . . . . . . . . . . . . .
Performance Optimization . . . . . . . . . . . . . . .
Virtual User Profiles . . . . . . . . . . . . . . . . . . .
Universal Printer Driver . . . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
11
11
11
11
12
12
12
12
i
vWorkspace Administration Guide
Application Compatibility Enhancements . . . . . . . . . . . . 13
Time Zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Virtual IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
USER EXPERIENCE ENHANCEMENTS . . . . . . . . . . . . . . . . .13
EXPERIENCE OPTIMIZATION PROTOCOL . . . . . . . . . . . . . . . . . .15
VWORKSPACE
CONNECTORS. . . . . . . . . . . . . . . . . . . . . . . . .16
CHAPTER 2
INSTALLATION OF VWORKSPACE . . . . . . . . . . . . . . . . . . . . . . . 19
OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
TCP PORT REQUIREMENTS . . . . . . . . . . . . . . . . . . . . . . . . .22
INSTALL USING THE SIMPLE METHOD . . . . . . . . . . . . . . . . . . .23
INSTALL USING THE ADVANCED METHOD . . . . . . . . . . . . . . . . .25
LICENSING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31
INSTALLATION REFERENCE . . . . . . . . . . . . . . . . . . . . . . .33
INSTALLING WEB ACCESS . . . . . . . . . . . . . . . . . . . . . . . . . .34
Upgrading Web Access . . . . . . . . . . . . . . . . . . . . . . . . 35
INSTALL THE REPORTING AND LOGGING ROLE . . . . . . . . . . . . . .35
SCRIPTED INSTALLATION . . . . . . . . . . . . . . . . . . . . . . . . . .41
EXAMPLES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43
VWORKSPACE
CONNECTORS. . . . . . . . . . . . . . . . . . . . . . . . .44
VWORKSPACE
RD CONNECTION BROKER SUPPORT . . . . . . . .45
INSTALL RD BROKER SUPPORT . . . . . . . . . . . . . . . . . . . .46
ADD AN RD CONNECTION BROKER TO VWORKSPACE. . . . . . .50
APPPORTAL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53
QUEST VWORKSPACE CONNECTOR
SILENT INSTALLATION . . . . . . . . . . . . . . . . . . . . . . . . .56
VASCLIENT32 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
VASCLIENT32T. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
UPGRADE VWORKSPACE . . . . . . . . . . . . . . . . . . . . . . . . . . .59
CHAPTER 3
VWORKSPACE
MANAGEMENT CONSOLE . . . . . . . . . . . . . . . . . . . 67
OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .68
VWORKSPACE
ii
MANAGEMENT CONSOLE INTERFACE . . . . . . . . . . .68
QUICK START WIZARD . . . . . . . . . . . . . . . . . . . . . . . . . . . .71
DESKTOP CLOUD . . . . . . . . . . . . . . . . . . . . . . . . . . . .73
VIRTUAL DESKTOPS . . . . . . . . . . . . . . . . . . . . . . . . . .74
REMOTE DESKTOP SESSION HOST . . . . . . . . . . . . . . . . . .74
BLADE PCS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75
VWORKSPACE
VWORKSPACE
WELCOME WINDOW . . . . . . . . . . . . . . . . . .75
MENU OPTIONS AND ICONS . . . . . . . . . . . . . . . .76
FILE MENU OPTIONS . . . . . . . . . . . . . . . . . . . . . . . . . .78
Current User Sessions . .
Administration . . . . . . .
Licensing . . . . . . . . . . .
Database Configuration .
VWORKSPACE
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
78
82
87
89
OBJECT NODES . . . . . . . . . . . . . . . . . . . . . . .92
FARM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .93
LOCATIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .97
TARGETS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98
Target Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Define Advanced Targets . . . . . . . . . . . . . . . . . . . . . . 102
RESOURCES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
PACKAGED APPLICATIONS . . . . . . . . . . . . . . . . . . . . . . 108
App-V Node . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
MSI Packages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
PERFORMANCE OPTIMIZATION. . . . . . . . . . . . . . . . . . . . 117
VIRTUAL IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
FILE AND REGISTRY REDIRECTION . . . . . . . . . . . . . . . . . 118
LOAD BALANCING . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
WEBSITES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
LOCATIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
LOCATIONS NODE OPTIONS . . . . . . . . . . . . . . . . . . . . . 119
Virtualization Management Servers.
New Location . . . . . . . . . . . . . . . .
Delete a Location . . . . . . . . . . . . .
Locations Properties . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
120
120
127
127
CONNECTION BROKERS . . . . . . . . . . . . . . . . . . . . . . . 132
iii
DESKTOPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Computer Groups . . . . . . . . . . . . . .
Managed Computers . . . . . . . . . . . .
Operating System Customizations . .
Initialize Computer . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
138
153
172
186
188
SESSION HOSTS . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
Session Host Management . . . . . . . . . . . . . . . . . . . . . 195
Provisioning Session Hosts. . . . . . . . . . . . . . . . . . . . . 202
CHAPTER 4
VIRTUALIZATION PLATFORM INTEGRATION . . . . . . . . . . . . . . . 209
OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
Virtualization Management Servers. . . . . . . . . . . . . . . 210
Network Storage Management Servers . . . . . . . . . . . . 210
MANAGEMENT SERVERS WINDOW . . . . . . . . . . . . . . . . . 211
ADD MANAGEMENT SERVERS . . . . . . . . . . . . . . . . . . . . 213
VIRTUALIZATION HOSTS . . . . . . . . . . . . . . . . . . . . . . . . . . 220
MICROSOFT HYPER-V INTEGRATION . . . . . . . . . . . . . . . . . . . 225
VWORKSPACE
DATA COLLECTOR . . . . . . . . . . . . . . . . . . 225
HYPER-V CATALYST . . . . . . . . . . . . . . . . . . . . . . . . . 226
PROVISION-TIME LOAD BALANCING . . . . . . . . . . . . . . . . 227
CONNECTION-TIME LOAD BALANCING . . . . . . . . . . . . . . . 227
HYPER-V HOST CONTEXT MENU . . . . . . . . . . . . . . . . . . 227
HYPER-V HOST PROPERTIES . . . . . . . . . . . . . . . . . . . . 227
DESKTOP CLOUD MAINTENANCE . . . . . . . . . . . . . . . . . . 229
ADD COMPUTERS . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
MICROSOFT SCVMM INTEGRATION . . . . . . . . . . . . . . . . . . . 233
CONNECT TO MICROSOFT SCVMM . . . . . . . . . . . . . . . . 233
MICROSOFT DIFFERENCING DISKS . . . . . . . . . . . . . . . . . 234
REPROVISION COMPUTERS . . . . . . . . . . . . . . . . . . . . . 234
Add Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
VIDEO ADAPTER AND STATIC/DYNAMIC MEMORY . . . . . . . . 243
HYPER-V BROKER HELPER SERVICE . . . . . . . . . . . . . . . . 247
iv
VCENTER INTEGRATION
. . . . . . . . . . . . . . . . . . . . . . . . . . 247
RAPID PROVISIONING . . . . . . . . . . . . . . . . . . . . . . . . 248
NetApp FlexClone . . . . . . . . . . . . . . . . . . . . . . . . . . . 248
VMware Linked Clones . . . . . . . . . . . . . . . . . . . . . . . 250
VMWARE VNETWORK DISTRIBUTED SWITCH . . . . . . . . . . . 253
REPROVISION COMPUTERS . . . . . . . . . . . . . . . . . . . . . 253
DISK PERSISTENCE AND MEMORY . . . . . . . . . . . . . . . . . 256
UPGRADING AND CHANGING NONPERSISTENT DISKS . . . . . . 257
COMPUTER GROUPS . . . . . . . . . . . . . . . . . . . . . . . . . 258
ADD COMPUTERS . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
PARALLELS VIRTUOZZO CONTAINERS INTEGRATION . . . . . . . . . . 271
PARALLELS VIRTUOZZO NODES . . . . . . . . . . . . . . . . . . . 271
RD SESSION HOST INTEGRATION . . . . . . . . . . . . . . . . . . . . 274
REMOTEAPP SUPPORT . . . . . . . . . . . . . . . . . . . . . . . . 275
RD CONNECTION BROKER INTEGRATION . . . . . . . . . . . . . . . . 275
IMPORTING EXISTING COMPUTERS INTO A GROUP . . . . . . . . . . 276
MONITORING OPERATIONS . . . . . . . . . . . . . . . . . . . . . 279
CHAPTER 5
MANAGING THE VIRTUAL WORKSPACE . . . . . . . . . . . . . . . . . . 281
OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282
POWER MANAGEMENT . . . . . . . . . . . . . . . . . . . . . . . . . . . 282
TWO-FACTOR AUTHENTICATION . . . . . . . . . . . . . . . . . . . . . 284
MANAGED APPLICATIONS . . . . . . . . . . . . . . . . . . . . . . . . . 289
MICROSOFT RD SESSION HOSTS . . . . . . . . . . . . . . . . . 289
MANAGED COMPUTERS . . . . . . . . . . . . . . . . . . . . . . . . 290
VIRTUALIZED APPLICATIONS . . . . . . . . . . . . . . . . . . . . 291
MANAGED APPLICATIONS PROPERTIES . . . . . . . . . . . . . . . 291
Graphics Acceleration . . . . . . . . . . . . . . . . . . . . . . . . 292
Custom Properties . . . . . . . . . . . . . . . . . . . . . . . . . . 292
Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
NEW APPLICATION TOOL. . . . . . . . . . . . . . . . . . . . . . . 293
PUBLISH RD SESSION HOST APPLICATIONS . . . . . . . . . . . 295
PUBLISH A MANAGED DESKTOP . . . . . . . . . . . . . . . . . . 303
PUBLISH MANAGED APPLICATIONS . . . . . . . . . . . . . . . . . 305
v
PUBLISH CONTENT . . . . . . . . . . . . . . . . . . . . . . . . . . 306
PUBLISHED APPLICATIONS TASKS . . . . . . . . . . . . . . . . . 308
INTERNET EXPLORER COMPATIBILITY . . . . . . . . . . . . . . . 311
Typical Deployment . . . . . . . . . . . . . . . . . . . . . . . . . 313
VWORKSPACE
CONNECTORS. . . . . . . . . . . . . . . . . . . . . . . . 315
VWORKSPACE
CONNECTOR INTERFACES . . . . . . . . . . . . . . 315
AppPortal Interface . . . . . . . . . . . . . . . . . . . . . . . . . . 315
Web Access Interface . . . . . . . . . . . . . . . . . . . . . . . . 316
VWORKSPACE
CONNECTOR FOR WINDOWS PACKAGES . . . . . 317
VAS Client 32. . . . . . . . . . . . . . . .
VAS Client 32T . . . . . . . . . . . . . . .
VAS Client 32TS . . . . . . . . . . . . . .
vWorkspace Connector Executables
Additional Registry Settings . . . . . .
VWORKSPACE
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
317
317
318
318
318
CONNECTOR CONFIGURATION . . . . . . . . . . . 320
FIRST TIME START CONFIGURATION . . . . . . . . . . . . . . . . 320
MULTIPLE MONITOR SUPPORT . . . . . . . . . . . . . . . . . . . 322
MANAGE APPPORTAL CONNECTIONS . . . . . . . . . . . . . . . . 324
Farm Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Connectivity Settings . . . . . . . . . . . . . . . . . . . . . .
Firewall/Proxy Traversal (vWorkspace CB type only) .
RD Gateway (RD Connection Broker type only) . . . .
Credentials Settings . . . . . . . . . . . . . . . . . . . . . . .
Display Settings . . . . . . . . . . . . . . . . . . . . . . . . . .
Local Resources Settings . . . . . . . . . . . . . . . . . . . .
Experience Settings . . . . . . . . . . . . . . . . . . . . . . .
Password Management Settings . . . . . . . . . . . . . . .
Desktop Integration Settings . . . . . . . . . . . . . . . . .
Auto-Launch Settings . . . . . . . . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
325
326
327
329
330
331
333
335
337
338
339
APPPORTAL IN DESKTOP INTEGRATED MODE . . . . . . . . . . . 340
APPPORTAL ACTIONS MENU OPTIONS . . . . . . . . . . . . . . . 340
APPPORTAL SETTINGS MENU OPTIONS . . . . . . . . . . . . . . 342
PNTRAY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342
VWORKSPACE
U3 APPPORTAL CONNECTOR. . . . . . . . . . . . 345
U3 AppPortal Client Modes. . . . . . . . . . . . . . . . . . . . . 345
Use the U3 AppPortal . . . . . . . . . . . . . . . . . . . . . . . . 345
vi
CENTRAL CONFIGURATION OF APPPORTAL . . . . . . . . . . . . 346
Location Section of Config.xml . . . . . . . . . . . . . . . . . . 356
RESOURCES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357
ADDITIONAL CUSTOMIZATIONS . . . . . . . . . . . . . . . . . . . 358
APPLICATION RESTRICTIONS . . . . . . . . . . . . . . . . . . . . 361
How Application Restrictions Work . . . . . . . . . . . . . . . 361
APPLICATION RESTRICTION PROPERTIES . . . . . . . . . . . . . 362
Application Restrictions General Properties
Application Restrictions Server Groups . . .
Properties of an Application Restriction List
Assign an Application List to Clients . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
363
365
366
368
CONNECTION POLICIES . . . . . . . . . . . . . . . . . . . . . . . 370
COLOR SCHEMES . . . . . . . . . . . . . . . . . . . . . . . . . . . 375
DRIVE MAPPINGS . . . . . . . . . . . . . . . . . . . . . . . . . . . 375
ENVIRONMENT VARIABLES . . . . . . . . . . . . . . . . . . . . . . 377
HOST RESTRICTIONS . . . . . . . . . . . . . . . . . . . . . . . . . 378
REGISTRY TASKS . . . . . . . . . . . . . . . . . . . . . . . . . . . 379
SCRIPTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 382
TIME ZONES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383
USER POLICIES . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384
VIRTUAL USER PROFILES . . . . . . . . . . . . . . . . . . . . . . 386
WALLPAPERS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386
SECURE GATEWAY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388
INSTALLATION REQUIREMENTS . . . . . . . . . . . . . . . . . . . 389
Secure Gateway Certificate . . . . . . . . . . . . . . . . . . . . 390
SECURE GATEWAY CONFIGURATION . . . . . . . . . . . . . . . . 391
DEPLOYMENT OPTIONS . . . . . . . . . . . . . . . . . . . . . . . . 396
WEB ACCESS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407
WEB ACCESS TOOLS . . . . . . . . . . . . . . . . . . . . . . . . . 407
vWorkspace Web Access Site Manager . . . . . . . . . . . . 407
vWorkspace Management Console Websites Node . . . . 409
CONFIGURATION . . . . . . . . . . . . . . . . . . . . . . . . . . . 409
Define vWorkspace Websites . . . . . . . . . . . . . . . . . . . 409
Connection Properties . . . . . . . . . . . . . . . . . . . . . . . . 409
Firewall/Secure Gateway . . . . . . . . . . . . . . . . . . . . . . 410
vii
Domain/Login Settings
Downloads/Connectors
Experience. . . . . . . . .
Browser Interface . . . .
Other Settings . . . . . .
Additional Farms . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
411
414
415
419
420
420
UPDATE SITE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421
VWORKSPACE
CONNECTOR PACKAGES. . . . . . . . . . . . . . . 421
Other vWorkspace Connectors . . . . . . . . . . . . . . . . . . 422
INTEGRATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422
Juniper Secure Access . . . . . . .
F5 Firepass . . . . . . . . . . . . . .
SharePoint. . . . . . . . . . . . . . .
Citrix XenApp and XenDesktop .
VWORKSPACE
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
422
431
436
438
REPORTING . . . . . . . . . . . . . . . . . . . . . . . . . 439
VWORKSPACE
REPORTING COMPONENTS . . . . . . . . . . . . . 440
Sample Report Viewer. . . . . . . . . . . . . . . . . . . . . . . . 440
DATABASES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446
vWorkspace Farm Database. . . . . . . . . . . . . . . . . . . . 446
vWorkspace Reporting Database . . . . . . . . . . . . . . . . 446
REPORTING SCHEMA . . . . . . . . . . . . . . . . . . . . . . . . . 447
Virtual Machines and Virtual Machine Pools
View Column Definitions . . . . . . . . . . . . .
Actions . . . . . . . . . . . . . . . . . . . . . . . . .
Applications and Application Restrictions . .
Clients, Folders, and Locations . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
447
449
451
457
463
DEFAULT REPORTS . . . . . . . . . . . . . . . . . . . . . . . . . . 467
Historical Reports .
Real-Time Reports
Audits . . . . . . . . .
Custom Reporting.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
468
469
470
470
CHAPTER 6
MANAGING THE USER EXPERIENCE . . . . . . . . . . . . . . . . . . . . . 477
OVERVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 478
UNIVERSAL PRINTING . . . . . . . . . . . . . . . . . . . . . . . . . . . 479
UNIVERSAL PRINTER COMPONENTS . . . . . . . . . . . . . . . . 480
UNIVERSAL PRINT DRIVER. . . . . . . . . . . . . . . . . . . . . . 480
viii
UNIVERSAL CLIENT PRINTER AUTO-CREATION OPTION . . . . . 480
UNIVERSAL NETWORK PRINTER AUTO-CREATION OPTION . . . 481
UNIVERSAL PRINTER PROPERTIES . . . . . . . . . . . . . . . . . 483
Universal Printer Client Properties. . . . . . . . . . . . . . . . 497
UNIVERSAL NETWORK PRINT SERVICES . . . . . . . . . . . . . . 499
Universal Network Print Server Extensions Option . . . . 500
Universal Print Relay Service for Remote Sites . . . . . . . 502
Manage Relay Servers. . . . . . . . . . . . . . . . . . . . . . . . 506
PRINTERS WINDOW IN VWORKSPACE MANAGEMENT CONSOLE 508
UNIVERSAL PRINTER PROPERTIES . . . . . . . . . . . . . . . . . 509
Network Printer Properties . . . . . . . . . . . . . . . . . . . . . 511
VIRTUAL USER PROFILE MANAGEMENT . . . . . . . . . . . . . . . . . 512
HOW VIRTUAL USER PROFILES WORK. . . . . . . . . . . . . . . 513
VIRTUAL USER PROFILES PROPERTIES . . . . . . . . . . . . . . . 514
GENERAL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 515
STORAGE SERVERS . . . . . . . . . . . . . . . . . . . . . . . . . . 516
SILOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 517
PERMISSIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 520
CONFIGURE VIRTUAL USER PROFILES . . . . . . . . . . . . . . . . . . 520
MANDATORY VIRTUAL USER PROFILE . . . . . . . . . . . . . . . 523
ASSIGN MANDATORY VIRTUAL USER PROFILES . . . . . . . . . 523
DEFINE VIRTUAL USER PROFILES . . . . . . . . . . . . . . . . . 524
Manually Configure User Profiles. . . . . . . . . . . . . . . . . 525
Import and Export User Profiles . . . . . . . . . . . . . . . . . 532
EOP (EXPERIENCE OPTIMIZATION PROTOCOL) . . . . . . . . . . . . 534
OPTIMIZATION SETTINGS . . . . . . . . . . . . . . . . . . . . . . 535
EOP AUDIO . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 536
EOP TEXT ECHO . . . . . . . . . . . . . . . . . . . . . . . . . . . 541
EOP MULTIMEDIA ACCELERATION . . . . . . . . . . . . . . . . . 543
Media Player Redirection . . . . . . . . . .
Flash Redirection . . . . . . . . . . . . . . .
Flash Redirection Windowless Support
Flash Redirection Setup . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
543
543
544
544
ix
EOP GRAPHICS ACCELERATION . . . . . . . . . . . . . . . . . . 548
EOP Graphics Acceleration Implementation . . . . . . . . . 548
EOP Graphics Acceleration Registry Settings . . . . . . . . 549
EOP Graphics Acceleration Setup . . . . . . . . . . . . . . . . 550
EOP XTREAM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 555
Latency Effectiveness . . . . . . . . . . . . . . . . . . . . . . . . 556
Firewall Considerations . . . . . . . . . . . . . . . . . . . . . . . 556
Configure Quest EOP Xtream . . . . . . . . . . . . . . . . . . . 556
USB DEVICES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 560
vWorkspace Virtual USB Hub
Requirements. . . . . . . . . . .
Smart Card USB Redirection
Client . . . . . . . . . .
...............
Client . . . . . . . . . .
Client Applet. . . . . .
Client System Tray .
Client Services . . . .
Server . . . . . . . . . .
Server Applet . . . . .
Server System Tray
Server Services . . .
...............
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
561
561
561
562
565
565
566
566
567
568
570
USB-IT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 571
How USB-IT Works . . . . . . . . . . . . . . . . . . . . . . . . . . 572
LOAD BALANCING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 573
LOAD BALANCING RULES . . . . . . . . . . . . . . . . . . . . . . 573
HOW LOAD BALANCING WORKS . . . . . . . . . . . . . . . . . . 574
LOAD BALANCING ON SESSION HOSTS . . . . . . . . . . . . . . 577
LOAD BALANCING GUIDELINES . . . . . . . . . . . . . . . . . . . 577
PERFORMANCE OPTIMIZATION. . . . . . . . . . . . . . . . . . . . . . . 581
CPU UTILIZATION MANAGEMENT . . . . . . . . . . . . . . . . . . 581
VIRTUAL MEMORY OPTIMIZATION . . . . . . . . . . . . . . . . . 582
Enable CPU and Memory Optimization. . . . . . . . . . . . . 584
MAX-IT MASTER POLICY SETTINGS . . . . . . . . . . . . . . . . 584
Max-IT Server Policy . . . . . . . . . . . . . . . . . . . . . . . . . 589
VIEW VM OPTIMIZATION RESULTS . . . . . . . . . . . . . . . . 589
MANUALLY APPLY OPTIMIZATIONS . . . . . . . . . . . . . . . . . 591
x
APPLICATION COMPATIBILITY ENHANCEMENTS . . . . . . . . . . . . . 591
How Application Compatibility Enhancements Work . . . 592
Create Redirection Rules . . . . . . . . . . . . . . . . . . . . . . 592
VIRTUAL IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 597
Virtual IP Configuration . . . . . . . . . . . . . . . . . . . . . . . 597
ADDITIONAL COMPONENTS . . . . . . . . . . . . . . . . . . . . . . . . 601
VWORKSPACE
PASSWORD RESET SERVICE . . . . . . . . . . . . 601
PROXY-IT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 604
Proxy-IT with Session Directory Services. . . . . . . . . . . 606
APPENDICES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 609
APPENDIX A . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 609
CONFIGURABLE REGISTRY SETTINGS . . . . . . . . . . . . . . . 609
Active Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 609
PNTSC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 609
InitialAppWaitTime . . . . . . . . . . . . . . . . . . . . . . . . . . 610
APPENDIX B . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 611
SENTILLION INTEGRATION . . . . . . . . . . . . . . . . . . . . . . 611
INDEX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 613
xi
xii
About This Guide
• Overview
• Conventions
• About Quest Software
• vWorkspace Resources
• Contact Quest Support
Overview
The Quest vWorkspace Administration Guide is designed to assist
administrators with tasks pertaining to installing Quest vWorkspace. It is
intended for network administrators, consultants, analysts, and any other IT
professionals using the product.
Conventions
In order to help you get the most out of this guide, we have used specific
formatting conventions. These conventions apply to procedures, icons,
keystrokes, and cross-references:
ELEMENT
CONVENTION
Select
This word refers to actions such as choosing or highlighting
various interface elements, such as files and radio buttons.
Bolded text
Interface elements that appear in Quest Software products,
such as menus and commands.
Italic text
Used for comments.
Bold Italic text
Used for emphasis.
Blue text
Indicates a cross-reference. When viewed in Adobe®
Reader®, this format can be used as a hyperlink.
Used to highlight additional information pertinent to the
process being described.
Used to provide Best Practice information. A best practice
details the recommended course of action for the best result.
Used to highlight processes that should be performed with
care.
xiv
+
A plus sign between two keystrokes means that you must
press them at the same time.
|
A pipe sign between elements means that you must select
the elements in that particular sequence.
About Quest Software
Quest Software simplifies and reduces the cost of managing IT for more than
100,000 customers worldwide. Our innovative solutions make solving the
toughest IT management problems easier, enabling customers to save time and
money across physical, virtual and cloud environments. For more information
about Quest go to www.quest.com.
Contact Quest Software
Email
[email protected]
Mail
Quest Software, Inc.
World Headquarters
5 Polaris Way
Aliso Viejo, CA 92656
USA
Web site
www.quest.com
Refer to our Web site for regional and international office information.
vWorkspace Resources
The Quest vWorkspace home page is found at
http://www.quest.com/vworkspace. The following resources are available from
the vWorkspace web site:
•
Software downloads - Select the Download link and log in.
Downloadable files include the vWorkspace product, hotfixes,
prerequisites, and documentation.
•
Technical Training - Select the Education link to review course
schedules and enroll in classes.
•
Licensing - Select the Licensing link to view and generate
vWorkspace licenses.
•
Support - Select the Support link to be redirected to the Quest
SupportLink website, where you can download the latest releases,
documentation, and patches; enter new support cases and manage
existing cases via the Case Management option, and search the
knowledgebase.
•
Community - Select the Community link, or use the following URL:
http://communities.quest.com/community/vworkspace
xv
Contact Quest Support
Quest Support is available to customers who have a trial version of a Quest
product or who have purchased a Quest product and have a valid maintenance
contract. Quest Support provides unlimited 24x7 access to SupportLink, our
self-service portal. Visit SupportLink at http://support.quest.com/.
From SupportLink, you can do the following:
•
Retrieve thousands of solutions from our online Knowledgebase
•
Download the latest releases and service packs
•
Create, update and review Support cases
View the Global Support Guide for a detailed explanation of support programs,
online services, contact information, and policy and procedures. The guide is
available at: http://support.quest.com/.
xvi
1
Introduction to
vWorkspace
• vWorkspace Overview
• vWorkspace Components
• Experience Optimization Protocol
• vWorkspace Connectors
vWorkspace Overview
Welcome to Quest vWorkspace. Quest vWorkspace is an enterprise level virtual
desktop delivery and management system that transforms the desktop
infrastructure into an on-demand service; providing management, provisioning,
and brokering of virtual desktops, while optimizing the experience for users
connecting over the LAN and WAN.
Quest vWorkspace provides enterprise class management of a virtual desktop
infrastructure and Remote Desktop Session Hosts by centralizing the user’s
computing workspace in the data center and managing them as a whole from a
single console. The vWorkspace Management Console is an integrated
console and is the primary interface for administering a vWorkspace farm. The
vWorkspace Management Console allows you to manage users’ connections to
the virtual infrastructure, and provides embedded tools for creating, sustaining
and removing virtual desktops and session hosts; enabling end-to-end life cycle
management. Quest vWorkspace delivers virtual applications and desktops
through a single access point, hosted from a plethora of platforms including
multiple hypervisors, Remote Desktop Session Hosts and blade PCs.
The Experience Optimized Protocol (EOP) addresses the user experience
challenges of Virtual Desktop Infrastructures (VDI) and Remote Desktop Session
Hosts by provisioning seamless, reliable, high-performance enhancements over
traditional remote desktop software. These enhancements ensure that your VDI
and Remote Desktop Session Host deployment can deliver on the promise of
virtualization and a true local-desktop experience.
2
Quest vWorkspace delivers a management platform for desktop virtualization
that consolidates multiple desktop virtualization techniques and technologies.
Quest vWorkspace delivers simplicity to the organization comprised of: one user
access point, one management console, excellent user and administrator
experience, and the lowest cost for virtual desktop and application delivery.
Quest vWorkspace delivers five levels of independence, enabling organizations
to deliver desktops and applications with the most cost-effective combination of
virtualization technologies for the needs of each user classification.
3
Desktops are logical groupings of virtual or physical computers that share
common attributes and adhere to common policies. Desktops often mirror a
departmental function or task, a geographical location, or an outsourced entity.
A vWorkspace-enabled hosted desktop infrastructure consists of a farm of
desktops.
A vWorkspace experience can be delivered to the client in the form of a published
desktop, or as a set of individually published applications which are pre-installed
onto each desktop or streamed on demand.
Application streaming is a software distribution methodology used to
enhance the management and flexibility of a desktop infrastructure by
making the need to pre-install (manually or by using conventional software
distribution tools) the applications onto each desktop unnecessary.
Benefits of vWorkspace
•
Simplify Management with an Integrated Console
vWorkspace provides an integrated console for the management of
desktops and applications across VDI, Remote Desktop Session
Hosts, and blade PCs, while automating tasks such as desktop
provisioning and user environment configuration.
4
vWorkspace Components
•
Improve Security and Business Continuity through Centralization
Two-factor authentication, a Secure Gateway, and comprehensive
delegation of administrator privileges ensure secure remote access
and safe management of centralized desktops. Fault tolerance, rapid
recovery, and one-click desktop reprovisioning deliver high system
availability.
•
Increase Workforce Productivity with Dynamic Delivery
Mix and match desktop and application delivery from multiple
virtualization platforms to provide dynamic and location-independent
access for users. Platform independence provides the flexibility to
change providers and blend old and new virtualization investments.
•
Ease Adoption with an Optimized User Experience
The vWorkspace Experience Optimized Protocol (EOP) drives
employee adoption by accelerating images and multimedia content,
delivering high-quality bidirectional audio and universal support for
USB devices so that the virtual desktop looks and feels like a physical
one.
The vWorkspace solution consists of multiple components that enable a flexible,
centralized and optimized virtual workspace. There are certain components that
are required to enable the virtual workspace, whereas others are peripheral and
can be incorporated into the solution based upon the requirements of an
organization.
•
vWorkspace Core Components
•
vWorkspace Peripheral Components
•
vWorkspace Enabling Components
•
User Experience Enhancements
vWorkspace Core Components
•
vWorkspace Database
•
Connection Broker
•
Virtual Workspace Platform
•
Data Collector Service
•
Management Console
5
vWorkspace Database
The vWorkspace database is the central store for configuration and connection
information for a vWorkspace farm:
•
Required for the vWorkspace infrastructure to store configuration
information.
•
A dedicated or shared Microsoft SQL Server is required. For small to
medium-size environments, a Microsoft SQL Server Express database
management system can be used.
Connection Broker
The vWorkspace Connection Broker is a highly scalable Windows service and
offers the following features:
•
Integrates with virtualization platforms to provision and customize
new desktop workspaces, and to perform a broad set of power
management tasks.
•
Multiple virtualization servers are supported simultaneously.
•
Multiple Connection Brokers are allowed per infrastructure.
•
Responds to client connectivity requests and redirects each client to
the appropriate virtual workspace.
•
Communicates with the Data Collector service running inside each
managed computer.
Virtual Workspace Platform
The virtual workspace is defined as the environment in which the user’s
applications are executed and displayed. Quest vWorkspace manages and
brokers connections to the virtual workspace and can do this from multiple
platforms. The platforms from which vWorkspace can host applications and
desktops are listed below:
6
•
Microsoft Hyper-V - Hyper-V hypervisors are imported individually
and managed by vWorkspace.
•
Microsoft System Center Virtual Machine Manager (SCVMM) Virtual machines hosted on Hyper-V Hypervisors managed by
SCVMM.
•
VMware ESX (vCenter) - ESX Hypervisors managed by vCenter.
•
Parallels Virtuozzo Containers (master node) - PVC slave nodes
managed by a master node.
•
Parallels Virtuozzo Containers (independent node) - PVC nodes
managed by vWorkspace.
•
Other/Physical - Any physical computer or virtual machine not
hosted on a managed hypervisor.
•
Microsoft Remote Desktop Session Host - 32-bit or 64-bit
Windows Server 2003 or 2008/R2
Data Collector Service
The Data Collector service runs on each managed desktop host operating
system, as well as Hyper-V hosts, and communicates with the Connection
Broker. The Data Collector sends the Connection broker a heartbeat signal, as
well as events such as logon, logoff, disconnect, logon status, and connection
readiness information. It also receives prelogon configuration data from the
Connection Broker, allowing the desktop to be preconfigured according to
established policies, prior to the user logging on.
Management Console
The vWorkspace Management Console is the central management tool for a
vWorkspace farm. All day-to-day operations for managing the virtual workspace
are performed from within the vWorkspace Management Console.
vWorkspace Peripheral Components
•
•
Web Access
•
Secure Gateway
•
Password Reset Service
•
Proxy IT
Quest vWorkspace Reporting allows organizations to create real-time and
historical reports leveraging data gathered by vWorkspace. By utilizing the
reporting features of vWorkspace, administrators gain greater understanding of
how the vWorkspace farm is being managed and utilized.
7
Web Access
Quest vWorkspace Web Access is a web application for vWorkspace Farms that
enable users to retrieve their list of allowed applications and desktops using a
web browser.
Secure Gateway
Quest vWorkspace Secure Gateway is designed to secure the presentation of
applications over the Internet. The purpose of the Secure Gateway is to act as a
checkpoint (proxy) to prevent direct access to the internal vWorkspace
resources of an organization.
The Password Reset Service facilitates SSL-protected password reset
requests from client access devices to Active Directory by way of the Web Access
Portal or the AppPortal client. This service requires an SSL Certificate and listens
on port 443 (by default).
Proxy IT
Proxy-IT is designed to deliver more connectivity options for accessing
Microsoft Windows Terminal Servers\Remote Desktop Session Hosts from
legacy, non-Win32, open source, or third-party RDP devices, with no differences
for the make or the model.
vWorkspace Enabling Components
8
•
•
Hyper-V Catalyst
•
Instant Provisioning
•
Quick Start Wizard
•
Broker Helper Service
PNTools is an optional, but important, component of a vWorkspace
infrastructure. It is responsible for many of the end user experience
optimizations that Quest vWorkspace provides. PNTools can be installed onto
managed desktops, and is necessary to support many optimization features and
management functions.
•
Installed on all computers, virtual or physical, that are members of a
managed computer group.
Virtual Desktop Extensions include features such as Flash Redirection, USB
Redirection, and seamless windows display mode.
A display protocol must be enabled on the managed desktops. Microsoft’s
RDP and Hewlett Packard’s RGS can be used with managed desktop groups.
Remote Desktop Session Hosts do not support RGS.
PNTools is designed for a specific purpose. Only install on managed
computers that are members of a vWorkspace computer group. Installing on
vWorkspace farm servers, such as Session Hosts or Connection Brokers, can
cause undesirable results.
Hyper-V Catalyst
Hyper-V Catalyst is a suite of technologies, integrated with Microsoft’s Hyper-V
hypervisor, that dramatically increases performance and decreases cost of a
virtual desktop infrastructure. Hyper-V Catalyst consists of two components:
•
HyperCache
•
HyperDeploy
Instant Provisioning
Instant Provisioning is a mechanism for customizing virtual machines during
the cloning process. Instant Provisioning can be used in place of SysPrep and is
80% faster. This, along with Hyper Deploy, causes deployments of virtual
machines to take a fraction of the time it takes with other virtual desktop
products.
9
Quick Start Wizard
The Quick Start Wizard is designed to step an administrator through the
configuration of one of four infrastructure types with simplicity and ease.
Administrators can use the Quick Start Wizard to configure the following
infrastructure types:
•
Desktop Cloud
•
VDI
•
RDSH
•
Blade PC
Broker Helper Service
The Broker Helper Service is installed onto Hyper-V hypervisors to enable the
vWorkspace Connection Broker to issue management tasks to virtual machines
hosted there, or on Microsoft SCVMM servers, to enable the vWorkspace
Connection Broker to issue management tasks to the virtual machines.
Components for Virtual Workspace
Management
Quest vWorkspace includes many tools/features that streamline the
management of the virtual workspace. These tools and features are listed and
summarized below.
10
•
Application Restrictions
•
Virtual Computer Management Tasks
•
•
Desktop and Application Publishing
•
User Environment Control
•
Performance Optimization
•
Virtual User Profiles
•
Universal Printer Driver
•
Application Compatibility Enhancements
•
Time Zones
•
Virtual IP
Application Restrictions extends the security of a Remote Desktop Session
Host environment by adding session-based Application Restrictions (Application
Access Control) and Network Access Restrictions (Host Access Control).
Virtual Computer Management Tasks
vWorkspace Management Tasks consist of the following items:
•
Manage virtual computer power states.
•
Task scheduling and automation.
•
Automated virtual machine and Session Host provisioning.
•
Policy driven desktop configuration.
Desktop Polices can be applied to virtual machines within a vWorkspace
computer group through the properties of the group or the individual managed
virtual machine.
•
Individual desktops can be persistently assigned to users prior to the
first logon. Alternatively, the Connection Broker can be configured to
assign the virtual machine to a user as persistent upon first logon (the
default behavior is temporary desktop assignment).
•
Policy settings can be specified per desktop, overriding the parent
group policy settings.
•
Access to desktops can be confined to certain days of the week and
hours of the day.
•
Virtual computer based desktops can be automatically suspended if
idle.
•
Users can be dynamically added to the Power Users or Administrators
group of their assigned desktops.
Desktop and Application Publishing
The desktop or applications of a managed computer are published from a
vWorkspace platform to users, groups, access devices, etc.; a crucial step in
configuring a vWorkspace farm. End users connect to the virtual workspace by
way of a remote display protocol, such as Microsoft’s Remote Desktop protocol,
and are presented with their aggregate set of available desktops and/or
applications.
11
Full desktops and individual applications can be published.
•
Desktops are published from computer groups or Session Hosts.
•
Seamless windowed applications are published from computer groups
or Session Hosts.
•
Access is granted or denied to applications using Access Control Lists.
User Environment Control
User Environment Control boasts several powerful features designed to fully
automate various time-consuming session configuration tasks within the virtual
workspace. These important features include the ability to create application
shortcuts, set backgrounds and color schemes, map drive letters to network
shares, connect to shared network printers, execute scripts, manipulate the
user's HKCU registry hive, set per-user environment variables, and lock down
the user's virtual workspace using the most stringent policy settings and
hard-to-find hacks.
Performance Optimization improves application response times and
increases overall server capacity by streamlining and optimizing the use of
virtual memory and CPU resources.
Virtual User Profiles accelerates logon times and eliminates profile corruption
and management issues associated with roaming profiles. A Virtual User Profile
combines the persistence of a conventional roaming profile with the speed and
robustness of a mandatory profile in order to achieve unprecedented logon
speeds and stability levels. Administrators can even implement multiple Virtual
User Profiles per user account to satisfy multifarm and server silo requirements.
Universal Printer Driver
Universal Printer Driver is a single-driver printing solution that satisfies both
client side and network printing needs in a vWorkspace environment. In addition
to its driver independent approach to printing, benefits also include:
12
•
Dramatic reduction in network bandwidth utilization.
•
Ability to inherit the properties of the manufacturer specific print
drivers such as supported trays, paper sizes, and margins.
Application Compatibility Enhancements is a sophisticated registry and file
system redirection engine designed to eliminate a wide range of multi-user
conflicts arising from application design limitations.
Time Zones
Time Zones is a per session time zone assignment module. Time Zones allows
administrators to specify a unique time zone by user name, group membership,
OU, or client device property (client name or IP address). With Time Zones,
users can execute their time and date sensitive applications in their own time
zones, completely independent of the virtual workspace time zone settings.
Virtual IP
Virtual IP enables each user instance of a legacy application to be bound to a
unique IP address for identification purposes, allowing many legacy client server
designed applications to run correctly in a multi-user environment.
User Experience Enhancements
Management of the virtual workspace goes a long way in simplifying an
administrator’s job, but the experience must meet the demands of the end user.
Quest vWorkspace provides many extensions to Microsoft’s Remote Desktop
Protocol. Some of the user experience enhancements are:
•
Seamless Windows — Individual published applications running
inside the server hosted desktop appear on the user's screen as if
they are running locally.
•
Session Sharing — Applications published from the same managed
computer group all share the same desktop.
•
Multimonitor Support — Support for multiple monitors with
different resolutions while connected to the virtual worksapce. When
used in conjunction with seamless windows, desktop based
application windows can be moved to, resized, and maximized on any
monitor.
13
•
Kerberos-based Credentials Pass-Through — User’s locally
cached domain credentials or Kerberos ticket is re-used for
vWorkspace authentication. This feature is useful when end user
devices, such as thin clients running Windows Embedded Standard 7
or a Windows PCs, are joined to a Windows domain. This feature also
works with smart cards and other Windows compatible
authenticators.
Kerberos pass through authentication is supported for Microsoft Server 2008
and Microsoft Vista hosts. Microsoft Vista does not support Kerberos pass
through authentication with UAC enabled, so if UAC is enabled on Microsoft
Vista, CredSPP authentication support is used. CredSPP authentication is only
used when supported by both the VM server and client. Supported clients are
Microsoft Windows XP SP3, Microsoft Vista, or Microsoft Server 2008.
Supported servers are Microsoft Vista or Microsoft Server 2008.
14
•
AppPortal (Desktop-Integrated) — A GUI-less operational mode
in which the vWorkspace Connector runs in the system tray. Published
desktops and applications are propagated to the user’s local Desktop
and Start Menu.
•
RDP-over-SSL connectivity — Enables users to access their
published desktops and applications using the Secure Sockets Layer
(SSL) protocol.
•
Universal Printer Driver — Eliminates the need to install vendor
specific print drivers into the desktops. Driverless printers are
autocreated inside each desktop using a single EMF-based universal
print driver, regardless of printer make and model.
•
Password Reset Service — Allows users to reset their expired
Windows domain passwords prior to connecting to the virtual
workspace.
•
Experience Optimized Protocol (EOP) — Addresses the user
experience challenges of presenting applications and desktops via a
remote display protocol by providing seamless, reliable,
high-performance enhancements to Microsoft’s Remote Desktop
Protocol. These enhancements ensure that your VDI and RD Session
Host deployment can deliver on the promise of desktop virtualization
and a true local-desktop experience.
•
Virtual USB Hub — Enables the use of virtually any USB connected
device (PDAs, local printers, scanners, cameras, headsets) to be used
in conjunction with VDI.
•
Bidirectional Audio — Allows users to redirect their microphone
devices to Remote Desktop Session Host sessions.
Experience Optimization Protocol
Experience Optimization Protocol
The Experience Optimized Protocol (EOP) components address the user
experience challenges of presenting applications and desktops via a remote
display protocol by providing seamless, reliable, high-performance
enhancements to Microsoft’s Remote Desktop Protocol. These enhancements
ensure that your VDI and RD Session Host deployment can deliver on the
promise of desktop virtualization and a true local-desktop experience.
The following features are available through the Experience Optimized Protocol:
•
EOP Xtream — Accelerates RDP and EOP traffic on wide area
networks (WANs). This provides for an improved user experience by
providing faster RDP screen responses and improved performance of
all EOP features.
•
EOP MultiMon — Enables support for multiple monitors and is
monitor aware.
•
EOP Audio (Bidirectional Audio) — Enables support for
applications that require the use of a microphone, such as dictation,
collaboration, and certain VOIP applications such as Office
Communicator.
•
EOP Text Echo — Enhances the user experience when typing, if
users are connecting over a high latency network connection. A client
Control Panel applet is used to adjust settings of this feature.
•
EOP Multimedia Acceleration (Media Player Redirection) —
Enables the redirection of Flash content and Microsoft DirectShow
content (anything that can be played in Microsoft Windows Media
Player) from the VDI or Windows RDSH Session through an RDP
Virtual Channel to the client access device, where it is played using
the local compression/decompression technology (CODEC).
•
EOP Graphics Acceleration — Reduces bandwidth consumption and
dramatically improves the user experience, making RDP usable over
WAN connections.
These features can be assigned to Users, Groups, OU, Client IP, Client Device
Name or Advanced boolean targets.
Experience Optimization Protocol is discussed in more detail in the EOP
(Experience Optimization Protocol) section of the Managing the User
Experience chapter.
15
vWorkspace Connectors
The Quest vWorkspace Connectors are client access device software that support
the management and user experience extensions provided by vWorkspace. A
Connector enables the delivery of a virtual workspace to remote workers;
allowing the centralization of desktop management, increase in security and
decrease of cost. Quest vWorkspace provides connectors for the following client
platforms: Windows, Macintosh, Linux, Ipad and the Android OS. Quest
vWorkspace also provides a platform independent java connector.
The vWorkspace Connector supports two interfaces for defining connections to,
and accessing, the virtual workspace: the Connector’s native shell and Web
Access. The interactive native shell allows users, upon successful authentication,
to receive a list of authorized desktops and applications. Users can subsequently
start remote connections to published desktops and applications by selecting the
corresponding shortcuts.
The Windows Connector’s native shell is called AppPortal and can be started in
Desktop-Integrated mode where the default native shell is suppressed and an
icon appears in the Windows system tray. Application icon shortcuts are placed
on the user’s Desktop, Start Menu, or All Programs menu, depending on
preferences.
vWorkspace Web Access allows users to retrieve their list of allowed
applications or desktops using a web browser. A Web Access web server must
be available to use this interface.
16
AppPortal View
Web Access View
17
18
2
Installation of vWorkspace
• Overview
• TCP Port Requirements
• Install using the Simple Method
• Install Using the Advanced Method
• Licensing
• Installing Web Access
• Install the Reporting and Logging Role
• Scripted Installation
• Upgrade vWorkspace
Overview
The prime installable components of vWorkspace are called roles. Each role is
listed below:
•
Connection Broker role
•
Management Console role
•
Web Access role
•
Terminal Server / RD Session Host role
•
User Profile Management Storage role
•
Secure Gateway role
•
Universal Print Server role
•
Remote Site Relay role
•
Password Reset role
•
Proxy-IT role
•
Reporting & Logging role
There are two types of installations, a Simple installation and an Advanced
installation. Simple installation will install a preset list of roles while Advanced
installation provides a choice of roles to install.
A Simple installation provides administrators with an easy installation process
that installs the components that are most used in creating and managing a
vWorkspace farm. A Simple installation will install the following vWorkspace
roles:
•
Connection Broker role
•
Management Console role
•
Web Access role
•
User Profile Management Storage Server role
The Simple type of installation is designed to be used for testing or Proof of
Concept (POC) installations, and not for production environments.
20
When using a Simple type of vWorkspace install, Microsoft SQL Server Express
2008 is automatically installed with the following set values:
MANAGEMENT DATABASE
CONFIGURATION FIELD
VALUE
SQL Server Name
<computername>\vWorkspace
Note: <computername> is the computer that
vWorkspace is being installed on.
SA User Name
sa
SA Password
Password1
Database Name
vWorkspace_Database
vWorkspace Login Name
pnadmin
vWorkspace Login Password
Password1
vWorkspace installer adds a default Web Access Management Console link and
Web Access user links in the Start | All Programs | Quest Software |
vWorkspace folder and desktop shortcuts.
A default Web Access configuration is completed during the Simple type of
vWorkspace installation, allowing you to immediately start to use the Web
Access feature.
If you install using the Simple type of installation, port 5206 is used for the User
State Management Storage Service and the User Profile Management Storage
Role is fully configured, including a silo.
The Advanced installation provides administrators with the ability to specify the
vWorkspace components that are to be installed. This type of installation is
recommended for production environments.
21
The Advanced installation type should be used when installing vWorkspace on a
Remote Desktop Session Host, by selection of the Terminal Server\ RD Session
Host Role. Administrators also have the ability to select the type of Management
Database setup, such as connect to an existing database or create a new
database on an existing SQL server.
TCP Port Requirements
The TCP/IP port number requirements for vWorkspace services are listed below:
•
Data Collector Service — It listens for Connection Broker service
connections on 5203.
This is a Windows service that runs inside each managed computer or
vWorkspace enabled Remote Desktop Session Host, and
communicates back and forth with the Connection Broker. When
PNTools is installed onto a desktop, a Windows Firewall port exception
rule is automatically added to allow incoming connections on this port.
22
•
Connection Broker — It listens for Data Collector service
connections on 5201. It also listens for incoming client connection
requests on a configurable port, using 8080 as the default.
Optionally, the Connection Broker can be configured to require SSL
encryption using 443 as the default.
This service communicates with the Data Collector running inside
each managed computer or vWorkspace enabled Remote Desktop
Session Host.
•
Password Management Service — This service accepts SSL
protected client password reset requests on a configurable port, using
443 as the default.
•
Web Access — vWorkspace Web Access, being a web service, uses
HTTP and HTTPS application protocols. Although the default port
numbers are 80 and 443 respectively, any ports can be used.
•
Secure Gateway — The Quest vWorkspace Secure Gateway
(Secure-IT) acts as an SSL proxy for Connection Broker, Web Access,
and RDP communications, and by default listens on 443.
•
RDP — RDP listens on 3389 by default.
Microsoft RDP (Remote Desktop Protocol) is used for connections
from vWorkspace connector to Remote Desktop Session Host or a
managed computer.
•
Universal Printer Service — This service listens on port 5204 on
UP Printer Servers only.
•
Registry Service — This service listens for registry messages on port
5205 on Remote Desktop Session Host and broker computers.
•
User Profile Management Storage — This service listens on port
5206.
Install using the Simple Method
Use the following steps to complete a Simple type installation of vWorkspace.
The following steps show an installation completed on a Microsoft Windows
Server 2008 R2 computer. The steps may differ slightly if installing on a
Microsoft Windows Server 2003 computer.
1.
Download the appropriate version of the vWorkspace installation.
2.
Run start.exe on the target computer.
23
3.
Click Install on the vWorkspace window.
Use the other buttons to review vWorkspace documentation, the
License agreement, or browse the installation CD.
4.
License Agreement
Use this option to review the
contents of the license
agreement.
Install
Use this option to initiate the
installation process.
Browse CD
Use this option to browse the
contents.
Exit
Use this option to exit the install.
A message displays indicating that any prerequisites (Windows
Installer 4.5 or Microsoft .NET Framework) will be installed. Click
Install to start the process.
During the installation process, the computer may need to be
restarted. Use the same credentials to log on to the computer after
the reboot. The installation process resumes upon logon.
24
5.
Click Next on the Welcome window for the vWorkspace installer.
6.
Select the accept the License agreement option, and then click Next.
7.
Enter the appropriate information on the Customer Information
window, and then click Next.
8.
Select Simple on the Setup Type window, and then click Next.
9.
Click Yes on the information window to continue the simple install.
10. Click Install on the Ready to Install the Program window.
The vWorkspace components are installed in addition to Microsoft SQL
Server Express 2008, which may take several minutes. The Microsoft
SQL Server 2008 setup windows are displayed during the installation.
11. Click Finish on the InstallShield Wizard Completed window.
12. Click Yes to restart the computer, if necessary.
Install Using the Advanced Method
Use the following steps to complete an Advanced type installation of
vWorkspace. The following steps show an installation completed on a Microsoft
Windows Server 2008 R2 computer. The steps may differ slightly if installing on
a Microsoft Windows Server 2003 computer.
1.
Download the appropriate version of the vWorkspace installation.
2.
Run start.exe on the target computer.
3.
Click Install on the vWorkspace window.
Use the other buttons to review vWorkspace documentation, the
License agreement, or browse the installation CD.
25
4.
License Agreement
Use this option to review the
contents of the license
agreement.
Install
Use this option to initiate the
Browse CD
Use this option to browse the
contents.
Exit
Use this option to exit the install.
A message displays indicating any prerequisites (Windows Installer
4.5 or Microsoft .NET Framework) that need to be installed. Click
Install to start the process.
During the installation process, the computer may need to be
restarted. Use the same credentials to log on to the computer after
the reboot. The installation process resumes upon logon.
26
5.
Click Next on the Welcome window for the vWorkspace installer.
6.
Select the accept the License agreement option, and then click Next.
7.
8.
Select Advanced on the Setup Type window, and then click Next.
9.
Select the options that are to be installed on this computer. If you
want to change the default installation folder location, click Change
and complete the information on the Change Current Destination
Folder.
By default, no roles are selected on the Custom Setup window.
See vWorkspace Components for more information about the
vWorkspace roles.
10. Select one of the following options on the Management Database
Setup window, and then click Next.
If you are installing just the Secure Gateway Role or the Web Access
Role, the Management Database Setup, Password Management,
Proxy-IT and Remote Site Relay windows are not displayed.
•
Connect to an existing database — Select this option to
connect this computer to an existing management database. See
step 11 to continue the install.
•
Create a new database on an existing SQL Server — Select
this option to create a new management database on an existing
SQL server. See step 12 to continue the install.
27
•
Install SQL Server Express Edition on this computer and
create a new database — Select this option to install SQL
Server Express and create a new management database. See
step 13 to continue the install.
•
Do nothing at this time — Select this option to skip the
configuration during the install, and manually configure the
management database.
See the Database Configuration section in the vWorkspace
Management Console chapter for more information on how to
configure the database from the vWorkspace Management Console.
28
11. If you selected Connect to an existing database, complete the
necessary information on the Management Database Configuration
12. If you selected Create a new database on an existing SQL
Server, complete the necessary information on the Management
Database Configuration window, and then click Next.
29
13. If you selected Install SQL Server Express Edition on this
computer and create a new database, complete the necessary
information on the Management Database configuration window, and
then click Next.
The SA password and vWorkspace login password need to meet
password complexity policies. If they do not contain at least eight
characters, with at least one nonalphanumeric or numeric character,
a vWorkspace message is presented indicating that your password
has not met the requirements.
The SQL Server Name and SQL User Name are grayed out and the
information in these fields are not able to be changed.
14. The vWorkspace installer installs the features that were selected. If
you chose to install Microsoft SQL Server Express, that is installed at
this time as well.
The installation of Microsoft SQL Server Express 2008 occurs now,
which may take several minutes.
15. Click Finish on the InstallShield Wizard Completed window.
16. Click Yes to restart the computer, if necessary.
30
Licensing
You may encounter the vWorkspace Licensing window when you launch the
vWorkspace Management Console for the first time. The Licensing window
appears if there are no references to licenses in the vWorkspace database. If
your vWorkspace database has references to licenses, you can manage your
licenses from the vWorkspace Management Console. See Licensing in the
vWorkspace Management Console for more information.
The following describes the process for completing the Licensing window. The
process is the same for both a Simple or Advanced vWorkspace installation.
1.
After the restart following the vWorkspace installation, open the
vWorkspace Management Console from the shortcut.
31
2.
Click OK on the message window, then select the Licensing option
from the left pane of the Licensing window.
3.
If you are using licenses generated from Quest in the form of ASC
files, do the following:
a) Open the Current Licenses tab, and click Add License.
b) Browse to the location of your Quest Licenses ASC file.
c) Select the file and click Open.
d) Click OK on the message window stating the license has been
added.
4.
If you are using licenses that have already been generated from the
vWorkspace web site that need to be added (licenses can no longer
be obtained this way), do the following:
a) Select the Other Licenses tab on the Licenses window.
b) Click Add License.
c) Enter your license information and click OK.
5.
32
Click Close, and the vWorkspace Management Console opens.
Installation Reference
If the option Connect to an Existing database is selected when installing a
vWorkspace role the administrator may be queried whether to Keep the
existing database configuration or Configure a new database
connection.
If the option Keep the existing database configuration is selected, and the
database version is older than the version being installed, the administrator will
be prompted to approve the upgrade of the database.
OPTION
DESCRIPTION
Keep the existing database
configuration.
This option is selected if you want to keep your
existing database configuration, as displayed in
the fields of Data Source Name, Database
Version, SQL Server Name, and Database
Name, on this window.
33
OPTION
DESCRIPTION
Configure a new database
connection.
This option is used if you want to configure a new
database connection.
The Management Database Setup window is
presented after this option is selected. You then
can select from the following options on that
window:
• Connect to an existing database.
• Create a new database on an existing
SQL Server.
• Install SQL Server Express Edition on
this computer and create a new
database.
• Do nothing at this time.
Installing Web Access
The vWorkspace installer must be run on a Windows server. When installing the
Web Access Role the Microsoft IIS role is installed, if it is not already.
It is recommended that you use the Secure Gateway in conjunction with
Web Access to protect sensitive data, such as passwords.
The following is a list of requirements for vWorkspace Web Access. Web Access
can be placed in the DMZ or a secured subnet.
Hardware
• Server class hardware that meets
the minimum requirements of the
selected operating system.
• One or more 100 Mbps or 1000
Mbps Ethernet adapters.
• Implemented as a virtual machine
is an option.
34
Optional
• Microsoft Network Load Balancing
• Third-party load balancing
appliance
• X.509 server certificate (if the Web
site requires SSL encryption)
• X.509 trusted root certificate (if
used with vWorkspace SSL
Gateway)
In Web Access, if you are using Microsoft Vista and Internet Explorer 7+ and
in the unique instance that the certificate revocation list is unavailable to the
user, you may need to unselect the Internet Explorer option, Check for
server certificate revocation. This option can be found at the following
path: Internet Explorer| Tools | Internet Options | Advanced.
It is important to note that this may not be a secure situation, because the
Certificate Revocation List is updated regularly to account for the possibility
that a certificate that has not yet expired may no longer be secure for a
variety of reasons. This will not stop your session from being secured by the
certificate, it just keeps the browser from returning an error when it does not
find a Certificate Revocation List.
To remedy this situation, please consult your server's documentation on how
to publish a Certificate Revocation List.
Upgrading Web Access
vWorkspace Web Access 7.5 has been re-architected to provide improved
performance, scalability, and maintainability. The new architecture allows for
easier deployment on multiple instances of Web Access without the need to
reconfigure each one individually. As a result of the redesign, Web Access sites
from previous versions to 7.5 cannot be upgraded to 7.5. Therefore, you need
to manually document your settings, and then reconfigure Web Access 7.5 in the
vWorkspace Management Console.
Install the Reporting and Logging
Role
The Reporting and Logging Role enables you to generate detailed reports on
both the real-time and historical state of your desktops, servers, and application
permissions, as well as actions performed by administrators within the
35
How to ...
Install vWorkspace Reporting
vWorkspace Reporting is not installed as part of the standard install and has to
be enabled separately. The reporting database has to be on the same SQL Server
as the vWorkspace database.
1.
36
Open the vWorkspace Management Console and go to File |
Database Configuration.
2.
Click Database Configuration on the Configure vWorkspace
Database window.
3.
The Database Configuration wizard appears. Select Enable
vWorkspace Reporting on the Action window.
37
4.
Enter a name for the new reporting database, and then click Next.
The reporting database has to be on the same SQL Server as the
vWorkspace database.
5.
Do the following on the Credentials window:
a) Enter the log in name and password of an existing SQL Admin.
These are needed to install the reporting capability.
b) Enter a log in name and password for a read-only user in the
Report viewer login section. This user will have read-only access
to both the reporting database and the vWorkspace database.
Quest recommends using a read-only user to run reports, to assist in
preventing accidental deletions or alterations the database.
Quest recommends using this read-only user in the Sample Report
Viewer, which is a bundled utility for executing the built-in reports and
displaying their results. For more information on the Sample Report
View, see Sample Report Viewer.
38
c) Click Finish.
6.
Click Yes, and then click Finish on the Credentials window to
complete the process.
39
Disable vWorkspace Reporting
Disabling the vWorkspace reporting does the following:
•
Keeps your current historical data, but no more data will be added.
•
Continues to allow you to run real time reports that will correctly show
the current state of the system.
Complete the following steps to disable the vWorkspace Reporting role.
40
1.
Open the vWorkspace Management Console and go to
File | Database Configuration.
2.
Database window.
3.
Select Disable vWorkspace Reporting on the Action window.
4.
Click Finish.
Scripted Installation
vWorkspace supports scripted installs. Setup.exe can be executed with switches
that provide answers to the dialogue prompts of a vWorkspace install. The
section below outlines the commands and switches used to perform a scripted
(silent) install.
setup.exe /s /v”/qn ADDLOCAL=<Role Codes> <Database Options>”
Role Codes
Core
Must always be specified
CB
Connection Broker Role1,2
MC
Management Console Role1
WA
Web Access Role
TS
Terminal Server\ RD Session Host Role1,2
UPS
User Profile Management Storage Role1,2
SG
Secure Gateway Role
PRT
Universal Print Server Role1,2
RSR
Remote Site Relay Role
PR
Password Reset Role
PI
Proxy-IT Role
RL
Reporting and Logging Role
1
requires Database Options (see below)
2
this role requires the MC role to additionally be installed.
To specify more than one role code, delimit role codes with commas without
spaces. For instance, to specify the connection broker and management
console roles, use the syntax below:
ADDLOCAL=Core,CB,MC
41
Database Options
Specifies how to setup the database connection
DBOPTION
1=Connect to existing SQL Server
2=Create new DB on existing SQL Server
DATASOURCENAME
ODBC data source name (DSN name)
SQLSERVERNAME
SQL Server name
DATABASENAME
vWorkspace_Database
SQLLOGINACCOUNT
vWorkspace administrator name (pnadmin
account)
SQLLOGINPASSWORD
vWorkspace administrator password
SAUSERNAME
sa *
SAPASSWORD
SA Password *
*
only required for DBOPTION=2
Any values specified that contain spaces must be surrounded by \”
characters. For instance, to set the DATABASENAME options to vWorkspace
Database, use the syntax:
DATASOURCENAME=\"vWorkspace Database\"
Additional switches
REBOOT=\"ReallySuppress\"
When a vWorkspace install is started, certain software prerequisites must be
met. If they are not met, the requisite software will be installed. They are listed
below:
•
Microsoft .NET Framework 3.5 SP1
•
Microsoft Windows Installer 4.5
•
J2SE Runtime Environment 5.0 Update 11
•
Microsoft ASP .NET 2.0 AJAX Extensions 1.0
•
•
42
Only when CB role is selected
Only when WA role is selected
Examples
To install the Web Access role only:
setup.exe /s /v"/qn ADDLOCAL=Core,WA"
To install the Management Console and Terminal Server\ RD Session
Host roles, and connect to an existing database:
setup.exe /s /v"/qn ADDLOCAL=Core,CB,MC DBOPTION=1
SQLSERVERNAME=\"SQLSERVER01\"
DATASOURCENAME=\"vWorkspace Database\"
DATABASENAME=\"vWorkspace_Database\"
SQLLOGINACCOUNT=\"pnadmin\"
SQLLOGINPASSWORD=\"Password1\""
To install the Management Console and Broker roles, and create a new
database:
setup.exe /s /v"/qn ADDLOCAL=Core,CB,MC DBOPTION=2
SQLSERVERNAME=\"<servername\instancename"
DATASOURCENAME=\"vWorkspace Database\" SAUSERNAME=\"sa\"
SAPASSWORD=\"Password1\"
DATABASENAME=\"vWorkspace_Database\"
SQLLOGINACCOUNT=\"pnadmin\"
SQLLOGINPASSWORD=\"Password1\""
43
To enable users to connect to managed applications and desktops in a
vWorkspace infrastructure, a vWorkspace Connector must be installed onto their
client device.
The following is a list of available packages:
VASCLIENT32 — These packages include AppPortal and Web Access.
•
VASCLIENT32.EXE — MSI-based installation with EXE bootstrapper.
The MSI Engine (2.0 or higher) must already be installed onto the
target client workstations.
•
VASCLIENT32.MSI — MSI-based installation without EXE
bootstrapper. The MSI Engine (2.0 or higher) must already be
installed onto the target client workstations.
•
VASCLIENT32.CAB — CAB-based installation for automatic
deployment via the Web Access.
VASCLIENT32T — Web Access access only; these packages do not include the
AppPortal GUI.
•
VASCLIENT32T.EXE — MSI-based installation with EXE
•
VASCLIENT32T.MSI — MSI-based installation without EXE
•
VASCLIENT32T.CAB — CAB-based installation for automatic
deployment via the Web Access.
VASCLIENT32TS — These packages are for automated, silent installations of
the Windows client using Group Policy where a minimal set of functionality is
required.
44
•
VASCLIENT32TS.cab — CAB installation for automatic deployment
through Web Access, as a silent installation. The files are located at
C:\Inetpub\wwwroot\Provision\web-it\clients.
•
VASCLIENT32TS.MSI — MSI-based installation for automatic
deployment through Web Access, as a silent installation.
How to ...
Install the vWorkspace Connector
1.
Download the appropriate package.
2.
Execute the connector file.
3.
Click Next at the Welcome window of the vWorkspace Connector
InstallShield wizard.
4.
Accept the terms of the License Agreement, and then click Next.
5.
window, and select one of the options to whom this client package is
to be installed. Click Next.
6.
Click Next on the Destination Folder window to accept the default
location, or click Change to change the location.
7.
Select the option Enable Credentials Pass-Through, as
appropriate, and then click Next.
This option should only be selected if the client computer is joined to
the domain and you want to reuse the user domain credentials on the
client computer to authenticate with the vWorkspace-enabled
desktop infrastructure without having to retype them every time.
This option is only for computers that do not support Kerberos.
This is an optional step.
8.
Select the desired shortcuts on the Shortcut Options window, and
then click Next.
This window is only available if you are installing a client option that
includes AppPortal.
9.
Click Install to begin the installation, on the Ready to Install the
Program window.
10. Click Finish when the InstallShield wizard has completed.
You may be prompted to restart your system after the installation of
the vWorkspace connector has completed.
vWorkspace RD Connection Broker
Support
The vWorkspace RD Connection Broker Support software needs to be installed
on your Microsoft Windows Server 2008 R2 server. The software detects if the
appropriate roles have been installed, and if not, installs the appropriate roles.
There are two RD Broker Support files, an EXE and MSI file.
45
You do not need to install any of the role services onto this server, as the Quest
vWorkspace Extensions for the RD Connection Broker installs all of the necessary
roles of Remote Desktop Session Host in VM redirector mode, Remote Desktop
Connection Broker, and the Remote Desktop Web.
If you choose to install the Remote Desktop Session Host (in VM Redirector
mode), Remote Desktop Connection Broker, and the Remote Desktop Web
Access on separate Microsoft Windows Server 2008 R2 servers, you must
refer to Microsoft documentation best practices on how to install and
configure these components.
Prior to installing the Quest vWorkspace Extensions for the RD Connection
Broker on the Remote Desktop Connection Broker, we require that the
Remote Desktop Services environment be fully functional and that virtual
desktops can be successfully launched from Remote Desktop Web Access.
Instructions on Remote Desktop Services in Windows Server 2008 R2,
specifically the sections detailing Deploying Virtual Desktop Pools by using
Remote Desktop Web Access Step-by-Step Guide and Deploying Virtual Desktop
Pools by Using RemoteApp and Desktop Connection Step-by-Step Guide can be
found at the following:
http://technet.microsoft.com/en-us/library/dd647502(WS.10).aspx
Install RD Broker Support
The following details two installation scenarios; the first one an installation
where there are no role services installed, and the second one an installation
where the RD Connection Broker, RD Session Host in VM Redirector mode, and
an associated RD Web Server role services are configured.
•
vWorkspace Extensions Without Role Services Installed
•
vWorkspace Extensions with Role Services Installed
vWorkspace Extensions Without Role Services Installed
The following steps detail an installation on a Microsoft Windows Server 2008 R2
computer that does not have any of the role services installed.
1.
46
Download the EXE or MSI file from the MS_CONNECTIONBROKER
folder from vWorkspace (64-bit Edition).
2.
Double-click on the file.
3.
Click Yes on the allow the program to make changes to the
computer window.
4.
Click Next on the vWorkspace Extensions for the RD Connection
Broker Welcome window.
5.
Click Accept on the License Agreement window, and then click
Next.
47
6.
Select Yes on the Configure Computer For Desktop Brokering
By choosing Yes, the listed roles are installed onto the computer.
7.
The installation may take a few minutes to complete.
8.
Click Finish on the InstallShield Wizard Completed window.
You must restart the computer. Click Yes to restart it now, or No to
restart it later.
vWorkspace Extensions with Role Services Installed
The following steps detail an installation on a Microsoft Windows Server 2008 R2
computer installed as an RD Connection Broker configured to use an RD Session
Host in VM Redirector mode, and an associated RD Web Server configured to use
the RD Connection Broker.
48
1.
Download the EXE or MSI file from the MS_CONNECTIONBROKER
folder from vWorkspace (64-bit Edition).
2.
Double-click on the file.
3.
Click Yes on the allow the program to make changes to the
computer window.
4.
Click Next on the vWorkspace Extensions for the RD Connection
Broker Welcome window.
5.
Click Accept on the License Agreement window, and then click
Next.
49
6.
The installer inspects your system configuration, and then installs the
vWorkspace Extensions for the RD Connection Broker.
7.
Click Finish on the InstallShield Wizard Completed window.
You must restart the computer. Click Yes to restart it now, or No to
restart it later.
Add an RD Connection Broker to
vWorkspace
Use the following steps to add a Microsoft RD Connection Broker to the
50
1.
Open the vWorkspace Management Console, and expand the
Locations node.
2.
Expand the required location.
3.
Right-click on Connection Brokers and select New Connection
Broker.
4.
Click Next on the Welcome window of the Server wizard.
5.
Enter the server name (NetBIOS), and then click Next. Use the
ellipsis to browse for the server.
The text box is limited to 15 characters, the maximum allowed in
NetBIOS naming conventions.
51
6.
52
Select Microsoft Remote Desktop Connection Broker (RD
Broker), and click Next.
7.
Enter the credentials, on the Administrative Account window, for a
user account that has administrative privileges, and then click Next.
This step is mandatory. Use the ellipsis, if necessary, to find the
appropriate user account.
The check mark by the Password field can be used to verify the user
name and password entered.
8.
Click Next on the Logging window without selecting any options.
Typically, logging is only used as assisted by the Quest Support
Services Department.
9.
Click Finish on the Permissions window.
AppPortal
You can use the vWorkspace AppPortal to specify Microsoft RD Connection
Broker properties. Use the following steps to create a new RD Connection Broker
Farm Connection.
Create a New RD Connection Broker Farm Connection
1.
Start AppPortal from the desktop or select Start | Programs |
Quest Software| vWorkspace | vWorkspace Client| AppPortal.
53
2.
Select Actions | Manage Connections. The Farm Connections
wizard opens.
3.
Click Create a new farm, and then click Next.
4.
Select Allow me to manually specify all configuration
parameters on the Configuration Source window, and then click
Next.
5.
Select Microsoft Remote Desktop Connection Broker as the
Farm Type, and then click Next.
6.
Enter the location and server information on the Connectivity
7.
Select the appropriate connection settings on the RD Gateway
RD GATEWAY SETTINGS
FIELD
DESCRIPTION
CONNECTION SETTINGS
These settings are used to specify secure network communications.
54
RD GATEWAY SETTINGS
FIELD
DESCRIPTION
Automatically detect RD
Gateway server settings
Select if you want the RD Gateway server settings
automatically detected.
Use these RD Gateway server
settings
Select if you want to use the entered Server
name and Logon method as the RD Gateway
server settings.
Do not use an RD Gateway
server
Select if you do not want to use an RD Gateway
server.
8.
Specify the credentials for connection to this farm, and then click
Next.
9.
Select the appropriate options on the Display window, and then click
Next.
10. Specify remote audio, keyboard, and local devices on the Local
Resources window, and then click Next.
11. Specify use experience options, and then click Next.
55
12. Enter password management server information, as appropriate, and
then click Next.
13. Select any desktop integrated mode options, as appropriate, and
then click Next.
Specify any applications that are to be automatically launched, and then click
Finish.
Quest vWorkspace Connector
Silent Installation
This document describes the unattended setup (silent) procedures for each of
the following connector packages.
•
VASCLIENT32
•
VASCLIENT32T
See vWorkspace Connector for Windows Packages for more information.
VASCLIENT32
As an InstallShield package, vasclient.exe can accept a number of command line
arguments. Command line options that require a parameter must be specified
with no spaces between the option and its parameter.
If you run a normal installation using vasclient32.exe, InstallShield extracts and
then executes the included vasclient32.msi package. The file, msiexec.exe,
begins the installation and queries the user four times.
The user is asked whether to install For All Users or Just Myself, to Enable Single
Sign-On or not, to To Launch in Desktop Integrated Mode or not, and to Place a
shortcut on the Desktop or not.
These four user dialogs are represented by MSIEXEC switches of:
56
•
ALLUSERS=\"1\" or ALLUSERS=\"\"
•
ENABLESSO=\"1\" or ENABLESSO=\"\"
•
STARTUPSHORTCUT=\"1\" or STARTUPSHORTCUT=\"\"
•
DESKTOPSHORTCUT=\"1\" or DESKTOPSHORTCUT=\"\"
•
\"1\" is Yes.
•
\"\" is No (Null).
The InstallShield switch to pass parameters to msiexec is the /v switch. There
can be no spaces between the /v switch and its parameters so that the command
will look initially like this following.
vasclient32.exe/v"<options>"
The <options> are the msiexec parameters. For msiexec, the /q option is used
to set the user interface level along with any of the following flags.
MSIEXEC SILENT OR NEAR SILENT SWITCHES
/q
No user interface.
/qn
No user interface.
/qn+
No user interface.
/qb
Basic user interface.
/qb+
A dialog box is displayed at the end of
the installation. If you cancel the
installation, a dialog box is not
displayed.
/qb-
No dialog boxes are displayed.
/qr
Reduced user interface.
A dialog box is displayed a the end of
the installation.
If you want to hide the initial vWorkspace splash screen, add the /s option and
the installation displays only the installation progress bar dialog.
To silently install the vasclient32.exe, issue the setup instruction:
vasclient32.exe/s/v"/qn ENABLESSO=\"\" ALLUSERS=\"1\"
The /s suppresses the splash screen. The /v passes everything within the quotes
to msiexec. The msiexec /qn switch provides a no dialog, silent install.
If you want just the progress dialogs shown for user feedback so that they know
something is happening, then issue the following command.
vasclient32.exe/s/v"/qr ENABLESSO=\"\"ALLUSERS=\"1\"
The /s suppresses the splash screen, the /v passes everything within the quotes
to msiexec. The/qr switch shows a reduced user interface with only the progress
bar dialog.
57
VASCLIENT32T
As an InstallShield package, vasclient.exe can accept a number of command line
arguments. Command line options that require a parameter must be specified
with no space between the option and its parameter.
If you run a normal installation using vasclient32t.exe, InstallShield extracts and
then executes the included vasclient32t.msi package. The msiexec.exe begins
the installation, and queries the user two times.
The user is asked whether to install For All Users or Just Myself and to Enable
Single Sign-On or not. The web client does not use the Desktop Integrated
mode, so there is not a query for the placement of a shortcut on the desktop.
The two user dialogs which are represented by MSIEXEC switches are:
•
ALLUSERS=\"1\" or ALLUSERS=\"\"
•
ENABLESSO=\"1\" or ENABLESSO=\"\"
•
\"1\" is Yes.
•
\"\" is No (Null).
The InstallShield switch to pass parameters to msiexec is the /v switch. There
can be no spaces between the /v switch and its parameters so that the command
will look like the following.
vasclient32.exe/v"<options>"
The <options> are our msiexec parameters. For msiexec, the /q option is used
to set the user interface level along with the following flags.
To silently install the vasclient32t.exe, one would issue the following setup
instruction.
vasclient32t.exe/s/v"/qn ENABLESSO=\"\"ALLUSERS=\"1\""
If you want just the progress dialogs shown for user feedback so that they know
something is happening, then issue the following command.
vasclient32t.exe/s/v"qr ENABLESSO=\"\" ALLUSERS=\"1\""
58
Upgrade vWorkspace
The following outlines recommended procedures for upgrading your vWorkspace
environment.
While these procedures are our recommendation, it is your responsibility to have
a current backup of configuration components, such as the database, and a plan
to minimise the impact of the upgrade on your environment.
Recommendations:
• Backup your SQL database for vWorkspace before starting the upgrade
process.
• Install in a test environment where there are no production impacts.
It is important that you complete the steps in the presented order; completing
all the activities before moving to the next step. However, some of the upgrade
steps may not be applicable to your environment, and if so, you may skip over
them.
1.
Upgrade the Connection Brokers
2.
Upgrade the Terminal Servers/ RD Session Hosts
3.
Upgrade the User Profiles Management Storage Role
4.
Upgrade the Universal Print Server Role
5.
Upgrade the Secure Gateway Role
6.
Upgrade the Web Access Role
7.
Upgrade the Password Reset Role
8.
Upgrade the Broker Helper Service
9.
Upgrade PNTools on VDI Computers
10. Upgrade the vWorkspace Connector for Windows
11. Update the vWorkspace Connector for Web Access
reconfigure each one individually. As a result of the redesign, Web Access
sites from previous versions to 7.5 cannot be upgraded to 7.5. Therefore,
you need to manually document your settings, and then reconfigure Web
Access 7.5 in the vWorkspace Management Console.
59
Upgrade the Connection Brokers
Prior to starting this upgrade, ensure that database caching is not enabled. Open
the vWorkspace Management Console, right-click on the top node (Farm name),
and select Farm Properties. Select Database Cache and make sure the
Create local host cache on all servers setting is unselected. Click OK to save
the change.
1.
From the downloaded vWorkspace file, click on start.exe to start the
installer program.
2.
Click Install on the vWorkspace home window to start the
3.
Accept the License agreement, and then click Next.
4.
Click Upgrade on the Previous Version Detected window.
5.
Click Yes to restart your computer.
6.
Click Next on the Welcome window.
7.
Accept the License agreement, and then click Next.
8.
9.
Select Connection Broker Role from the list of available features
on the Custom Setup window and click Next.
10. Click Install to continue the installation process.
60
11. Select Keep the existing database configuration from the
options on the Current Database Configuration window, and then
click Next.
12. Click Next on the Database Schema Upgrade window.
13. Click Finish to complete the installation.
14. Complete the upgrade process on all of your Connection Brokers.
61
Upgrade the Terminal Servers/ RD Session Hosts
1.
From the downloaded vWorkspace file, click start.exe to start the
installer program.
2.
3.
Click to Accept the license agreement.
4.
Select Upgrade on the Previous Version Detected window.
5.
The upgrade process begins. Click Yes when asked to reboot the
server.
6.
After rebooting login to the server. The upgrade process
automatically continues.
7.
8.
9.
Click Next on the Customer Information window.
10. Review and click OK on the previous Terminal Servers features
window.
11. On the Custom Setup window select Terminal Server/RD Session
Host Role, and click Next.
click Next.
The upgrade process continues.
14. Click Finish to complete the installation, then click Yes to reboot.
15. Complete the upgrade process on all of your Terminal Servers/RD
Session Hosts.
Upgrade the User Profiles Management Storage Role
62
1.
installer program.
2.
3.
4.
5.
server.
6.
7.
8.
9.
10. On the Custom Setup window, select User Profile Management
Storage Role, and click Next.
click Next.
13. Click Install to begin the installation.
14. Click Finish.
This version of vWorkspace User Profile Storage Service uses TCP port 5206.
In versions of vWorkspace prior to 7.2, the User Profile Storage Service was
configured for TCP port 80. When upgrading to this version of vWorkspace
from a version prior to 7.2, TCP port 80 will continue to be used.
Upgrade the Universal Print Server Role
1.
installer program.
2.
3.
4.
5.
server.
6.
7.
8.
9.
10. On the Custom Setup window, select Universal Print Server Role,
and then click Next.
click Next.
13. Click Install to being the installation.
14. Click Finish.
Upgrade the Secure Gateway Role
1.
installer program.
2.
3.
63
4.
5.
server.
6.
7.
8.
9.
10. On the Custom Setup window, select Secure Gateway Role, and
then click Next.
12. Click Finish.
Upgrade the Web Access Role
1.
installer program.
2.
3.
4.
5.
server.
6.
7.
8.
9.
10. On the Custom Setup window, select Web Access Role, and then
click Next.
11. Click Next and complete the installation.
Upgrade the Password Reset Role
64
1.
installer program.
2.
3.
4.
5.
server.
6.
7.
8.
9.
10. On the Custom Setup window, select Password Reset Role, and
then click Next.
12. Click Finish.
Upgrade the Broker Helper Service
1.
From the downloaded vWorkspace file, open the Broker_Helper
folder.
2.
Select brokerhelper.exe to start the installation.
3.
Click Next on the welcome window of the Quest Broker Helper
Service.
4.
Click to accept the terms on the License agreement window, and
then click Next.
5.
Enter a User Name and Organization on the Customer Information
6.
Click Install to start the installation.
7.
Click Finish to complete the installation.
Upgrade PNTools on VDI Computers
1.
Open the vWorkspace Management Console.
2.
Expand Locations, and then the location of the specified desktop
group.
3.
Expand the Desktops node, and then highlight the computer group
where the computers are located.
4.
Select the Desktops tab in the right-pane.
5.
Highlight the computer or computers in which PNTools is to be
upgraded.
6.
Right-click on one of the highlighted computers, and then use the
following path:
PNTools & Other MSI Packages | PNTools | Install/Update
7.
Follow the instructions to complete the upgrade.
Upgrade the vWorkspace Connector for Windows
1.
From the downloaded vWorkspace package, open the Connectors
folder, and then open the Windows folder.
2.
Select the appropriate vasclient32 executable.
3.
65
4.
Accept the terms of the license agreement, and then click Next.
5.
window, and select one of the installation options. Click Next.
6.
Click Next to install to the listed folder, or click Change to change
the folder to which the AppPortal is installed.
7.
Click Install.
8.
Click Finish.
Update the vWorkspace Connector for Web Access
1.
66
From the downloaded vWorkspace package, open the
Connectors \ Windows folder.
2.
Select the vasclient32t executable.
3.
4.
Accept the terms of the license agreement, and then click Next.
5.
window, and select one of the installation options. Click Next.
6.
Click Next to install to the listed folder, or click Change to change
the folder to which the Connector for Web Access is installed.
7.
Select Enable Credentials Pass-Through, if appropriate, and then
click Next.
8.
Click Install.
9.
Click Finish.
3
vWorkspace Management
Console
• Overview
• vWorkspace Management Console Interface
• Quick Start Wizard
• vWorkspace Menu Options and Icons
• vWorkspace Object Nodes
• Locations
Overview
The vWorkspace Management Console provides management and
administrative functions to vWorkspace administrators. All database
management tasks are performed by the vWorkspace Management Console.
The vWorkspace Management Console can be installed and used on any number
of workstations or laptop computers for management purposes, as long as
connectivity to the vWorkspace database can be established. Remote Procedure
Call (RPC) connections to other vWorkspace servers at times may also be
required for full management functionality. Most functions performed by the
vWorkspace Management Console can be done from any computer, but Registry
tasks or applying virtual memory optimizations must be performed by the
vWorkspace Management Console from the console of the affected server.
Any hotfixes that affect the vWorkspace Management Console need to be applied
to all installed instances. Failure to do so can lead to unreliable results when
using the vWorkspace Management Console.
Multiple instances of the vWorkspace Management Console can be opened
simultaneously. Administrators need to be aware that their changes may
interfere with changes made by another administrator.
vWorkspace Management Console
Interface
The vWorkspace Management Console presents a graphical user interface that
includes a menu bar, toolbar, navigation pane, and an information pane.
68
Menu Bar
Navigation Pane
Information /Detail Pane
Toolbar
Object
Nodes
Status Bar
The vWorkspace infrastructure is displayed in a treeview format in the
Navigation pane. It includes the following nodes.
NODE
DESCRIPTION
Farm
This top node represents the entire vWorkspace
infrastructure. From this node you can:
• Assign a name to the farm.
• Enable database caching.
• Configure other settings such as Reset all
pop-up messages and Clear recent
items list.
Locations
This node is used to organize groups of users
based on geographical locations, within a
vWorkspace infrastructure.
69
NODE
DESCRIPTION
Targets
This node is used to set the criteria for which
Resource is applied and when it is applied to a
remote session. Once targets are defined in the
vWorkspace database, they can be used in
Access Control Lists associated with various
Resource objects.
Targets are identified by:
• User name
• Group membership
• IP address
• Device name
• Active Directory Organizational Units
• Advanced (Boolean)
Resources
This node contains the list of items that can be
assigned to clients using Client Assignment.
A toolbar option, Toggle Client Assignment
List Display, allows the client assignment to
be displayed at the bottom of the window, the
right-side of the window, or not at all.
Packaged Applications
This node is used to identify Microsoft
Application Virtualization (App-V) servers and
their hosted application packages, as well as
MSI packages.
This node is used to configure CPU Utilization
and Virtual Memory Optimization policies, and
to view the results of these policies.
Virtual IP
This node is used to provide special
configuration options for applications running in
a multi-user environment that require unique
IP addresses for identification.
70
NODE
DESCRIPTION
File & Registry Redirection
This node provides mechanisms that allow
applications to work properly in a multi-user
environment.
Load Balancing
This node is used to configure load balancing
when published applications are hosted on
multiple RD Session Hosts. A load balance can
be assigned to either the published application
or the RD Session Hosts.
Websites
This node is used to define and manage Web
Access web sites. The configuration for Web
Access web sites is stored in the vWorkspace
Management Console.
Quick Start Wizard
The vWorkspace Quick Start Wizard enables administrators to set up a
vWorkspace environment through a guided process. You just need to choose the
type of environment you want to set up, and the wizard navigates you through
the process from setting up connection brokers to configuring end user
environments.
The types of environments that can be configured using the Quick Start Wizard
are:
•
Desktop Cloud
•
Virtual Desktops
•
Remote Desktop Session Host
•
Blade PCs (or other physical and virtual computers)
71
The Quick Start Wizard can be opened by doing one of the following:
•
There is an option to select to not automatically show the wizard every
time you open the vWorkspace Management Console.
•
Click on the home icon in the toolbar of the vWorkspace Management
Console.
•
Select the link from the Getting Started section on the Welcome page
of the vWorkspace Management Console.
As you progress through the Quick Start Wizard, the steps are validated to
ensure your system is configured correctly. Information entered into the Quick
Start Guide is saved and can be used in future setups, such as already configured
connection brokers. However, you always have the option to add a new one.
Not all of the steps of the Quick Start Wizard are mandatory for completion, such
as configuring Connection Policies or Universal Printing options.
72
Examples of commonly used user profile applications and Microsoft Windows
settings are available as the optional step, Managed User Profiles. Selecting
one of the sample settings enable you to quickly access the predefined set of
applications.
It is important to note that any checked profile items in the Quick Start Wizard
are set as global items. Upon logoff, the profile is deleted and only the checked
items are retained. Be cautious if you are importing desktops with a local profile
that you want to retain.
Desktop Cloud
Quest vWorkspace has created a platform from which desktops can be
provisioned quickly and effortlessly. Computer Groups are created through the
Quick Start Wizard and are automatically configured with provision-time and
connection-time load balancing, as well as auto-size and virtual desktops
deleted at logoff. Along with HyperCache, HyperDeploy and Instant Provisioning
these Hyper-V computer groups provide a platform where desktops can be
moved in and out of the cloud in a near instant.
The Desktop Cloud wizard can be launched from the Quick Start Wizard. The
Desktop Cloud requires certain parameters to be set, which are listed below and
are included in the wizard.
Required Steps
•
Connection Broker
•
Virtualization Hosts
•
Desktop Cloud
•
Desktop Cloud Size
•
Provisioning Settings
73
Virtual Desktops
From the Virtual Desktops Quick Start Wizard, you can add virtual desktops by
creating new virtual computers, publish applications and desktops, and configure
user environments by selecting Virtual Desktops.
The Virtual Desktops Quick Start Wizard supports provisioning of new virtual
computers on Microsoft Hyper-V, Microsoft SCVMM, VMware vCenter Server, and
Parallels Virtuozzo virtualization platforms. After completing the required steps,
you can set up optional user settings such as managed user profiles, printers,
and automated tasks.
Required Steps
•
Connection Broker
•
Virtualization Platform
•
Virtualization Server
•
Virtualization Host
•
Managed Desktop Group
•
Add/Import Computers
The Remote Desktop Session Host Quick Start Wizard allows you to configure a
session host environment from one wizard. Administrators can publish
applications and desktops, configure access control, experience optimization,
and manage user profiles.
From the Remote Desktop Session Host wizard, you can also set up optional
features such as user profiles, printers, and connection policies.
Each step of the wizard validates the information entered, allowing
administrators to have an valid session host environment upon completion.
Required Steps
74
•
Connection Broker
•
•
Managed Applications
Blade PCs
With the Blade PCs Quick Start Wizard, you can build an environment for
managing session hosts on blade PCs or other physical computers. The wizard
presents the steps for this process in a logical order, validating the configuration
for each step.
The Blade PCs Quick Start Wizard allows administrators to also set up optional
setting such as network drive mappings, automated tasks, and printers.
Required Steps
•
Connection Broker
•
Managed Desktop Group
•
Add Computers
vWorkspace Welcome Window
The Welcome window is displayed when opening the vWorkspace Management
Console. From this window you can access Quick Start Guides and the System
Requirements Guide in CHM file format; open the documentation folder
containing the complete vWorkspace document library; jump to recent items in
the console; and link to home pages such as vWorkspace and Quest
SupportLink.
75
vWorkspace Menu Options and
Icons
The vWorkspace menu options consist of the following:
•
•
•
The File menu options are:
•
Current User Sessions — This option opens the Current User
Sessions window. A remote control session can be initiated from
this window as well. See Database Configuration for more
information on using the remote control option.
•
Administration — This option opens the Administration window.
See Administration for more information.
•
Change User — This option opens the Login window.
•
Licensing — This option opens the Licensing window. See for
Licensing more information.
•
Database Configuration — This option opens the Configure
Database window. See Database Configuration for more
information.
The Actions menu options depend on the item selected in the
vWorkspace Management Console. Some of the items include:
•
New <Location> — This option opens the wizard to start a new
process, such as a location.
•
Properties — This option opens the Managed Computer
Properties window. See Locations Properties for more
information.
•
Management Servers — This option opens the Virtualization
Servers window. See Virtualization Platform Integration for more
information.
•
Refresh — This option refreshes the view.
The Help option, About, displays information about the Quest
vWorkspace product, including the version number.
The vWorkspace icons are as follows:
ICON
DESCRIPTION
This icon is used to exit the console.
76
ICON
DESCRIPTION
This icon is used to access Current User Session
and the Remote Control Session options.
This icon is used to access the Administration
options.
This icon is used to access Licensing information.
This icon is used to access Properties of the
highlighted item.
This icon is used to access a New Wizard for the
highlighted item.
This icon is used to access Management Servers.
This icon is used to access the vWorkspace
welcome window, and collapses the treeview in
the navigation pane of the console.
This icon is used to refresh the window.
77
File Menu Options
The File menu contains several options that play an important part in managing
a vWorkspace farm and can only be accessed from the File menu. These options
are defined below:
•
Current User Sessions
•
Administration
•
Licensing
•
Database Configuration
Current User Sessions
The User Sessions section allows administrators to view active user sessions,
license, and product usage. To view user sessions, do one of the following:
78
•
Select User Sessions in the left pane of the Licensing window.
•
Select File | Current User Sessions from the menu bar.
•
Click the Current User Sessions icon on the toolbar.
Remote Control
By right clicking a User session and selecting Remote Control Session,
administrators are able to shadow active user sessions. Remote control of a user
session can also be achieved through the properties of a managed computer.
Remote control can only be accomplished when initiated from one RDP session
to another.
The table below displays the circumstances under which Remote Control is
supported.
79
In order to enable remote control, you must select the option, Enable RDP
remote administration control, from Location| Properties | RDP Connection
Restrictions settings.
Administrators can set the key command used to end the remote session on the
Remote Control window.The last selection that is entered into the Remote
Control key combination is saved.
80
Once the remote control settings have been completed, you can access remote
control from two different places in the vWorkspace Management Console.
•
Current User Session window, Remote Control session button.
•
Select the Desktops group, and then select the Computers tab in the
information pane. The Remote Control Session option is available by
selecting it from a specific computer context menu.
How to ...
View a Session by Remote Control
1.
2.
Navigate to and highlight the Session host or computer group to
which the computer belongs.
3.
Select the Computers tab in the information pane, and right-click
on the computer.
– OR –
4.
Select the Users tab, and then right-click the user name.
81
5.
Select Remote Control.
This option is grayed out for inactive sessions.
Remote control can only be accomplished when initiated from one
RDP session to another. You may receive a warning message
indicating that this functionality is not available to you.
6.
Specify the command to be used to end the remote session on the
Remote Session window, and then click OK.
The Remote Control key combination that is entered is saved.
Administration
The Administration option, from the File menu of the vWorkspace
Management Console, is used to identify users or groups of users as vWorkspace
administrators and to delegate administrative tasks to them. Once users or
groups of users have been added as administrators, object permissions can then
be set.
82
Not every administrator needs to be added to the vWorkspace Management
Console individually, they can be a member of a Microsoft Windows group that
has been added as an administrative account. So, you could create a Windows
group in your domain, add all the console user accounts to that group, and add
that group as an administrative account to the vWorkspace Management
Console.
All users of the vWorkspace Management Console have full access rights to the
console until an administrative account is added. Prior to granting access to the
vWorkspace Management Console, the vWorkspace Management Console does
check to ensure that the current Microsoft Windows user is also a local Microsoft
Windows administrator.
Users and groups of users who are selected as system administrators have
implicit allow permissions for all actions within the console, and may add and
remove other system administrators.
The first administrator defined in the system is automatically defined as a
system administrator, and the last administrator to be removed from the system
must be a system administrator. This selection cannot be modified, as it is
designed to prevent inadvertent lock out situations.
Once one or more administrators are defined, a Login window will display during
startup of the vWorkspace Management Console.
If the check box, Login as the current Windows user is selected, the User
and Password fields are disabled and filled in automatically. If the check box is
unselected, the user must enter an administrative user name and password to
open the console.
The Login window is also accessible from the vWorkspace Management Console
menu option, File | Change User.
83
Permissions
When configuring delegation of administration, you set permissions at the object
level by using the Administration option on the File menu. You can assign
permissions to administrators to enable them to allow or to deny actions in the
vWorkspace Management Console. Non-system administrators cannot set their
own permissions or the permissions of a group to which they belong. However,
a system administrator can modify permissions for any user or group.
Permissions are defined as object-action combinations. For example, on an
object such as Targets, the action can be defined as Delete Target.
When you assign a user as an administrator, you can assign one of the three
initial permissions: Allow All, Deny All, or Copy From Existing. These permissions
can be changed afterward.
The permissions structure is hierarchical and follows a parent-child relationship
model. Child objects inherit permissions from the parent if the permissions for
the child object are not set explicitly. For example, if the Delete Resources
permission is set to Deny for the Helpdesk Admins group on the Resources
node in the console, the child node Scripts inherits the Delete scripts
permission for the Helpdesk Admins group.
An administrator can be assigned conflicting permissions. This can happen if an
administrator belongs to more than one group and the groups have been
assigned conflicting allow/deny permissions for the same object. The resolution
of these conflicts is governed by the Settings page of the vWorkspace
Administration dialog box. You can choose whether to allow or deny the
permission when a conflict occurs.
Permission checkboxes may be one of the following:
Enabled, permission not set.
Checkbox has white background.
Enabled, explicit permission set.
Enabled, inherited permission set.
84
Disabled, permission not set.
Checkbox has gray background.
Disabled, explicit permission set.
Disabled, inherited permission
set.
The gray checkmarks indicate that the permission is inherited from its parent if
set. Permissions that are disabled for an administrator cannot be modified by
that administrator, as the administrator does not have sufficient permissions to
change it.
How to ...
•
Add a New Administrator
•
Edit Administration Settings
•
Remove an Administrator
•
Set Permission at the Object Level
85
Add a New Administrator
1.
2.
Select File | Administration.
3.
To add users or a group of users, click Add User/Group on the
Administrators settings window.
4.
Click Next on the Welcome to the Administrator window.
5.
Select User or Group on the User/Group Name window, and then
enter Domain\User or Domain\Group in to the dialog box.
Use the ellipsis to assist in selecting users or groups.
6.
On the User/Group Name window, select the check box if this user or
group is to be a system administrator, and then click Next.
System administrators have implicit allow permissions for all actions,
and may add and remove other system administrators.
7.
Select one of the default permission settings, Deny All, Allow All,
or Copy from, and then click Next.
Use Copy from to quickly set the initial permissions of a new
administrator to those of an existing non-system administrator,
administrator.
8.
Make any changes to the Allow and Deny columns on the
Permissions window, and then click Finish. The Administrators
window appears.
9.
Highlight the user or group that you just added, and then select
Settings.
10. Specify the administration settings, Allow or Deny, on the Settings
window, and then click Apply to save your settings.
11. Select Permissions to specify administrator permission.
12. Click Apply to save your changes, and OK to close the window.
Edit Administration Settings
86
1.
2.
3.
Edit as appropriate, and then click Apply to save your changes, and
OK to close the window.
Remove an Administrator
1.
2.
3.
Highlight the user or group name from the list.
4.
Click Remove.
5.
Verify by selecting Yes on the confirmation window.
6.
Click OK to close the window and save your changes, or Apply to
save your changes without closing the window.
Set Permission at the Object Level
1.
2.
Highlight the object to which the permission is to be set.
Permissions are inherited from the parent permission, unless the level
is set separately.
Licensing
vWorkspace is typically licensed on a concurrent user basis. However, it can be
also licensed on a per device and subscription basis. Any number of servers can
belong to the vWorkspace infrastructure using any of these models.
With the concurrent user model, each license has a user count associated with
it indicating the maximum number of concurrent users that can connect and use
the respective services.
There are two types of vWorkspace licenses available:
•
Enterprise Edition — This edition enables both VDI and Session Host
integration with vWorkspace.
•
Desktop Edition — This edition enables VDI integration with
vWorkspace.
You can access the Licensing window from the File menu option in the
vWorkspace Management Console, or by selecting the Licensing icon from the
toolbar. There are two parts to licensing:
•
Licenses
•
87
Licenses
The Licenses section enables administrators to view current licenses and to add
new licenses.
The License 1 and License 2 license tabs are used for adding licenses that have
been acquired from the Quest Licensing Management System (LMS). Licenses
retrieved from Quest LMS are ASC files. All new licenses are received in this file
format. The Licensing page allows for up to two ASC files to be added. This is
helpful when different numbers of vWorkspace licensing is required.
For example, a customer wants 5000 licenses of Enterprise Edition to support
Remote Desktop Session Hosts for the majority of their applications, but they
also want 1000 licenses of vWorkspace Desktop Edition to host a legacy line of
business applications on a Microsoft Hyper-V platform.
The Other Licenses tab is used for adding existing licenses that have been
previously acquired from the vWorkspace web site. You can no longer acquire
licenses from www.vworkspace.com.
See Licensing in the vWorkspace Installation chapter for more information.
88
Database configuration is handled by the vWorkspace installation process, but
there are occasions when additional database connections need to be defined.
When the vWorkspace Management Console is started, it looks to the Windows
Registry for a pointer to a System Data Source Name (DSN) and uses the
settings contained in the DSN to connect to the vWorkspace database.
The Configure vWorkspace Database window opens when the vWorkspace
Management Console is started and a DSN has not been defined, or if the data
in the DSN is invalid.
89
How to ...
•
Create a New Database and DSN
•
Connect to an Existing Database
Create a New Database and DSN
90
1.
Start the vWorkspace Management Console on one of the
vWorkspace Connection Brokers or an administrative computer.
2.
Database window.
3.
Select the Create new vWorkspace database on the Action
4.
Specify the following parameters on the Database Information
New database
• Enter the Server name of
the SQL server where the
database is to be created.
If you are using MSDN or SQL
Express, use the format:
server_name\instance_name
• Enter a Database name, or
accept the default name,
vWorkspace_Database.
New data source (DSN)
• Enter a Name for the DSN or
accept the default name,
Provision Database.
• Enter a Description for the
DSN or accept the default
description, Provision
Database.
5.
Enter an existing SQL admin login for the specified server, and a new
vWorkspace SQL login.
6.
Click Finish.
Connect to an Existing Database
Once the vWorkspace database is created, all servers with vWorkspace
components requiring database connectivity must have DSNs configured.
1.
Start the vWorkspace Management Console from the additional
Connection Broker or administrative computer.
2.
Select File | Database Configuration from the menu bar of the
3.
Click Connect to an existing vWorkspace database on the Action
91
4.
Specify the following parameters on the Database Information
Existing database
• Enter the Server Name of
the SQL server where the
database is to be created.
If you are using MSDN or SQL
Express, use the format:
• Enter the name of the
database.
New data source name
(DSN)
5.
• Enter a Name for the DSN.
• Enter a Description for the
DSN.
Enter the existing vWorkspace SQL login name and password on the
Credentials window, and click Finish.
vWorkspace Object Nodes
The navigation pane of the console contains a tree structure that organizes the
multiple management tools. Each node of the tree addresses a different
management need of the virtual workspace. This section introduces each of the
parent, or top level, nodes in the navigation pane of the vWorkspace
Management Console.
92
•
Farm
•
Locations
•
Targets
•
Resources
•
•
Virtual IP
•
File and Registry Redirection
•
Load Balancing
•
Websites
Farm
The first node in the navigation pane represents the vWorkspace infrastructure.
Properties of this node can be used to:
•
Assign a name to the infrastructure.
•
Enable or disable database caching.
•
Specify various settings for the reporting database.
•
Enable or disable two-factor authentication.
•
Set other miscellaneous settings.
To access the Farm Properties window, right-click on the Farm node and select
Farm Properties or select the Properties icon from the toolbar.
93
The following setting can be defined on the General window.
FIELD
DESCRIPTION
Name
This is the name that is assigned to the
vWorkspace infrastructure. This name is
stored as a record in the vWorkspace
database and requires no configuration
changes to member servers.
It can be changed at any time and is
automatically passed on by the vWorkspace
Connection Broker servers to the vWorkspace
clients.
The following settings can be defined on the Database Cache window.
FIELD
DESCRIPTION
Create local host cache on all
servers
If selected, this checkbox enables the use of
database caching. If enabled, all vWorkspace
farm servers work from a local cache.
For mid to large size infrastructures, the use
of database caching can reduce the number
of open database connections.
94
FIELD
DESCRIPTION
Cache update Interval (minutes)
The number of minutes that the local cache is
updated.
The following settings can be defined on the Reporting Database window.
FIELD
DESCRIPTION
Data Expiration (days)
The age at which reporting data is
automatically purged.
Purge Interval (hours)
How often expired data is purged from the
reporting database.
See vWorkspace Reporting for more information.
95
The following settings can be defined on the Two-Factor Authentication
window.
FIELD
DESCRIPTION
Enable RADIUS
Enables the RADIUS dialogue.
Server name or IP addr
Name or IP address of a RADIUS server.
Port
Listening port of the RADIUS server.
Secret key
Shared password used to communicate with
RADIUS server.
Authentication type
Specify whether encrypted (CHAP Challenge-Handshake Authentication
Protocol) or unencrypted (PAP - Password
Authentication Protocol)
Password Layout
Controls the order the AD and OTP passwords
are entered by the user.
One-time password length
Inform the Connection Broker the length of
the OTP.
Require all users to be two-factor
authenticated
Sets two-factor authentication as required for
all users. Overrides all other vWorkspace
policies.
96
The following settings can be defined on the Other Settings window.
FIELD
DESCRIPTION
Reset all pop-up messages
If selected, this checkbox resets all of the
pop-up message tips, including the please do
not show me this message again checkboxes,
so that they reappear if necessary.
Clear recent items list
If selected, this checkbox to reset the list of
recent items on the welcome screen.
Locations
The Locations node represents a group of one or more data centers and the
desktops within those data centers. Administrators define Connection Brokers,
Session Host, Virtualization Hosts, and desktops for each defined location.
Multiple locations can be defined and are typically configured for delegation of
administration purposes.
See Locations for more information.
97
Targets
The Targets node on the vWorkspace Management Console is used to define the
list of accounts and definitions that can be used in target assignments of a
resource. vWorkspace uses target assignments to assign resources such as
managed applications, connection polices, and other resources to user sessions
when connected to a virtual workspace.
It is possible that a given user might belong to more than one target definition.
By design, target assignments are cumulative; users receive the assignments of
all of the target definitions they are members of, except when a conflict exists.
In this case of a conflict, the client with the highest priority takes precedence.
Target priority can be modified by selecting the Target node, and using the
green Move Up or Move Down options from the toolbar, or from the context
menu of the target name. Target types at the top of the list have higher priority
than those lower in the list, and the settings Yes, No, and Defer to End User
have priority over Undefined. When applying certain resources to targets, the
order of the targets is taken into account for conflicting settings. So, when an
end user logs on to a farm from AppPortal or the Web Access connector and
resolves to more than one target definition, the topmost connection property
item with a Yes, No, or Defer to End User setting is the one that is applied.
For example, the Microsoft Windows domain users and domain administrators
global groups might be defined as targets, with domain administrators listed
higher in priority. Domain administrators have an application restriction that
allows them to run registry editing tools. Domain users have an application
restriction that denies them the ability to run registry editing tools. However,
members of domain administrators are also members of domain users and which
causes a permission conflict.
Since there is a conflict in assignments, and the domain administrators target
definition has higher priority, any user who logs on as a member of domain
administrators is able to run registry editing tools.
Target Types
The following table lists the target types, along with a description.
TYPE
DESCRIPTION
Users
Any trusted Windows domain or local user account.
Groups
Any trusted Windows domain or local group account.
Device Addresses
IP address assigned to the client hardware device.
98
TYPE
DESCRIPTION
Device Names
NetBIOS name of the client device.
Organizational Units
Active Directory Organizational Unit containing the user,
group, or computer account.
Advanced
Allows multiple target criteria to be set and combined using
Boolean logic.
How to ...
•
Define Targets by Users
•
Define Targets by Groups
•
Define Targets by Device Address
•
Define Targets by Device Name
•
Define Targets by Organizational Unit
Define Targets by Users
1.
Expand the Targets node in the navigation pane of the vWorkspace
Management Console.
2.
Right-click on the Users node, and select New User(s).
3.
To add users by selecting them from a domain, do the following:
a) Click the Users tab on the Add Targets(s) window.
b) Select a Windows domain or computer from the Domain list.
c) Type the user name in the Enter the User(s) field, or select the
user from the list in Select the User(s).
d) Click OK to complete the task.
4.
To add users by selecting them from Active Directory, do the
following:
a) Right-click on the Users node, and then select New User(s).
b) Click the Active Directory tab on the Add Targets(s) window.
c) Select the Windows domain from the Domain list.
d) Select Organizational Units, Users, or both in the Display
section.
e) Enter a specific or partial name in the Filter field. You can also
enter an asterisk (*) as a wildcard.
99
f) Click Refresh and the system displays a list of organizational units
or users in the bottom pane.
g) Select one or more of the items, and then click OK.
Define Targets by Groups
1.
Management Console.
2.
Right-click on the Groups node, and then select New Target(s).
3.
To add groups by selecting them from a domain, do the following:
a) Click the Groups tab on the Add Targets(s) window.
b) Select a Windows domain or computer from the Domain list.
c) Type the user name in the Enter the Group(s) field, or select the
group from the list in Select the Group(s).
d) Click OK to complete the task.
4.
To add groups by selecting them from Active Directory, do the
following:
a) Right-click on the Groups node, and select New Target(s).
a) Click the Active Directory tab on the Add Target(s) window.
b) Select the Windows domain from the Domain list.
c) Select Organizational Units, Groups, or both in the Display
section.
d) Enter a specific or partial name in the Filter field. You can also
e) Click Refresh and the system displays a list of organization units
or groups in the bottom pane.
f) Select one or more of the items, and then click OK.
100
Define Targets by Device Address
1.
Management Console.
2.
Right-click on the Device Addresses node, and then select New
Device Address(es).
3.
Click the Device IP Addresses tab and enter a Starting Address
and Ending Address to define the client IP address or a range of
addresses.
4.
Click OK.
Define Targets by Device Name
1.
Management Console.
2.
Right-click on the Device Names node, and then select New
Device Name(s).
3.
Enter the device names on the Device Names tab, separated by a
semicolon (;). To enclose a range, use square brackets ([]). For
example W2K3-[0-10].
4.
Complete the information on the Active Directory tab, as follows.
a) Select the Windows domain from the Domain list.
b) Select Organizational Units, Computers/Client Names, or
both in the Display section.
c) Enter a specific or partial name in the Filter field. You can also
d) Click Refresh and the system displays a list of organization units
or groups in the bottom pane.
e) Select one or more of the items.
5.
Click OK.
101
Define Targets by Organizational Unit
1.
Management Console.
2.
Right-click on the Organizational Units node, and then select New
Organizational Unit(s).
3.
Select the Domain from the list.
4.
Select Organization Units in the Display section.
5.
Enter a specific or partial name in the Filter field. You can also enter
an asterisk (*) as a wildcard.
6.
Click Refresh and the system displays a list of organizational units in
the bottom pane.
7.
Select one or more of the organization units, and then click OK.
Define Advanced Targets
Advanced Targets allow for the creation of target groupings based on logical
criteria. With vWorkspace Advanced Targets, organizations can granularly limit
the scope of a resource assignment. Multiple conditions can be combined into a
single target that is assigned to a resource such as a printer, a connection policy
or a managed application. A condition is defined by providing a Target field, a
function, and a value.
102
For example, the Target field can be set to Device Name, the function can be set
to Matches Pattern and the value can be set to win??? or win*. Users connecting
to a virtual workspace from a client access device with a name that matches the
wild card pattern would meet that condition.
Additional conditions can be created. Logical operators AND and OR can be
applied between each condition. Conditions can also be grouped. Within each
group a logical operator can be applied, and separate logical operators can be
applied between multiple condition groups or between single conditions and
condition groups.
For example, one condition can be created that defines the Human Resources
group, a separate condition that sets two factor authentication as required.
These two can be grouped together and separated by an OR operator from an
additional condition the sets a Trusted Entry Point.The following table shows the
combinable components of a condition.
TARGET FIELD
DESCRIPTION
User Account
The end user’s account in the format:
domain\user.
User Group
The end user’s group in the format:
domain\group.
Organizational Unit
The end user OU.
Device Address
The device address of the end user’s access
device.
Trusted Entry Point
The last hop IP address of the end user’s
connection to the connection broker, such as
Quest Secure Gateway or Web Access.
Device Name
The name of the end user’s access device.
Day of the Week - UTC
The day of the week based on Coordinated
Universal Time (UTC).
Day of the Week - Client
Local
The day of the week based on the time zone of the
end user’s access device.
Time of Day - UTC
The time of day based on Coordinated Universal
Time (UTC).
Time of Day - Client Local
The time of day based on the time zone of the end
user’s access device.
Date - UTC
The date based on Coordinated Universal Time
(UTC).
103
TARGET FIELD
DESCRIPTION
Date - Client Local
The date based on the time zone of the end user’s
access device.
Two-factor Authentication
The client two-factor authentication.
FUNCTIONS
DESCRIPTION
Is equal to
Returns true if the target field is equal to the
specified value.
Is not equal to
Returns true if the target field is not equal to the
specified value.
Is greater than
Returns true if the target field is greater than the
specified value.
Is greater than or equal to
Returns true if the target field is greater than or
equal to the specified value.
Is less than
Returns true if the target field is less than the
specified value.
Is less than or equal to
Returns true if the target field is less than or equal
to the specified value.
Matches pattern
Returns true if the target field matches the
specified wildcard pattern value.
Does not match pattern
Returns true if the target field does not match the
specified wildcard pattern value.
Is in the list
Returns true if the target field matches at least
one item in the specified list of values.
Is not in the list
Returns true if the target field does not match any
items in the specified list of values.
Is in the range
Returns true if the target field is between the
specified from/to values (inclusive).
Is not in the range
Returns true if the target field is not between the
specified from/to values.
Is required
Enforces the Target Field parameter.
104
Value
Values are dependent on the type of Target field. For example, setting the target
field to Device Address presents the administrator with an IP address input field.
Selecting Day of the week - UTC presents a drop-down list with days of the week.
Other Target fields, such as Two-factor Authentication, have no value
assignment.
How to ...
Define Advanced Targets
1.
Management Console.
2.
Right-click the Advanced node and then select New Target(s).
3.
Type a name for the target in the Target name: field.
4.
Select -Click here to add a condition-.
5.
Select one of the Fields, such as User Account or Trusted Entry
Point, in the list, and then click Next.
6.
Select one of the Functions, such as Is equal to or Matches pattern,
Certain fields have a Finished option, as no value is required.
7.
Specify an appropriate Value, and then click Finish.
Resources
The Resources node includes a list of child nodes that provide for the creation
of objects that are assignable to Targets within the vWorkspace Management
Console. Each child node manages a specific component of the virtual workspace
and allows administrators control over aspects of a user’s session when
connected to the vWorkspace infrastructure.
105
The following table provides a list of the available Resources options and a
description of each.
RESOURCE NAME
DESCRIPTION
Additional Customizations
The ability to customize items relating to the
Windows Desktop, Start Menu, drive mappings,
and network mappings.
The ability to explicitly or implicitly restrict what
applications are allowed or denied for assigned
clients.
Connection Policies
The ability to preconfigure the local device
resources that are available, and under what
conditions they are available.
See Connection Policies for more information.
Color Schemes
The ability to assign standard Window color
schemes.
Drive Mappings
The ability to assign network drive mappings to
clients without logon scripts or Active Directory
Group Policy.
Environment Variables
The ability to assign user environment variables
that are automatically created and removed.
Host Restrictions
The ability to act as a per-session firewall allowing
Web and network access restrictions to be
enforced.
106
RESOURCE NAME
DESCRIPTION
The ability to assign to clients applications,
desktops, and content hosted from either Session
Hosts or Desktop Services.
Printers
The ability to assign shared printers on LAN or
WAN based Windows print servers by using either
the Quest vWorkspace Universal or Windows
native print drivers.
Registry Tasks
The ability to assign per-session modifications to
user’s HKCU registry hive.
Scripts
The ability to assign scripts on a per-session basis
to vWorkspace clients without having to modify
Session Host’s complex logon script sequence or
the Active Directory Group Policy.
Time Zones
The ability to assign time zones on a per-session
basis.
User Policies
The ability to assign user level policies on a
per-session basis.
User Profiles
The ability to create a managed user profile.
See Virtual User Profile Management for more
information.
Wallpapers
The ability to assign Windows wallpaper to
vWorkspace clients.
How to ...
View the Resources Assigned to a Target
1.
Expand the Target node in the navigation pane of the vWorkspace
Management Console.
2.
Click on the node of the desired Target type, such as Users or
Groups.
107
3.
Do one of the following:
a) Select the target that is to be viewed from the list in the
information pane. The system displays the assigned items for the
selected client in the additional pane, if Toggle Configuration
Display is activated.
– OR –
a) Right-click on the target to view from the list of targets in the left
pane of the Details window, and then select Properties.
b) Click on the Assigned Resources tab to view the resources.
The Packaged Application node allows administrators to identify Microsoft
Application Virtualization (App-V) servers, their hosted application packages,
and MSI Packages in the vWorkspace Management Console.
App-V Node
Microsoft Application Virtualization (App-V) provides the capability for
applications to be available to computers without having to install the
applications directly on those computers. Tasks such as managing multiple
versions of applications and updating application packages are simplified by not
having to install the applications on to the computers.
The App-V node on the vWorkspace Management Console allows administrators
to import, update, and publish their App-V applications.
108
How to ...
Establish a New Server Connection
1.
2.
Expand the Packaged Applications node, and highlight App-V.
3.
Select the App-V Servers tab in the information pane, and then
click on the New App-V Server icon on the toolbar.
4.
5.
Enter the appropriate information for the new App-V server on the
Server Name & URL window, and then click Next.
109
Server Name
Enter the server name.
Server URL
Click in this field, and it is
populated with the path to the
App-V Management virtual
directory.
If the Server Name field is DNS
unresolvable, the path needs to
be corrected to have the DNS
name or IP address of the server.
Note: Multiple connections can
be made to the same server by
entering different friendly names
in the Server Name field.
6.
Enter the appropriate credentials for the new App-V server on the
Credentials window, and then click Next.
Account
Enter the user name for the
App-V Administrator.
Use the ellipsis to browse to the
user in the directory.
Password
Enter the password for the App-V
Administrator.
Use the check mark to check the
password.
7.
Specify any permissions that are to be used with this App-V server,
and then click Finish.
Edit the Properties of an App-V Server
110
1.
2.
Expand the Packaged Applications node, and then expand the
App-V node.
3.
Do one of the following to access the App-V server Properties:
a) Right-click on the specified server, and then select App-V Server
Properties.
b) Highlight the App-V node, and then highlight the specified server
in the information pane, and click Server Properties.
c) Highlight the specified server in the navigation pane (under the
App-V node) and then click Server Properties in the information
pane.
4.
Edit the properties on the App-V Server Properties window as
appropriate, and click OK.
Import App-V Applications
1.
2.
Expand the Packaged Applications node, and then highlight the
App-V node.
3.
Select the server in the right pane, and then click Import/Update
Applications.
– OR –
Right-click on the server in the navigation pane and select
Import/Update Applications.
4.
Select Next on the Welcome window of the App-V Import wizard.
The Welcome window is presented only if this is the first time that you
have imported applications to the specified server.
5.
Click Refresh to refresh the list.
6.
Do one of the following on the Select Applications window:
a) To import all the applications, click Select All.
b) To import specific applications, select them on the list by pressing
CTRL and using a left-click.
c) Click Next or Apply.
If importing for the first time, Next is the option to move to the next
window. If you are updating applications, Apply is used to save your
changes on the current window, and OK is used to close the wizard.
111
7.
On the Create Access Groups window, do the following:
a) Select the access groups that are to be imported, and click Yes.
b) Select the access groups that are not to be imported, and click No.
c) Click Select All to import all the groups.
d) Click Next or OK.
8.
On the Launch Location window, do one of the following:
a) To choose all the applications from the list, click Select All, and
then select either Client or Server.
b) Select individual applications and the select the Launch Location
of Client or Server.
c) Click Next or OK.
9.
To publish the application on a Session Host, do the following on
the Publish On window:
a) To publish all on the same Session Host, click Select All, or to
select the specific applications by using CTRL + left-click.
b) Click Session Host.
c) Select the Session Host from the Publish On window, and then click
OK.
10. To publish the application on a desktop group, do the following on
the Publish On window:
a) To publish all on the same desktop group, click Select All, or to
select the specific applications by using Ctrl + left-click.
b) Click Desktop Group.
c) Select the desktop group from the Publish On window, and then
click OK.
11. Click Next or OK on the Publish On window.
12. On the Launch Location window, select one or more of the
applications and then specify if the content is to be launched on the
client or the server.
13. On the vWorkspace Folders window, select one or more application,
and then click Folder(s) to define the folders in which the application
or applications selected should be assigned. Click Manage Folders
to add or change the folders listed.
Applications with a launch location of client may only be assigned to
vWorkspace client folders.
112
14. On the Load Balance window, click Select All or the specific
applications by using CTRL + left-click to specify the applications for
load balancing, and then click the Load Balance Wizard to choose the
load balancing rule evaluator for the selected applications.
If you do not want to use load balancing, click Next.
15. On the Desktop Integrations Settings window, specify the location of
the shortcuts on the vWorkspace client host when using AppPortal in
desktop integrated mode by doing the following:
a) Select specific applications, or use the Select All button.
a) Click Desktop Integration.
b) Select one or more of the options, Desktop, Start Menu, Start
Menu\Programs, and click OK.
c) Click Next or OK on the Desktop Integration Settings window.
16. Review the selections on the Summary window and click Back to
make changes or click Finish.
View/Edit Imported App-V Application Properties
1.
2.
Expand Resources, and click on Managed Applications.
3.
View the App-V applications in the right pane. The applications are
listed by server name, and their Type is Content on Server or
Content on Client.
4.
View or edit the properties by right-clicking on the application or
select the application and select the Properties icon.
Properties can be edited, except for the executable Path and the Type,
which are grayed out and unaccessible.
113
MSI Packages
The MSI Packages node is used to define MSI packages that can be deployed,
as well as used in the Task Automation feature.
The MSI Packages option is also available from the context menu of a computer
group in the vWorkspace Management Console. Once the MSI Packages option
is selected, the established MSI packages display in the information pane and
the MSI Package wizard is available by selecting New from the information pane
toolbar.
How to ...
Add a New MSI Package
1.
2.
Expand Packaged Applications, and then select MSI Packages.
3.
Click New in the information pane to open the MSI Package Wizard.
4.
5.
Enter a Name for the MSI package on the MSI Package Name
This is the name that is displayed in the vWorkspace Management
Console.
6.
114
Enter the MSI source file or click the ellipsis to browse on the
Source File window, and then click Next.
7.
Do one of the following on the Run Location window, and then click
Next.
a) Select Execute the MSI file directly from the source location.
– OR –
a) Select the Copy the MSI file to each computer before executing.
b) Enter the full path and file name of the destination file in the
Destination file field.
8.
Enter the credentials necessary to access the source MSI file on the
Credentials window, and then click Next.
115
9.
116
On the Parameters window, complete the following information, and
then click Next.
Enter the parameters
necessary for a new
installation:
Enter the necessary parameters.
Enter the upgrade code for
this MSI package.
Enter the upgrade code.
necessary to perform an
update:
Enter the parameter necessary
to perform an update.
necessary to uninstall:
Enter the parameter necessary
to complete an uninstall.
Help
Select this button for assistance
with the installer parameters.
Use Retrieve to get the upgrade
code from the MSI file.
10. On the Timeout Period window, do one of the following, and then
click Next.
a) Select the option, Select the timeout value, and then specify the
Timeout after value by using the list.
– OR –
a) Select the option, Execute the MSI operation and continue.
11. Specify MSI Package permissions, if appropriate, on the Permissions
window, and then click Finish.
The Performance Optimization node on the vWorkspace Management Console is
used with Session Hosts to improve application response time and increase
overall server capacity by streamlining and optimizing the use of virtual memory
and CPU resources in a multi-user environment.
See Performance Optimization for more information.
117
Virtual IP
The Virtual IP node on the vWorkspace Management Console enables each user
instance of a legacy application to be bound to a distinct IP address. This allows
many legacy applications to run concurrently and reliably on Session Hosts.
See Virtual IP for more information.
File and Registry Redirection
The File & Registry Redirection node is used to define a registry and file
system redirection engine, which is designed to eliminate conflicts in a Terminal
Services environment.
See Application Compatibility Enhancements for more information.
Load Balancing
The Load Balancing node is used to create and manage load balancing rules
used in the load balancing process for Session Hosts, Microsoft Hyper-V
computer groups, and Microsoft SCVMM computer groups.
See Load Balancing for more information.
Websites
The Websites node is used to define and manage vWorkspace Web Access web
sites. Web Access is a web application for vWorkspace Farms that enable users
to retrieve their list of allowed applications and desktops using a web browser.
See Web Access for more information.
Locations
Locations give organizational structure to your vWorkspace farm; a way to
specify a location that groups one or more data centers and the computers within
those data centers.
118
Locations are containers of heterogeneous objects that include:
•
Connection Brokers
•
Session Hosts
•
Virtualization Hosts/Management Servers
•
Desktop groups
Locations can be used to group items based upon location or for other
management purposes such as departmental organization and delegated
administration. For example, you can name a location based on an office site,
and then associate the connection brokers, Session Hosts, Virtualization Hosts
and Desktops to that location.
Locations Node Options
The following menu options are available from the Locations node by either
right-clicking on Locations, or from the icons in the toolbar when Locations is
selected.
•
Management Servers — Select to open the Management Server
window and the Virtualization Server Wizard, which is used to add
virtualization management servers such as Microsoft SCVMM or
VMware vCenter.
•
New Location — Select to open the New Location wizard used to add
a new location.
•
Properties — Select to display the Locations properties which
includes central settings for Connection Brokers, Session Hosts,
Virtualization Hosts, and Other Settings.
•
Refresh — Select to refresh the Locations node view.
119
Virtualization Management Servers
A Virtualization Management Server is a computer system used to centrally
manage one or more physical servers enabled with computer virtualization
technology, and the virtual computers being hosted and executed on them. An
example of a virtualization server is a Microsoft SCVMM server, a VMware
vCenter server, or a Parallels Virtuozzo master node.
Virtualization Management Servers are defined at the location node and can be
added, deleted, or modified from this node, or during the process of adding a
new location. Settings to limit the number of concurrent operations can also be
completed for virtualization servers.
See Virtualization Platform Integration for more information.
New Location
Use the following steps to add and delete locations in the vWorkspace
Management Console.
How to ...
•
Add a Location
•
Delete a Location
Add a Location
These processes can also be completed by using the Quick Start Wizard, which
can be accessed from the Welcome page of the vWorkspace Management
Console.
Connection Brokers and Session Hosts can be defined when adding a Location.
1.
2.
Select the Locations node.
3.
Do one of the following to start the New Location wizard:
Right-click on the Locations node, and select New Location.
– OR –
Click the New Location icon from the toolbar.
4.
120
Click Next on the Welcome window of the New Location wizard.
5.
Enter the name for the location on the Location Name window, and
then click Next. This is the name that is displayed in the vWorkspace
Management Console.
6.
On the Add Servers window, you can add Connection Brokers and
Session Hosts to this location.
To add a vWorkspace Connection Broker, go to step 7.
To add a Session Host, go to step 8.
7.
To add a Connection Broker:
a) Click on Add Connection Broker.
b) Click Next on the Welcome window of the Server wizard.
c) Enter the name or IP address of the server on the Server Name
window, and then click Next. Use the ellipsis to browse for the
server.
121
d) Specify the role or roles for the server on the Server Role window,
This new server may perform more than one role; a vWorkspace
Connection Broker and Microsoft Remote Desktop Connection Broker
(RD Broker).
e) Optionally, specify or view the certificate that is to be used on this
server on the Certificate window, and then click Next.
f) Select if trace logging is to be enabled on this server on the
Logging window, and then click Next.
g) If you selected the Microsoft Remote Desktop Connection Broker
(RD Broker) option on the Server Role window, complete the next
two steps. If not, then continue to step j to specify Permissions for
this server.
h) Specify an administrative account and password for the RD Broker
on the Administrative Account, and then click Next.
122
i) Select if publishing and resource plug-in logging is to be enabled
on this server on the Logging window, and then click Next.
j) Specify any permissions for this server on the Permissions
In order to assign permissions, you must first add users or groups
using the New Administrator wizard located at File| Administration.
k) Click Next on the Add Servers window to advance to the next
window, or click Add Session Hosts, if appropriate.
8.
To add a Session Host:
a) Click Add Session Host.
b) Click Next on the Welcome window of the Server wizard.
c) Enter the name or IP address of the server on the Server name
window, and then click Next. Use the ellipsis to browse for the
server.
d) Select Session Host on the Server Role window, and then click
Next.
e) Specify the folder for this Session Host on the Folder window, if
appropriate. Click New Folder to create a new folder. Click Next
when completed.
Folders are for organization and display; it does not change the
operation of the servers.
f) Specify the load balancing rule on the Load Balancing Rule Wizard
123
g) Select the setting for Session Auto-Logoff on the Session
Auto-Logoff window, as appropriate, and then click Next.
124
h) Define the following information on the Connectivity window, and
then click Next.
Connections
Select Accept Proxy-IT least
busy connection requests
check box if you want the server
to participate in load balancing
Proxy-IT connection requests.
Alternative IP Address
Enter an alternative IP address.
RDP Connection Restrictions
Select Inherit global settings
or Only allow RDP
connections to vWorkspace
managed applications.
i) Specify the performance optimizations options, on the
Optimization window, that are to be enabled on this server, and
then click Next.
Virtual Memory Optimizations
CPU Utilization Management
125
j) Specify if the bandwidth optimization is to be Enabled or
Disabled on this server on the Experience optimization window,
k) Specify if bidirectional audio is to be Enabled or Disabled on this
server on the Enhanced Audio window, and then click Next.
l) Specify the Virtual IP settings for this server, as appropriate, and
then click Next.
m) Review the information on the Licensing window, and then click
Next.
n) Specify any permissions for this server on the Permissions
126
9.
Datacenters, hosts, nodes, host groups, or clusters are associated to
this location by using the Add Entities option on the Virtualization
Entities window.
If you choose to not assign them at this time, click Next and go to
the next step. Virtualization Hosts can be added later by right-clicking
on the specific location, and then selecting the Properties option and
completing the information in the Virtualization Hosts section.
See Add Virtualization Server Connections for more information about
adding virtualization hosts.
10. On the Administrative Account window, select Specify default
administrative account and enter an account and password if you
want to specify a default administrative account for new computer
groups that are created in this location.
11. Use the Permissions window to assign permissions to users or
groups.
Users and groups must be added using the New Administrator wizard.
See Administration for more information.
12. Click Finish to save the changes made in the New Location wizard.
Delete a Location
Locations can only be deleted after Connection Brokers, Session Hosts,
Desktops, and Virtualization Hosts associated with the location are deleted as
well.
1.
2.
In the navigation pane, right-click on the location that is to be
deleted.
3.
Select Delete Location.
4.
Click Yes on the confirmation message.
Locations Properties
Locations properties are defined for Connection Brokers, Session Hosts,
Virtualization Hosts, and Other Settings. Location properties are the same for all
the locations within a farm.
127
To access Locations properties, highlight the Locations node and then do one
of the following:
128
•
Select the Properties option from the context menu.
•
Click on the Properties icon in the toolbar.
•
Select Actions | Properties.
The following properties are available:
LOCATIONS PROPERTY
DESCRIPTION
Connection Brokers
Communication Settings
Specify the TCP/IP port number that is to be used
when listening for inbound connection requests.
Any port number can be used if it is available on
all servers with the Connection Broker.
Default values are:
• HTTP: 8080
• HTTPS: 443
The HTTP and HTTPS protocols can be used
simultaneously. The use of the HTTPS requires an
X.509 digital certificate containing the server’s
FQDN to be installed into the Windows computer
store of each Connection Broker.
Bypass proxy settings when communicating
with the connection brokers — If selected,
proxy settings are not used when communicating
with Connection Brokers.
This setting is selected by default.
The Ticket Expiration setting is used to specify
the expiration time for tickets that are sent to the
Connection Broker when applications are
launched.
The default for the Ticket Expiration setting is 1
minute.
License Pool
Enter a number of minutes to define update
interval, which is the number of minutes the
Connection Broker servers update license usage
information.
129
LOCATIONS PROPERTY
DESCRIPTION
Session Hosts
Session Auto-Logoff
This policy is for users that start published
applications and not full desktops. If enabled,
vWorkspace automatically logs off when the last
published application is closed. This eliminates the
potential issue of applications remaining in
memory, and never really terminating.
Enter a module name for a process. If the process
with the module name persists after the session
has been closed, then the session is automatically
logged off.
To add a process, click Add.
To delete a process from the use, highlight the
process and click the red X.
Enable RDP remote administration control —
Select this option to enable remote administration
control. this is farm wide and is disabled by
default.
Hyper-V
Hyper-V Catalyst
HyperDeploy
Approximate bandwidth usage — Select an
approximate bandwidth to be used by
HyperDeploy when copying parent VHDs to local
hosts.
HyperCache
Enable parent VHD caching for new parent
VHDs is set by default. Deselect to disable.
Default cache size (MB) sets the default cache
size for a parent VHD, and can get overridden for
individual parent VHDs.
Note: Disabling Parent VHD caching and to
change the cache size of a parent VHD can be
done on a per Hyper-V host basis from the
properties of a Hyper-V host in the vWorkspace
Management Console.
Diff Disk Storage Optimizations
130
Select a setting for overcommitting diff disk
storage.
LOCATIONS PROPERTY
DESCRIPTION
MAC Address Management
Allow vWorkspace to manage virtual
machine MAC addresses — Select this option to
generate and assign MAC addresses for Hyper-V
virtual computers.
Base address — Specify the base MAC address to
use as the starting point for new computers.
Auto-Size Settings
Limit the number of new computers per
auto-size iteration — Select this option to
specify the maximum number of computers that
vWorkspace creates in a single iteration of
auto-sizing a group.
Number of computers — Select the appropriate
number of computers.
Other Settings
Computer Timing Settings
Heartbeat Interval — Specifies how often the
Data Collector Service on managed computers
sends status information to the Connection Broker.
Offline Count — Specifies the number of missed
heartbeats before a managed computer is
considered offline.
Offline Retry — Specifies how often the
Connection Broker attempts to contact an offline
managed computer.
Inactivity Timeout — Specifies how long a
managed computer is logged off before it is
considered inactive and automatically placed into
a suspend state.
Sysprep Period — Specifies how long the system
waits during the Sysprep operation before
attempting to initialize the computer.
Host Timing Settings
Heartbeat Interval - How often hosts send
status information to the Connection Broker.
Offline Count - Number of missed heartbeats
before a host is considered offline by the
Connection Broker
Offline Retry - How often the Connection Broker
attempts to contact an offline host.
131
LOCATIONS PROPERTY
DESCRIPTION
Task & Log Settings
Task History — Age at which completed task
records are automatically deleted.
Task Display Expiration — Age at which the
current or most recently executed task on a
managed computer is no longer displayed in the
desktop list.
Log History — Age at which log records are
automatically deleted.
Active Directory Credentials
Specify global delete credentials — Use this
setting to add administrative credentials that can
be used to delete a computer from Active
Directory.
Enter account and password credentials that are
to be used to remove computers from Active
Directory.
Note: If a computer cannot be removed from
Active Directory using these credentials, then the
system attempts to use the computer group
administrative credentials.
Permissions
Permissions
Enter users or groups and then set permissions to
Allow or Deny for the following:
• Add Locations
• Add Virtualization Servers
• Delete Locations
• Delete Virtualization Servers
• Modify Locations
• Modify Virtualization Servers
Connection Brokers
The Connection Broker, along with the vWorkspace Management Database, is
a central component in a vWorkspace farm. A connection broker does much
more than just broker connections and must be added to a farm before any
connections to the virtual workspace can be made. The list that follows outlines
some of the responsibilities of the vWorkspace Connection Broker.
132
•
Manages most communication within a farm.
•
Runs as a highly scalable Windows service.
•
Integrates with virtualization platforms to provision and manage new
workspaces.
•
Performs a broad set of management tasks.
•
Provides native load-balancing.
•
Brokers connections from vWorkspace connectors to the vWorkspace
infrastructure and responds to client connectivity requests and
redirects the client to an appropriate virtual workspace.
Connection Brokers can be added during the New Location wizard process, or
by selecting New Connection Broker from the context menu of the
Connection Brokers node.
To add a vWorkspace Connection Broker server to the Management Console,
the vWorkspace Connection Broker role must be installed and configured to
communicate with the farm management database.
How to ...
•
Add Connection Broker Servers
•
Set Connection Broker Properties
•
Remove Connection Broker Servers
Add Connection Broker Servers
1.
Open the vWorkspace Management Console, and expand the
Locations node, and then the location that the Connection Broker is
to be added.
2.
Right-click on Connection Brokers, and then select New
Connection Broker.
3.
Click Next on the Welcome window of the Server Properties wizard.
133
4.
Enter the server name (NetBIOS) on the Server name window, and
then click Next. Use the ellipsis to browse for the server.
134
5.
Specify the role or roles for the server on the Server Role window,
A server can perform more than one role; for example, a vWorkspace
Connection Broker and Microsoft Remote Desktop Connection Broker
(RD Broker).
6.
If you selected vWorkspace Connection Broker role on the Server
Roles window, then on the Certificate window, specify or view the
certificate that is to be used on this server, and then click Next.
7.
Select if trace logging is to be enabled on this server on the Logging
8.
If you selected Microsoft Remote Desktop Connection Broker (RD
Broker), complete the next two steps. If not, then continue to step
11 to specify Permissions for this server.
9.
Specify an administrative account and password for the RD Broker
on the Administrative Account window, and then click Next.
135
10. Select if publishing and resource plug-in logging is to be enabled on
this server on the Logging window, and then click Next.
11. Specify any permissions for this server on the Permission window,
Set Connection Broker Properties
Once Connection Brokers have been added to a location, set properties, as
appropriate.
1.
Right-click on the Connection Brokers node under the location in
which you want to add the permission and select Properties.
2.
Select the Permissions tab on the Connection Broker Properties
window.
3.
Highlight the user or group, and then set the permissions to Allow or
Deny, by selecting the check box, as appropriate.
4.
Click Apply to save your changes, and then OK to close the window.
Remove Connection Broker Servers
Use the following steps to remove a Connection Broker from inclusion in the
vWorkspace infrastructure. Removing a Connection Broker deletes its associated
records within the vWorkspace database, but it does not uninstall any of the
vWorkspace components or any other software on the server, nor does it change
its database configuration (DSN).
136
1.
Expand the Connection Brokers node in the navigation pane of the
vWorkspace Management Console, and select the Connection Broker
sever that is to be removed.
2.
Click the Delete Server icon from the navigation pane toolbar, or
right-click on the Connection Broker, and select Delete Server from
the context menu.
3.
Click Yes to complete the removal.
Desktops
The Desktops node in the vWorkspace Management Console is used to define
computer groups which, in turn, are used to create and contain managed
computers. The managed computers within a group can be either physical or
virtual, and typically have the same version operating system and service pack
level, a common set of installed applications, and are used by individuals with
similar job tasks and responsibilities.
How to ...
Set Desktops Properties
Once Desktops have been added to a location, you can set the properties.
1.
From the vWorkspace Management Console, right-click on the
Desktops node under the location that you want to add the
permission.
2.
Select Properties.
3.
Highlight the user or group on the Desktops Properties window, and
then change the permissions to Allow or Deny, by selecting the
checkbox, as appropriate.
For more information on permissions, see Permissions.
4.
The following is an overview of the concepts and terminologies associated with
the Desktops node of vWorkspace.
•
Computer Groups — Containers for managing a group of desktop
computers as a single entity. One or more computer groups may be
created for each system type.
See Computer Groups for more information.
•
Managed Computers — Objects in the vWorkspace database that
represent the desktop computers that are managed by vWorkspace.
These desktops are installed on virtual computers or physical devices,
such as PC blades.
See Managed Computers for more information.
137
•
Initialize Computer — Managed computers and Microsoft Hyper-V
Virtualization Hosts need to be able to communicate properly with the
Connection Brokers. The Initialize task is the process that enables
this communication, and is the responsibility of the Connection
Broker.
See Initialize Computer for more information.
•
Virtual Desktop Extensions (PNTools) — Set of executables,
dynamic link libraries, and device drivers that provide features and
management functionality for managed computers in a vWorkspace
infrastructure. PNTools can be installed on all computers, virtual or
physical, which are being managed using the Desktops node.
See Virtual Desktop Extensions (PNTools) for more information.
•
Publish Managed Desktops and Applications — Managed
desktops must be published before users can connect to their
assigned applications or managed computer. Once published, icons
representing the managed desktop appear in the application set of the
AppPortal or Web Access client, allowing the user to click on an icon
to initiate the program.
See Publish a Managed Desktop and Publish Managed Applications for
more information.
•
Power Management — Managed computers are considered to be
power managed computers if the power state can be changed
automatically by the Connection Broker, or manually by an
administrator using the vWorkspace Management Console.
See Power Management for more information.
Computer Groups
Once locations are established and are configured with at least one Connection
Broker and Virtualization Host, administrators can add computer groups to the
Desktops node in the Location. There are no limitations as to how many
computer groups can exist in each location.
The Computer Group wizard is used to add computer groups to an existing
location. Some options on the Computer Group wizard may be unavailable,
based upon the System Type you use when creating the group. After the
System Type is selected, only the parameters relevant to that type are
presented.
138
The System Types are:
•
Microsoft Hyper-V
•
Microsoft SCVMM
•
VMware vCenter Server
•
Parallels Virtuozzo
•
Other/Physical
Administrators can activate the Computer Group wizard from the vWorkspace,
Desktops node any of the following ways:
•
Expand the location to which the computer group is to be added,
right-click on the Desktops node, and then select New Computer
Group.
– OR –
•
Expand the location to which the computer group is to be added, and
highlight the Desktops node. Select New Computer Group from
one of the following:
•
Actions menu on the toolbar in the navigation pane.
•
New Computer Group icon in the toolbar of the navigation pane.
•
Actions menu on the Desktops information pane.
•
Open the Quick Start Wizard from the vWorkspace Management
Console welcome page. See the Quick Start Wizard section for
more information.
For specific information on completing the Computer Group wizard based on
System Type, refer to the appropriate section in the Virtualization Platform
Integration chapter.
139
Computer Group Properties
The properties associated with computer groups are described below:
PROPERTY
DESCRIPTION
Group Name
Name of the managed desktop
group.
APPLIES TO:
• Microsoft
Hyper-V
• VMware
vCenter Server
• Microsoft
SCVMM
• Parallels
Virtuozzo
• Other/Physical
Group Mode
Configures the Computer Group for
either Cloud mode or Traditional
mode.
• Microsoft
Hyper-V
System Type
System type for the computers in
this group.
• Microsoft
Hyper-V
• VMware
vCenter Server
• Microsoft
SCVMM
• Parallels
Virtuozzo
• Other/Physical
Datacenter
Datacenter in which the computers
in this group belong.
• VMware
vCenter Server
Administrative
Account
Name of the user account that is
used when performing
administrative tasks on the desktop
computers within this group.
• Microsoft
Hyper-V
• VMware
vCenter Server
• Microsoft
SCVMM
• Parallels
Virtuozzo
• Other/Physical
140
PROPERTY
DESCRIPTION
Auto-Size
Automatically adjusts the number of
virtual computers in the computer
group based on user demand.
Enable auto-size turns on
Auto-sizing and requires that the
following values be set:
Minimum number of computers specifies the minimum number of
virtual computers to be maintained
in the group.
APPLIES TO:
• Microsoft
Hyper-V
• VMware
vCenter Server
• Parallels
Virtuozzo
• Microsoft
SCVMM
Demand buffer computers specifies the number of virtual
computers that should be powered
on and available at all times.
Maximum number of computers specifies the maximum number of
virtual computers allowed in the
group.
Provisioning
Settings
Provisioning Settings define the
parameters used to generate virtual
machines that will become members
of the computer group. The following
parameters are set:
Template
Hosts - all hosts or selected hosts
Naming convention
• Microsoft
Hyper-V
• VMware
vCenter Server
• Parallels
Virtuozzo
• Microsoft
SCVMM
Sysprep customization - Native,
Quick and Direct.
Configure Computers - Video
Adapter, Memory and Network
Adapter
Enable/Disable
Connection requests to computers in
this group may be temporarily
suspended, if disabled.
• Microsoft
Hyper-V
• VMware
vCenter Server
• Microsoft
SCVMM
• Parallels
Virtuozzo
• Other/Physical
141
PROPERTY
DESCRIPTION
APPLIES TO:
Client Assignment
Used to permanently assign users to
specific computers.
• Microsoft
Hyper-V
The two types of user assignment
are:
• VMware
vCenter Server
• Persistent— A permanent
desktop is assigned to the user.
• Microsoft
SCVMM
• Temporary — A free desktop is
assigned on a temporary basis
to the user, and then is available
to be used again at user logoff.
• Parallels
Virtuozzo
• Other/Physical
A client type can be assigned to the
computers in the group based on the
following:
• User
• Device Name
• Device Address
• Organizational Unit
• Group
• Advanced
Note: Since users can be in more
than one group or organization unit,
administrators must manually assign
individual computers to users if
client assignment is based on Group
or Organizational Unit.
Assign computers using the Client
Assignment window for the specified
computer. See Managed Computers
for more information on this window.
Access Timetable
Used to restrict access to the
computers in this group based on
day and time.
• Microsoft
Hyper-V
• VMware
vCenter Server
• Microsoft
SCVMM
• Parallels
Virtuozzo
• Other/Physical
142
PROPERTY
DESCRIPTION
Load Balancing
Used to specify a load balancing rule
for the group, if appropriate. Load
Balancing Rules that are created
using the Load Balancing node in the
vWorkspace Management Console,
are presented as load balancing rule
options.
APPLIES TO:
• Microsoft
Hyper-V
• Microsoft
SCVMM
Note: Hyper-V Load Balancing is
configured from the properties of the
Hyper-V host.
User Privileges
Automatically assigns users to local
security groups.
• Microsoft
Hyper-V
This policy is useful when
provisioning desktop workspaces to
users that require elevated
privileges.
• VMware
vCenter Server
• Microsoft
SCVMM
• Parallels
Virtuozzo
• Other/Physical
Session Auto-Logoff
Automatically logs off user sessions.
This policy is for users that start
published applications and not full
desktops. If enabled, vWorkspace
automatically logs off when the last
published application is closed. This
eliminates the potential issue of
applications remaining in memory,
and never really terminating.
Enter a module name for a process.
If the process with the module name
persists after the session has been
closed, then the session is
automatically logged off.
• Microsoft
Hyper-V
• VMware
vCenter Server
• Microsoft
SCVMM
• Parallels
Virtuozzo
• Other/Physical
To add a process, click Add.
To delete a process from the use,
highlight the process and click the
red X.
143
PROPERTY
DESCRIPTION
Inactivity Timeout
Automatically suspends computers in
the group when they are inactive.
APPLIES TO:
• Microsoft
Hyper-V
• VMware
vCenter Server
• Microsoft
SCVMM
Logoff Action
Session Protocol
Can be set to automatically reset,
reprovision or delete a computer in
this group when the user logs off.
• VMware
vCenter Server
Specify the protocol for remote user
sessions for this group, either
Microsoft’s Remote Desktop
Protocol or Hewlett Packard’s RGS.
• Microsoft
Hyper-V
• Microsoft
SCVMM
• VMware
vCenter Server
• Microsoft
SCVMM
• Parallels
Virtuozzo
• Other/Physical
Experience
Optimization
Specify if user experience
optimizations are to be enabled or
disabled for this computer group.
This includes the settings for
bandwidth optimization appliances
and EOP Xtream.
• Microsoft
Hyper-V
• VMware
vCenter Server
• Microsoft
SCVMM
• Parallels
Virtuozzo
• Other/Physical
Enhanced Audio
Enable support for enhanced
bidirectional audio.
• Microsoft
Hyper-V
• VMware
vCenter Server
• Microsoft
SCVMM
• Parallels
Virtuozzo
• Other/Physical
144
PROPERTY
Task Automation
DESCRIPTION
APPLIES TO:
Tasks can be scheduled to be
completed at specified times.
• Microsoft
Hyper-V
See Task Automation for more
information.
• VMware
vCenter Server
• Microsoft
SCVMM
• Parallels
Virtuozzo
• Other/Physical
Permissions
Specify permissions for this
computer group.
• Microsoft
Hyper-V
• VMware
vCenter Server
• Microsoft
SCVMM
• Parallels
Virtuozzo
• Other/Physical
Finish
Select from the options available as
to the finish process for this group.
• Microsoft
Hyper-V
• VMware
vCenter Server
• Microsoft
SCVMM
• Parallels
Virtuozzo
• Other/Physical
How to ...
Add a Computer Group
The settings presented differ based upon the system type, such as VMware or
Microsoft SCVMM. Review the previous table to view which property applies to
which type.
Virtualization servers and virtualization hosts must be added prior to adding
computer groups. See the Virtualization Platform Integration chapter for
more information on the set up of virtualization servers and hosts.
145
1.
2.
Open the Computer Group wizard from the, Desktops node one of
the following ways:
•
right-click on the Desktops node, and then select New
Computer Group.
•
and highlight the Desktops node. Select New Computer Group
from the Actions menu on the toolbar in the navigation pane,
from the New Computer Group icon in the toolbar of the
navigation pane, or from the Actions menu on the Desktops
information pane.
3.
Click Next on the Welcome window of the Computer Group wizard.
4.
Enter the name of the computer group in the Group Name field on
the Group Name window, and then click Next.
5.
Select the system type for the group on the System Type window,
6.
Complete the following settings, as appropriate, based on the
selected system type. Click Next to advance to the next setting.
7.
On the Finish window, do one of the following:
a) Select the Create new computers from a master template to
add new desktops to the group and enter the number of desktops
to create. Complete the process using the Add Computers tool.
See the Virtualization Platform Integration chapter for more
information on the Add Computers tool.
b) Select Import existing computers to add computers by
importing existing virtual computers and complete the process
using Importing Existing Computers into a Group.
c) Select Do nothing. I will create or import computers later to
create the desktops at a later time.
8.
Click Finish.
Once managed computer groups are established, their properties can
be viewed and modified from the vWorkspace Management Console
by right-clicking on the managed computer group, and selecting
Properties.
View Managed Computer Groups
Administrators have the ability to view summary information as well as delete
computer groups from the vWorkspace Management Console. A computer group
can only be deleted from vWorkspace if it is empty.
146
The Desktops and Session Hosts, Provisioning nodes, Computers, Tasks,
and Logs tabs of the vWorkspace Management Console, display the warning
message, Not all log entries have been displayed if the allowed maximum row
view is attained. From this warning message, administrators can select the
option to set a different maximum row amount.
How to ...
•
View Summary Information
•
View Managed Computers
•
View Tasks for a Computer Group
•
View Logs for a Computer Group
•
Modify the Properties of a Computer Group
•
Delete a Computer Group
1.
2.
Select Desktops for the location, and highlight the computer group.
3.
Select the Summary tab in the information pane.
1.
2.
Navigate to the Desktops node of the computer group that you
want to view, and highlight the computer group.
3.
Select the Computers tab in the information pane.
4.
Enter the text of the search term in the Find field.
For example, enter Powered On to locate powered on computers in
the Power State column.
147
5.
•
To highlight the next computer meeting the search criteria, click the
Find Next icon.
•
To highlight all computers meeting the search criteria, click the Select
All Matching icon.
If the criteria is not found a message box displays stating [criteria] not
found.
View Tasks for a Computer Group
1.
2.
Navigate to the Desktops node of the computer group that you want
to view the tasks, and highlight the computer group.
3.
4.
Click Toggle Lower Pane on the toolbar of the information pane.
This enables the lower pane.
5.
Select the Tasks tab to view.
6.
For example, enter Reconfigure to locate reconfigured computers in
the Task Item column.
7.
•
Find Next icon.
•
All Matching icon.
View Logs for a Computer Group
1.
2.
Navigate to the Desktops node of the computer group that you want
to view the logs, and highlight the computer group.
3.
4.
This enables the lower pane.
148
5.
Select the Log tab to view.
6.
7.
•
Find Next icon.
•
All Matching icon.
Modify the Properties of a Computer Group
1.
2.
Navigate to the Desktop node that includes the computer group that
you want to modify.
3.
Right-click on the computer group, and select Properties.
4.
Change the properties as appropriate, and then click OK.
Delete a Computer Group
1.
2.
Navigate to the Desktops node of the computer group that is to be
deleted.
3.
Right-click on the computer group, and then select Delete Group.
If the group is not empty, a message appears stating that all
managed computers from the group need to be removed prior to
deleting the group.
4.
Click Yes on the confirmation window to delete the group.
Computer Group Column Options
In a computer group’s information pane, administrators have the ability to
configure column options.
Memory Column Color Coding
The Memory Demand (Status), Assigned Memory (MB), and Memory Demand
(MB) columns have a feature where the computer’s current status is not only
indicated by a value, but the cell background is color-coded indicating a relative
status for memory use: green for adequate (OK), yellow for marginal, and red
to indicate the computer is in danger of exhausting its memory.
Volume Column
The column, Volume, shows the volume on which a given desktop is running.
This column is only available for Hyper-V computers.
Template Column
The Template column displays the current template of each virtual desktop. For
Hyper-V and Parallels, this is the template version; for SCVMM, the template;
and for VMware, the snapshot.
The Template column makes it simple to identify any inconsistencies of template
usage among desktops in a group at a glance.
149
How to ...
•
Arrange Information Pane Column Order and Sort Order
•
Resize Columns
•
Select Columns
Arrange Information Pane Column Order and Sort Order
Columns are grouped and ordered according to computer group type. In the
Column Options window, the Grouped checkbox indicates if the selected column
is part of a group and its order is determined by its position in the Selected
Columns pane, with the top column on the far left of the Information pane.
1.
To arrange columns in the Information pane, click and hold down the
mouse button in the column heading, and drag the column to the
desired location.
2.
To sort information within a column, click the column heading to
toggle the ascending or descending arrowhead, or right-click in the
column heading and select Sort Ascending or Sort Descending
from the drop-down context menu.
Resize Columns
1.
Right-click in a column heading and select Size Column to Fit from
the drop-down context menu to fit a column to its contents.
2.
Right-click in a column heading and select Auto Size All Columns
to Fit to automatically fit all the columns in the Information pane to
their contents.
Select Columns
150
1.
2.
Navigate to and select a computer group.
3.
Select the Desktops tab in the information pane.
4.
Right-click within a column heading.
5.
Select Column Options in the context menu.
6.
In the Column Options window, use the right arrow to move columns
from the Available Columns pane to the Selected Columns pane, or
the left arrow to move columns back to the Available columns pane.
7.
In the Selected Columns pane, highlight a column name and click the
up or down arrows to adjust its position. Click OK.
8.
To display all the available columns, right-click in an information
pane column heading and choose Show All Columns from the
drop-down context menu.
Task Automation
The Task Automation property of a managed computer group provides the ability
to schedule execution of a vWorkspace supported operation on a vWorkspace
managed virtual or physical computer or Session host is available through the
Automated Task Wizard. Some of the scheduled tasks include:
•
Power management.
•
Deletion of virtual computers, including the ability to delete
computers that have been inactive for a specified number of days.
•
Installation of MSI packages.
•
Installation and update of PNTools.
•
Program and script execution.
151
How to ...
Schedule Tasks using the Automated Task Wizard
1.
2.
Expand the Desktops node for the location to which you want to add
the scheduled task.
3.
Do one of the following to open the Computer Group Properties
window:
a) Right-click on the computer group, and select Properties.
b) Highlight the computer group, and then select
Actions | Properties from the main menu.
c) Highlight the computer group, and select the Properties icon from
the toolbar.
d) Highlight the computer group. Select the Summary tab in the
navigation pane, then Actions | Properties.
Scheduled tasks can also be identified by computer. See Automated
Tasks for more information, and use the below steps to add a new
scheduled task, using the Automated Task Wizard, to a specific
computer.
4.
Select Task Automation in the left pane of the Computers Properties
window, and then click New (green + plus sign). The Automated
Task wizard appears.
5.
6.
Enter a Name for the task, and then click Next.
7.
Select the task from the list on the Task window, and then click
Next.
8.
On the Task Parameters window, complete the information as
The fields on the Task Parameters window change based upon the
Task selected.
152
9.
Complete the information on the Schedule window, as appropriate,
Managed Computers
Managed Computers are objects in the vWorkspace database that represent
the desktop computers and Session Hosts that are members of a managed
computer group. These desktops and session hosts are virtual machines or
physical devices. Virtual machines can be provisioned from template or parent
VHD or imported into a computer group. Physical machines must be imported
into a computer group.
Managed computers have properties that control their creation and use. The
properties that are available depend upon the type of group in which the
managed computer exists. When a computer is added or imported into a
managed computer group, it inherits the property settings of the group.
Computers are added to a managed computer group by using the Add
Computers tool. There are several methods available for accessing this tool.
The method chosen depends on if the managed computer group already exists
in the vWorkspace Management Console, or if it is being created.
The inputs available on the Add Computers tool are based on the System type
of the selected computer group.
153
Access the Add Computers tool by one of the following methods:
Select the Create new computers from a master template on the
Finish page of the New Computer Group wizard, when creating a new
computer group.
– OR –
Select an exisitng computer group from the vWorkspace Management
Console and do one of the following:
a) Right-click on the computer group and select Add Computers.
b) Select the Add Computers icon from the navigation pane toolbar.
c) Select Add Computers from the Actions menu from the
navigation pane.
d) Select Actions | Add Computers from the information pane of
the computer group.
For more information on how to use the Add Computers tool based upon data
center type, refer to the Virtualization Platform Integration chapter.
154
Properties of a Managed Computer
The following section describes each property listed of a managed computer.
Summary
SUMMARY WINDOW
DESCRIPTION
Name
The computer name.
DNS Name
The Domain Name System name.
NetBIOS Name
The NetBIOS name. The first 15 characters of the
Windows computer name are assigned
automatically by Windows setup and cannot be
modified.
IP Address
The TCP/IP address last assigned to the managed
computer.
MAC Address
The Media Access Control address assigned to the
managed computer’s network interface card.
Note: Only one active physical or virtual network
interface is supported on a VM, physical PC, or
blade PC.
155
SUMMARY WINDOW
DESCRIPTION
Allow power-management
(suspended, reset, etc.)
through the vWorkspace
management console.
Selecting this option allows the vWorkspace
Management Console to control the power state of
the managed computer, if it is an applicable
option.
Administrative Account
ADMINISTRATIVE ACCOUNT
WINDOW
DESCRIPTION
Override Group Properties
Selecting this option allows a different
administrative account and password to be
assigned to the managed computer from the
ones being used by the group.
Account
This field is used to specify the name of a
user account that has local administrative
rights.
User the ellipsis to browse to the account.
Password/Confirm Password
156
This field is used for the password of the user
account specified by Account.
Enable/Disable
ENABLE/DISABLE WINDOW
DESCRIPTION
Override group properties
Selecting this option allows this computer to have
a different property than the group.
Enabled or Disabled
Select one of the options for this computer.
If Disabled is selected, the Connection Broker
does not redirect incoming connection requests to
this computer.
157
Client Assignment
See Temporary Client Assignment for more details.
CLIENT ASSIGNMENT
WINDOW
Current User
DESCRIPTION
Displays the name of the user account currently
logged on to the managed desktop computer.
If a user is not logged on, a None value is
displayed.
Permanent User
Displays the name of the user account
permanently assigned to the managed desktop
computer.
If a user is not logged on, a value of None is
displayed.
158
CLIENT ASSIGNMENT
WINDOW
DESCRIPTION
Select a user to whom this
desktop should be
permanently assigned
Use this option to select a user account that is
permanently assigned to the managed desktop
computer.
This option is available if a user is currently not
logged on to the desktop.
Note: If a Client Assignment policy for the
desktop group is set to Temporary, it is
overridden for this desktop computer only.
Note: If the Client Assignment policy for the
desktop group is set to Persistent, this setting
can be used to pre-assign a user account to the
managed computer.
Persistently assign the
current user to this desktop
Use this option to assign the currently logged on
user account to the managed computer.
This option is available if a user is currently not
logged on to the desktop.
desktop group is set to Temporary, it is
overridden for this desktop computer only.
Remove the current
permanent assignment
Use this option to remove the current permanent
assignment from the managed computer.
desktop group is set to Temporary, the managed
computer is available for automatic, permanent
assignment.
Note: If the Client Assignment policy for the
desktop group is set to Persistent, this setting
can be used to pre-assign a user account to the
managed computer. However, the vWorkspace
administrator can still choose to pre-assign the
desktop to a user.
159
Access Timetable
ACCESS TIMETABLE
WINDOW
DESCRIPTION
If selected, you can specify a different access
timetable setting than that of a desktop group.
Click on the green grid to set a time schedule.
If selected, choose from the following:
Grant Permission — Specifies the days of the
week and the hours of the day when logons to the
desktop computer are allowed (marked in green).
Deny Permission — Specifies the days of the
week and the hours of the day when logons to the
desktop computer are not allowed (marked in
red).
160
User Privileges
USER PRIVILEGES WINDOW
DESCRIPTION
If selected, you can specify a different level of
user privileges for the users that log on to this
desktop computer.
Power User
At logon, the user is added to the desktop
computer’s built-in Power Users local group.
Administrator
computer’s built-in Administrators local group.
None
computer’s built-in Users local group.
161
Power Savings (SCVMM and Hyper-V)
INACTIVITY TIMEOUT
WINDOW
DESCRIPTION
Desktops can be automatically suspended when idle for a specified amount of time.
If selected, you can specify a different power
savings setting than that of the parent desktop
group.
Automatically suspend
Select to enable automatic suspension of the
desktop computer when inactive (user is logged
off, but computer is still powered on), or if offline.
Do not automatically
suspend
Select to disable automatic suspension of the
desktop computer when inactive (user is logged
off, but computer is still powered on), or if offline.
162
Power Savings (VMware)
POWER SAVINGS WINDOW
DESCRIPTION
If selected, you can specify a different power
saving than that of a desktop group.
To conserve computing
resources, automatically
suspend computers in the
group that are inactive
Inactive status is marked when the managed
computer has been logged off, disconnected or
goes offline.
Computers to remain
powered on
Number of computers in the computer group that
will not be suspended. This parameter ensures
that a connecting user is logged into the virtual
workspace quickly.
Values: none - 500
163
Session Auto-Logoff
SESSION AUTO-LOGOFF
WINDOW
DESCRIPTION
If selected, you can specify a different session
auto-logoff setting than that of a desktop group.
Module Name
Enter the name, such as wuauclt.exe.
Add
Select after entering a name in the Module Name
box.
Remove
Select to remove items from the list.
164
Configuration (VMware System Type only)
CONFIGURATION WINDOW
DESCRIPTION
Reconfigure
Enables administrators to modify the current
memory and virtual disks configuration.
Refresh
Refreshes the current view of the window.
165
Configuration (Hyper-V and SCVMM System Type)
CONFIGURATION WINDOW
DESCRIPTION
Reconfigure
Enables administrators to modify the current video
adapter, memory, memory priority and network
adapter configuration.
Refresh
Refreshes the current view of the window.
166
Logoff Action
LOGOFF ACTION WINDOW
DESCRIPTION
If selected, you can specify a different logoff action
setting than that of a desktop group.
Nothing
If selected, no actions are performed at logoff.
Reset
If selected, this computer is reset when the user
logs off.
Reprovision
If selected, this computer is reprovisioned at log
off.
Note: It is recommended that you install Virtual
Desktop Extensions (PNTools) onto your VMware
template if you are using the reprovision
functionality.
167
Session Protocol
SESSION PROTOCOL
WINDOW
DESCRIPTION
If selected, you can specify a different session
protocol setting than that of a desktop group.
RDP
Remote session protocol for this computer is set to
RDP.
RGS
Remote session protocol for this computer is set to
RGS.
168
Experience Optimization
EXPERIENCE OPTIMIZATION
WINDOW
DESCRIPTION
Enable support for
bandwidth optimization
appliances
Enables or disables support for bandwidth
optimization for this computer.
Enable support for WAN
acceleration (EOP Xtream)
Override group properties — If selected, you
can specify a different EOP Xtream setting than
that of a desktop group.
Override group properties — If selected, you
can specify a different bandwidth optimization
setting than that of a desktop group.
Enabled — Enables support for EOP Xtream.
Enable RDP pass-through mode — Enables EOP
Xtream to use the RDP port, eliminating the need
to configure extra firewall settings.
EOP Xtream Port Number — The default port
number is 33389.
Maximum number of connections — Enter a
maximum number of connections.
Disabled — Disables support for EOP Xtream.
169
Enhanced Audio
ENHANCED AUDIO WINDOW
DESCRIPTION
If selected, you can specify a different enhanced
audio setting than that of a desktop group.
Enabled
Enables support for enhanced audio for this
computer.
Disabled
Disables support for enhanced audio for this
computer.
170
Automated Tasks
TASK AUTOMATION
WINDOW
DESCRIPTION
Name
Identifies the name of the task.
Task
Identifies the task that is to be completed.
Schedule
Indentifies the schedule to which the task is to be
completed.
New
Select to add a new scheduled task.
See Schedule Tasks using the Automated Task
Wizard for more information.
171
Permissions
PERMISSIONS WINDOW
DESCRIPTION
User/Groups
Lists users and groups who have permission to
perform administrative tasks on this computer.
Select a user or group to view their permissions.
Permissions
Lists permission for this computer and if they are
allowed or denied for the selected user or group.
For more information on permissions, see
Permissions.
Operating System Customizations
The Operating System Customization wizard creates the operating system
customization information for Hyper-V, SCVMM, VMware and Parallels Virtuozzo
type computers. This wizard can be accessed from the Customize Operating
System window of the Add Computers wizard by selecting the New icon (green
plus sign).
172
You are able to select one of the following Sysprep types based on the system
type:
•
Windows XP, Server 2003 (sysprep.inf)
•
Vista, Windows 7, Server 2008 (unattend.xml)
You can also import an existing sysprep.inf or unattend.xml file, and then make
further customizations to the file through the Operating System Customizations
wizard.
Operating System Customizations
Quest vWorkspace supports three operating system customization types:
Native, Instant, and Direct.
•
Instant mode is available for provisioning virtual computers on
Hyper-V and VMware platforms and uses Quest’s Instant Provisioning
mechanism, which is the fastest way to customize a computer.
The Instant Provisioning method requires the master template be
configured as follows:
•
vWorkspace Instant Provisioning tools
(TEMPLATE_TOOLS\InstantProvisioning.exe) must be
pre-installed.
•
Joined to the target domain.
173
•
Microsoft Sysprep uses the virtualization system’s native sysprep
execution and passes all the customizations to the virtualization
system (Hyper-V, SCVMM, VMware vCenter).
•
Direct Sysprep method invokes sysprep directly after the clone
operation is complete. This is the slowest of available sysprep
mechanisms.
Direct sysprep method requires the master template be configured as
follows:
•
Quest Virtual Desktop Extensions (PNTools) must be
pre-installed.
Instant Provisioning can be configured to run custom commands once the
provisioning process is complete. On the template locate the folder
%programfiles%\Quest Software\Instant Provisioning\vbscripts. Any .vbs files
in this folder are run at the end of the Instant Provisioning process.
The following table shows which sysprep execution mode is compatible with each
virtualization platform and operating system.
MICROSOFT
SYSPREP
INSTANT
DIRECT
SYSPREP
Hyper-V
Win XP, Win 7
Win XP, Win 7
n/a
SCVMM
Win XP, Win 7
n/a
n/a
VMware
Win XP, Win 7
Win XP, Win 7
Win XP
Parallels
n/a
n/a
Win XP, Win 7
Win XP = Windows XP and Windows Server 2003
Win 7 = Windows Vista, Windows 7 and Windows Server 2008
174
About Sysprep Files
Using an imported sysprep.inf file provides you with more customization than
using the Operating System Customization wizard. For example, you can
configure TCP/IP and networking options. However, if you choose to import a
sysprep.inf file, you must include the following sections, or the customization
process pauses and awaits user interaction.
[Unattended]
OemSkipEula=Yes
OemPreinstall=Yes
InstallFilesPath=c:\sysprep\i386
[GuiUnattended]
OEMSkipRegional=1
OEMSkipWelcome=1
EncryptedAdminPassword=No
[Networking]
InstallDefaultComponents=Yes
How to ...
•
Create Operating System Customizations Windows XP/2003
•
Create Operating System Customizations Vista/Win7/Server2008
Create Operating System Customizations Windows XP/2003
1.
From the Customize Operating System setting on the Add Computers
wizard, select the New icon (green plus sign).
2.
Click Next on the Welcome window of the Operating System
Customization Wizard.
3.
Enter a Name for this customization, and then click Next.
4.
Select the platform type, Windows XP/2003 (sysprep.inf), for
this operating system customization.
175
5.
Complete the information on the Import window, if you want to
import an existing sysprep.inf file, and then click Next.
– OR –
If you do not want to import an existing file, click Next.
See About Sysprep Files for more information about importing an
existing sysprep.inf file.
6.
Specify the Windows operating system on the Operating System
The choices are:
176
•
Windows XP Professional
•
Windows XP Professional (64-bit)
•
Windows Server 2003
•
Windows Server 2003 (64-bit)
7.
Enter the Windows registration information of Owner and
Organization on the Registration window, and then click Next.
8.
Select a Time Zone that is to be used when configuring Windows on
the Time Zone window, and then click Next.
9.
Select one of the following on the Product Key window, and then click
Next.
a) Specify a single product key.
b) Retrieve product keys from a text file. Use the ellipsis to browse.
10. Select one of the options, Instant, Microsoft Sysprep, or Direct
Sysprep, on the Customizations Type window, and then click Next.
11. If Windows Server 2003 or Windows Server 2003 (64-bit) was
selected as the Operating System, select either Per Server or Per
Device or Per User on the Licensing Mode window, and then click
Next.
12. Enter the Password for the administrator account for the desktops
created in this group, on the Administrator Password window, and
then click Next.
13. Select Domain or Workgroup where the computers are to be
added on the Domain or Workgroup window, and click Next.
If you select Domain, you need to specify a user account that has
permission to add a computer to the domain.
14. Enter the Active Directory Organization Unit Path to which the
computers are to be added on the Active Directory Path window, and
then click Next.
177
15. Enter the path to the folder where the installation files are located,
If you do not want a folder specified, you must delete the default
value in the Path field.
This is an optional step. The default is c:\sysprep\i386.
16. Select one of the following options on the Regional Settings window,
and then click Next:
a) Use the default regional settings for the Windows version you are
installing.
b) Specify the regional settings. Select a default value for the
language.
17. On the Languages window, select the language in which the users
can view the content, and then click Next.
18. Use the Run Once window to configure Windows to automatically run
a command the first time a user logs on.
a) Enter the command in the Command box, and click Add.
b) Use the green arrows to define the commands order.
c) Click Next when you are finished.
178
19. Enter an Identification String, which is written to the registry of
the computer to assist in determining which customization object
was used to customize a computer. Click Next.
20. Alter customization entries on the Custom Entries window. This is an
optional step. Click Next to go to the next window.
21. Review your entries on the Summary window and do one of the
following:
a) Click Back to make changes.
b) Click Finish to create the desktops.
c) Click Cancel to exit without saving the settings or creating the
desktops.
22. Complete the Add Computers wizard in the usual way.
Create Operating System Customizations Vista/Win7/Server2008
1.
From the Custom Operating System setting on the Add Computers
wizard, select the New icon (green plus sign).
2.
Click Next on the Welcome to the Operating System Customizations
Wizard window.
3.
Enter a Name for this operating system customization, and then
click Next.
4.
Select the Platform type, Windows Vista, Windows 7, Server
2008 (unattend.xml) for this customization, and then click Next.
179
5.
If you want to use an existing unattend.xml file, click Select file on
the Import window, and browse to the location of your answer file
template.
Click Edit to use notepad or a shell application to edit the file.
If you have modified the file outside of vWorkspace or have used the
Edit option to modify the file, click Re-import to reimport the file.
Click Next to continue.
This is an optional step, and is used if you have an existing
unattend.xml file that you want to use in the Sysprep process.
180
6.
Select the operating system and the processor architecture for this
customization, and then click Next.
7.
Enter the Windows registration information of Owner and
Organization on the Registration window, and then click Next.
8.
Select a Time Zone that is to be used when configuring Windows on
the Time Zone window, and then click Next.
9.
Select one of the following on the Product Key window, and then click
Next.
a) Select Specify a product key and then select Specify a single
product key. Enter the specified product key.
•
The entered product key replaces the Product key value and
elements in the unattend.xml file if you have imported an
existing unattend.xml file.
b) Select Specify a product key and then select Retrieve product
keys from a text file. Enter the file or browse to its location.
c) Unselect Specify a product key.
•
The Product key values and elements are specified in the
imported unattend.xml file (if you have imported an existing
unattend.xml file) will be used in the operating system
customization process.
• If there are no Product key values or elements specified in the
unattend.xml file, a message is displayed warning that the
operating system customization might fail.
The need for a product license key is based upon Microsoft’s license
scheme for their products. For example, if you are using Microsoft
Windows 7 Enterprise edition, you do not need to enter a product key,
as licensing is supported through a key management server.
181
10. Select one of the options, Instant, Microsoft Sysprep, or Direct
Sysprep, on the Customizations Type window, and then click Next.
11. Select Domain or Workgroup to identify how the desktops will
participate in the network.
If you select Domain, you must enter a user account that has
permission to add a computer to the domain.
Click Next.
12. Specify the Active Directory Organization Unit path into which the
computers are to be added, and then click Next.
182
13. Specify a local administrator account on the Local Account window if
you are using Microsoft Vista, Microsoft Windows 7, or Microsoft
Server 2008, and then click Next.
183
14. Select to enable or disable the firewall for the public profile, domain
profile, and private profile, and then click Next.
15. Specify the regional settings, as appropriate, and then click Next.
16. Use the Run Once window to configure Windows to automatically run
a command the first time a user logs on.
a) Enter the command in the Command box, and click Add.
b) Use the green arrows to define the commands order.
c) Click Next when you are finished.
17. Enter an Identification String, which is written to the registry of
the computer to assist in determining which Sysprep object was used
to customize a computer.
18. Click Finish to complete the Operating System Customizations
wizard process.
19. Complete the Add Computers wizard in the usual way.
Administrators have the ability to view summary information managed desktops
from the vWorkspace Management Console. Administrators can also remote into
a user’s active RDP session. See Remote Control for more information on this
option.
184
How to ...
•
•
View Tasks for Managed Computers
•
View Logs for Managed Computers
1.
2.
Navigate to the computer group in Desktops or Session Hosts to
which the computer belongs, and highlight the computer group.
3.
Select the Computers tab in the information pane, and then
highlight the computer.
4.
Click Toggle Lower Pane from the toolbar of the information pane.
This enables the lower pane with three tabs, Summary, Tasks, and
Log.
5.
Select the Summary tab to view property and status information.
View Tasks for Managed Computers
1.
2.
Navigate to the computer group to which the computer belongs, and
highlight the computer group.
3.
4.
Log.
5.
Select the Tasks tab to view tasks performed on the selected
computer. Use the Actions menu and toolbar of the tasks pane to
refresh information or cancel tasks.
View Logs for Managed Computers
1.
2.
Navigate to the computer group to which the computer belongs, and
highlight the computer group.
3.
4.
Log.
5.
Select the Log tab to view log information.
185
Initialize Computer
When a managed computer (virtual or physical) is added to a computer group,
the vWorkspace Data Collector Service must be installed to allow the managed
computer to communicate properly with vWorkspace Connection Brokers. This
process is accomplished using the Initialize Computer task, which is initiated
and executed by the Connection Broker.
The Initialize Computer task is accomplished as follows:
1.
The Connection Broker checks for the IP address of the computer to
be initialized by querying the Virtualization Host. For other/physical
system type computers, it checks for the issuing DNS or NetBIOS
name resolution queries.
2.
Once the IP address of the target computer has been retrieved, the
Connection Broker attempts to connect to the Data Collector service
on that computer using TCP port 5203. If successful, it queries for
the version of the Data Collector service.
3.
If the Connection Broker is unable to connect to the Data Collector
service, or if the version of the Data Collector service on the target
computer is older than that running on the Connection Broker, the
Connection Broker attempts to install the newer version of the
service by remotely connecting to the Windows Service Control
Manager and system drive of the target managed computer.
It then stops the Data Collector service if it is running and copies the
newer version of PNDCSVC.exe to the Windows\System32 folder.
Once the file has been copied, the Connection Broker issues a remote
command to start the Data Collector service.
4.
186
Once the Data Collector service has been successfully started on the
target computer, the Connection Broker again attempts to contact
the Data Collector service on TCP port 5203. If the connection is
successful, the Connection Broker passes the following to the Data
Collector service:
•
List of all available Connection Brokers.
•
Informs the Data Collector service to use TCP port 5201 when
initiating connections to a Connection Broker.
•
Request that subsequent connections be encrypted, and provides
the public key to use for SSL encryption, if configured.
•
Configured heartbeat interval (the interval at which the Data
Collector service will send status updates to the Connection
Brokers).
•
Information about the License Mode for the vWorkspace
infrastructure.
•
Assigned Unique Computer ID for the computer.
When an Initialize Computer task is unsuccessful, the Connection Broker
considers the desktop unusable and marks it offline, making it unavailable to
users. Some common causes of a failure include:
•
Firewalls are blocking the communications between the Connection
Broker and the managed computer.
•
Name resolution issues.
•
Insufficient privileges held on the managed computer. You need to be
able to connect to the administrator file shares and have the privilege
to create a service on the managed computer. The privilege is set in
the Properties of the computer group, in Computer
Administrative Account.
Initialization Triggers
The following events can trigger the Initialize Computer task:
•
Successful clone operation
•
Add/Import desktops
•
Missed heartbeats
To manually initialize a computer or multiple computers:
1.
2.
Select the computer group under Desktops or Session Hosts.
3.
Highlight the computers that are to be initialized from the Computers
tab of the information pane.
4.
Right-click to select the Initialize option or select
Actions | Initialize from the information pane toolbar.
187
The ability to manually initialize a computer or multiple computers is available
through the context menu option of the highlighted computers. Select the
computer group under the Desktops or Session Hosts node on the
vWorkspace Management Console, and then highlight the computers that are to
be initialized from the Computers tab of the information pane and right-click to
select the Initalize option.
Virtual Desktop Extensions (PNTools) is a set of executables, dynamic link
libraries, and device drivers that provide features and management functionality
for managed computers in a vWorkspace infrastructure. PNTools can be
installed on all computers, virtual or physical, which are members of a computer
group in the Desktops node.
PNTools provides the following:
188
•
Data Collector
•
Universal Print Driver
•
Seamless window display mode
•
Up to 4096 x 2048 screen resolution
•
Quest vWorkspace Universal Print Driver
•
Quest vWorkspace USB Redirection
•
User Profile Management
•
Full-fledged desktop or published application sessions
•
Experience Optimized Protocol
How to ...
Install Virtual Desktop Extensions
The installation program for PNTools is located in the following folder on all
Connection Brokers:
ProgramFiles(x86)\Quest Software\vWorkspace\PNTools\pntools.msi
There are several ways to install, upgrade, or uninstall PNTools:
•
Use the PNTools | Install/Update from the context menu of a
specific managed computer group or managed computer on the
•
Use the MSI Packages option from the Packaged Applications
node of the vWorkspace Management Console to define a package for
PNTools. See MSI Packages for more information.
•
Use the Automated Tasks option. See Task Automation for more
information.
•
Manually install PNTools.msi into the virtual computer template.
•
Use third-party software distributions.
189
Session Hosts
Session Hosts need to have the Remote Desktop Services role installed and
configured to communicate with the vWorkspace Management Database before
it can be added to the vWorkspace Management Console.
To add a vWorkspace Session Host to the Management Console, the
vWorkspace Remote Desktop Services role must be installed and configured
to communicate with the farm management database.
How to ...
•
Add Session Hosts
•
Set Session Host Properties
•
Remove Session Hosts
Add Session Hosts
190
1.
Open the vWorkspace Management Console, and then expand the
Session Hosts node.
2.
Right-click on Management, and then select New Session Host.
3.
In the Add Session Host window, select <New Server> and click
OK.
4.
Click Next on the Welcome window of the Server wizard.
5.
Enter the server name (NetBIOS) on the Server Name window, and
then click Next. Use the ellipsis to browse for the server.
6.
Specify Session Host on the Server Role window, and then click
Next.
7.
Specify the folder for this Session Host on the Folder window. Click
New Folder to create a new folder. Click Next when complete.
Folders are for organization and display; it does not change the
operation of the servers.
8.
Accept the default load balancing rule or select to specify a custom
load balancing rule on the Load Balancing window, and then click
Next.
Additional custom load balancing rules can be created from the Load
Balancing node of the vWorkspace Management Console.
191
9.
192
Click Next to inherit the global exception list for Session
Auto-logoff, or select Specify the exclusion list to create an
exclusion list specific to this Session Host, and then click Next.
10. Complete the following information on the Connectivity window, and
then click Next.
Connections
Select the Accept least busy
connection requests check box
if you want the server to
participate in load balancing.
Alternative IP Address
Enter an alternative IP address.
These options are grayed out,
and not available for selection at
this time.
11. Specify the performance optimizations options that are to be enabled
on this server on the Performance Optimization window, and then
click Next. The two options are:
•
Virtual Memory Optimizations
•
12. Specify the experience optimization settings for this server on the
Experience Optimization window, and then click Next.
For more information about EOP Xtream, see the EOP Xtream section.
193
13. Specify whether bidirectional audio should be Enabled or Disabled
on this server in the Enhanced Audio window, and then click Next.
14. Specify the Virtual IP settings for this server, as appropriate, and
then click Next.
15. Specify licenses on the Licensing window, and then click Next.
16. Specify any permissions for this server, and then click Finish.
Set Session Host Properties
Once Session Hosts have been added, you can set properties to apply to all
servers in the vWorkspace farm that have the Session Host role.
1.
Right-click on the Session Hosts node under the location in which
you want to add the permission, and then select Properties.
2.
Highlight the user or group on the Session Host Properties window,
and then change the permissions to Allow or Deny, by selecting the
check box, as appropriate.
For more information on permissions, see Permissions.
3.
194
Remove Session Hosts
Use the following steps to remove a Session Host from inclusion in the
vWorkspace infrastructure. Removing a Session Host deletes its associated
records within the vWorkspace database, but it does not uninstall any of the
vWorkspace components or any other software on the server nor does it change
the database configuration (DSN).
1.
Expand the Session Hosts node in the navigation pane of the
vWorkspace Management Console, and select the Session Host that
is to be removed.
2.
Click the Delete Server icon from the navigation pane toolbar, or
right-click on the server and select Delete Server from the context
menu.
3.
Click Yes on the confirmation window to complete the removal.
Session Host Management
•
Manage Users Connected to Session Hosts
•
View Session Hosts Sessions
•
View Client Information for an Active Session
•
Manage Session Host Processes
•
View Session Host Applications
Manage Users Connected to Session Hosts
1.
To view connected users:
a) Open the vWorkspace Management Console.
b) Expand the Locations node.
c) Expand the location to which the Session Host is located.
d) Expand the Session Hosts node.
e) Expand the Management node.
f) Double-click the Session Host.
g) Select the Users tab.
The following information can be viewed:
Server
The NetBIOS name of the Session Host to which the
user is connected.
Domain
The NetBIOS name of the Windows domain to which
the user’s account belongs.
195
Session
The name of the user’s session as assigned by the
Session host.
User
The user account name used to log on to the
session.
Session ID
The numerical session ID assigned to the user’s
session by the Session Host.
State
The state of the Session Host session. The options
are:
• Active
• Disconnected
• Idle
• Down
2.
Idle Time
The amount of time no activity has occurred
between the client and the Session host.
Logon
Time
The date and time the session was logged on.
To connect to a specific Session Host:
a) Within the Management node, double-click on a Session Host
object.
3.
To connect to all Session Hosts:
a) Double-click on each Session Host object, or right-click on the
Session Hosts node and select Connect All.
4.
To issue a command to a Session Host:
a) Right-click a server session. Administrators can perform the
following actions:
Disconnect
If a session state is active, it can be placed into
a disconnected state. Disconnecting a session
causes the network connection between the
client device and the Session Host to be closed,
releasing memory and CPU threads.
The working state of the session is persisted by
writing to the Session Host’s page file, allowing
the user to reconnect to the session, with no
loss of data.
Send Message
196
An administrator can send a message to the
selected user if the session is active.
Remote
Control
An administrator can connect to the user’s
active session, and depending on the policy
settings, view and interact with the session.
Note: See Database Configuration for more
information on this feature.
Reset
An administrator can reset a session which
disconnects the session in a non-graceful way.
Note: All unsaved data is lost.
Log Off
An administrator can gracefully log a user off
from a Session Host session. The user is
prompted to save any unsaved data.
View Session Hosts Sessions
1.
2.
Expand the Locations node, and then the expand location to which
the Session Host is located.
3.
Expand the Session Hosts node.
4.
Highlight the Management node.
5.
To view a session on a specific Session Host:
a) Double-click on the Session Host object.
b) Click on the Sessions tab in the Session Hosts information pane.
6.
To view sessions for all Session Hosts:
Session Hosts node and then select Connect All.
b) Click on the Session Hosts node.
c) Click on the Sessions tab in the Session Hosts information pane.
Domain
The NetBIOS name of the Windows domain to which
the user’s account belongs.
Session
The name of the user’s session as assigned by the
Session Host.
User
The user account name used to log on to the
session.
Session ID
The numerical session ID assigned to the user’s
session by the Session Host.
197
State
The state of the Session Host session. The options
are:
• Active
• Disconnected
• Idle
• Down
Type
The connection type. The options are:
• Console
• RPD
7.
Client
Name
The NetBIOS name of the vWorkspace client device.
Idle Time
The amount of time no activity has occurred
between the client and the Session Host.
Logon
Time
The date and time the session was logged on.
Comment
Not used.
Select a user session. Administrators can perform the following
actions:
Disconnect
If a session state is active, it can be placed into
a disconnected state. Disconnecting a session
causes the network connection between the
client device and the Session Host to be
closed, releasing memory and CPU threads.
The working state of the session is persisted
by writing to the Session Host’s page file,
allowing the user to reconnect to the session,
with no loss of data.
Send Message
An administrator can send a message to the
selected user if the session is active.
Note: The only administrative action allowed
for the Console session is Send Message.
Remote Control
An administrator can connect to the user’s
active session, and depending on the policy
settings, view and interact with the session.
Note: See Database Configuration for more
198
Reset
An administrator can reset a session which
ends the session in a non-graceful way.
Note: All unsaved data is lost.
The session with Session Name of RDP-TCP
and Session ID 65536 is the Session Host’s
RDP listening port. The only administrative
action allowed is Reset.
Log Off
An administrator can gracefully log a user off
from a Session Host session. The user is
prompted to save any unsaved data.
View Client Information for an Active Session
1.
2.
Expand the Locations node, and then expand the location to which
3.
Highlight the Session Hosts node.
4.
Double-click on the Session Host object.
5.
Expand the Session Host container object, and click on the active
session.
6.
Click on the Information tab in the information pane.
User Name
The name of the user.
Client Name
The NetBIOS name of the CAS Client device.
Client Build
Number
The vWorkspace internal build number of the
vWorkspace client software installed on the
client device.
Client Directory
The complete directory path to which the
vWorkspace client software was installed.
Client Product ID
The vWorkspace internal identification
number of the vWorkspace client software.
Client Hardware
Not used.
Client Address
The IP address of the vWorkspace client
device.
Client Color
Depth
The color depth used in the session.
Client Resolution
The height and width, expressed in pixels,
used in the session.
199
Manage Session Host Processes
1.
2.
3.
Expand the Session Hosts node.
4.
Highlight the Management node.
5.
b) Click on the Processes tab in the Session Hosts information pane.
6.
Management node and then select Connect All.
c) Click on the Processes tab in the Session Hosts information pane.
Domain
The NetBIOS name of the user’s Windows domain
that owns the process.
Processes running in the console session are listed
as Unspecified.
200
Session
The name of the Session Host session in which the
process is running.
User
The name of the user account that owns the
process.
Session ID
The numerical session ID the process is running in,
on the Session Host.
Process ID
The assigned process ID by the Windows operating
system when the process is started.
Process
The file name of the process.
7.
Select a user process. Administrators can perform the following
actions:
End Process
An administrator can end the
process.
Note: Certain system
processes, such as winlogon.exe
and lsass.exe cannot be
terminated, even by an
administrator.
Remote Control
An administrator can connect to
the user’s active session, and
depending on the policy settings,
view and interact with the
session.
Note: See Database
Configuration for more
View Session Host Applications
1.
2.
3.
4.
b) Click on the Applications tab in the Session Hosts information
pane.
5.
a) Double-click on each Session Host object.
c) Click on the Applications tab in the Session Hosts information
pane.
Name
The name of the published
application.
Type
The published application type.
201
Status
The status of the application. The
options are:
• Enabled
• Disabled
App-V Server
The name of the App-V server.
Published On
The name of the Session Host
that it is published on.
Provisioning Session Hosts
The Provisioning node of Session Hosts allows administrators to create
computers groups from which can be created Session Host servers.
Session Host computer groups are created in a similar way that computer groups
are created from Desktops node. Session Hosts that are members of a computer
group can be managed and can be classified as a managed computer. Session
Hosts can also be created in computer groups using the Add Computers wizard.
PNTools & other MSI packages
The option category PNTools & MSI packages appears on the properties menu
of a Session Host computer group and on the properties of a Managed Session
Host, but the option to deploy MSIs to a session host is the only option available.
Installation of PNTools on to a Session Host is not recommended.
The PNTools & MSI packages can be used to deploy MSI packages that have been
defined within the Packaged Applications node of the Management Console.
Session Host Computer Groups
Computer groups created within the Provisioning node of Session Hosts have
properties similar to computer groups created in the desktops node. The table
below details the attributes of a Session Host computer group.
202
PROPERTY
DESCRIPTION
Group Name
Name of the managed desktop
group.
APPLIES TO:
• Microsoft
Hyper-V
• VMware
vCenter Server
• Microsoft
SCVMM
• Parallels
Virtuozzo
• Other/Physical
System Type
this group.
• Microsoft
Hyper-V
• VMware
vCenter Server
• Microsoft
SCVMM
• Parallels
Virtuozzo
• Other/Physical
Datacenter
• VMware
vCenter Server
Administrative
Account
• Microsoft
Hyper-V
• VMware
vCenter Server
• Microsoft
SCVMM
• Parallels
Virtuozzo
• Other/Physical
203
PROPERTY
DESCRIPTION
Provisioning
Settings
parameters are set:
Template
Naming convention
APPLIES TO:
• Microsoft
Hyper-V
• VMware
vCenter Server
• Parallels
Virtuozzo
• Microsoft
SCVMM
Quick and Direct.
Adapter
Load Balancing
options.
• Microsoft
Hyper-V
• Microsoft
SCVMM
Hyper-V host.
Enhanced Audio
• Microsoft
Hyper-V
• VMware
vCenter Server
• Microsoft
SCVMM
• Parallels
Virtuozzo
• Other/Physical
204
PROPERTY
Task Automation
DESCRIPTION
APPLIES TO:
• Microsoft
Hyper-V
information.
• VMware
vCenter Server
• Microsoft
SCVMM
• Parallels
Virtuozzo
• Other/Physical
Permissions
computer group.
• Microsoft
Hyper-V
• VMware
vCenter Server
• Microsoft
SCVMM
• Parallels
Virtuozzo
• Other/Physical
The following System Types are supported for creation of a Session Host
computer group:
•
Microsoft Hyper-V
•
Microsoft SCVMM
•
VMware vCenter
•
Parallels Virtuozzo
•
Other/Physical
For more information on Computer Groups see Computer Groups.
Managed Session Hosts
A Session Host that is a a member of a computer group are considered managed
Session Hosts. The table below details the properties of a available on a
managed Session Host.
205
PROPERTY
DESCRIPTION
System Type
this group.
APPLIES TO:
• Microsoft
Hyper-V
• VMware
vCenter Server
• Microsoft
SCVMM
• Parallels
Virtuozzo
• Other/Physical
Datacenter
• VMware
vCenter Server
Administrative
Account
• Microsoft
Hyper-V
• VMware
vCenter Server
• Microsoft
SCVMM
• Parallels
Virtuozzo
• Other/Physical
Provisioning
Settings
parameters are set:
Template
Naming convention
Quick and Direct.
Adapter
206
• Microsoft
Hyper-V
• VMware
vCenter Server
• Parallels
Virtuozzo
• Microsoft
SCVMM
PROPERTY
DESCRIPTION
Load Balancing
options.
APPLIES TO:
• Microsoft
Hyper-V
• Microsoft
SCVMM
Hyper-V host.
Enhanced Audio
• Microsoft
Hyper-V
• VMware
vCenter Server
• Microsoft
SCVMM
• Parallels
Virtuozzo
• Other/Physical
Task Automation
• Microsoft
Hyper-V
information.
• VMware
vCenter Server
• Microsoft
SCVMM
• Parallels
Virtuozzo
• Other/Physical
Permissions
computer group.
• Microsoft
Hyper-V
• VMware
vCenter Server
• Microsoft
SCVMM
• Parallels
Virtuozzo
• Other/Physical
207
How to ...
Provision a Session Host
Use the following steps to configure a template that is used to create virtual
machine within a Session Host computer group.
1.
Join the server to the domain you are using if you are using instant
provisioning.
2.
Create a Windows Server with the Remote Desktop Services role
enabled.
3.
Install vWorkspace using the advanced installer option, and select
the vWorkspace RD Session Host role.
Select Do nothing at this time during the Management Database
Setup in the Installation wizard. Do not join this vWorkspace
installation to a farm.
4.
Install the Instant Provisioning components to the template.
The Instant Provisioning components are located in the vWorkspace
download in a folder named Template Tools. Make sure you select
the correct version (x86/x64).
When Session Host managed computers are deployed from this
template, they are initialized in a manner similar to how virtual
desktops are initialized. The difference is that the Session Host
initialization process knows this is an RDSH and automatically
provides the RDSH with the correct database information.
208
4
Virtualization Platform
Integration
• Overview
• Microsoft Hyper-V Integration
• Microsoft SCVMM Integration
• vCenter Integration
• Parallels Virtuozzo Containers Integration
• RD Session Host Integration
• RD Connection Broker Integration
• Importing Existing Computers into a Group
Overview
A Virtualization Management Server is a Microsoft Windows-based computer
system used to centrally manage one or more physical servers enabled with
computer virtualization technology and the virtual machines they are hosting.
The following are categories of vWorkspace Management Servers. Management
Servers can be added from the Locations node properties by right-clicking and
selecting Management Servers.
•
•
Network Storage Management Servers
vWorkspace Connection Brokers integrate with virtualization management
servers through APIs provided by the vendors. All the necessary prerequisites to
communicate with a virtualization management server are installed with
vWorkspace. To enable vWorkspace Connection Brokers to communicate with
virtualization servers, the path to the management server and an administrator
account must be known.
See the Installation of vWorkspace chapter for further instructions.
Network Storage Management Servers
Quest vWorkspace integrates with NetApp FlexClone for VMware type virtual
computer groups, making it easy to manage virtual desktops and increase
performance. Through this integration you can:
•
Accelerate deployment and provisioning.
•
Eliminate duplicate data on virtual desktops, user directories, and
backup and disaster recovery copies.
•
Reduce your total cost of ownership.
Management Servers extend management functionality within the farm, as the
vWorkspace Connection Broker passes commands and queries to them to be
processed, thus leveraging the features of third party management servers from
Microsoft and VMware, for example. In Quest vWorkspace, support for the
following virtualization management servers is offered: VMware vCenter Server,
Microsoft System Center Virtual Machine Manager, and Parallels Virtuozzo
Containers (master nodes).
210
Virtualization Platform Integration
Quest vWorkspace also integrates with Microsoft RD Session Host, Microsoft RD
Connection Brokers and Hyper-V. This chapter describes those integrations,
including features and integration processes.
•
Microsoft SCVMM Integration
•
vCenter Integration
•
Parallels Virtuozzo Containers Integration
•
RD Session Host Integration
•
RD Connection Broker Integration
Management Servers Window
Connections to management servers are configured using the Management
Servers window. The Management Server option can be opened from the
vWorkspace Management Console in one of the following ways:
•
Select the Management Server icon from the toolbar.
•
Select Action | Management Server from the toolbar.
•
Right-click on Locations and select Management Server.
•
Right-click on a specific location and select Management Server.
If virtualization servers have not been defined, the Virtualization Server Wizard
is presented so that a management server can be defined. After a management
server has been defined, the Management Server window is opened when the
Management Server option is selected.
The following information is included on the Management Servers window.
211
New
This option opens the Virtualization Server wizard so
that new virtualization server connections can be
added.
Properties
This option allows the vWorkspace administrator to
make changes to the configuration of the selected
virtualization server.
Delete
This option deletes the virtualization server’s record
from the database.
Test Connection
This option allows you to test the connection to the
server.
Refresh
This option updates the display list of virtualization
server connection entries.
Virtualization Servers Options
Name
The alias name of the management server.
URL/Server Name
The Uniform Resource Locator (URL) path or server
name used by the Connection Broker to communicate
with the virtualization server.
212
Type
The type of the management server is displayed in this
column. The types are:
• VMware vCenter Server
• Microsoft SCVMM
• Parallels Virtuozzo
Network Storage Servers Options
Name
The alias name of the network storage server is
displayed in this column.
Type
The type of management server. The type is:
• NetApp
Server
The server IP address is displayed in this column.
Use Default Credentials
This column displays if the Use Default Credentials
check box has been selected on the Credentials
window for the network storage server.
Add Management Servers
How to ...
•
Add Virtualization Server Connections
•
Add Network Storage Servers
Add Virtualization Server Connections
The Virtualization Server wizard is used to add new entries to the virtualization
server connections. Use the following information to complete the Virtualization
Server wizard.
1.
Open the vWorkspace Management Console and do one of the
following:
•
Right-click on the Locations node, and then select Management
Servers.
•
Select the Management Servers icon from the toolbar.
•
Right-click on a defined location, and then select Management
Servers.
If you have not previously added virtualization servers, the
Virtualization Server wizard is presented.
213
If you have previously added virtualization servers, the Virtualization
Servers window appears. To add a new virtualization server, click on
the green plus sign (+), and the Virtualization Server wizard opens.
214
2.
Click Next on the Virtualization Server Wizard Welcome window.
3.
Enter the appropriate information on the Name and System Type
Name
Enter the friendly name that is used when
referring to the virtualization server.
System Type
Select one of the virtualization server types.
4.
Enter the appropriate information on the Server & Credentials
Server URL or
SCVMM Server
Name or IP
address
Enter the URL path to the virtualization
server.
For Microsoft SCVMM, enter the SCVMM
server name or IP address.
For VMware vCenter Server, the URL
must be in the format:
• https://servername or IP
Address/sdk
For Parallels Virtuozzo, the URL must be
in the format:
• https://servername:port
215
User Name
Enter the name of a user account that has
the required access permissions to the
target server specified in the Server URL
field.
For a Windows domain account, use:
DomainName\UserName
Click the ellipsis to the right of this field,
and the Select User window is presented.
Password
Enter the case sensitive password.
The check mark to the right of the field is
used to verify the entered credentials if the
computer is part of the domain.
Test Connection
5.
Click to test the server connection.
Enter the appropriate information on the Other Settings window, and
then click Finish.
The options presented on the Other Settings window are based upon
the supported features of the System Type selected, so some
options may be grayed out.
216
Shutdown Guest OS
Use the list to specify the number of guest
operation system shutdown commands
that can be sent to the virtualization server
from the Connection Broker at one time.
Restart Guest OS
operation system restart commands that
can be sent to the virtualization server
Update PNTools
Use the list to specify the number of
Update PNTools commands that can be
sent to the virtualization server from the
Connection Broker at one time.
Initialize
Initialize Computer commands that can
be sent to the virtualization server from
the Connection Broker at one time.
Power On
Use the list to specify the number of virtual
computer power on commands that can
Power Off
Use the list to specify the number of virtual
computer power off commands that can
Suspend
operation system suspend commands
that can be sent to the virtualization server
Resume
operation system resume commands that
Reset
operation system reset commands that
Delete
delete virtual computer operations that
Clone
Use the list to specify the number of clone
virtual computer operations that can be
sent to the virtualization server from the
Connection Broker at one time.
Note: The Clone option does not apply to
Microsoft Hyper-V.
Connection Timeout
Use the list to specify the amount of time
that the Connection Broker waits for a
response from the virtualization server.
Default option is 30 Seconds.
For medium to large production
environments where the virtualization
server is busy, you may need to set the
Connection Timeout to two or three
minutes.
Note: A Connection Timeout error does
not necessarily mean that the task
requested by the Connection Broker has
failed. It may be that the virtualization
server is too busy to report the successful
completion of the operation in a timely
manner.
217
Add Network Storage Servers
1.
Open the vWorkspace Management Console and do one of the
following:
•
Right-click on the Locations node, and then select Management
Servers.
•
Select the Management Servers icon from the toolbar.
•
Right-click on a defined location, and then select Management
Servers.
If you have previously not added virtualization servers, the
Virtualization Server wizard is presented.
If you have previously added virtualization servers, the Virtualization
Servers window appears. To add a new virtualization server, click on
the green plus sign (+), and the Virtualization Server wizard opens.
218
2.
Click Network Storage Servers, and then click New.
3.
Click Next on the Welcome window of the Network Storage Server
Wizard.
4.
Enter a name for the new network storage server, and then click
Next.
5.
Specify the System Type of the network storage server, and then
enter the IP address for the network storage server.
6.
Click Next on the Server window.
219
7.
Enter the credentials for this network storage server, and then click
Finish.
The Use Default Credentials option can be used if you have specified
credentials on the Default Credentials window.
Virtualization Hosts
After a Virtualization Management server is defined, Virtualization Hosts must be
added to support cloning operations and the creation of computer groups.
Virtualization Hosts are the server platforms in which virtual machines reside.
The following types of hosts can be added:
•
Microsoft Hyper-V hosts
Microsoft Hyper-V hosts are added using the Hyper-V node under
Virtualization hosts. Once Hyper-V hosts are added, the initialization
process is started as well as the installation of the Data Collector and
Hyper-V Catalyst components. If the Hyper-V host is removed from
the console, the Data Collector and Hyper-V Catalyst components are
automatically uninstalled.
220
•
Microsoft SCVMM host groups and clusters
Microsoft SCVMM host groups or clusters must be added to the
SCVMM node to enable the creation of SCVMM type computer groups.
vWorkspace leverages features of SCVMM when hosting virtual
desktops on Hyper-V to enable technologies such as clustering for
Fault Tolerance and Live Migration.
•
VMware datacenters
VMware datacenters are groupings of ESX or ESXi hosts and must be
imported as objects in the vWorkspace database, just as SCVMM Host
groups or Hyper-V hosts, before creating VMware type computer
groups.
•
Parallels Virtuozzo independent and slave nodes
Parallels Virtuozzo independent or slave nodes must be added to the
Parallels node of the Management Console to enable the creation of
Parallels type computer groups.
vWorkspace utilizes Virtualization Management Servers when communicating
with virtual machines managed by SCVMM, VMware vCenter or a Parallels
Virtuozzo master node. To add a Virtualization Host for any of these platforms a
Virtualization Management server must first be added to the vWorkspace farm.
This can be done from the context menu of the Locations node, or by selecting
Edit Virtualization Servers when adding a Virtualization Host.
For Hyper-V hosts and Parallels Virtuozzo Independent Nodes, vWorkspace
communicates directly with the Virtualization Host. Therefore, no additional
management servers need to be defined when using these types of hosts.
How to...
Define SCVMM/VMware/Virtuozzo Slave Nodes System Types
1.
Expand the Locations node in the vWorkspace Management
Console.
2.
Expand the location to which you want to add the virtualization host.
3.
Expand the Virtualization Hosts node, and right-click on one of the
following:
SCVMM — Add host groups or clusters
VMware — Add datacenters
Parallels — Add a Virtuozzo slave nodes
4.
221
5.
Enter a descriptive name for the host, and then click Next. The
system type is selected.
6.
Do one of the following on the specified window:
SCVMM Server window — If an SCVMM server has already been
added as a Virtualization Management Server, select the appropriate
SCVMM server, and then click Next. Click Edit Virtualization Servers
if an SCVMM Virtualization Management Server needs to be added.
VMware vCenter Server window — If a VMware vCenter server has
already been added as a Virtualization Management Server, select the
appropriate vCenter server, and then click Next. Click Edit
Virtualization Servers if a VMware Virtualization Management Server
needs to be added.
Parallels Master Node window — If a Parallels Master Node has
already been added as a Virtualization Management Server, select the
appropriate Master node, and then click Next. Click Edit Virtualization
Servers if a Virtuozzo Master Node Virtualization Management Server
needs to be added.
7.
Do one of the following based on the system type selected:
SCVMM — Expand the SCVMM server and select a host group or
cluster from the list. Click Finish.
VMware — Select a datacenter from the list, and then click Finish.
Parallels — Select a slave node from the list, and then click Finish.
Define Hyper-V Hosts
1.
222
Console.
2.
3.
Expand the Virtualization Hosts node, and right-click on
Hyper-V — Add host.
4.
5.
On the Root Node Credentials window, specify the credentials for the
Hyper-V root node, and then click Next.
6.
On the Hyper-V Host window, enter a name for the Hyper-V host that
properly resolves to an IP address. Click the ellipse to browse for a
host.
7.
Complete the following information on the Credentials window, as
appropriate.
a) Click Next to use default credentials.
– OR –
b) Select Override parent credentials to use separate credentials.
Click Next after adding the user name and password for the new
credentials.
8.
On the Connection Load Balancing window, do one of the following:
a) Click Next to accept the values inherited from the Hyper-V node
(parent node).
– OR –
a) Select Override parent settings, and then select one of the
following options:
• Use the default load balancing rule.
Click View to see the default load balancing rule.
• Specify a custom load balancing rule
Three load balancing rules are included with the vWorkspace
installation. For more information on the rules or how to create them
see Load Balancing.
b) Click Next.
9.
Do one of the following on the Provisioning Load Balancing window.
a) Click Next to accept the values inherited from the Hyper-V node
(parent node).
– OR –
a) Select Override parent settings, and then select one of the
following options:
• Use the default load balancing rule.
Click View to see the default load balancing rule.
• Specify a custom load balancing rule
Three load balancing rules are included with the vWorkspace
installation. For more information on the rules or how to create them
see Load Balancing.
223
10. Complete the settings on the Other Settings window, as appropriate,
Too many operations at once will cause the Virtualization host to
perform poorly. The default value for all concurrent operations is five
(5). For Hyper-V hosts the settings can be inherited from the parent
Hyper-V node.
•
•
•
•
•
•
•
•
•
•
•
•
Shutdown Guest OS
Restart Guest OS
Update PNTools
Initialize
Power On
Power Off
Suspend
Resume
Reset
Delete
Clone
Connection Timeout
Define Parallels Independent Hosts
1.
Console.
2.
3.
Expand the Virtualization Hosts node, and right-click on
Parallels — Add independent Virtuozzo node.
4.
5.
On the Parallels Name and System Type window, enter a descriptive
name for the host, and then click Next. The system type is selected.
6.
On the Parallels Server & Credentials window enter the name and the
IP Address of the Virtuozzo independent node, and then enter a
Virtuozzo administrative user account name and password. Click
Next.
7.
Complete the settings on the Other Settings window, as appropriate,
Too many operations at once will cause the Virtualization host to
perform poorly. The default value for all concurrent operations is five
(5).
•
•
•
•
224
Shutdown Guest OS
Restart Guest OS
Update PNTools
Initialize
•
•
•
•
•
•
•
•
Power On
Power Off
Suspend
Resume
Reset
Delete
Clone
Connection Timeout
Microsoft Hyper-V Integration
Quest vWorkspace communicates directly with Microsoft Hyper-V hypervisors to
manage, provision, and optimize virtual machines hosted on Hyper-V. To do
this, Quest has developed direct integration with the Hyper-V platform, as well
as a set of unique tools called Hyper-V Catalyst.
The Connection Broker communicates directly with Hyper-V hypervisors for
provisioning, brokering, load balancing, and other management tasks. The
integration with Hyper-V, along with Hyper-V Catalyst and other management
options, provide support for Desktop Clouds. Below is a list of Hyper-V
integrations.
•
vWorkspace Data Collector
•
Hyper-V Catalyst
•
Provision-time Load Balancing
•
Connection-time Load Balancing
vWorkspace Data Collector
The vWorkspace Data Collector communicates the following information to the
Connection Broker.
•
Heartbeat
•
Performance metrics
The Data Collector is pushed from the vWorkspace console to Hyper-V hosts
once they have been added to the Virtualization Hosts node. This process is
called initialization, which also installs the Hyper-V Catalyst components.
225
Hyper-V Catalyst
Hyper-V Catalyst is a set of tools that increases the scalability and performance
of virtual machines on Hyper-V Hosts.
HyperCache — Provides read IOPS savings and improves virtual desktop
performance through selective RAM caching of parent VHDs. This is achieved
through the following:
•
Read requests to the parent VHD are directed to the parent VHD
cache.
•
Requested data that is not in cache is obtained from disk and then
copied into the parent VHD cache.
•
Child VMs requesting the same data find it in the parent VHD cache,
which provides a faster virtual desktop experience.
•
Requests are processed until the parent VHD cache is full. The default
size is 800 MB, but can be changed through the Hyper-V virtualization
host property.
The HyperCache Report details HyperCache statistics, such as data cached and
read requests cached. The HyperCache report is available by doing the following:
1.
From the vWorkspace Management Console, expand Locations and
then the Location of the Hyper-V group.
2.
Expand Virtualization Hosts.
3.
Expand Hyper-V Hosts, if appropriate.
4.
Select the Hyper-V group, and then click on the Parent VHDs tab in
the lower right-side pane.
5.
Click HyperCache Report.
HyperDeploy — Manages parent VHD deployment to relevant Hyper-V hosts
and enables instant cloning of Hyper-V virtual machines. HyperDeploy uses the
following techniques to minimize time to deploy of a virtual machine.
•
Smart copying that only copies to the Hyper-V hosts the parent VHD
data that is needed.
•
Instant provisioning allows the child VHDs to be cloned while the
parent VHD is still being copied to the Hyper-V host.
HyperDeploy is a core component and requires no configuration.
226
Provision-time Load Balancing
Provision-time load balancing distributes virtual machines across Hyper-V
hypervisors during cloning operations. See Load Balancing for more information.
Connection-time Load Balancing
Connection-time load balancing distributes user connection requests to a
managed computer on the least busy Hyper-V hypervisor. See Load Balancing
for more information.
Hyper-V Host Context Menu
The following options are available from the context menu (right-click) of a
Hyper-V host in the vWorkspace Management Console by doing the following:
1.
From the vWorkspace Management Console, expand Locations.
2.
Select and expand the location node where the Hyper-V host resides.
3.
Expand the Virtualization Hosts node.
4.
Expand the Hyper-V node, and then right-click on the appropriate
Hyper-V host. The following options are presented:
•
Disable provisioning — Disables provisioning of virtual machines
to this host. Is also referred to as removing the host from the cloud.
•
Remove — Removes the host from the console that causes the Data
Collector and Hyper-V Catalyst components to uninstall.
•
Properties — Controls settings for the Hyper-V host.
•
Initialize — Checks and, if needed, updates the Data Collector and
Hyper-V Catalyst components on the Hyper-V Host.
Hyper-V Host Properties
This section describes the Volumes and Parent VHD Settings of a Hyper-V Host.
For information on the Credentials, Connection Load Balancing, Provisioning
Load Balancing, and Other Settings refer to the Virtualization Hosts section.
227
The properties of a Hyper-V host are displayed when Properties is selected from
the context menu of a Hyper-V host. The properties of a Hyper-V host are listed
in the following table.
HYPER-V HOST PROPERTY
DESCRIPTION
Click Volumes
The Volumes dialogue displays the local volumes of
the Hyper-V host and allows for the specification of
placement volumes. There are two types of
volumes:
• Template - used to store parent VHDs and
there can be only one template volume per
host.
• Placement - used to store virtual machines.
Multiple volumes can be selected and virtual
machines are distributed across them based
on the available space of the volume.
Volume List
This property displays volumes, volume type
assignment Priority, Free space and Capacity.
Selecting the Priority field displays a drop-down
arrow, used to change the priority to one of the
following:
• Normal
• Medium
• High
• Maximum
Click Parent VHD
Parent VHD settings control caching of Parent
VHDs. The global default setting is set from the
Hyper-V Settings dialogue of the Locations
properties.
• To prevent caching on newly created parent
VHDs, click Disable caching for new parent
VHDs.
• To disable caching on an individual basis, click
the Caching field for a Parent VHD and select
disabled from the drop-down box.
• To set the cache size for each parent VHD,
click the Cache Size (MB) field for a parent
VHD, then click the ellipse and set the new
size.
228
Desktop Cloud Maintenance
The Desktop Cloud Maintenance settings are used to maintain your desktop
clouds. When using the setting Maintenance mode on, you can maintain
templates, clear out VMs, and delete the cloud.
The Desktop Cloud Maintenance window can be opened by doing one of the
following:
•
Right-click on the desktop cloud group, and then select Cloud
maintenance.
•
Highlight the desktop cloud group, and use the Actions menu’s
Cloud maintenance setting.
•
Highlight the desktop cloud group, and select Cloud maintenance
from the right-side pane.
When maintenance mode is turned on, auto-size is disabled and new
connections are not accepted. The option Drain the desktop cloud(s) can be
used to delete all of the computers in the specified cloud that are not in use and
are not persistently assigned.
Once you have completed cloud maintenance, you need to turn maintenance
mode off by selecting Maintenance mode off from the Desktop Cloud
Maintenance window.
229
Add Computers
Add Computers to a Hyper-v Computer group
1.
Start the Add Computers tool by doing one of the following:
a) Select the Create new desktops from a master template on
the Finish window of the Computer Group wizard.
– OR –
b) Select the computer group from the vWorkspace Management
•
Right-click on the managed computer group and select Add
Computers.
•
Select the Add Computers icon from the navigation pane
toolbar.
•
Select Add Computers from the Actions menu on the
navigation pane.
•
information pane of the datacenter.
2.
Click Next on the Welcome window of the Add Computers Wizard.
3.
Type a number into the Enter the number of computers to create
field on the Number of Computers to Create window, and then click
Next.
4.
On the Add Computers Template window, select the template that
will be used to create virtual machine clones. and click Next.
a) Click Import to import new templates from the Hyper-V
host(s).(this will launch the Import Templates wizard)
b) Click Update to check for newer versions of the existing
templates.
c) Click Remove to remove the highlighted template from the list.
5.
On the Host Options window, select one of the two options below and
click Next:
a) All Hosts - New virtual machines created in the computer group
will be distributed across all Hyper-V virtualization hosts defined
for the location.
b) Selected Hosts - New virtual machines created in the computer
group will be distributed across selected hosts only.
230
6.
On the Hosts window, select the Hyper-V hosts where virtual
machines will be distributed and click Next.
If All Hosts is selected in the previous window, the option to select a
host will be grayed out.
a) Click Distribution to set the distribution logic for the clone
operation.
b) Click Add Hosts to launch the Hyper-v host Wizard.
7.
Select the method for assigning a computer name to the new
desktop computers in Source on the Naming Conventions window.
If Specify the base name is selected, do the following:
a) Type the text string in the Base Name field.
b) Select a value from the Start numeric value at and increment
by fields.
c) Select Re-use the names of deleted desktops, if appropriate.
If Specify a text file containing names is selected, do the
following:
a) Type the path and file name of the text file containing the list of
computer names in the Names File field.
b) Enter a text string that is prepended to the beginning of computer
names in the Prefix field, if appropriate.
c) Enter a text string that is appended to the end of computer names
in the Suffix field, if appropriate.
8.
Click Next.
9.
On the Customize Operating System window, do one of the following,
a) To use the operating system customization tools, select Specify
operating system customizations. The computers in this group
will be powered on after they are created.
b) To create a new customization, select a customization from the
list, or click New. See Operating System Customizations for more
information.
c) To not use Microsoft System Preparation tools, select Do not
specify operating system customizations. The desktops in
this group will not be powered on after they are created.
10. On the Configure Computers window, click the Video Adapter tab,
and do one of the following:
a) To use the template, select Use template settings.
b) To use the standard adapter, select Standard video adapter.
231
c) To use the Microsoft RemoteFX 3D video adapter, select Microsoft
RemoteFX 3D video adapter. Select a value for maximum
number of monitors from the Maximum number of monitors
field and select a value for Maximum monitor resolution from the
Maximum monitor resolution field.
11. On the Configure Computers window, click the Memory tab, and do
b) To use static memory, select Static memory. Select a value for
virtual machine memory from the Virtual machine memory
field.
c) To use Dynamic memory, select Dynamic memory. Select a
value for startup memory from the Startup memory field, select
a value for maximum memory from the Maximum memory field,
and select a value for memory buffer percentage from the
Memory buffer (%) field.
12. On the Configure Computers window, click the Network Adaptor
tab, do one of the following, and then click Next:
a) To use the template settings for the virtual network name, select
Use template settings. To specify a network name select
Specify network name, and type the appropriate name in the
Network Name input field.
b) To use the VLAN ID from the settings of the template, select Use
Template settings under Virtual LAN Identification. Select
Disable VLAN ID to disable the use of VLANS for the cloned
virtual machines in this operation.
To enable a custom VLAN ID, select Enable VLAN ID and type the
appropriate VLAN ID number in the VLAN ID input field
(supported values 1- 4094).
13. Select either Now or At a specific time (and enter a date and time)
on the Options window, and then click Next.
14. Review and confirm the information on the Finish window, and do
desktops.
Red text is displayed to remind administrators not to create more
virtual computers than their infrastructure is designed to support.
232
Microsoft SCVMM Integration
vWorkspace is integrated with Microsoft System Center Virtual Machine
Manager (SCVMM) to provide management functionality to Hyper-V virtual
computers. The following Microsoft SCVMM integrated features are available in
vWorkspace:
•
Import Host Groups from SCVMM.
•
•
Use SCVMM Intelligent Placement to automate desktop and server
provisioning using templates.
•
Customize guest Microsoft Windows operating system.
•
Distribute managed desktops across multiple storage locations.
•
Import existing computers from SCVMM to an existing computer
group.
•
Managed computers that are members of SCVMM enabled Host
Groups are considered to be power managed computers. This means
that the power state can be changed, either automatically by the
Connection Broker or manually by an administrator, using the
Connect to Microsoft SCVMM
The vWorkspace Connection Broker needs to communicate with Microsoft
SCVMM before computers running as virtual computers can be managed using
vWorkspace. The following conditions must be met before this communication
occurs.
•
Microsoft SCVMM Integration component needs to be installed on the
Quest vWorkspace Connection Brokers.
•
Communication parameters for each Microsoft SCVMM server must be
added to the vWorkspace database. See Add Virtualization Server
Connections for instructions.
In order to configure a Microsoft SCVMM server, the administrator must have
VMM Administrator credentials.
•
Quest vWorkspace Broker Helper Service needs to be installed on the
Microsoft SCVMM server.
233
Microsoft Differencing Disks
The Add Computers wizard can be used to create, add, and manage Microsoft
differencing disks computers through the vWorkspace Management Console.
Microsoft differencing disks are virtual hard disks that can be used to isolate
changes to a virtual hard disk or guest operating systems by storing them in a
separate file. The virtual hard disk is referred to as the parent disk, and the
differencing disk is the child disk.
You are also able to reprovision the clone, which enables administrators to
change a virtual computer to a clone of a new snapshot after the parent has been
updated or patched.
Reprovision Computers
The vWorkspace Management Console Reprovision Computers option allows
for SCVMM clones to be reprovisioned based upon administrator settings. The
Reprovision Computers option is available from one of the following ways:
•
Right-clicking on the SCVMM desktop group.
•
Selecting computers from the information pane, and then selecting
Reprovision Computers from the Action menu options.
•
Selecting computers from the information pane, and then selecting
Reprovision Computers from the context menu options of the
selected computer.
•
Selecting the SCVMM desktop group, selecting Properties from the
context menu options, selecting Task Automation from the
Computer Group Properties window, then selecting the New button
on the Task Automation window. In the Automated Task Wizard,
name the new task, then select Reprovision from the Task list. Set
the task parameters in the Task Parameters window, then set the
schedule and finish. Apply the task in the Automated Task Wizard. For
more information, see Schedule Tasks using the Automated Task
Wizard.
Once the Reprovision Computers option is selected, the Reprovision
Computer window opens. The options on this window allow you to set the action
to be performed by clone type. You can also select for reprovisioning to occur
once users have logged off.
234
The Clone Types, which represent the type of clones for virtual computers of
the selected desktop group, are:
•
Standard Clones
•
Differencing Disks Clones
The Reprovisioning Using options are:
•
Existing Parent VHD — This option reprovisions the computer using
the stated virtual hard disk.
•
New Parent VHD — This option reprovisions the computer using a
different virtual hard disk than the one used to create the clone.
•
Do Not Reprovision — This option does not reprovision the computer.
Add Computers
For SCVMM type computer groups, there are two different clone methods that
can be used:
•
Standard — Using this method, each virtual computer becomes a
complete, independent copy of the original template.
235
•
Rapid Provisioning — This method uses differencing disks to create
virtual computers with minimal overhead and reduced storage space.
How to ...
•
Add Computers using Standard Clone Method
•
Add Computers using Rapid Provisioning Clone Method
Add Computers using Standard Clone Method
1.
– OR –
236
•
Computers.
•
toolbar.
•
navigation pane.
•
2.
3.
Next.
4.
Select Standard as the clone method that is to be used when adding
computers to this group on the Clone Method window, and then click
Next.
237
5.
Select a Microsoft SCVMM server and the host group or cluster, as
appropriate, on the Host Groups & Clusters window. Click Next.
6.
Select a template from the list on the Template window, and then
click Next. If there are no templates listed, or to update the list, click
Import.
7.
by fields.
following:
238
8.
Click Next.
9.
b) Select a customization from the list, or click New to create a new
customization. See Operating System Customizations for more
information.
c) To use the Microsoft RemoteFX 3D video adapter, select
Microsoft RemoteFX 3D video adapter. Select a value for
maximum number of monitors from the Maximum number of
monitors field and select a value for Maximum monitor resolution
from the Maximum monitor resolution field.
field.
12. On the Configure Computers window, click the Memory Priority
tab, perform one of the following, and then click Next:
b) To allocate dynamic memory resources, select one of the High,
Medium, Low, or Custom buttons. If Custom is selected, select a
value for memory priority in the Custom field.
13. Select either Start Immediately or Schedule for (and enter a date
and time) on the Options window, and then click Next.
239
desktops.
Add Computers using Rapid Provisioning Clone Method
1.
– OR –
240
•
Computers.
•
toolbar.
•
navigation pane.
•
2.
3.
Next.
4.
Select Rapid Provisioning on the Clone Method window as the
clone method that is to be used when adding computers to this
group. Click Next.
5.
On the Add Computers Parent Virtual Hard Disk window, click New to
create a new parent virtual hard disk.
6.
The Parent Virtual Hard Disk Wizard displays. Click Next on the
Welcome window.
a) Select the SCVMM server where the template that is to be used to
create the parent virtual hard disk resides. Click Next.
b) Select the template that is to be used for the parent virtual hard
disk. You may need to click Import.
c) Click Next.
d) Select the host group or cluster that is to be used for the parent
virtual hard disk, and then click Next.
e) Select the volume on to which the parent virtual hard disk file is
to be stored. Click Next.
f) Enter a description for the parent virtual hard disk. This is an
optional step.
g) Click Finish. You are returned to the Add Computers wizard.
7.
Select the volume or volumes on to which the computers should be
created. You may need to click Import to refresh the list. Click
Next.
241
8.
by fields.
following:
9.
Click Next.
10. On the Customize Operating System window, do one of the following,
b) To create a new customization, click New, or select a
customization from the list. See Operating System Customizations
c) To use the Microsoft RemoteFX 3D video adapter, select Microsoft
RemoteFX 3D video adapter. Select a value for maximum
number of monitors from the Maximum number of monitors
field and select a value for Maximum monitor resolution from the
Maximum monitor resolution field.
242
field.
13. On the Configure Computers window, click the Memory Priority
tab, do one of the following, and then click Next:
b) To allocate dynamic memory resources, select one of the High,
Medium, Low, or Custom buttons. If Custom is selected, select a
value for memory priority in the Custom field.
desktops.
Video Adapter and Static/Dynamic Memory
Microsoft SCVMM virtual computers can be reconfigured for Microsoft RemoteFX
or regular RDP (via video adapter) and static or dynamic memory settings from
the vWorkspace Management Console.
To reconfigure the video adapter and static/dynamic memory for an individual
computer, do one of the following:
•
Set the options on the Configuration window of the Computer
Properties wizard. This window can be opened by selecting
Properties for a computer, or when creating a new computer.
243
•
Highlight the computer group in the navigation pane, and then click
on the Summary tab in the information pane.
Select Actions | Reconfigure.
•
on the Computers tab in the information pane. Right-click on the
computer and select Reconfigure from the context menu.
•
Set the Logoff Action properties of the Computer Properties wizard
for the computer, as appropriate. The Logoff Action property, if
enabled, resets the computer when a user logs off. See Managed
Computers for more information.
To reconfigure the video adapter and static/dynamic memory for a computer
group, do one of the following:
•
Right-click on the computer group in the navigation pane, and then
select Reconfigure Computers.
•
Highlight Desktops, and then select the Groups tab.
Select Actions | Reconfigure Computers.
•
Highlight the computer group in the navigation pane and click on the
Summary tab in the information pane.
•
244
Set the Logoff Action properties for the computer group, as
appropriate. The Logoff Action property, if enabled, resets the
computers in the group when users log off. See Computer Groups for
more information.
How to...
Reconfigure Microsoft SCVMM Computers
1.
Navigate to the Reconfigure Computers window.
2.
On the Video Adapter tab, do the following:
a) Enable the Reconfigure Video Adapter checkbox.
b) Select either the Standard Video adapter or the Microsoft
Remote FX 3D video adapter option.
If you selected Microsoft Remote FX 3D video adapter, you must also
set a Maximum number of monitors and a Maximum monitor
resolution.
245
3.
On the Memory tab of the Reconfigure Computers window, do the
following:
a) Enable Reconfigure memory checkbox.
b) Select one of the following:
Static memory — If you selected this option, set a value for the
Virtual machine inventory.
Dynamic memory — If you selected this option, set values for
Startup memory, Maximum memory, and Memory buffer (%).
4.
On the Memory Priority tab of the Reconfigure Computers window,
do the following:
a) Select the Reconfigure memory priority checkbox.
b) Select either High, Medium, Low, or Custom values to further
define memory priority.
c) Enable the Wait for users to log off before reconfiguring the
computer checkbox and
246
5.
Click OK to save your selections.
Hyper-V Broker Helper Service
To enable this support, the Hyper-V Broker Helper Service must be installed
on each Hyper-V server. The Connection Broker delegates to the Broker Helper
Service the responsibility of executing various administrative tasks on the
Hyper-V server where it is running. Such tasks include the enumeration and
power management of virtual computers.
In order for the Connection Broker to communicate with the Broker Helper
Service, the Microsoft .NET Framework must be installed on both computers.
Refer to the vWorkspace System Requirements Guide for information on the
version required for Microsoft .NET Framework.
vCenter Integration
The following VMware integrated features are available in vWorkspace:
•
Import Datacenters.
•
•
Automated desktop and server provisioning using VMware vCenter
templates.
•
Guest Windows OS customization.
247
•
Distribute managed computers and servers across multiple resource
pools and datastores.
•
Configure memory and disk persistence.
Rapid Provisioning
The Rapid Provisioning option, in the Add Computers wizard of a computer
group, can be used to clone a VMware virtual computer quickly while reducing
storage space. This can be achieved by using the NetApp FlexClone technology
on a storage server or through VMware Linked Clones. This option is available
on the Add Computers wizard, Clone Method window.
Before importing templates when using the NetApp FlexClone Rapid
Provisioning option, the templates must be on the NetApp storage server
and the template’s virtual disks need to be in the same directory.
NetApp FlexClone
To enable vWorkspace Connection Brokers to work with network storage
servers, your NetApp servers must be added using the Network Storage Servers
wizard in the vWorkspace Management Console.
248
Requirements
The following are requirements for the integration of vWorkspace and NetApp
storage for VMware type virtual computers.
•
vWorkspace version that is currently fully supported.
•
NetApp Storage Controller needs to be the virtual computer’s
datastore.
•
NetApp Storage Controller version needs to be Data ONTAP version
7.3.1 or later.
•
NetApp NFS and FlexClone licenses need to be enabled for the
controller.
•
Virtual computer templates, when using the Rapid Provisioning
option, must be on the NetApp storage server and the template’s
virtual disks need to be in the same directory.
•
Refer to NetApp documentation for specific information about their
requirements.
Implementation
After you have met all of the requirements, complete the following list of
implementation procedures.
•
VMware vCenter network and the NetApp network needs to be setup.
Review the documentation from NetApp for this integration
information.
•
VMkernel ports need to be added on ESX servers.
•
Create a large flex volume on NetApp for NFS share.
•
Create a NFS export on the NetApp storage server, and then the ESX
VMkernel ports IP addresses need to be added to the NFS root access
IP addresses.
•
Add the NFS datastore of the NetApp NFS export to the VMware
vCenter and it needs to be defined with an IP address, not a FQDN
host name.
•
Write a file or folder to the datastore of the vCenter to verify the write
permission.
If it fails, verify the VMkernel IP addresses and NFS root IP addresses
are correct.
249
•
Create or clone a virtual computer as a golden image on the NFS
datastore through the vCenter.
•
Convert the virtual computer to a VM template.
•
Complete the vWorkspace import procedure as outlined in Add
Network Storage Servers.
VMware Linked Clones
VMware Linked Clones are copies of virtual computers that share virtual disks
with a parent virtual computer. Linked Clones are created from a snapshot of the
parent computer. However, changes made to the parent computer or the linked
clone computer do not affect each other; the linked clone is a clone of the parent
computer at the time that it is created.
Linked clones need to be able to access their parent computer, and are disabled
if they cannot access their parent computer.
You are also able to reprovision the linked clone. Administrators can redeploy a
user’s virtual computer from a new linked clone snapshot after the parent VM
has been updated or patched.
A parent VM might need to be unlocked, for example, when a parent VM is
removed from the vWorkspace Management Console for editing. You can unlock
the template by right-clicking it and selecting Unlock VM.
250
You can complete the unlock process two different ways: by using the Add
Computers wizard or through the computer Reprovision settings.
•
Add Computer wizard — Right-click on the desktop group for the
computer, and then select Add Computers. Click Next on the
Welcome window, and then select Parent Virtual Machine.
Right-click on the parent virtual machine and select Unlock VM.
251
•
Reprovision settings — Select the computer from the vWorkspace
Management Console. Right-click and select the Reprovision option.
On the Reprovision Computers window, select New Snapshot for the
VMware Linked Clones option, and then click the ellipsis. Right-click
on the parent virtual machine and select Unlock VM.
VMware Linked Clone Setup
VMware linked clone desktops can be deployed to any datastore. Performance of
provisioned linked clones might be increased when using a different datastore
than the datastore where the parent virtual computer is hosted. It is important
to note that the datastores are not validated from the vCenter servers, therefore
administrators must be sure that each host has access to that shared datastore.
See Add Computers using the VMware Linked Clone Method for more information
on using the Add Computers wizard to create VMware Linked Clones.
252
VMware vNetwork Distributed Switch
In VMware environments, linked clones can be configured to use vNetwork
Distributed Switches (vDS). VMware Linked Clones and NetApp FlexClones
configured to use vDS are supported in a vWorkspace environment.
When configuring VMware vCenter, before starting linked clones (both VMware
Linked Clones and NetApp FlexClones) that will connect to vDS, you need to note
the following:
•
The vDS port group needs to be configured as Ephemeral- no binding,
per the VMware Knowledge Base article, 1021193, before any VMs are
connected to it.
•
The parent VM needs to be configured to connect to a vDS port group.
Refer to VMware product documentation for more information on vNetwork
Distributed Switches (vDS).
Reprovision Computers
The vWorkspace Management Console, Reprovision Computers option, allows
for VMware clones to be reprovisioned based on administrator settings.
To reprovision VMware clones, do one of the following:
•
Right-click on the VMware desktop group and select Reprovision.
•
Select computers from the information pane, and then select
Reprovision Computers from the Actions menu options.
•
Select computers from the information pane, and then select
Reprovision from the context menu of the selected computers.
253
Once the Reprovision Computers option is selected, the Reprovision
Computers window opens. The options of this window allow you to set the action
that is to be performed by clone type. You can also select for reprovisioning to
be completed once users have logged off.
254
The Clone Types, which represent the types of VMware virtual computers for
the selected desktop group, are:
•
Standard Clones
•
NetApp FlexClones
•
VMware Linked Clones
•
Unknown Clone Type
The Reprovisioning Using options are:
•
Existing Template — This option reprovisions the computer using the
stated template or snapshot.
•
New Template — This option reprovisions the computer using a
different template or snapshot than the one used to create the clone.
•
Do Not Reprovision — This option does not reprovision the computer.
The ellipsis button is used to browse for the appropriate template or snapshot
for the specified clone.
If you are using the reprovision functionality, it is recommended that you
install PNTools onto your VMware templates that are being used for
reprovisioning.
255
Disk Persistence and Memory
VMware virtual computers can be configured for disk persistence and memory
from the vWorkspace Management Console. Disk persistence and memory is
configurable for individual computers, as well as computer groups. There are
three virtual disk modes available:
•
Persistent
•
Independent and Persistent
•
Independent and Nonpersistent
To configure disk persistence and memory for an individual computer, do one of
the following:
•
Set the options on the Configuration window of the Computer
Properties wizard. This window can be opened by selecting
Properties for a computer, or when creating a new computer.
•
on the Summary tab in the information pane.
Select Actions | Reconfigure.
256
•
on the Computers tab in the information pane. Right-click on the
computer and select Reconfigure from the context menu.
•
Set the Logoff Action properties of the Computer Properties wizard
for the computer, as appropriate. The Logoff Action property, if
enabled, resets the computer when a user logs off. See Managed
Computers for more information.
To configure disk persistence and memory for a computer group, do one of the
following:
•
Right-click on the computer group in the navigation pane, and then
select Reconfigure Computers.
•
Highlight Desktops, and then select the Groups tab.
•
Highlight the computer group in the navigation pane and click on the
Summary tab in the information pane.
•
Set the Logoff Action properties for the computer group, as
appropriate. The Logoff Action property, if enabled, resets the
computers in the group when users log off. See Computer Groups for
more information.
Upgrading and Changing Nonpersistent
Disks
If you have set your VM disks to be nonpersistent disks, use the following
process if you need to upgrade or make any other changes to them.
1.
Open the Configuration section in the properties of a virtual machine.
2.
From the Virtual Disk tab, highlight the intended virtual disk and
click Reconfigure.
257
3.
Change the disk configuration for the virtual computer to
Independent and Persistent.
If the Independent check box is not selected, any changes you make
are lost after the next logoff or reset of the virtual computer.
4.
Apply the upgrade or make any other necessary changes.
5.
Change the disk configuration for the virtual computer back to
Independent and Nonpersistent.
Computer Groups
Computer groups are containers of desktops that can be managed together. The
following computer groups properties are associated with VMware vCenter
Server.
VMware customizations, available from the Managed Computer Group wizard,
enable administrators to specify items such as where new computers are stored
and how they are named. The following customization settings can be specified
for each managed computer group that belongs to a VMware type data center.
VMWARE CUSTOMIZATION
SETTING
DESCRIPTION
Template
Indicates the name of the virtual computer
template in the vCenter inventory that is used
when adding new managed computers to the
group.
Folder
Indicates the name of the folder in the vCenter
inventory where newly created managed desktop
computers are located.
258
VMWARE CUSTOMIZATION
SETTING
Datastore Distribution
Method
DESCRIPTION
Specifies how newly created managed virtual
computers are distributed among the available
datastores in vCenter. The options are:
• Equal — The desktops are distributed equally
across the selected datastores.
• Free Space — The desktops are distributed
across the selected datastores proportion to
the available free space on the datastores.
• Weighted — The desktops are distributed
across the selected datastores based on the
percentages specified.
• Manual — The desktops to be created are
specified for each datastore.
Resource Pools/Datastore(s)
Indicates the names of the Resource Pools and
Datastores and the allocation percentages of the
vCenter inventory selected for storage of newly
created managed computers within this group.
Naming Conventions
Base Name — Indicates the base name that is
used when constructing the Windows computer
name that is assigned to the newly created
managed desktop computers added to the group.
Base Name Start Value — Indicates the starting
numeric value that is added to the base name
when constructing the Windows computer name
that is assigned to the newly created managed
desktop computers added to the group.
Base Name Increment — Indicates the numeric
value by which subsequent Windows computer
names are incremented when new managed
desktop computers are added to the group.
Re-use Names — Indicates whether previously
generated Windows computer names can be
reused if the managed desktop computer has been
deleted.
Configure Memory
Specifies the memory configuration used with this
computer group.
Configure Disk
Specifies how the disk is configured for this
computer group.
259
Add Computers
For VMware type computer groups, there are three different clone methods that
can be used:
•
Standard — Using this method, each virtual computer becomes a
complete, independent copy of the original template.
•
Rapid Provisioning NetApp FlexClone — Using this method, you
can clone a VMware virtual computer quickly, and can assist in saving
storage space by using the NetApp FlexClone technology on a storage
server.
•
Rapid Provisioning VMware Linked Clone — Using this method,
you can create a clone from a snapshot of a parent VM. Changes to
the disks of either the linked clone or the parent do not affect each
other.
How to ...
260
•
Add Computers using the Standard Clone Method
•
Add Computer using the NetApp FlexClone Method
•
Add Computers using the VMware Linked Clone Method
Add Computers using the Standard Clone Method
1.
– OR –
•
Computers.
•
toolbar.
•
navigation pane.
•
2.
3.
Next.
4.
On the Clone method window, select Standard as the clone method,
5.
Select a template from the list on the Template window, and click
Next. If there are no templates listed or to update the list, click
Import.
6.
Select a folder in which the new computers are placed on the Folder
window, and click Next. If the list is empty or to update the list, click
Import.
7.
Select one or more resource pools and datastores on the Resource
Pools/Datastores window. This is where the virtual computer disk
files are to be stored. If the list is empty or to update the list, click
Import.
a) To change the distribution method, click the Distribution button
on the toolbar above the list of datastores. Complete the
information on the Datastore Distribution Method window as
appropriate.
b) Click Next.
261
8.
by fields.
following:
9.
Click Next.
a) To use Microsoft System Preparation tools, select Specify
customization. See Create Operating System Customizations
Windows XP/2003 or Create Operating System Customizations
Vista/Win7/Server2008 for more information.
specify operating system customizations. The desktops in this
group will not be powered on after they are created.
11. Select the check box to reconfigure the computer’s memory and disk
persistence after the cloning on the Configure Computers window, if
appropriate, then do the following:
a) Select Reconfigure Memory, and move the slider or enter a
number to adjust for the memory value.
b) Select Wait for users to log off before reconfiguring the
computer, if appropriate.
262
c) Select the Virtual Disks tab, and select Reconfigure Virtual Disks,
and select First disk only or All disks. Select the Disk Mode,
and set it to one of the following:
•Persistent
•Independent and Persistent
•Independent and Nonpersistent
desktops.
Red text is displayed as a reminder to administrators to not create
more virtual computers than their infrastructure is designed to
support.
Add Computer using the NetApp FlexClone Method
1.
– OR –
•
Computers.
•
toolbar.
•
navigation pane.
•
2.
3.
Next.
263
4.
On the Clone method window, select Rapid Provisioning NetApp
FlexClone as the clone method, and then click Next.
5.
Import.
If your network storage servers have been set up, the templates from
your network storage servers are displayed. If you are creating more
than 15 VMware NetApp clones, a warning dialog window is displayed
as a reminder to administrators to not create more virtual computers
than their infrastructure is designed to support.
Before importing templates when using the Rapid Provisioning option, the
templates must be on the NetApp storage server and the template’s virtual
disks need to be in the same directory.
6.
Select a folder in which the new computers are placed on the Folder
window, and click Next. If the list is empty or to update the list, click
Import.
7.
Select one or more resource pools and datastores on the Resource
files are to be stored. If the list is empty or to update the list, click
Import.
appropriate.
b) Click Next.
8.
by fields.
264
following:
9.
Click Next.
desktops.
Red text is displayed as a reminder to administrators not to create
support.
265
Add Computers using the VMware Linked Clone Method
1.
– OR –
266
•
Computers.
•
toolbar.
•
navigation pane.
•
2.
3.
Next.
4.
On the Clone method window, select Rapid Provisioning VMware
Linked Clone as the clone method, and then click Next.
5.
Click Import, on the Parent Virtual Machine window, to import the
parent virtual machines. The Import/Refresh Parent Virtual Machines
wizard opens.
267
6.
268
Specify the tasks that are to be performed on the Options window of
Import/Refresh Parent Virtual Machines, and then click Next.
•
Import parent virtual machines.
•
Remove orphaned parent virtual machines.
7.
On the Inventory window, select one or more virtual computers that
are to be imported or updated, and then click Finish.
8.
Highlight the parent virtual machine that you just imported, and then
click Next.
9.
Select the appropriate snapshot on the Snapshot window, and then
click Next.
10. Select a folder in which the new computers will be placed on the
Folder window, and click Next. If the list is empty, or to update the
list, click Import.
11. Select one or more resource pools and datastores on the Resource
files are to be stored. If the list is empty, or to update the list, click
Import.
You are not limited to using the datastore of the parent virtual
computer. Using a different datastore than the parent virtual
computer might increase provisioning performance.
appropriate.
b) Click Next.
269
12. Select the method for assigning a computer name to the new
by fields.
following:
13. Click Next.
specify operating system customizations. The desktops in this
group will not be powered on after they are created.
15. Select the check box to reconfigure the computer’s memory and disk
persistence after the cloning on the Configure Computers window, if
appropriate, then do the following:
a) Select Reconfigure Memory, and move the slider or enter a
number to adjust for the memory value.
b) Select Wait for users to log off before reconfiguring the
computer, if appropriate.
270
c) Select the Virtual Disks tab, and select Reconfigure Virtual Disks,
and select First disk only or All disks. Select the Disk Mode,
and set it to one of the following:
•
Persistent
•
Independent and Persistent
•
Independent and Nonpersistent
desktops.
Red text is displayed as a reminder to administrators not to create
support.
Parallels Virtuozzo Containers
Integration
This section describes the range of desktop management and provisioning
features offered by vWorkspace for Parallels Virtuozzo Containers environments.
Parallels Virtuozzo Nodes
Parallels Virtuozzo nodes can be imported to the vWorkspace Management
Console as either independent hosts or as part of a group. A Virtuozzo group can
contain master and slave nodes that are associated with each other. However,
a Virtuozzo host cannot simultaneously be an independent host and part of a
group.
A location can contain both slave nodes and independent nodes.
If you do not have independent nodes a master node must be defined as a
management server for the location to support slave nodes. When a location is
added, slave nodes can be imported from any of the virtualization server master
nodes, and are associated with the location.
271
Virtuozzo independent nodes are added to a location, rather than imported, as
is the case with Virtuozzo slave nodes.
When setting up the Parallels Virtuozzo Containers in the vWorkspace
Management Console, once a location has been defined, the following steps must
be completed:
•
Associate virtualization hosts, independent nodes and/or slave nodes,
to the location.
Virtuozzo Slave Nodes — Use this option to import master nodes
and select slave nodes that are to be imported.
Independent Virtuozzo Nodes — Use this option to add the
independent nodes to the location.
•
Computer groups can be added to locations by selecting Desktops
from the location in the vWorkspace Management Console. See
Computer Groups in the vWorkspace Management Console chapter
•
Add computers to the established computer groups by using the Add
Computers wizard. See the vWorkspace Management Console chapter
Parallels Virtuozzo Containers disable the startup of certain Microsoft
Windows services by default, including ones that are required for
vWorkspace.
You need to set the type to Enterprise, to prevent the disabling of certain
Window services. Please also refer to the Parallels Virtuozzo knowledge base
article, http://kb.parallels.com/1007, for more information.
Add Computers to a Computer Group
1.
– OR –
272
•
Computers.
•
toolbar.
•
navigation pane.
•
2.
Click Next on the Welcome to the Add Computers Wizard window.
3.
Next.
4.
Import.
5.
Select one or more Virtuozzo network devices from the
Nodes/Network Devices window. This is where the computers should
be created. If the list is empty or to update the list, click Import.
a) To change the distribution method, click Distribution on the
toolbar above the list of datastores. Complete the information on
the Datastore Distribution Method window as appropriate.
b) Click Next.
6.
by fields.
following:
7.
Click Next.
273
8.
customization.
It is important that you make sure your operating system customization
configuration is accurate and works on a computer that is visible to you. If
the customization information is incorrect, you may have a computer that
requires user input, but you will have no way of connecting to it.
9.
Select either Start Immediately or Schedule for (and enter a date
desktops.
Red text is displayed as a reminder to administrators to not create
support.
RD Session Host Integration
This section describes features offered by vWorkspace to integrate with Microsoft
Remote Desktop Services using Microsoft Windows Server 2008 R2.
Microsoft Remote Desktop Services (RDS), formerly Terminal Services, presents
users with an entire desktop environment or individual applications that are
running from within a datacenter, but appear to the user as a local application.
274
The integration between vWorkspace and Microsoft Remote Desktop Services
enables the following features:
•
Support for publishing applications and desktops using Microsoft
RemoteApp Start menu integration in Microsoft Windows 7 and
Microsoft RD Web Access.
•
Support for publishing individual applications using Microsoft’s built-in
RemoteApp technology for seamless windows for Microsoft Hyper-V
virtual desktops and RD Session Hosts.
•
Support for Remote Desktop Gateway for secure Internet access.
•
Support for the addition of Microsoft Remote Desktop Connection
Brokers to the vWorkspace Management Console.
•
Support in AppPortal for connectivity to Microsoft Remote Desktop
Connection Broker and Remote Desktop Gateway.
RemoteApp Support
RemoteApp support for Hyper-V virtual desktops and RD Session Host enables
the publishing of individual applications using Microsoft's RemoteApp technology
on access devices.
When using RemoteApp with Microsoft XP or Microsoft Vista, you need to install
one of the following hotfixes from Microsoft.
Update package for Microsoft Windows XP SP3:
http://www.microsoft.com/downloads/details.aspx?FamilyID=2f376f53-83cf-4
e5b-9515-2cb70662a81b&displaylang=en
Update package for Microsoft Vista SP1 or later:
http://www.microsoft.com/downloads/details.aspx?familyid=097B7478-31504D0D-A85A-6451F32C459C&displaylang=en
RD Connection Broker Integration
There are some differences in functionality between the Microsoft RD Connection
Broker and the vWorkspace Connection Broker. The following is a list of
limitations when using the Microsoft RD Connection Broker with vWorkspace
instead of the vWorkspace Connection Broker.
275
•
Filtering of which applications and desktops are published based on
client name/IP can only be done through vWorkspace Connection
Broker.
•
Folders for published applications and desktop are not visible in RD
Web Access and the Start Menu. AppPortal will show folders when
connected to RD Connection Broker.
•
Connections through RD Web Access and the Start Menu always use
the RDP client, not the EOP client, so the EOP features cannot be used.
However, you can use Quest AppPortal on Windows to connect to the
RD Connection Broker, but not Quest Web Access.
•
Mac, Linux, or Java connectors (clients) cannot be launched from RD
Web Access.
•
Mac and Linux AppPortals do not yet support RD Connection Broker.
•
Auto-logoff does not work using RemoteApp through RD Web Access
or RemoteApp in Start menu (with the RDP client):
•
Auto-logoff (PNStart) does not work for individual applications
published from virtual desktops, which is the same behavior as
you get using RemoteApp, without vWorkspace. The workaround
is to use GPO to force a logoff after a period of time disconnected.
This only affects individual applications from virtual desktops,
whole desktops are fine.
•
Auto-logoff (PNStart) does not work for applications launched
from RD Session Host through RemoteApp. The workaround is to
use GPO to force a logoff after a period of time disconnected.
Importing Existing Computers into
a Group
You can import existing computers from a virtualization host to an existing
computer group.
After computers have been successfully imported, the task Initialize Computer
is automatically created. This process establishes the relationship between the
farm and the virtual desktop and must be completed successfully. See Initialize
Computer for more information on this process.
Several controls are available to assist with importing and resynchronizing
(Import/Re-sync Computers tool) desktop computers.
For more information about adding computers, refer to the specific integration
components in this chapter.
276
The options on the Import/Re-sync Computers windows are described below.
The options presented are dependent upon the type of computers that are being
imported.
OPTION
DESCRIPTION
Options
Import computers into group
[managed_desktop_group_
name]
If selected, virtual computers that have previously been imported into other managed computer groups in the vWorkspace data center are
prevented from being imported into the current
managed desktop group.
Remove orphaned desktops
If selected, managed desktop computers are
removed from the selected managed desktop
group if they no longer exist in the VMware VirtualCenter inventory.
Inventory
Folders\Computers
This displays a list of folders and virtual computers available in the VMware VirtualCenter data
center inventory.
Expand the nodes to view the computers.
277
OPTION
DESCRIPTION
Microsoft Hyper-V Inventory
This control displays a list of folders and virtual
computers available in the Microsoft Hyper-V
data center inventory.
Nodes
This displays a list of folders and virtual
computers available in the Parallels Virtuozzo
Host inventory.
View:New
If selected, displays a list of virtual computers
that have not yet been imported into the managed desktop group.
View:Existing
If selected, displays a list of virtual computers
that have previously been imported into the
managed desktop group.
Finish
If selected, the chosen virtual computers are
imported into the current managed desktop
group as managed desktop computers.
The Initialize Computer task is automatically
started for each desktop computer successfully
imported.
Cancel
If selected, the Import/Re-sync selections are
discarded, and the window is closed.
How to ...
Import Existing Computers into a Group
278
1.
2.
Select the group on which the import will be performed, and do one
of the following:
•
Right-click on the computer group and select Import/Re-sync
computers.
•
Click the Import/Re-sync computers icon from the toolbar in
the navigation pane.
•
Select Actions | Import/Re-sync computers from the menu
on the navigation pane.
•
Select Import/Re-sync computers from the Actions menu on
the computer group’s information pane.
•
Select Import existing desktops from VMware from the
Finish window of the Computer Group wizard, and then click
Finish, if you are completing the Computer Group wizard.
3.
Complete the Import/Re-sync Computers Options as appropriate,
4.
Select the appropriate View option (New or Existing) on the
Inventory window.
5.
Select the computers that are to be imported on the Inventory
window.
6.
Click Finish to start the import.
Monitoring Operations
You can monitor an operation by using the middle and bottom panes of the
vWorkspace Management Console. The middle pane on the vWorkspace
Management Console displays the overall progress. You can use Refresh to
update the view. The bottom pane on the vWorkspace Management Console
uses the Tasks tab to display the status of the tasks to complete the process,
and a Log tab to display more detailed status information.
To cancel a task, select it from the list of tasks and choose Cancel from the
Actions menu, or right-click on the task and select Cancel.
PNTools is a required component for managed computers in the vWorkspace
infrastructure. If you did not install PNTools as part of the template for the
new desktops, it needs to be installed.
279
280
5
Managing the Virtual
Workspace
• Overview
• Power Management
• Two-Factor Authentication
• Managed Applications
• Resources
• Secure Gateway
• Web Access
• vWorkspace Reporting
Overview
Virtual workspace is a term used to encompass all of the technologies and
platforms Quest vWorkspace uses to host the end user's computing
environment. The virtual workspace consists of the applications, data, settings,
and operating system subsystems required to provide a functional desktop
computing environment.
For example, a user can launch three seamless windowed applications, but each
is hosted on a separate platform. One is hosted on an RDSH server, the other on
a Microsoft Hyper-V hypervisor, and the third hosted on a high Blade. However,
this is all transparent to the end user.
With workspace virtualization, you can facilitate the execution of a user's
productivity applications from a data center with the flexibility to host these
applications on multiple platforms.
Managing the virtual workspace involves many facets. Traditional PC computing
involves many components such as applications, application configuration, USB
devices, printers, and user profiles, to name a few. Quest vWorkspace is
designed to centralize the execution of desktop computing, but also to centralize
its management. And in centralizing desktop computing execution, other areas
of management arise, which vWorkspace provides tools for as well. This chapter
will inform you of the different tools vWorkspace provides for managing the
virtual workspace.
Power Management
Managed computer power states can be changed, either automatically by the
Connection Broker or manually by an administrator using the vWorkspace
Management Console.
vWorkspace Connection Brokers periodically query their configured virtualization
entity servers for the current power state of managed computers running as
virtual computers.
vWorkspace Connection Brokers can also submit commands to change the power
state of a given virtual computer. For example, when a user attempts to connect
to a managed computer running as a virtual computer and that virtual computer
is powered off, the Connection Broker automatically sends a command to power
on the computer. Once the virtual computer is powered on and the operating
system has loaded, the user is then connected to the desktop and log on.
282
Managing the Virtual Workspace
The power states and virtualization entities that can be manipulated with
vWorkspace are as follows.
POWER STATE
Power On — Powers the virtual
computer on in the same way as
using the power switch on a
physical computer.
VIRTUALIZATION ENTITY
• VMware
• Microsoft Hyper-V
• Microsoft SCVMM
Power Off — Powers the virtual
computer off in the same way as
using the power switch on a
physical computer.
• VMware
Reset — Powers the virtual
computer off and then on again
in the same way as using the
reset switch on a physical
computer.
• VMware
Resume — Reawakens a virtual
computer that has been in a
suspended state.
• VMware
Suspend — Suspend saves the
system state and working set of
the virtual computer to disk
before powering off. When
resumed, the computer is
returned to the state it was in
before being suspended. This
option is faster since the
operating system does not have
to go through the complete load
and initialization process.
• VMware
Shut Down OS — Gracefully
shuts down the guest operating
system in the same way as
using the Shut Down function in
Windows.
• VMware
• Microsoft SCVMM
• Microsoft SCVMM
• Microsoft SCVMM
• Microsoft SCVMM
• Microsoft SCVMM
• Other/Physical (Blade PCs)
Restart OS — Same as the
Restart option in Windows.
• VMware
• Microsoft SCVMM
283
POWER STATE
Log Off User — Logs the user
off in a graceful manner. The
user is prompted to save any
unsaved data.
VIRTUALIZATION ENTITY
• VMware
• Microsoft SCVMM
Reset Session — Closes all
programs that are running and
deletes the session from the
server that is running Remote
Desktop Services. This can be
used if a session is not
functioning correctly, or if the
session has stopped responding.
• VMware
• Microsoft SCVMM
Two-Factor Authentication
There are two different ways of enabling Two Factor Authentication (TFA) in
vWorkspace, either from the vWorkspace Management Console or Web Access.
Two-factor authentication can also be enabled in both the vWorkspace
Management Console and Web Access. You are able to setup TFA in any
vWorkspace Connector.
You need the following information from your Radius server:
•
IP address, FQDN or NetBIOS name.
•
Radius Authentication port (default is 1812).
•
Secret Key (Check with your Radius admin if you do not know this
key.)
•
CHAP or PAP, which one is being used.
•
Length of the one-time password. It is usually either 6 or 8 characters.
The examples in this section use Quest Defender.
How to ...
284
•
Set up TFA in the vWorkspace Management Console
•
Set up TFA in Web Access
•
Set up TFA in the vWorkspace Management Console and Web Access
Set up TFA in the vWorkspace Management Console
1.
2.
Right-click on the Farm node and select Farm Properties or select
the Properties icon from the toolbar.
3.
Select Two-Factor Authentication, select to enable Radius, and then
complete the information on the window.
FIELD
DESCRIPTION
Timeout (seconds)
This setting reports back a
timeout if the allotted time has
been exceeded in trying to
authenticated.
Default is 30 seconds.
Password Layout
This setting defines how a user
authenticates, either by entering
their AD password and their OTP,
or by entering their OTP and
their AD password combined.
Require all users to be
two-factor authenticated
The setting, if selected,
mandates that all vWorkspace
users need to enter their AD\OTP
or OPT\AD in the password field.
285
If you choose not to enforce TFA for all applications then you can set
up Advanced Targets and assign this to published applications, as in
the below image.
If you have assigned applications to an advanced target requiring the
use of TFA, when authenticated, these applications are visible to the
end user. If a user does not enter their TFA credentials, then only
those applications assigned to them through Targets are available to
them.
286
Set up TFA in Web Access
1.
Open Web Access Site properties from the vWorkspace Management
Console.
2.
Select Two-Factor Authentication, and complete the information on
the window as appropriate.
3.
Click Apply.
If you choose not to enforce TFA for all applications then you can set up
Advanced Targets and assign to specific published applications.
287
If you set up Advanced Targets, then you need to set your advanced target to
allow access to that application(s) based on your trusted entry point. Your
trusted endpoint in the above case would be your Web Access Server.
Set up TFA in the vWorkspace Management Console and Web Access
If you decide to have TFA enabled on both your vWorkspace Management
Console and on Web Access, then you need to have an Advanced Target setup
like the below image.
One of the reasons that you would want to set up TFA on both the vWorkspace
Management Console and on Web Access is if you use AppPortal Connector
internally and your end users also access vWorkspace through Web Access
externally, or if you are in the process of doing a migration from either a pre-7.5
vWorkspace version farm or a Citrix deployment.
288
Before an application can be published and accessed by users, it first must be
installed on the hosting computer. In a Quest vWorkspace infrastructure, the
hosting computer can be any of the following:
•
Microsoft RD Session Hosts
•
Managed Computers
•
Virtualized Applications
Microsoft RD Session Hosts
Applications installed and published on Microsoft RD Session Hosts are
sometimes referred to as shared or multi-user applications. This is because a
single installation of the application can be used simultaneously by multiple
connected users.
When Remote Desktop Services is enabled on Microsoft Windows Servers, you
must ensure the application is installed properly.
289
Consider these suggestions and guidelines:
•
Session Hosts need to be in the install mode when installing
applications intended for multi-use. This is done automatically when
the Control Panel, Add |Remove Programs is used, but can also be
started from a command prompt using the following command:
Change User / Install.
•
Users should not be logged on to the system when installing
applications.
•
Review all available documentation for any issues that might exist
when installing and using an application with Remote Desktop
Services. Some applications have special procedures or command line
switches that must be used for installation on Remote Desktop
Services.
•
Restrictions such as support for the full feature set or license
restrictions may be applicable when used on Session Hosts.
•
Applications, such as Computer Aided Design or scientific modeling
and analysis programs, may not be good candidates for Session Host
based deployments. These types of applications place an increased
demand on the physical resources of a computer.
Managed Computers
A major benefit of hosting applications on vWorkspace enabled managed
computers is that no special considerations have to be taken into account; you
install the application as it would be done for a Microsoft Windows computer. The
applications can be installed manually, or pushed to the managed computer
using third-party tools such as Microsoft Active Directory Group Policy (Software
Installation) or Microsoft SMS.
Some considerations when installing applications on managed computers are:
290
•
Install all the applications a user might need on to the same managed
computer, when practical. This helps to reduce the number of remote
sessions needed for a user to accomplish their work.
•
Use managed computers for special purpose applications that do not
need to be made widely available.
•
Use managed computers for applications that are too resource
intensive to be installed on Session Hosts.
•
Use managed computers, especially when implemented as virtual
computers, for applications being created and tested in a software
development environment.
Virtualized Applications
Many application deployment solutions exist to simplify and accelerate the
process of deploying line-of-business applications to the user desktop. These
same tools are ideal for use in a vWorkspace enabled desktop infrastructure.
Managed Applications Properties
The Managed Applications Properties option allows administrators to enable or
disable Graphics Acceleration globally for managed and unmanaged
applications, set Custom Properties, and set Permissions for users for all
managed applications.
Managed application properties are accessed by doing one of the following:
•
Select Properties from the context menu of Managed Applications
in the vWorkspace Management Console. Managed Applications is
listed under Resources in the vWorkspace Management Console.
•
Selection Actions | Properties from the main menu on the
•
Select the Properties icon on the toolbar.
291
Graphics Acceleration
The Graphics Acceleration setting in Managed Applications Properties is used
to globally set graphics acceleration for all managed and unmanged applications.
You can also set the Image Quality for the graphic accelerated application in
Properties.
The ability to set graphics acceleration for individual managed applications, is
completed by the Properties settings for the specified application, or by setting
the Graphics Acceleration setting during the process of adding a Managed
Application.
Custom Properties
Managed applications can have up to five custom properties, which allows
managed applications more flexibility and better organization. You can label
managed applications, for example, by customer.
In the list under Property Name, enter the names of the custom properties you
want to assign to the managed applications. These names appear in the column
headers in the applications view.
292
To enter custom property values for an application, edit the properties of that
application, or right-click on an application in the application view and select
Custom properties.
Permissions
Managed Applications Properties is also used to enable administrators to
allow or deny actions for activities within the vWorkspace Management Console.
For more information on Permissions, see Administration in the vWorkspace
Management Console chapter.
New Application Tool
The New Application command is used to publish an application, desktop, or
content. It can be opened from the following locations within the vWorkspace
Management Console.
•
Sessions Hosts node
•
Desktops node
•
Resources node
293
How to ...
•
Start New Applications using Session Hosts Node
•
Start New Applications using the Desktops Node
•
Start New Applications from the Resources Node
Start New Applications using Session Hosts Node
1.
2.
Expand Locations and then the location name where the Session
Host is located.
3.
4.
Select either Management or Provisioning.
5.
Select the Applications tab in the information pane.
6.
Select New Applications from either the toolbar or by the context
menu which can be accessed by right-clicking in a blank area of the
information pane.
Start New Applications using the Desktops Node
1.
2.
Expand Locations, and then the location name where the computer
group is located.
3.
Expand the Desktops node.
4.
Select the computer group into which the application is to be
published.
5.
Right-click on desktop group, and then select New application in
group.
– OR –
In the information pane, click on the Managed Applications tab and
select Actions | New Application in Group.
294
Start New Applications from the Resources Node
1.
2.
Expand the Resource node, and highlight Managed Applications.
3.
Right-click the Managed Applications node, and then select New
Managed Application.
– OR –
In the Managed Applications information pane, select New from
either the Actions or the context menu.
Publish RD Session Host Applications
The most direct way to publish applications hosted on RD Session Hosts is to
start New Application from either the Session Hosts or Resources nodes
(see New Application Tool for more information). The system displays the
Managed Application Wizard.
Publish an Application Hosted on Session Hosts
1.
Open the Managed Application Wizard.
2.
Click Next on the Welcome window of the Managed Application
Wizard.
3.
On the Application Name window, do the following:
a) Specify a friendly name for the application in the Name box, and
then click Next.
Published application friendly names are limited to 150 characters. If
any names are longer than 150 characters, they get truncated, and
any duplicates are suffixed with a numeric value to ensure
uniqueness.
b) Enter the names of the custom properties you want to assign to
the managed applications. These names appear in the column
headers in the applications view, which can assist with searching
and sorting.
295
4.
296
On the Application Type window, select the type of application, and
then click Next.
5.
On the Publishing window, select Session Host(s) and select the
servers on which to publish the application for a specified location,
and then select Next.
6.
Complete the following information on the Defaults window, and then
click Next:
a) If the application to be published is a virtualized application
package stored on a App-V server, click Select App-V
Application.
b) Enter a Path, or select the ellipsis to browse.
297
c) Enter any arguments that you want to have passed to the
application when started in the Arguments box.
d) If the application requires a working directory, type its path in the
Working Dir box.
298
7.
On the Server Specific window, enter server specific program
specifications, as appropriate. Click Next.
8.
On the Display Name window, enter a Display Name if you want the
name that is displayed to the user to be different than what is in the
Name box on the Application Name window. Click Next.
299
9.
On the Icon window, select an icon for the application, and then click
Next.
10. Specify the application window state for this application, including
seamless window mode settings, and then click Next.
11. Select the appropriate option (Desktop, Start Menu, Start
Menu \Programs) for clients using AppPortal in desktop integrated
mode on the Desktop Integration window, and then click Next.
300
12. Select the appropriate option on the Graphics Acceleration window,
The Use default option refers to the default Graphics Acceleration
option setting on the Managed Applications Properties window. See
Managed Applications Properties for more information.
13. Select Enabled or Disabled on the Enable/Disable window, and
then click Next.
If you select Disabled, the application is not displayed in client
application lists.
301
14. Complete the information, as appropriate, on the Load Balancing
The Enable this application to share on active session option
must not be selected if you are using Web Access with published
applications where multiple users use the same computer, such as a
kiosk or other semipublic user.
15. Specify any application restriction settings for this application, and
then click Next.
16. Select the Virtual IP settings for this application, as appropriate, and
click Next.
The settings are: Virtual IP, Client IP, and Virtual Loopback.
17. Use the Client Assignment window to assign this application to
targets, and then click Next.
18. Set Permissions as appropriate, and then click Finish.
302
Publish Session Host Desktops
The steps for publishing a shared Windows desktop hosted on a Session Host are
exactly the same as that for publishing a shared application, except for the
following exceptions:
1.
The Application Type is set to Desktop. When this is done, no
path, arguments, or working directory are needed, and the fields for
these are not presented.
2.
The Defaults and Server-Specific options are not available.
3.
The Startup section is not available.
The Startup option is only available if the Type is Program.
Publish a Managed Desktop
You can publish a desktop to the managed computer group using the New
Managed Application wizard.
How to ...
Publish a Desktop to a Managed Computer Group
1.
2.
Expand the Desktops node at the required location.
3.
Navigate to the computer group where the desktop is to be
published.
4.
Select New Application from the context menu.
5.
Click Next on the welcome window of the Managed Application
Wizard.
6.
then click Next.
uniqueness.
and sorting.
7.
On the Application Type window, select the type of application,
Desktop, and then click Next.
303
8.
On the Publishing window, select the Managed Computer Group
option, and then select the managed computer group from your
location on which to publish the application. Click Next.
9.
On the Display Name window, enter a Display Name if you want the
10. On the Icon window, select an icon for the application, and then click
Next.
option setting defined in the Managed Applications Properties.
13. Select Enabled or Disabled to specify if this application is displayed
on the client application list.
14. Use the Client Assignment window to assign this application to
targets, and then click Next.
15. Set Permissions as appropriate on the Permissions window, and then
click Finish.
304
Publish Managed Applications
Publishing an application hosted on a managed desktop is similar to that of RD
Session Host. The major differences are that the Load Balancing, Application
Restrictions, and Virtual IP options are not available for managed desktops.
How to ...
Publish an Application
1.
2.
Expand the Desktops node for the required location.
3.
Navigate to the computer group where the desktop is to be
published.
4.
Start New Application by selecting the New Application icon from
the toolbar or Actions | New Applications.
5.
Click Next on the welcome window of the Managed Application
Wizard.
6.
then click Next.
uniqueness.
The following characters cannot be used in application names that are
to be published for Web Access: <, >, /,\, *, y ’.
and sorting.
7.
On the Application Type window, select the type of application,
Program, and then click Next.
8.
On the Publishing window, select Managed Computer Group, and
then select the managed computer group from your location on
which to publish the application. Click Next.
9.
Complete the following information on the Defaults window, and then
click Next:
a) If the application to be published is a virtualized application
package stored on a App-V server, click Select App-V
Application.
305
b) Enter a Path, or select the ellipsis to browse.
c) Enter any arguments that you want to have passed to the
application when started in the Arguments box.
d) If the application requires a working directory, type its path in the
Working Dir box.
10. On the Display Name window, enter a Display Name if you want the
11. On the Icon window, select an icon for the application, and then click
Next.
12. Specify the application window state when started, on the startup
option setting of Managed Applications Properties.
15. Select Enabled or Disabled to specify if this application is displayed
on the client application list.
16. Select Client Assignments to specify the targets that are to have
access to this application and assign this application to them, and
then click Next.
17. Set permissions on the Permissions window, as appropriate, and then
click Finish.
Publish Content
Traditionally in Windows networks, users have relied on network drive
mappings, browsing, or corporate Web sites to get information. As networks
grow in size and complexity these methods have become less efficient.
Web based resources that are not located on the corporate network can require
users to remember numerous and sometimes long URLs, or to know how to build
efficient and effective search queries. Published content provides an easier way
for users to access the information they need. When an administrator publishes
content, the complete path to the resource is specified and is associated with an
icon. This path can be in Universal Naming Convention (UNC) format or web
based formats, such as http, https, ftp, ldap. The icon representing the content
is passed down to the vWorkspace Client in the same manner as application and
desktop icons.
306
To access the content, the user simply clicks on the icon. The content path is
passed to an application, based on Windows file type associations, capable of
opening that type of content. For example, content using a UNC path would be
opened with Windows Explorer, while content using http would be opened with
Internet Explorer. The administrator has the option of specifying whether the
application used resides on the client device or on a remote device.
If you want users to have multiple sessions to the same server, the Restrict
each user to one session setting at the following path must be set to No.
Administrative Tools | Terminal Services Configuration | Server
Settings
If you are using an application deployment solution such as Application
Virtualization, applications are published using the type Content.
The process of publishing content is exactly the same as publishing an
application hosted on a RD Session Host or desktop with the following
exceptions:
•
Type — Select Content on the Application Type window of the
Managed Application Wizard, and then select where the content is to
be published (Server or Client).
•
Publishing— Select Terminal Server(s) if you want the content to
be opened with an application installed on a RD Session Host, and
then select which RD Session Host to use.
Select Managed Computer Group if you want the content to be
opened with an application installed on the client device. When this is
chosen, the Server-Specific, Application Restrictions, Virtual
IP, and Load Balancing windows are unavailable as they do not
apply to desktops.
•
Path — Enter the path to the content on the Defaults window. A UNC
path can be either to a shared folder or a file within a shared folder.
Share, NTFS, and web permissions all apply when users try to access the
content. Therefore, even though clients are listed in the published content’s
access control list, the client may still be denied access because of other
permissions.
307
Published Applications Tasks
Once applications have been published on either Session Hosts or desktops,
additional applications can be added, modified, duplicated, and deleted.
The Select Applications to Publish menu option is a way to add existing
published applications, desktops, or content to either a Session Host or
computer group when new Session Host or computer groups have been added
to the vWorkspace infrastructure.
All properties of published applications, desktops, or content can be modified
after they are created. An existing published application can be duplicated and
then modified, but the duplicate needs to be given a unique name.
When a published resource is no longer needed, it can be deleted from the
database. Deleting a published application, desktop, or content does not remove
the application from the hosting computer nor does it delete the actual desktop
or content.
How to ...
•
Add Published Applications to a Session Host
•
Add Published Applications to a Computer Group
•
Modify Published Applications with Session Hosts Node
•
Modify Published Applications with Desktops Node
•
Modify Published Applications on the Resources Node
•
Duplicate a Published Application
•
Delete a Published Application
Add Published Applications to a Session Host
308
1.
2.
Host is located.
3.
Click on the Session Hosts node in which to add the existing
published resources.
4.
Double-click on Management or Provisioning.
5.
In the information pane on the right, click on the Applications tab
for the selected Session Host.
6.
Click on the Published Applications icon from the navigation pane
toolbar or the information pane toolbar, or select Actions | Publish
Applications. A list of published resources is presented.
7.
Select each published resource you want to add to the server. To
select a published resource, select the box to the left of the
Application.
8.
Click Apply to make the changes without closing the window, or click
OK to make the changes and to close the window.
Add Published Applications to a Computer Group
1.
2.
Expand Locations and then the location name where the computer
group is located.
3.
Expand the Desktops node and highlight the computer group.
4.
Use one of the following to open the Select Applications to
Publish:
a) Right-click on the computer group.
b) Select the Managed Applications tab in the information pane, and
then Actions| Select Applications to Publish in the information
pane.
309
c) Select Actions| Select Applications to Publish from the
navigation pane.
d) Click the Select Applications to Publish icon from the
navigation pane toolbar.
5.
Select each published resource you want to add. To select all
published resources, select the box to the left of Applications.
6.
Modify Published Applications with Session Hosts Node
1.
2.
Host is located.
3.
Click on the Session Hosts node in which to modify the existing
published resources.
4.
Double-click on either Management or Provisioning.
5.
Click on the Applications tab located in the Session Hosts
information pane.
6.
Highlight the published resource to be modified, and then select
Properties from the context menu, or click on the Properties icon on
the information pane toolbar.
7.
On the Managed Application Properties window, navigate through the
various windows to make the necessary changes.
8.
Modify Published Applications with Desktops Node
310
1.
2.
Expand Locations and then the location name where the computer
group is located.
3.
Expand the Desktops node (you can also navigate to a specific
datacenter or computer group).
4.
Click on the Managed Applications tab in the information pane.
5.
Properties from the context menu, or select Actions | Properties
on the information pane.
6.
various tabs to make the changes, as appropriate.
7.
Modify Published Applications on the Resources Node
1.
2.
Expand the Resources node, and then click on the Managed
Applications node.
3.
Properties from the context menu, or select the Properties icon
from the information pane.
4.
various tabs to make the changes, as appropriate.
5.
Duplicate a Published Application
1.
2.
Navigate to the desired published application under the Session
Hosts, Desktops, or Resources node.
3.
Right-click on the published application, and select Duplicate from
the context menu.
4.
Make the necessary changes using the appropriate windows on the
Managed Applications Properties window.
5.
Delete a Published Application
1.
2.
Navigate to the desired published application under the Session
Hosts, Desktops, or Resources node.
3.
Click the Delete on the toolbar or from the context menu.
4.
After reviewing the warning message, click Yes to delete or No to
cancel.
Internet Explorer Compatibility
Quest vWorkspace Internet Explorer Compatibility is a set of features that allow
an alternate version of Internet Explorer to be delivered to a Windows Client
running the vWorkspace Connector, or to a Windows Server with the
vWorkspace Session Host or Terminal Server Role.
311
vWorkspace Internet Explorer Compatibility seamlessly presents vWorkspace
managed applications from Windows Terminal Servers or Session Hosts to a
Windows Client desktop when applications that require a specific version of
Internet Explorer are different than the version on the Windows Client operating
system.
A user’s local Internet Explorer browser can be set to hook specific URLs, and
launch them with associated vWorkspace managed applications. From a server,
the user's hosted Internet Explorer browser can be configured by vWorkspace to
redirect back to the client's local Internet Explorer instance when the user
browses to specific URLs, or when the user browses to sites that are not
configured for use with the hosted browser.
Internet Explorer Compatibility consists of the following components:
312
•
vWorkspace Connector Settings Group Policy Admin Template
(vworkspace.adm or .admx) — This template is used to configure the
vWorkspace Connector, such as Broker Type, Broker Name, XML Port,
and Authentication Settings. This can be used as an alternative to the
config.xml file.
•
Config.xml — This XML file is used to configure the vWorkspace
Connector, such as Broker Type, Broker Name, XML Port, and
Authentication Settings. It can be used instead of the vWorkspace
Connector Settings Group Policy Administrative Template.
•
vWorkspace Connector Internet Explorer URL Redirection
Browser Add-On (pnurlhook.dll) — This add on is used to launch the
vWorkspace Connector AppPortal in Desktop Integrated mode and
display the managed application associated with the URL.
•
vWorkspace Session Host or Terminal Server Internet
Explorer URL Redirection Browser Add-On (pnurlhook.dll) — This
add on is used to send a user to their local Internet Explorer browser
when the user browses to sites that are not configured for use with
the hosted browser.
•
vWorkspace Client URL Redirection Group Policy Admin
Template (ClientSide IE.adm or .admx) — This User Configuration
Group Policy Administrative template is used to configure the URLs
that should be redirected to a vWorkspace managed application. This
template is applied in a GPO that is linked to the OUs where the target
user accounts exist.
•
vWorkspace Server URL Redirection Group Policy Admin
Template (ServerSide IE.adm or .admx) — This Computer
Configuration Group Policy Administrative template is used to
configure the URLs that should be redirected back to the client's local
instance of Internet Explorer. This template is applied in a GPO that
is linked to the OUs where the vWorkspace Session Hosts/Terminal
Servers exists.
Typical Deployment
A typical deployment of vWorkspace Internet Explorer Compatibility consists of:
•
One or more Hyper-V servers running vWorkspace Hyper-V Catalyst
components for hosting vWorkspace Terminal Server or Session Host
virtual machines.
•
One Terminal Server or Session Host virtual machine for every 20-25
expected concurrent users of Internet Explorer. Each virtual machine
is typically configured for 2 vCPUs and 1024-4096MB of dynamic
memory.
•
Two or more vWorkspace Connection Brokers for user authentication
and provisioning of the vWorkspace Terminal Server or Session Host
virtual machines.
•
System Center Configuration Manager or Group Policy to deploy the
vWorkspace Connector.
•
Group Policy to configure the client redirection URLs.
•
Group Policy to configure the server redirection URLs.
•
vWorkspace Connectors configured in Desktop Integrated Mode.
If deploying the vWorkspace Connector Settings through Group Policy, the
following must be completed:
1.
Configure AppPortal in Desktop Integrated mode. Although the Client
URL Redirection Plug-In dynamically launches AppPortal in Desktop
Integrated mode, farm authentication fails if AppPortal does not
launch in Desktop Integrated mode at least once before it is used to
redirect a URL.
2.
Configure the following vWorkspace Connector Group Policy
Administrative Template settings.
a) vWorkspace Connector\Delete Entries\Version\Enabled\
Version = Checked
b) vWorkspace Connector\Delete Entries\
Encrypted\Enabled\Encrypted = Checked
313
c) vWorkspace Connector\Farm Type\Farm Settings\Enabled\
Select Farm Type = vWorkspace Connection Broker
d) vWorkspace Connector\Connectivity\Location 1\
vWorkspace Connection Settings\Enabled\
Protocol = http, TCP Port = 8080,
Connection Broker(s) =ListBrokerNamesHere,
Broker1,Broker2,Broker3
e) vWorkspace Connector\Credentials\
Cached Credentials = Enabled,
User Supplied Credentials = Enabled, Allow User Supplied
Credentials = Checked
3.
Set the following in the GPO that applies to the Terminal
Servers/Session Hosts OU, so that Computer Group Policies are
enforced the first time the Terminal Server’s Computer Account
authenticates with Active Directory.
Computer Configuration\Administrative Templates\
System\Logon\Always wait for the network at computer startup and
logon = Enabled
4.
Disable Shutdown Event Tracker. Failure to do this prevents a
managed application from successfully launching, without manually
switching to desktop view to enter the reason for an unexpected
shutdown.
Computer Configuration\Administrative Templates\System\
Display Shutdown Event Tracker = Disabled
5.
Apply the hotfix referenced in Microsoft KB article 942610, if using
Microsoft Server 2003 R2.
http://support.microsoft.com/kb/942610
In addition, the following registry entry needs to exist on the Terminal
Servers so user’s Remote Display Settings are not reduced to 8-bit
when their screen resolution is higher than 1600x1200.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\
Terminal Server
Registry entry: AllowHigherColorDepth
Type: REG_DWORD
Value: 1
314
The following sections describe the process of connecting to managed
applications and desktops in a vWorkspace Windows infrastructure. Users have
the option of either connecting to full-featured desktops or individual
applications based upon administrative setup.
These items are discussed in greater detail in the following section:
•
vWorkspace Connector Interfaces
•
vWorkspace Connector for Windows Packages
•
vWorkspace Connector Configuration
vWorkspace Connector Interfaces
There are two primary interfaces available, AppPortal and Web Access.
AppPortal Interface
The AppPortal is a version of the vWorkspace Connector with an intuitive,
interactive user interface allowing users, upon successful authentication, to
receive a list of authorized desktops and applications in a vWorkspace
infrastructure. Users can subsequently start remote connections to published
desktops and applications by selecting the corresponding shortcuts.
AppPortal can also be started in Desktop-Integrated mode where the user
interface shell is suppressed and it appears in the Windows system tray.
Application icons shortcuts are placed on the user’s Desktop, Start Menu, or All
Programs menu, depending on preferences.
315
The AppPortal must be installed and configured before users are able to
connect to their vWorkspace infrastructure.
Web Access Interface
vWorkspace Web Access allows users to retrieve their list of allowed
applications or desktops using a web browser. A Web Access web server must
be available to use this interface.
Refer to the vWorkspace Web Access section in this guide for more information.
316
vWorkspace Connector for Windows
Packages
The vWorkspace Connector for Windows is supported on Microsoft Windows
computers, laptops, and Microsoft Windows Embedded thin client terminals, and
is available in various packages.
The vWorkspace packages available are:
•
VASCLIENT32 — Includes AppPortal and the Web Access.
•
VASCLIENT32T — Includes the Web Access, but not the AppPortal.
•
VASCLIENT32TS — Includes a silent install for Web Access.
VAS Client 32
This package is available in the following formats:
•
VASCLIENT32.exe — MSI installation with EXE bootstrapper. An
MSI engine (2.0 or later) must be installed on the target client
workstations.
•
VASCLIENT32.msi — MSI installation without the EXE bootstrapper.
An MSI engine (2.0 or later) must be installed on the target client
workstations.
•
VASCLIENT32.cab — CAB installation for automatic deployment
through Web Access.
VAS Client 32T
This package is available in the following formats, and does not include the
AppPortal interface:
•
VASCLIENT32T.exe — MSI installation with EXE bootstrapper. An
MSI engine (2.0 or later) must be installed on the target client
workstations.
•
VASCLIENT32T.msi — MSI installation without the EXE
bootstrapper. An MSI engine (2.0 or later) must be installed on the
target client workstations.
•
VASCLIENT32T.cab — CAB installation for automatic deployment
through Web Access.
317
VAS Client 32TS
This package is available in the following format for the Web Access client:
•
VASCLIENT32TS.cab — CAB installation for automatic deployment
through Web Access, as a silent installation. The files are located at
\\Inetpub\wwwroot\Provision\web-it\clients.
vWorkspace Connector Executables
The executable file, PNapp32.exe, provides the shell and functionality of the
AppPortal interface, forwarding users credentials to the vWorkspace
Connection Brokers for authentication, retrieving a list of authorized applications
and desktops, and dynamically retrieving the connectivity settings needed to
successfully connect to a requested application or desktop.
The executable file, PNtsc.exe, establishes the remote connection to
applications and desktops that are hosted in the vWorkspace enabled
infrastructure, and is included on all packages of the vWorkspace Connector. It
is a modified version of the Microsoft Remote Desktop Connection client.
PNTray.exe is an executable that runs from the taskbar when an application or
desktop is connected, and is included on all packages of the vWorkspace
Connector.
The PNTray provides a context menu for access to various applets used in
managing connections, sessions, and printing options. See PNTray for more
information.
Additional Registry Settings
There are several additional features that can be enabled by enabling registry
key entries:
•
Deferred Authentication
•
Optional One-session-per-user within a Farm
Deferred Authentication
Deferred Authentication is an optional mode to retrieve applications and
desktops through AppPortal and Web Access, even by users whose passwords
have expired or needs to be changed.
318
PasswordExpiredPassthruMode
When this feature is enabled, it allows the user, who has entered an expired
password or the password that needs to be changed, to get to the Windows
logon screen to change the expired password.
When enabled, if LogonUser() returns the following error code, the vWorkspace
Connection Broker enumerates the groups and OUs for the user and returns
ERROR_SUCCESS (0).
ERROR_PASSWORD_EXPIRED (1330) and ERROR_PASSWORD_MUST_CHANGE (1907)
This feature is controlled through the following registry key. The default is 0.
HKLM\SOFTWARE\Provision Networks\Common\ Load and License Manager
PasswordExpiredPassthruMode
REG_DWORD (0=disabled 1=enabled)
AccountLockedPassthruMode
When this feature is enabled, it allows the user, whose account appears to be
locked, to get to the Windows logon screen to unlock the account. You must have
a third party password reset application to use this setting.
When enabled, if LogonUser() returns the following error code, the vWorkspace
Connection Broker enumerates the groups and OUs for the user and returns
ERROR_SUCCESS (0).
ERROR_ACCOUNT_LOCKED_OUT (1909)
This feature is controlled though the following registry key. The default is 0.
HKLM\SOFTWARE\Provision Networks\Common\ Load and License Manager
AccountLockedPassthruMode
REG_DWORD (0=disabled 1=enabled)
Optional One-session-per-user within a Farm
This option allows users to move between stations without disconnecting their
session. The setting would be useful in a health care environment.
319
SessionRoamingMode
When enabled, the vWorkspace Connection Broker looks for both active and
disconnected sessions when a user issues a launch request.
This enforces one user session per farm, and allows a user to roam, being able
to return to their active session from any terminal. The default setting is 0.
HKLM\SOFTWARE\Provision Networks\Common\Load and License Manager
SessionRoamingMode
REG_DWORD
(0=disabled 1=enabled)
vWorkspace Connector Configuration
The AppPortal retrieves information about published applications, desktops,
and other assigned resources available from a vWorkspace infrastructure by
communicating with the Connection Broker for the infrastructure. AppPortal
must be configured so that it knows how to communicate with the Connection
Brokers. This process is referred to as managing or configuring connections.
An AppPortal command line parameter, /autodelete, is available. This
command line parameter removes all farm definitions and desktop integrated
shortcuts upon exiting AppPortal, so that any autoload farms are reloaded.
First Time Start Configuration
When a user starts AppPortal for the first time, AppPortal attempts to
configure itself automatically. It does this by locating and reading a file named
config.xml using the following order of locations:
•
http://vworkspace.<FQDN>
•
http://provision.<FQDN>
•
https://vWorkspace.<FQDN>
•
https://provision.<FQDN>
If a config.xml is not located using the default URL, AppPortal displays a
message telling the user to create a new connection.
If the Farm Type is specified as RDBroker, the following attributes do not display
a warning if they are missing:
320
•
EnableKerberos
•
KerberosMode
•
TCPPort (location specific)
•
Protocol (location specific)
•
RDPonSSL (location specific)
•
EnableNAT (location specific)
•
UseProxy (location specific)
•
ProxyServer (location specific)
•
ProxyBypassList (location specific)
How to ...
Create a New Farm Connection
1.
Start AppPortal from the desktop.
– OR –
Start | Programs | Quest Software| vWorkspace |
vWorkspace Client
2.
Select Actions | Manage Connections. The Farm Connection
window opens.
3.
Click Create a new farm, and then click Next.
4.
a) To manually create a farm, select the Allow me to manually
specify all configuration parameters option, and then click
Next. The system displays the Connectivity window. See Manage
AppPortal Connections for information on completing this process.
– OR –
b) To download the configuration file, select Download the
configuration file from a central server, and then click Next.
The New Configuration window appears.
c) Complete the following fields on the New Configuration window,
and then click OK.
•
Select the Protocol of HTTP, HTTPS, or File.
•
Enter the URL.
•
Verify the File field is config.xml.
•
Select one of the Proxy Server options.
321
5.
Complete any further information on the property windows, and then
click Finish.
Some information is grayed out and unavailable to be changed.
Multiple Monitor Support
vWorkspace Enhanced Multimonitor (version 2.0) support is available, providing
true multimonitor support to the virtual workspace. The previous version of
vWorkspace Multimonitor (version 1.0) support enabled desktop sessions to
span multiple monitors. Whereas, Enhanced Multimonitor is monitor aware.
Users can have up to four monitors with a total maximum resolution of 4096 x
2048. However, the total resolution height and width needs to be able to be
exactly divided by four for enhanced multimonitor. If the total resolution is not
exactly divided by four, the previous version of vWorkspace multimonitor runs.
The color can be set at 24-bit for Microsoft Windows XP and Microsoft Server
2003, and at 32-bit for Microsoft Vista and Microsoft Server 2008. The task bar
is confined to the primary monitor, along with the Start menu.
• Enhanced Multimonitor (2.0) does not support 8-bit or lower color. If 8-bit
or lower color is detected, the Multimonitor 1.0 support is enabled and the
enhanced Multimonitor support is disabled.
• If the resolution is 1600x1200 or higher on a Microsoft Windows Server
2003 Terminal Server, it reverts to Multimonitor 1.0 and the Terminal
Server reverts to 8-bit color.
Since resolutions can vary by screen, a started application in non-maximized,
normal Window mode can open into a nonviewable area of the screen. If you are
using applications where you cannot maximize or resize the window, or you plan
to use mixed resolution, it is recommended that your monitors be the same
resolution.
A top bottom multimonitor configuration may present an aesthetic defect in
the presentation if you are using Multimonitor 1.0 and not the enhanced
Multimonitor 2.0.
Multimonitor is supported on Microsoft Windows 7 and Microsoft Windows Server
2008 R2 if you are using the RDC 7 client or RDC 6 client with GA enabled on the
client. Microsoft RDC 5 is not supported for Microsoft Windows 7 and Microsoft
Windows Server 2008 R2.
322
Multiple monitor support is setup for the AppPortal client from the Display
window by selecting the option Span multiple monitors when in full screen
mode. See Display Settings for more information.
The taskbar may, intermittently, span both monitors, if you are using
Multimonitor 1.0.
Multiple monitor support is setup for the Web Access client by selecting the Span
multiple monitors when in full screen mode option from the Display
Settings window. See Web Access for more information.
You also need to select the Quest vWorkspace Remote Desktop Connection
Display tab option Span multiple monitors when in full screen mode. To
access this setting, use the following path:
Start | All Programs | Quest Software| vWorkspace |
Remote Desktop Connection
323
Manage AppPortal Connections
AppPortal connections can be created manually by using the following options
on the Farm Connection window.
There are two types of AppPortal connections, vWorkspace Connection
Broker and Microsoft Remote Desktop Connection Broker. The properties
on the windows may vary based on the type of connection that is selected.
The connection properties for the AppPortal connections are found in the
following tabs on the Farm Connections window:
324
•
Farm Type
•
Connectivity Settings
•
Firewall/Proxy Traversal (vWorkspace CB type only)
•
RD Gateway (RD Connection Broker type only)
•
Credentials Settings
•
Display Settings
•
Local Resources Settings
•
Experience Settings
•
Password Management Settings
•
Desktop Integration Settings
•
Auto-Launch Settings
Farm Type
FARM TYPE SETTINGS FIELD
DESCRIPTION
vWorkspace Connection Broker
Select this option to connect to a vWorkspace
Connection Broker.
Microsoft Remote Desktop
Connection Broker
Select this option to connect to a Microsoft
Remote Desktop Connection Broker.
325
Connectivity Settings
CONNECTIVITY SETTINGS
FIELD
Location
DESCRIPTION
Three separate connection locations are available
from the list.
Use Rename to specify the location name, such as
Office or Home.
Test Connection
Use to test the connectivity settings for a location.
PROPERTIES FOR LOCATION
These settings are used to communicate with the Connection Broker, and are
configured separately for each Location.
Protocol
Use either HTTP or HTTPS.
TCP Port
Use to specify the port in which the Connection
Broker listens on for inbound connection requests.
326
CONNECTIVITY SETTINGS
FIELD
Connection Brokers
DESCRIPTION
Use Add to enter the host name, FQDN or IP
address for a Connection Broker.
Use the arrow buttons to change the order in
which the connections are attempted.
Remote desktop connection
broker server name or URL:
Enter the RD Connection Broker server name or
URL.
Firewall/Proxy Traversal (vWorkspace CB type only)
FIREWALL/PROXY
TRAVERSAL SETTINGS FIELD
DESCRIPTION
CONNECTION OPTIONS FOR LOCATION
327
FIREWALL/PROXY
TRAVERSAL SETTINGS FIELD
DESCRIPTION
Enable NAT Support for
Firewall Traversal
Use this when vWorkspace enabled Session Hosts
are located behind a firewall that is using Network
Address Translation and Alternative Addressing.
Enable RDP over SSL/TLS
Use SSL/TLS encryption of RDP session traffic is
used.
SSL Gateway Server
Use this to enter the FQDN or IP address of the
Quest vWorkspace Secure Gateway server.
This option is only available when Enable RDP
over SSL/TLS is selected.
PROXY SERVER FOR LOCATION
These settings are used when the vWorkspace client device is located behind a NAT
enabled firewall and Socks Proxy Servers are used to gain access to the outside
network.
Use the default from the
system internet settings
Use if the proxy settings are the same as those
used by Internet Explorer.
Do not use a proxy server
Use if you do not want to set a proxy server.
Enter an address manually
Use to indicate the address as entered.
The address must be entered in the following
format:
proxy_serve_rname:port
proxy_serve_rname = host name, FQDN, or IP
address of the Socks Proxy Server.
port = TCP port number the Socks Proxy Server
is listening on.
Do not use proxy server for
addresses beginning with:
328
Use to list proxy server exclusions.
Use semicolons (;) to separate the entries.
RD Gateway (RD Connection Broker type only)
RD GATEWAY SETTINGS
FIELD
DESCRIPTION
CONNECTION SETTINGS
Automatically detect RD
Gateway server settings
Select if you want RD Gateway server settings
automatically detected.
Use these RD Gateway server
settings
Select if you want to use the entered Server
name and Logon method as the RD Gateway
server settings.
Do not use an RD Gateway
server
Select if you do not want to use an RD Gateway
server.
329
Credentials Settings
CREDENTIALS SETTINGS
FIELD
Use Cached credentials
DESCRIPTION
Uses credentials from the Windows credentials
cache on the client device.
To use this option, Enable Credentials
Pass-Through (Settings | Authentication)
must be enabled.
User Kerberos credentials
Uses the Kerberos authentication protocols.
To use this option, the client device must be a
member of Microsoft Windows Active Directory
domain and the user must log onto the device
using their domain user account and password.
330
CREDENTIALS SETTINGS
FIELD
Use the following credentials
DESCRIPTION
Uses the NT LAN Manager authentication
protocols.
The Username, Password, and Domain
information is entered, and the user is not
prompted for this information during a connection
attempt.
The Save credentials (encrypted) option allows
the AppPortal to read the cached credentials from
disk, and does not prompt users for them. This
option is only available if the Use the following
credentials option is selected.
Display Settings
DISPLAY SETTINGS FIELD
DESCRIPTION
Display Configuration
Sets the remote session window size during a
non-seamless window connection.
331
DISPLAY SETTINGS FIELD
DESCRIPTION
Colors
Sets the remote session color depth during a
non-seamless window connection.
Display the connection bar
when in full screen mode
Displays a connection bar when the session is in
full screen mode.
Pin Connection Bar option disables the
connection bar auto-hide feature.
Span multiple monitors when
in full screen mode
Sets the add-on feature to enable multiple monitor
display.
Enable Smart Sizing
Smart Sizing is functional when connecting to a
managed computer. The session screen size and
color depth are automatically adjusted to settings
in the guest operating system.
Smart sizing resizes the desktop, rather than
creating scroll bars.
Display remote applications
seamlessly on local desktop
Enables the remote application window size and
color depth to be dynamically adjusted to match
those of the client device, allowing the remote
application to have the same look and feel as if it
were installed on the client device.
This setting also enables session sharing, which
allows multiple remote applications to run through
a single session, given those applications are
installed on the same Session Host or Managed
Computer.
332
Local Resources Settings
LOCAL RESOURCES
SETTINGS FIELD
Remote audio
DESCRIPTION
Bring to Local Computer — runs sound files in your
Remote Desktop session and plays them on your local
computer.
Leave at Remote Computer — runs sound files in your
remote desktop session and plays them only on the
remote computer.
Don’t play — disables all sounds in remote desktop
sessions.
333
LOCAL RESOURCES
SETTINGS FIELD
Keyboard
DESCRIPTION
These options apply to Windows shortcut key
combinations, such as Alt+Tab.
On the local computer — configures your connection so
that Windows shortcut keys always apply to your local
desktop.
On the remote computer — configures your connection
so that Windows shortcut keys always apply to the
desktop of the remote computer.
In full screen mode only — configures your connection
so that Windows shortcut keys apply to the remote
computer only when the connection is in full screen
mode.
LOCAL DEVICES
These settings determine which client side devices are available to the remote
applications or desktops.
Disk drives
Local disk drives.
Serial ports
Local serial ports.
Printers
Local printers. Standard Window print drives are used for
printing, so the appropriate drivers need to be installed
on both the client devices and the remote computer.
Smart cards
Smart card connections for authentication.
USB Devices
Devices that are attached to a USB port on a client device
can synchronize with applications running in a remote
session.
Universal Printers
Remote printing using a single print driver.
Clipboard
Enables redirection of copy and paste functionality.
Microphone
Enables support for applications that require the use of a
microphone.
This option is part of the Experience Optimization
Package. See EOP Audio for more information.
334
Experience Settings
EXPERIENCE SETTINGS
FIELD
Choose your connection
speed to optimize
performance
DESCRIPTION
The options are:
• Modem (28.8 Kbps)
• Modem (56 Kbps)
• Low-Speed broadband (256 Kbps - 2 Mbps)
• Satellite (2 Mbps - 16 Mbps with high latency)
• High-Speed broadband (2 Mbps - 10 Mbps)
• WAN (10 Mbps or higher with high latency)
• LAN (10 Mbps or higher)
335
EXPERIENCE SETTINGS
FIELD
Allow the following:
DESCRIPTION
These options are used to create a custom
setting:
• Desktop background
• Font Smoothing
• Desktop Composition
• Visual Styles
• Show contents of window while dragging
• Menu and window animation
• Persistent Bitmap caching
Note: If Desktop Composition (Windows Aero) is
enabled, Graphics Acceleration is disabled.
Note: Bitmap caching can assist in reducing
bandwidth requirements. The other features
require additional bandwidth.
Experience Optimized
Protocol (EOP)
These options are used to automatically enable
optimizations when logged on to the remote
computer:
• Graphics Acceleration
• Local Text Echo
• Media Player Redirection
• Flash Redirection
• WAN Acceleration (EOP Xtream)
Reconnect if connection is
dropped
336
This option allows for automatic reconnection if
connection is dropped.
Password Management Settings
PASSWORD MANAGEMENT
SETTINGS FIELD
DESCRIPTION
Server Name or IP Address
The FQDN of the Quest vWorkspace Password
Management Server.
Port
The TCP port to which the Quest vWorkspace
Password Management Server has been
configured.
This is usually 443.
337
Desktop Integration Settings
DESKTOP INTEGRATION
SETTINGS FIELD
Allow Client Shortcuts on:
DESCRIPTION
This option controls where the placement of
shortcut icons occurs when the AppPortal is
started in Desktop Integration mode:
• Desktop
• Start Menu
• Start Menu \ Programs
Note: The placement of shortcuts when either
Start Menu or Start Menu \ Programs are selected
depends on whether Windows is using the
Standard or Classic start menu.
338
Auto-Launch Settings
AUTO-LAUNCH SETTINGS
FIELD
Auto-Launch Application
DESCRIPTION
This option is used to specify applications that are
to be launched automatically when AppPortal is
started.
This option is for AppPortal in desktop integrated
mode, or if a farm is connected to automatically at
startup.
Note: Only the first application found is
automatically launched.
339
AppPortal in Desktop Integrated Mode
AppPortal also has an option to be started in Desktop Integrated Mode where
the user interface shell is suppressed. Instead, AppPortal runs from the Windows
system tray area. Applications icon shortcuts are placed on the user’s Desktop,
Start Menu, or All Programs menu, depending on your settings.
On a Windows XP computer, the placement of shortcuts depends on whether
Windows is using the Start menu or Classic Start menu.
How to ...
Start the AppPortal in Desktop Integrated Mode
1.
Use one of the following options:
Start | All Programs |Quest Software| vWorkspace |
AppPortal (Desktop-Integrated)
– OR –
Start | Run and then type C:\Program Files\
Quest Software\vWorkspace\pnap32.exe/di
The AppPortal is an icon on the Windows toolbar status area.
AppPortal Actions Menu Options
The AppPortal Actions menu on the toolbar contains the following commands:
340
•
Manage Connections
•
Change Current Location
•
Logon as a Different User
•
Change Password
•
Refresh Application Set
•
Close
ACTIONS MENU OPTION
DESCRIPTION
Manage Connections
Select to start the Farm Connections window to create
new or modify existing infrastructure connections.
Change Current
Location
Select when a connection to the currently selected farm
needs to be made using different location settings.
Logon as a Different
User
Select when the user wants to log into the selected farm
using a different set of credentials.
Change Password
Select to submit a password change request to the
Quest vWorkspace Password Management Server.
Select to have the AppPortal update the list of
applications in the user’s application set.
Close
Select to exit AppPortal. This option does not close any
sessions the user might have to a Session Host or a
managed computer.
341
AppPortal Settings Menu Options
The Settings menu option located in the toolbar of the AppPortal provides
users with access to settings that control how application set icons are displayed
and how authentication to the infrastructure is performed.
SETTINGS MENU OPTION
DESCRIPTION
Menu Bar
If selected, the Menu Bar displays links to the
Action, Settings, and Help menus.
Tool Bar
If selected, the Tool Bar displays icons of actions.
Find Bar
If selected, the Find Bar displays to search for
applications.
Status Bar
If selected, the Status Bar displays the
connection status.
Always on Top
If selected, the AppPortal window is always
placed in front of other application windows.
Hide When Minimized
If selected, the AppPortal window moves to the
Windows Notification area when minimized.
If not selected, a minimized AppPortal window is
placed in the Windows taskbar.
Personalize...
If selected, displays the Personalization dialogue
window to configure the window style, colors and
fonts, which can be saved as Themes.
PNTray
The vWorkspace system tray applet (PNTray) is available when the AppPortal
is started, or when a connection to a managed computer or a managed computer
application is active. The PNTray is displayed in the Windows system tray as the
vWorkspace context menu. The commands that are available depend on the
AppPortal mode and if there is an active connection.
342
•
Manage Connections
•
Open Session Status
Use this option to view the sessions that are active on Session Hosts,
and the applications that are running in each session. Session Host
sessions, when selected, can then be changed using the buttons of
Disconnect, Logoff, and Full Screen. Applications can be
terminated by using Terminate, without logging off from the session.
•
•
Logon as Different User
•
Change Password
•
Authentication
•
Enable Credentials Pass-Through
•
•
Restore AppPortal Client
•
Close AppPortal Client
The following options are available from the Universal Printer section of the
PNTray, when the AppPortal is in normal mode:
•
PDF Publisher Options
•
Save PDF File
•
E-mail PDF File
•
Preview before printing
•
Apply Additional Printer Properties
•
•
Native printer options, such as finishing and stapling are
presented when this option is selected.
Client Properties
The following options are available if the AppPortal is in Desktop Integrated
Mode. These options replace the Action and Settings AppPortal menu options.
See Manage AppPortal Connections for more information on the AppPortal
menu options.
343
FARM CONNECTIONS
OPTION
DESCRIPTION
Farm
The display name of the farm.
Status
The connection status.
Location
The name of the location settings used to make
the connection.
User
The user name that is logged in.
Shortcuts Exist?
If Yes, application set icon shortcuts have been
configured.
If No, application set icon shortcuts have not been
configured.
Connect/Refresh Shortcuts
Connects to or refreshes a selected farm.
Disconnect/Remove
Shortcuts
Disconnects and removes application set icon
shortcuts from the client’s Desktop, Start Menu,
or Start Menu \ Programs.
Logon as a Different User
Allows the user to log on to a selected farm using
a different set of credentials.
344
FARM CONNECTIONS
OPTION
DESCRIPTION
Allows the user to connect to the selected farm
using different location settings.
Change Password
Allows the user to submit a password change
request using the Quest vWorkspace Password
Management Server.
View Existing Shortcuts
Presents users with a display listing the name and
location of their application set icon shortcuts.
vWorkspace U3 AppPortal Connector
The vWorkspace U3 AppPortal does not require an installation and can be used
without registering any files or registry entries for configuration settings. It is an
AppPortal client that be used on any Microsoft Windows computer.
It functions and appears to the end users the same as the installed version of
the AppPortal client.
U3 AppPortal Client Modes
The U3 version of the AppPortal client provides administrators with several batch
files that can execute the AppPortal in several different modes. The following is
a list of available modes:
•
usb — Used in conjunction with a a USB device.
•
lock — User settings are not accessible to the end user.
•
di — AppPortal is present in desktop integrated mode.
•
autodelete — All farms are removed and shortcuts are deleted when
AppPortal is closed.
Combinations of these modes are available for use, that is, you could use
diusblockmode to have AppPortal presented in desktop integrated mode from
a USB device with user settings inaccessible to end users.
Use the U3 AppPortal
The U3 AppPortal client functions are the same as the installed AppPortal. See
AppPortal Actions Menu Options, AppPortal Settings Menu Options, PNTray, and
Manage AppPortal Connections for more information.
345
Central Configuration of AppPortal
The config.xml file controls connection policies on the AppPortal. If you choose
to configure this file, there are a few items that need to be considered.
A template file is located in the following folder on your Connection Broker
Server: \Program Files\Quest Software\vWorkspace\Provision-IT. It is
also located on your Web Access server at:
\Inetpub\wwwroot\Provision\Web-IT.
One of the following methods need to be completed for autoconfiguration of the
file.
Method One
1.
Create a DNS Entry (A record or CNAME) and assign the name
provision or optionally, vworkspace, which is actually a Web
Server located on your network.
2.
Place the configured config.xml file in the root of the Web Server:
IIS: \Inetpub\wwwroot
Apache: edit the 000-default file and look for DocumentRoot (found
in /etc/apache2).
Method Two
1.
Create a login script or push out a Registry Setting to your client
computers. The registry setting is:
HKLM\Software\Provision Networks\Provision-IT Client
Value: AutoConnectURL
Type: REG_SZ
Data: http://www.domain.com
346
2.
If you have multiple config.xml files for multiple farms, use the
following registry key:
HKLM\Software\Provision Networks\Provision-IT Client
Value: AutoConnectURL
Type: REG_MULTI_SZ
Data: (One Per Line)
http://www.domain1.com/config.xml
http://www.domain1.com/provconf/myconfig.xml
https://ssl.domain.com/config.xml
3.
Install the Quest vWorkspace Client.
4.
Start the client.
The following table lists the config.xml file settings, a description of some of the
settings, and associated values.
CONFIG.XML FILE SETTING
VALUES
DESCRIPTION
FarmName
Default = New
Farm Connection
Farm Name can be
anything, but once
connected, it takes the
name of the actual farm
set in the vWorkspace
Management Console.
OverrideFarmName
0=Off
Use this setting to
override the way in which
the Farm Name is
presented to users in
AppPortal.
1=On
Default = 0
PromptForLocation
Integer
0= Off
1= On
Default = 1
Tells the vWorkspace
Client to prompt for a
location, such as Office or
Home.
This is specified in the
Locations section of the
config.xml file. See
Location Section of
Config.xml.
347
VALUES
DESCRIPTION
DefaultLocation
1|2|3
Three different locations
for a farm connection are
supported. The one
selected in this setting is
the default location.
Default =1 (if
PromptForLocation
is 0)
SeamlessMode
0 = Off
1 = On
Default = 1
DesktopWidth
640 to 4096
Default = 800
DesktopHeight
480 to 2048
Default = 600
FullScreen
Custom width for
connections. Does not
apply if SeamlessMode
is set to 1 (on).
Custom height for
connections. Does not
apply if SeamlessMode
is set to 1 (on).
0 = Not enabled
1 = Enabled
Default = 0
SpanMonitors
0 = Not enabled
1 = Enabled
Default = 0
ColorDepth
8 to 32
Default = 8
AudioMode
0 = Sound on local
computer.
1 = Do not play
sound.
2 = Sound on remote
computer.
Default = 0
348
Set the default color
quality of the desktop
connection/Provision
applications.
VALUES
KeyboardHook
0 = On local
computer.
DESCRIPTION
1 = On remote
computer.
2 = Full screen mode
only.
Default = 0
RedirectDrives
0 = Do not redirect
local drives.
1 = Redirect local
drives.
Default = 0
RedirectPrinters
0 = Do not redirect
local printers. (This
is not Universal
Printers.)
1 = Redirect local
printers.
Default = 0
RedirectComPorts
0 = Do not redirect
local COM ports.
1 = Redirect local
COM ports.
Default = 0
RedirectSmartCards
0 = Do not redirect
SmartCards.
1 = Redirect
SmartCards.
Default = 0
RedirectHandhelds
0 = Do not redirect
local handheld
devices.
1 = Redirect local
handheld devices.
Applies to the USB-IT
feature in Remote
Desktop Services and the
USB Redirection support
for desktop connections.
Default = 0
349
VALUES
RedirectUniversalPrinters
0 = Do not redirect
local Universal
Printers.
1 = Redirect local
Universal Printers.
Default = 0
RedirectMicroPhone
0 = Do not redirect
the microphone.
1 = Redirect the
microphone.
Default = 0
RedirectClipBoard
0 = Do not redirect
the Clipboard.
1 = Redirect the
Clipboard.
Default = 0
EnableWallpaper
0 = Do not enable
local wallpaper.
1 = Enable local
wallpaper.
Default = 0
EnableFullWindowDrag
0 = Do not enable
windows content
while dragging.
1 = Enable windows
content while
dragging.
Default = 0
EnableAnimation
0 = Do not enable
animations.
1 = Enable
animations.
Default = 0
350
DESCRIPTION
VALUES
EnableThemes
0 = Do not enable
themes.
DESCRIPTION
1 = Enable themes.
Default = 0
EnableBitmapCaching
0 = Do not enable
Bitmap caching.
1 = Enable Bitmap
caching.
Default = 0
EnableDesktopComposition
0 = Do not enable
Desktop
composition.
If Desktop Composition is
enabled, Graphics
Acceleration is disabled.
1 = Enable Desktop
composition.
Default = 0
EnableFontSmoothing
0 = Do not enable
Font smoothing.
1 = Enable Font
smoothing.
Default = 0
HideSettings
0 = Do not hide the
Provision Connection
policies.
1 = Hide the
Provision Connection
policies.
Used to control whether
users can see the settings
for their vWorkspace
Client.
Default = 0
EnableSSO
0 = Do not enable
SSO.
1 = Enable SSO.
Used for cached
credentials, not Kerberos
authentication.
Default = 0
351
VALUES
DESCRIPTION
EnableKerberos
0 = Do not enable
Kerberos ticket
authentication.
Setting takes precedence
over EnableSSO.
1 = Enable Kerberos
ticket authentication.
Default = 0
KerberosMode
0 = All
authentication.
Used with
EnableKerberos.
1 = Initial
authentication only
(logon).
Default = 0
DisallowSaveCredentials
0 = Allow clients to
save their credentials
within the
vWorkspace Client.
1 = Do not allow
clients to save their
credentials within the
vWorkspace Client.
Default = 0
PasswordManagement
Server
String
Fully qualified domain
name or SSL certificate
name of the Password
Management Server.
Do not include https or
port numbers. For
example:
pwdmgr.domain.com
PasswordManagement Port
1 to 65535
Default = 443
AllowPassword Management
0 = Do not use
Password
Management Server.
1 = Use Password
Management Server.
Default = 0
352
Port to use for Password
Management Server.
Password Management
Server must be setup and
functional on a member
server of the domain.
VALUES
DIShortcutLocations
1 = Desktop
DESCRIPTION
2 = StartMenu
4 = Start
Menu\Programs
EnableSmartSizing
0 = Do not use smart
sizing on desktop
connections.
1 = Use smart sizing
on desktop
connections.
Default = 0
AutoReconnect
0 = Do not auto
reconnect to a
session if
disconnected or
dropped.
1 = Auto reconnect
to a session if it is
disconnected or
dropped.
Default = 0
DisplayConnectionBar
0 = Do not display
the connection bar
when using full
screen.
1 = Display the
connection bar when
using full screen.
Default = 0
PinConnectionBar
0 = Do not pin the
connection bar.
1 = Pin the
connection bar.
Default = 0
EnableLocalTextEcho
0=Disable
1=Enable
Default = 0
353
VALUES
EnableGraphicsAcceleration
0=Disable
DESCRIPTION
1=Enable
Default = 0
EnableMultimediaRedirection
0=Disable
1=Enable
Default = 0
EnableFlashRedirection
0=Disable
1=Enable
Default = 0
AutoLaunchAppN
AppName, N = 1 to
10
A total of 10
autolaunched applications
are available, but the
data is the name of the
managed application
within the vWorkspace
Management Console,
Resources | Managed
Applications.
Note: The vWorkspace
Client only starts the first
application found; it does
not start multiple
applications.
FarmType
0=vWorkspace
1=RDBroker
Default=0
EnableWANAcceleration
0=No
1=Yes
Default=0
354
VALUES
NetworkConnectionType
0=Modem28
DESCRIPTION
1=Modem56
2=Low speed
broadband
3=Satellite
4=High speed
broadband
5=WAN
6=LAN
Default=4
RDGatewayMode
Auto
Specify
None
Default=Auto
RDGatewayServer
<Server name or IP
address>
RDGatewayLogonMethod
Any
Password
Smartcard
Default=Any
RDGatewayBypass
0=No
1=Yes
Default=1
355
Location Section of Config.xml
CONFIG.XML
LOCATION SECTION
VALUES
DESCRIPTION
Number
1
Use to identify the location
you created.
2
3
TCPPort
1 to 65535
Default = 1
ServerList
For example:
broker1.domain.com,xxx.
xxx.xxx.xxx, pnbroker
TCP port of the Connection
Broker.
Comma separated string of
Connection Broker severs,
FQDN, IP, NetBIOS name.
Name
String
Name of the connection,
such as Internal, External,
Secure.
Protocol
0 = http
Use 1 if using Secure
Gateway. If only using this
for internal connections, you
can use 0.
1 = https
RDPonSSL
0 = No RDP over SSL
1 = Use RDP over SSL
(Protocol must be set to
1 and SSLGateway set).
RDP over SSL Secure
Gateway connection.
Default = 0
SSLGateway
String
For example:
broker1.domain.com,
pnbroker
356
Secure Gateway server
listed as FQDN or NetBIOS
name, depending on SSL
Certificate name.
CONFIG.XML
LOCATION SECTION
EnableNAT
VALUES
DESCRIPTION
0 = Do not enable NAT
translation for firewall
connections.
Only for Session Hosts. An
alternative IP address must
be set in the vWorkspace
Management Console for
each Session Host.
1 = Enable NAT
translation for firewall
connections
Default = 0
To set an alternative IP
address, use the following
path:
Infrastructure | Servers |
Terminal Servers
Right-click on the Session
Host and select Properties.
Select the Connectivity
tab, IP Address.
ProxyServer
String
IP: port of proxy server to
use for connections.
ProxyServerBypassList
String
Refer to Microsoft
documentation for proxy
exceptions.
Resources
Administrators can use the vWorkspace Management Console to view user
sessions, Session Host sessions, and processes running on the Session Hosts in
the vWorkspace infrastructure to assist with troubleshooting.
Administrators can also access vWorkspace user options located in the
Resources node of the vWorkspace Management Console. The following options
are available in a RD Session Host or VDI environment, and include:
•
•
Application Restrictions (RD Session Host only)
•
Connection Policies
•
Color Schemes
•
Drive Mappings
•
•
Host Restrictions (RD Session Host only)
357
•
Registry Tasks
•
Scripts
•
Time Zones
•
User Policies
•
Wallpapers
The Additional Customizations node gives administrators control over the
configuration of the Windows Desktop and Start Menu, visibility of drive letters,
and existing network drive and printer mappings.
Default Customizations are a set of customizations configured with settings
commonly used in Session Host and VDI environments, which can be assigned
to vWorkspace clients. Default Customizations cannot be modified, but they
can be duplicated and used to create new customized settings.
How to ...
Create New Additional Customization Settings
358
1.
2.
Expand Resources, and then select Additional Customizations.
3.
If necessary, click on the Toggle Client Assignment List Display
button to change the display view, as appropriate.
4.
•
Activate New (green plus sign) from the toolbar of the
information pane.
•
Right-click on the Additional Customizations node to activate
it.
•
Select Actions | New Additional Customizations.
5.
Click Next on the Welcome window of the new Additional
Customizations wizard.
6.
Enter a name for the customization on the Name window, then click
Next.
7.
Select the appropriate settings on the Desktop/Start Menu Items
8.
Specify the drive letters that should not be visible to users on the
Drive Restrictions window, and then click Next.
359
9.
Select Delete pre-existing Network Drive Mappings and Delete
pre-existing Network Printer Connections on the Network
Resource Cleanup window, as appropriate, and then click Next.
10. Complete the Client Assignment window to assign the application
restriction, and then click Next.
a) Click the plus (+) sign to select targets, and the Select Targets
window opens.
b) On the Select Targets window, use the green plus (+) sign to add
targets that are not included in the Select Targets window.
c) Select users from the list. Use CTRL to select more than one user
to assign.
d) Click OK to close the window and save your assignments.
11. Specify permissions, if appropriate, on the Permissions window, and
then click Finish.
360
vWorkspace Application Restrictions (Block-IT) is an access control system
that allows administrators to increase the overall security, reliability, and
integrity of their Session Host environments.
Some of the advantages include:
•
Guard against application spoofing.
•
Fight against virus infections.
•
Prevent users from executing unauthorized programs.
•
Grant access to applications by time and day.
•
Lock down the Session Host.
The Application Restrictions feature is not currently supported in a VDI
environment.
How Application Restrictions Work
With AAC, a list of program executables and program modules (dynamic link
libraries) are organized into an Application List, enabling administrators to grant
or deny access to entire software suites, not just individual executables.
The Application List is then associated with a group of Session Hosts, known as
an Application Access Control Server group. Additional settings such as
application termination, hash checking, and full path checking can also be
configured for the Application List. The Application List can then be assigned to
one or more vWorkspace clients.
Hash Checking
For each individual executable or module in the Application List, a unique binary
hash is computed and stored in the vWorkspace database. A binary hash is like
a fingerprint; it is used to verify the authenticity of a program executable at start
time. Enabling hash checking prevents users from renaming the files associated
with a restricted program.
Hash checking can be disabled for a particular Application List. Disabling hash
checking is often practical for a systemwide application update. For example, if
an update to an application is being installed to one RD Session Host at a time,
hash checking can be temporarily disabled until the update has been installed to
all the servers and the application version has been made consistent across the
entire farm. Once new hashes are computed for the updated program
executables, then hash checking can be reenabled.
361
Path Checking
Path checking restricts users from copying files to a new location. Path checking
can be disabled for various purposes. For example, if the same application is
installed to different target folders on different RD Session Host, full path
checking may fail depending on which RD Session Host the user logs on to.
However, this particular scenario can be mitigated by maintaining multiple file
groups for the same application, where each file group is associated with a
particular target folder.
Termination
You can choose to automatically terminate applications if they are still running
outside of the access hours, even if they were started during an allowed time
slot.
Application Restriction Properties
To define these settings, select the Application Restrictions under the
Resources node in the vWorkspace Management Console, and then do one of
the following:
362
•
Right-click and select App restrictions global properties.
•
Click on the Properties icon on the toolbar.
•
Select Actions | App restrictions global properties.
Application Restrictions General Properties
Use Application Restriction properties to configure infrastructure settings and
defaults for application restrictions. The settings are explained below.
APPLICATION RESTRICTION
GENERAL PROPERTIES
DESCRIPTION
Application restrictions
update interval (minutes)
This property determines the intervals at which
vWorkspace checks for possible changes to
application restrictions.
Block access to apps
excluded from all application
lists, as well as apps included
in multiple client-assigned
application lists having
conflicting access settings.
If selected, this property allows access only to
those applications and desktops that are published
on Session Hosts,
– OR –
have been defined on the Application List with a
permission of Allow.
Note: If an application is listed twice with
different permissions (allow and deny), users are
denied access to the application.
363
APPLICATION RESTRICTION
GENERAL PROPERTIES
Deny Message
Default assignments
DESCRIPTION
This property allows administrators to edit the
message that appears when a user is denied
access to a program.
This property allows administrators to configure
the default assignment when creating new
Application List entries.
The options are Allow or Deny.
Hash settings
This property determines the default setting for
hash checking when creating new Application List
entries.
The options are Unconfigured, Use Hash, or
Ignore Hash.
Path settings
This property determines the default setting for
path checking when creating new Application List
entries.
The options are Unconfigured, Use Full Path, or
Ignore Full Path.
364
Application Restrictions Server Groups
Application Restrictions Server Groups define a group of one or more
Session Hosts in the vWorkspace infrastructure to which Application Restrictions
are applied.
APPLICATION
RESTRICTIONS SERVER
GROUPS PROPERTIES
DESCRIPTION
New
This button adds a new group name to the list of
groups.
Delete
This button removes a group of servers.
Group
The names of the defined server groups are listed.
To edit, select the group name, and then click the
ellipsis.
Servers in Group
The names of the Session Hosts that are members of
the group are displayed.
To edit, select the group of servers, and then click the
ellipsis.
365
Properties of an Application Restriction List
Each Application Restriction entry is displayed in the vWorkspace Management
Console in the details window pane of the Application Restrictions node. To
create a new Application Restriction entry, do one of the following:
•
Select New (green plus sign) from the toolbar of the information
pane.
•
Right-click on the Application Restriction, and then select New
Application Restriction.
•
Select Actions | New Application Restriction.
To edit the properties of an existing entry, double-click on its name in the list of
Application Restrictions, or select Properties from the context menu. The
following properties are available.
366
APPLICATION
RESTRICTIONS LIST
PROPERTIES
DESCRIPTION
General
Name
This field is the user friendly name for the
application.
Description
This field is used to provide descriptive details
about the application restriction being created.
This field is optional.
Category
This field is used to group multiple applications
into a single category.
For example, if an accounts payable, accounts
receivable, and payroll applications are written as
separate programs, they can be grouped into a
category of Accounting.
Server Group
Server Group
This field is for the Application Access Control
Server Group to which the Application Restriction
is assigned.
Options
Automatically terminate
application(s) if still running
outside access hours
This checkbox, if selected, terminates applications
that are running outside of the access hours.
Ignore Hashes
This checkbox, if selected, disables using use hash
checking.
See Termination for more information.
See Hash Checking for more information.
Ignore Full Paths
This checkbox, if selected, disables using full path
checking.
See Path Checking for more information.
Applications
Show Full Paths
This checkbox, if selected, displays complete
paths to the listed files.
Add File
This button adds files to the list.
Add Folder
This button adds all files contained in the folder.
367
APPLICATION
RESTRICTIONS LIST
PROPERTIES
Remove
DESCRIPTION
This button removes files that are selected from
the listed files.
Client Assignments
Add (+)
This button adds targets that can then be
assigned to this application restriction.
Permissions
Users/Groups
Specify permissions for this application restriction
list.
Assign an Application List to Clients
Each Application List entry has a Client Assignment that determines which
vWorkspace targets are assigned to the Application List. To define targets for a
new Application List entry, use one of the following methods.
•
Define targets in the Client Assignment section of the New Application
List wizard.
•
Modify the targets of an existing Application List entry in the Client
Assignment section of the Properties window for the Application List
entry.
•
Modify Client Assignments directly from the information pane.
•
Modify Client Assignments directly from the Client Assignments list
displayed for each application, in the information pane.
How to ...
368
•
Assign Clients to the Client List
•
Unassign Clients from the Client List
•
View Client Properties
•
Schedule Access Hours
Assign Clients to the Client List
1.
Click the + (Assign to) from the toolbar of the Application
Restrictions information window pane.
2.
Select from the list of available clients on the Select Clients window.
Use Ctrl or Shift to make multiple selections.
Use the + (plus sign) to add clients that are not in the list.
Unassign Clients from the Client List
1.
•
Select clients in the list on the Client Assignments window, or
Client assignments list in the information pane, and then click the
- from the toolbar.
•
Click on the blue - icon on the toolbar of the information pane for
Applications Restrictions, and then select from the list of available
clients on the Select Clients window.
Use Ctrl or Shift to make multiple selections.
View Client Properties
1.
Click on Properties to view details about the selected client.
Schedule Access Hours
1.
Click on the Schedule icon to edit Application List access.
A separate schedule can be defined for each client in the list. Schedule
options include:
Allow All
Select this option to allow unlimited access to the
Application List
Deny All
Select this option to deny unlimited access to the
Application List.
Edit Schedule
Select this option to specify the exact hours of the
days and the days of the week to allow access to
the applications in the Application List.
369
Connection Policies
Connection policies are used to define automatic device connection and
optimizations when users log on to a remote computer. Connection policies can
be configured, and assignments and permissions defined. Connection policies
are set to Undefined by default.
To set Connection policies, open the Connection Policy Wizard one of the
following ways:
•
Expand the Resources node and highlight the Connection Policies
node, and then select Actions | New Connection Policy from the
toolbar or the information pane.
•
Expand the Resources node and right-click on Connection Policies,
and then select New Connection Policy.
•
Expand the Resources node and highlight the Connection Policies
node, and then select Actions | New Connection Policy from the
toolbar.
The following options can be defined:
CONNECTION POLICY
PROPERTY
Name
Remote Computer Sound
OPTIONS
This name is used for organizational purposes and
is displayed on the vWorkspace Management
Console.
• Undefined
• Bring to Local Computer
• Do Not Play
• Defer Setting to End User
370
CONNECTION POLICY
PROPERTY
OPTIONS
Local Devices
Disk Drives
• Undefined
Printers
• Yes
USB Devices
• No
• Defer to End User
Serial Ports
Smart Cards
Universal Printers
Clipboard
Microphone
Experience Optimizations
• Undefined
Local Text Echo
• Yes
Media Player Redirection
• No
Flash Redirection
• Defer to End User
WAN Acceleration (EOP Xtream)
Client Assignments
• Specify the targets to which the connection
policy should be assigned.
Permissions
• Specify permissions for the connection policy.
How to ...
Define New Connection Policy Properties
1.
2.
Expand the Resources node, and do one of the following to open
the Connection Policy Wizard window:
•
Highlight Connection Policies and then click New (green +
sign) on the toolbar of the information pane.
•
Highlight Connection Policies and then click the green plus sign
from the toolbar.
•
Right-click on Connection Policies and then select New
Connection Policy.
•
Highlight Connection Policies, and then select Actions | New
Connection Policy.
371
372
3.
Click Next on the Welcome window of the Connection Policy Wizard.
4.
Enter a name for the connection property on the Name window, and
then click Next. This is the name that appears on the vWorkspace
Management Console.
5.
Define the settings on the Remote Computer Sound window, and
then click Next.
6.
Define the local device settings, and then click Next.
7.
Specify the performance optimizations settings on the Experience
Optimizations window, and then click Next.
373
8.
Assign targets to this connection property on the Client Assignments
window by doing the following:
a) To add targets, click on the blue plus sign.
b) Select a target from the list, or click the green plus sign to add a
target.
c) Browse for the user on the Add Target(s) window, and then click
OK.
d) Select the added target or targets from the Select Targets window,
and then click OK.
9.
Click Next on the Client Assignments window.
10. Enter permissions, as appropriate, on the Permissions window, and
then click Finish.
374
Color Schemes
A color scheme can be assigned to vWorkspace clients by administrators. The
color scheme is used when connecting to applications or desktops hosted from
vWorkspace enabled Session Hosts and VDI computers.
When assigning color schemes through the vWorkspace Management
Console, a color scheme is not loaded for Microsoft Vista or later.
How to ...
Assign a Color Scheme
1.
2.
Expand Resources, and then select Color Schemes.
3.
Click on the Toggle Client Assignment List Display button to
change the display view, as appropriate.
4.
To select a color scheme, do one of the following:
a) Right-click on the color, and then select Assign to.
b) Click the Assign to icon (+) from the toolbar.
Color schemes are listed in alphabetical order.
5.
Add or remove clients in the Select Targets window.
6.
Click OK.
Drive Mappings
Administrators can assign network drive mappings to vWorkspace clients to use
when they are connecting to applications and desktops hosted from vWorkspace
enabled Session Hosts and VDI computers.
Assigning drive mappings through the vWorkspace Management Console has the
following advantages:
•
Domain administrative rights are not required.
•
Knowledge of scripting languages or command line syntax is not
required.
•
Drive mappings are only applied when connecting to vWorkspace
enabled Session Hosts or desktops.
•
More flexibility in how mappings are assigned.
375
How to ...
Create a New Drive Mapping
1.
2.
Expand Resources.
3.
a) Select Drive Mappings, and then click on the + on the toolbar in
the information pane.
b) Right-click Drive Mappings, and select New Drive Mappings.
4.
Click Next on the Welcome window of the New Drive Mapping
wizard.
5.
Select the values for this drive mapping on the Values window, and
then click Next.
The values associated with drive mappings are listed below:
Command Type
Use NET USE when creating a
traditional network drive mapping.
Use SUBST when a drive letter
substitution is required.
376
Network Path
The Universal Naming Convention
(UNC) path to the shared network
resource.
Drive Letter
The letter to be used for mapping.
6.
Enter alternative credentials to be used when mapping this drive, if
7.
Complete the Client Assignment window to assign the application
window opens.
to assign.
8.
Specify permissions, if appropriate, on the Permissions window, and
then click Finish.
Administrators can assign environment variables to vWorkspace clients when
connecting to applications or desktops hosted from vWorkspace enabled Session
Hosts or VDI computers. These environment variables are created automatically
when the user logs on, and are cleared when the user logs off.
How to ...
Create a New Environment Variable
1.
2.
Expand the Resources node.
3.
a) Select Environment Variables, and then click the + on the
toolbar in the information pane.
b) Right-click on Environment Variables, and select New
Environment Variables.
4.
Click Next on the Welcome window of the New Environment Variable
wizard.
377
5.
Enter a name and value for the environment variable, and then click
Next.
6.
window opens.
to assign.
7.
then click Finish.
Host Restrictions
The Host Restrictions tool allows administrators to assign access control rules
to restrict user access to IP based network hosts.
Host Restrictions work at the network layer, intercepting requests from
applications to connect to particular IP addresses on particular TCP ports. Host
Restrictions allows or denies connections by parsing the access control rules
table maintained in system memory.
Host Restrictions rules apply only to those specified by the administrator; they
do not apply to all program executables running on the Session Host.
How to ...
Create Host Restrictions
1.
2.
Expand the Resources node, and then select Host Restrictions.
3.
Select + on the toolbar in the information pane, or the context menu
of the Host Restrictions node.
4.
Click Next on the Welcome window of the Host Restrictions wizard.
5.
Enter a name for this host restriction. Optionally, you can also enter
a category. Click Next.
6.
Specify the Host Type, and then click Next.
If the restriction is by host name or FQDN, select Name as the Host
Type. If the restriction is by IP address, select IP Address.
378
7.
Enter the host name or FQDN, or the target Host IP Address, and
then click Next.
8.
Enter the port or ports to be used on the Ports window, and then
click Next.
Separate multiple port numbers with commas, use a hyphen for a
range of ports, and an asterisk (*) for all ports.
9.
window opens.
to assign.
then click Finish.
Registry Tasks
The Registry Tasks tool allows administrators to add, delete, or modify registry
keys in the HKEY_CURRENT_USER registry hive without manually loading and
editing each user’s ntuser.dat registry hive, or writing complex registry editing
scripts for RD Session Host or VDI environments.
The vWorkspace Management Console should be started from a Session Host
when working with Registry Tasks. A non-Session Host computer may not
have the registry keys and hives that need to be manipulated.
How to ...
Modify a Registry Tasks
1.
2.
Expand the Resources node, and then select Registry Tasks.
3.
Click the Toggle Client Assignment List Display icon on the
information pane to change the view, as appropriate.
379
4.
Select + on the toolbar of the information pane, or New Registry
Task from the context menu of the Registry Tasks node.
5.
Click Next on the Welcome window of the Registry Task wizard.
6.
Enter a name for the registry task on the Name window, and then
click Next.
7.
Select the appropriate Registry Action from the following options:
•
•
•
•
Add Key
Delete Key
Add Value
Delete Value
8.
Enter the key or value parameters, or use Browse to find the
appropriate parameters.
9.
a) If you are adding a key, enter the name in the Key field.
b) If you are deleting a value, select it from the list, and then click
OK.
c) If you are adding a value, enter the corresponding parameters in
the fields.
d) If you are modifying an existing value, change the Value Name,
Value Type, or Value fields as appropriate.
e) Select the type of registry value from the Value Type field.
380
10. Click Next.
window opens.
to assign.
then click Finish.
381
Scripts
Scripts are files that are used to automate repetitive tasks. They can be simple
text files or more complex written in a specific programming language.
vWorkspace administrators can easily assign scripts to vWorkspace clients using
the Scripts option in the vWorkspace Management Console. Some advantages
include:
•
Administrators do not need to have domain administrative rights.
•
Editing the registry on each Session Host is not necessary.
•
Modifying the usrlogon.cmd command script on each Session Host is
not necessary.
•
Use any Windows executable to write the script, such as bat, cmd, or
exe.
•
Increased flexibility and control over how the scripts are assigned.
The following considerations should be used when working with scripts on
vWorkspace enabled Session Hosts:
•
It is best to use a single method to start the script. Troubleshooting
can be difficult if scripts are started using different methods.
•
The scripts used in the vWorkspace Management Console and scripts
started using other methods should not interfere with each other.
•
The simplest form of a script should be used for the task. Do not write
a complex script to carry out a task that can be accomplished using a
command line script.
The scripts do not execute in interactive mode, so Pause, Echo, and any other
outputs are not displayed.
How to ...
Assign a Script
1.
2.
Expand the Resources node, and then select Scripts.
3.
4.
a) Click the + on the toolbar of the information pane.
b) Right-click on the Scripts node, and then select New Script.
382
5.
Click Next on the Welcome window of the Scripts wizard.
6.
Type the complete path and file name in Script File on the Script
File window, or use the ellipsis to browse to the script. Click Next.
The script must be on a network share. If you are typing a path name,
it would look like, \\servername\sharename\script.bat.
7.
window opens.
to assign.
8.
then click Finish.
Time Zones
A date and time stamp that is placed on opened files, messages, and scheduled
meetings is based upon an application location, which can be a Session Host in
a time zone that is different from the user. The Time Zones tool allows
administrators to assign appropriate time zones to users in a Session Host or VDI
environment.
How to ...
Assign a Time Zone
1.
2.
Expand the Resources node, and then select Time Zones.
3.
4.
Select the appropriate time zone from the alphabetical list.
5.
Right-click on the time zone and select Assign to.
– OR –
Click the Assign to icon (the icon with the blue circle and a white plus
sign) from the toolbar in the information pane.
383
6.
7.
Click OK.
User Policies
The User Policies tool provides a way for vWorkspace administrators to better
control user desktop environments. The following settings can be controlled with
User Policies:
•
Windows Components — Windows Explorer, and Help and Support
Center
•
Start Menu and Taskbar— Control Panel and Display
•
System — Ctrl+Alt+Del options and Logon
The Properties option of User Policies allow administrators to select which
policy template is used to create new user policies. Two user policies are
provided with vWorkspace, Default Admin and Default User, which contain
settings that are commonly implemented for administrators and users. These
policies can be modified and duplicated as appropriate. vWorkspace
administrators can also add new policy templates.
How to ...
•
View User Policies Properties
•
Create User Policies
•
Modify User Policies
View User Policies Properties
384
1.
2.
Expand the Resources node.
3.
Highlight User Policies, and do one of the following:
•
Right-click, and then select Properties.
•
Select Actions | User policies properties.
•
Click on the Properties icon on the toolbar.
4.
Select the policies that are to be used as the default templates for
new user policies.
5.
Click Policy Templates on the Templates window to import or
remove policy templates.
Create User Policies
1.
2.
Expand the Resources node, and then click User Policies.
3.
Click on the Toggle Client Assignment List Display button in the
information pane to change the display view, as appropriate.
4.
Select + on the toolbar of the information pane, or right-click on
User Policies, and then select New User Policy.
5.
Click Next on the Welcome window of the User Policy wizard.
6.
Enter a Name for the new user policy on the Name window, and
then click Next.
7.
Click Policy Templates on the Templates window, and then select
Import, Remove, or Rename policy templates on the Policy
Templates window. Click Close.
8.
Click Next on the Templates window.
9.
Select the appropriate policy settings on the Policy Settings window,
The boxes associated with each setting are three-way toggles;
checked enables the setting, unchecked disables the setting, gray
indicates the setting is not influenced by this policy.
385
window opens.
to assign.
then click Finish.
Modify User Policies
1.
2.
Expand the Resources node, and then click User Policies.
3.
Click Toggle Client Assignment List Display on the information
pane to change the display view, as appropriate.
4.
Double-click the policy that is to be modified.
5.
Change the entries, as appropriate, on the User Policy Properties
window.
6.
Click Apply to make the change, and click OK to close the window.
Virtual User Profiles (MetaProfiles-IT) is an alternative to roaming profiles.
Virtual User Profiles eliminate potential profile corruption and accelerates logon
and logoff times by combining the use of a mandatory profile with a custom
persistence layer designed to preserve user profile settings between sessions.
See Virtual User Profile Management for more information.
Wallpapers
A wallpaper can be assigned to vWorkspace clients by administrators. The
wallpaper is used when connecting to applications or desktops hosted from
vWorkspace enabled Session Hosts and VDI computers.
386
How to ...
Assign Wallpapers
1.
2.
Expand Resources, and then select Wallpapers.
3.
Click on the Toggle Client Assignment List Display button on the
information pane to change the display view, as appropriate.
4.
To select a wallpaper, do one of the following:
a) Right-click on the style, and then select Assign to.
b) Click the Assign to icon (the icon with the blue circle and a white
plus sign) from the toolbar.
5.
6.
Click OK.
Change Wallpaper Properties
Wallpaper properties are available through their context menu.
1.
2.
Expand Resources, and then select Wallpapers.
3.
Right-click on the selected wallpaper, and select Properties.
4.
Change the property as appropriate.
Wallpaper File
The full path and file name of the wallpaper.
Note: Each Session Host must have a copy
of the bit-mapped image file for the defined
wallpapers. It needs to be in the same
location as the one displayed here.
Default Style
Three options:
• Centered
• Tiled
• Stretched
Client
Assignments
A list of vWorkspace targets to whom the
wallpaper is assigned.
You can assign or unassign wallpaper from
this list.
Permissions
The user or groups with permissions for this
wallpaper are specified here.
387
Add New Wallpaper
1.
2.
Expand Resources.
3.
Right-click on the Wallpaper node, and then select New
Wallpaper.
– OR –
Select the green plus sign (+) from the toolbar.
4.
Click Next on the Welcome window of the Wallpaper wizard.
5.
Enter the full path and file name for the wallpaper file and select the
Default Style on the General window, and then click Next.
6.
window opens.
to assign.
7.
then click Finish.
Secure Gateway
Quest vWorkspace Secure Gateway is designed to simplify the deployment of
applications over the Internet, securely and cost-effectively. The purpose of the
Secure Gateway is to act as a checkpoint (proxy) to prevent direct access to the
internal vWorkspace resources of an organization. Secure Gateway can proxy
connections to three vWorkspace components: vWorkspace Web Access,
vWorkspace Connection Broker, and the RDP listener on a vWorkspace virtual
desktop or RD session host.
388
Requests sent to either a Web Access server, a vWorkspace Connection Broker,
or a vWorkspace remote host are SSL encrypted at the client end point and sent
through the corporate firewall on TCP port 443 to the Secure Gateway. Once
received by the Secure Gateway, the data is decrypted and forwarded to the
destination on the appropriate port. Outbound responses from the vWorkspace
resource pass back through the Secure Gateway and are encrypted and
forwarded to the client web browser or vWorkspace Connector, depending on the
proxy.
Connections to Web Access can be direct, and not through the Web Interface
Proxy. However, this will require a separate SSL certificate.
Below is an example of the basic steps taken in communicating through the
Secure Gateway’s RDP proxy.
1.
RDP connections are SSL-encrypted at client end points and sent
through the corporate firewall on TCP port 443.
2.
Once received by the Secure Gateway, the data is decrypted and
forwarded to the destination virtual computer on TCP port 3389.
3.
Outbound RDP traffic passing through the Secure Gateway is
encrypted and forwarded to the client end point.
Installation Requirements
The Secure Gateway requires the following for installation:
•
One or more X.509 web server certificates
•
For SSL certificates that have been installed on Web Access or
Connection Broker servers, the trusted root certificate for the issuing
Certificate Authority (CA) must be installed into the Windows
certificate store of the Secure Gateway and the certificate store of the
connecting client end point.
Microsoft IIS can exist with the Secure Gateway, but it is not required.
389
The following are recommended and supported configurations for the Secure
Gateway
•
The Secure Gateway should be placed in a DMZ network or a
protected internal network.
•
The Secure Gateway can installed on either a physical or virtual
computer.
•
The Secure Gateway can be used with or without Web Access.
•
The Secure Gateway can be used in conjunction with third-party load
balancing appliances.
The Secure Gateway should not be installed on Session Hosts. The only
exception would be for proof of concept purposes.
Secure Gateway Certificate
The following are suggested best practices for your Secure Gateway certificate.
390
•
Your certificate should have the same Issued To and Friendly
Name.
•
The certificate should be an RSA (1024) certificate, not an AES
certificate. (4096-bit certificates have been successfully tested.)
•
You should have a private key that corresponds to the certificate.
•
On the Certificate Properties window, General tab, Server
Authentication should be listed and selected.
Secure Gateway Configuration
The Secure Gateway is configured using the Quest Secure-IT applet, located in
the Windows Control Panel. The Secure-IT applet allows the management of
three separate proxies. Each proxy secures communication to a separate
vWorkspace component.
•
RDP Proxy - The RDP Proxy functionality provides the ability for
users on a public network, like the Internet, to connect to virtual
desktops or Remote Desktop Session Hosts that are managed by
vWorkspace and located on a private network.
The connection to this proxy is always SSL encrypted.
•
Web Interface Proxy -
The Web Interface Proxy functionality provides the ability for users on a public network, like the Internet, to connect to Quest vWorkspace Web Access through the Secure Gateway. The connection to this proxy can optionally be SSL encrypted.
•
Connection Broker Proxy - Provides the ability for users on a public network, like the Internet, to connect to a Quest vWorkspace
Connection Broker that is located on a private network.
391
The connection to this proxy can optionally be SSL encrypted.
PROXIES TAB FIELDS
DESCRIPTION
RDP Proxy
Local IP Address
This checkbox enables SSL encryption of RDP
session traffic between the vWorkspace connector
and vWorkspace enabled Remote Desktop Session
Hosts and virtual desktops.
The IP address for the Secure Gateway for
inbound requests is selected from the list.
Local Port
The TCP port number to be used for SSL
encryption of RDP session traffic.
Default is 443.
Note: If Microsoft IIS exists on the Secure
Gateway, the port 443 might already be in use.
392
PROXIES TAB FIELDS
Certificate Name
DESCRIPTION
This field is for selection of the web server
certificate that is to be used by the Secure
Gateway for inbound SSL-encrypted RDP session
traffic.
Note: Only certificates installed in the Windows
computer store are recognized.
Web Interface Proxy
Local IP Address
This checkbox enables secure web browser traffic
between the vWorkspace connector and the Web
Access web server.
inbound Web Access SSL requests is selected from
the list.
Local Port
The TCP port number to be used for SSL
encryption of the Web Access session traffic.
Default is 443.
Destination Host(s)
The Secure Gateway forwards requests through
the IP address, host name, or FQDN of the Web
Access web server. Use commas to separate
entries.
Dest. Port
The TCP port number that the Web Access web
server listens on.
Default is 80.
Enable SSL
This checkbox decrypts and then forwards
packets.
Unselect this check box, and the packet is sent
without being decrypted.
Certificate Name
traffic.
This field is only for use if the Enable SSL check
box is selected.
machine store are recognized.
393
PROXIES TAB FIELDS
DESCRIPTION
Connection Brokers Proxy
Local IP Address
This checkbox indicates secure traffic between the
vWorkspace connector and the Connection Broker
servers.
inbound Connection Broker SSL requests is
selected from the list.
Local Port
The TCP port number for SSL encryption of
Connection Broker traffic.
Default is 443.
Destination Host(s)
The Secure Gateway forwards requests through
the IP address, host name, or FQDN of the
Connection Broker server. Use commas to
separate entries.
Dest. Port
The TCP port number that the Connection Broker
servers listen on.
Default is 80.
Enable SSL
If this checkbox is selected, the Secure Gateway
decrypts inbound SSL packets before forwarding
them to the Connection Broker servers.
If this check box is not selected the Secure
Gateway does not encrypt SSL packets for
inbound Connection Broker servers.
Certificate Name
traffic.
This field is only for use if the Enable SSL check
box is selected.
machine store are recognized.
394
OPTIONS TAB FIELDS
DESCRIPTION
Connections Settings
Inactivity Timeout
This number is the amount of time a session can
be inactive before the Secure Gateway terminates
it.
Default is 0 (no time out).
Server Logging
Enable to Trace login to the
specified file
If this checkbox is selected, logging for
troubleshooting is enabled.
The name and location for this file is entered into
the text box. You can also use Browse.
Log files have a maximum size of 10 MB. Once the
maximum is reached a new log file will be
generated appended with the date and time. Thus,
when not troubleshooting, logging should be
disabled.
395
Deployment Options
The following deployment options discussed in this section are:
•
Web Access
•
AppPortal Access
•
AppPortal and Web Access
Web Access
Web Access acts as a web based portal to a vWorkspace farm. To summarize its
function, Web Access validates vWorkspace users, through successful
authentication to Active Directory by way of the vWorkspace broker, and directs
vWorkspace connectors to the appropriate virtual desktop. In order to use Web
Access in conjunction with the Secure Gateway, Web Access must be configured
properly.
Complete the following steps to configure Quest vWorkspace Web Access to use
Quest vWorkspace Secure Gateway:
•
Browse to the Web Access Admin page:
•
•
396
http://<webaccess_servername>/provision/web-it/admin
Select the Firewall/SSL VPN link on the left side of the page.
Default Address Translation Settings
The Default Address Translation Settings controls the default connections
for clients connecting to a vWorkspace farm through Web Access. If the Secure
Gateway is to be the default connection, this setting should be set to
vWorkspace Secure Gateway.
Custom Address Translation Settings
When there is a need for exceptions to the Default Address Translation Settings,
the Custom Address Translation Settings should be used. A good example is
when Web Access is used to connect from inside the company (those that are on
a LAN/private network) as well as by users who connect from outside of the
company (those that connect over a public network like the Internet).
Those users connecting over a public network should use the Quest vWorkspace
Secure Gateway to ensure maximum security, but those connecting from inside
the company might not need that level of security and could connect directly to
a virtual desktop/RD session host.
397
To connect directly to a virtual desktop or RD session host and override the
Default Address Translation, the Custom Address Translation Settings
section needs to be set to Normal Address, and the network subnet of the
excepted client end points needs to be entered into the Client Address Prefix list.
This is done by entering the subnet and clicking Add. Please note that the
network subnet notation needs to end with a . (dot). The custom address
translation setting would override the default setting, which, in this case, is
Secure Gateway. As demonstrated below, all connections would be routed to the
Secure Gateway unless the client prefix is equal to 10.1.1.
398
SSL Gateway Settings
In the Secure Gateway section of Quest vWorkspace Web Access, the
connectivity information for the Quest vWorkspace Secure Gateway being used
needs to be provided. The graphic below shows a configured Web Access Secure
Gateway page. The setting are defined in the following table.
399
FORM FIELDS
DESCRIPTION
SSL Gateway
External SSL Gateway FQDN/IP
Address
This setting controls the Quest vWorkspace Secure
Gateway addressing for Quest vWorkspace Web
Access. This setting needs to be the exact name
that the SSL Certificate for Quest vWorkspace
Secure Gateway was issued to. If the Certificate
was issued to an IP address, then the IP address
should be in this section, if the Certificate was
issued to a Fully Qualified Domain Name (FQDN),
it should be set here.
TCP Port
TCP Port should be set to mirror the setting for the
local port of the RDP proxy in the Quest
vWorkspace Secure Gateway applet.
SSL Gateway/Local Address (IP)
Enter the IP address of the Quest vWorkspace
Secure Gateway server, and then click Add.
SSL Gateway/Local Address List
Shows what Quest vWorkspace Secure Gateway
servers are configured for communicating with
this Web Access instance.
Enable NAT support for Firewall
Traversal
If the Secure Gateway server is located in a
Demilitarized Zone (DMZ) this box may need to be
checked, but only if Network Address Translating
(NAT) is in effect between the DMZ and the
Internal Network.
Web Access URL (external users)
This is the URL which users on the outside of the
network will be connecting to.
Web Access URL (internal users)
If the URL is different than the external users, this
should be filled in with the proper link for Internal
Users
AppPortal Access
This configuration is used when a secure single point of entry is needed for users
connecting from external networks, but the connections are managed by
AppPortal, rather than Web Access. In this scenario, the vWorkspace Connection
Broker proxy and the RDP proxy are the two Secure Gateway proxies enabled.
400
The Secure Gateway is the only access point to the vWorkspace infrastructure.
Remote clients gain access to the system using a single FQDN. Only one firewall
access rule is required to permit inbound connections to the Secure Gateway on
TCP port 443.
A valid 128-bit SSL certificate must be installed on the Secure Gateway.
The Secure Gateway, if situated in the DMZ, may require additional firewall rules
to allow the Secure Gateway to communicate with the Connection Brokers and
the virtual desktops on the internal network.
How to ...
Configure AppPortal Access
1.
Use the following path to access the applet:
Control Panel | Quest Secure-IT
2.
Complete the RDP Proxy section as follows:
a) Select Local IP Address, and then select an IP address from the
list.
b) Enter the Local Port.
401
c) Click the Lock icon to select the web server certificate used by the
Secure Gateway for inbound SSL-encrypted RDP session traffic.
Only certificates installed in the Windows machine store are
recognized.
3.
Complete the Connection Broker Proxy section as follows:
a) Select Local IP Address, and then select an IP address from the
list.
b) Enter the Local Port.
c) Enter the IP address, host name, or FQDN of the Web Access web
server that the Secure Gateway forwards requests. Use commas
to separate entries.
d) Click the Lock icon to select the web server certificate used by the
Secure Gateway for inbound SSL-encrypted RDP session traffic.
Only certificates installed in the Windows machine store are
recognized.
Both the RDP and the Connection Broker proxies can share the same IP
address and TCP port.
4.
From the AppPortal Interface at the client end point,
a) Configure a farm connection using AppPortal | Manage
Connections, or by right-clicking on the farm from the
b) Enter the FQDN of the Connection Broker proxy in the Server List
on the Connectivity tab.
c) Select Enable RDP over SSL/TLS, and then enter the FQDN of
the RDP proxy in the SSL Gateway Server field.
402
AppPortal and Web Access
This option describes a setup where the vWorkspace connector is accessed by
AppPortal and Web Access.
The Secure Gateway and Web Access, if situated in the DMZ, require additional
firewall rules to permit the Secure Gateway to communicate with the virtual
desktops and the Connection Broker, and for Web Access to communicate with
the Connection Broker.
If you are using Secure Gateway in conjunction with Web Access, you must
specify both the internal and external Web Access access URL’s on the
Firewall/SSL VPN section of the Web Access Management console. See
Web Access for more information.
403
There are two possible ways to configure the use of the AppPortal and Web
Access.
One option allows all three proxies to share the same IP address and SSL
certificate, but the Web Access and the Connection Broker proxies have different
TCP ports. This allows the Secure Gateway to distinguish HTTP connections going
to Web Access from HTTP connections going to the Connection Broker.
A second option is for all three proxies to use the same TCP port, but the
Connection Broker has a different IP address and SSL certificate.
How to ...
Configure AppPortal and Web Access
1.
Use the following path to access the applet:
Windows Control Panel | Quest Secure-IT
2.
To configure using the same IP address and SSL certificate:
a) Enter the same IP address in the RDP Proxy, Web Access
Proxy, and Connection Broker Proxy fields.
b) Enter the same Local Port for RDP Proxy and Web Access
Proxy, and a different Local Port for the Connection Broker
Proxy.
404
3.
Complete the other fields as appropriate, and then click Apply to
make the changes without closing the window, or click OK to make
the changes and to close the window.
.
a) Configure a farm connection using AppPortal | Manage
b) Enter the FQDN of the Connection Broker proxy in the Server List
on the Connectivity tab.
c) Select Enable RDP over SSL/TLS, and then enter the FQDN of
the RDP proxy in the SSL Gateway Server field, and then click
OK.
Both proxies may share the same FQDN, but the Connection Broker proxy is
set to a different TCP port.
405
4.
To configure using the same TCP port:
a) Enter the same TCP Port number in the RDP Proxy, Web Access
Proxy, and Connection Broker Proxy fields.
b) Complete the other fields as appropriate, and then click OK.
c) Configure a farm connection using AppPortal | Manage
d) Enter the FQDN of the Connection Broker proxy in the Server List.
e) Enter the FQDN of the RDP Proxy in the SSL Gateway Server
field.
f) Click OK.
The RDP and Web Access proxies can share the same IP Address, TCP
Port, and Certificate Name. The Connection Broker Proxy is bound to a
different IP Address and Certificate Name.
406
Web Access
Quest vWorkspace Web Access is a web application for vWorkspace Farms that
enable users to retrieve their list of allowed applications and desktops using a
web browser. One or more vWorkspace Web Access servers, configured to
communicate with a vWorkspace farm, must be available to use the Web Access
browser interface.
No client side configuration is needed; users simply start their Internet browser
and enter the address of the Web Access server. After successful authentication,
the user’s published desktops and applications display in the web browser. A
vWorkspace Connector must be installed, and personalization settings of the
Internet browser can be configured.
Web Access Tools
Web Access includes tools that allow you to configure a Web Access web site.
The Web Access Site Manager (WASM) interfaces with Microsoft Internet
Information Services (IIS) to create and prepare IIS web sites for Web Access.
The Websites node of the vWorkspace Management Console is used to create
Web Access configurations that can be pushed to a Web Access web site
prepared by the WASM.
vWorkspace Web Access Site Manager
Previously, hosting multiple Web Access sites on vWorkspace Web Access was a
difficult task. The vWorkspace Web Access Site Manager simplifies the
generation of multiple Web Access sites.
Quest vWorkspace Web Access is an ASP.Net application that installs as a virtual
directory within an IIS default web site. The initial Web Access site can be
created during installation or by using the WASM. In both cases, an IIS virtual
directory is created with the proper folder structure to host a Web Access site.
However, the new site has no configuration. A Web Access configuration must
be created in the vWorkspace Management Console and exported to the Web
Access site.
407
One Web Access server can host multiple Web Access sites; each providing a
user access interface to a separate vWorkspace farm. The WASM can be used to
aggregate multiple Web Access sites into a federated site. A federated site
provides a hyper-linked list of Web Access sites to the end user.
How to ...
Create a New Web Access Site
The WASM allows you to view, create, edit, and delete vWorkspace Web Access
Sites. Once a Web Access Site has been created the vWorkspace Management
Console can be used to configure settings for the site and have the configuration
pushed to the Web Access web site.
1.
Start the Web Access Site Manager one of the following ways:
a) From the Start menu of the Web Access server.
b) From the desktop icon of the Web Access server.
2.
Click New on the Web Access Site Manager window.
3.
Click Next on the Create a New Web Access Site wizard.
4.
Enter a Friendly Name and Virtual Directory Name, as appropriate.
Friendly Name - Type the name that will be displayed in the
Virtual Directory Name - Type the name of the virtual directory
used to access the Web Access site.
The Virtual Directory Name cannot be edited once the Web Access Site
has been created. The site must be deleted and a new one created.
Description - type an optional description.
Icon - to change the default image of the Web Access Site click the
vWorkspace icon. Any alternate icon image is required to be 32 pixels
by 32 pixels in size.
5.
Click Finish to complete the process.
After completing a new Web Access site, you must complete an
update to the web server with the site configuration. See Update Site
Once the site is created it can be edited or deleted from this interface.
408
vWorkspace Management Console Websites Node
vWorkspace Web Access is managed from a node in the vWorkspace
Management Console, named Websites. The Websites node allows an
administrator to define multiple Web Access sites for separate vWorkspace
farms. Administrators can also set Web Access properties such as Website
Information, Firewall/Secure Gateway, and Experience settings.
These settings are similar to settings in a vWorkspace Connector. However, with
Web Access, the configuration is being defined centrally, rather than at each
client access device.
Configuration
Define vWorkspace Websites
After vWorkspace Web Access has been installed and the Web Access site has
been created, either during installation or with the WASM, the properties of the
Web Access site are managed through the vWorkspace Management Console. A
new site must be defined as an object in the Websites node.
The following properties can be set for a Web Access web site in the vWorkspace
Management Console.
•
Connection Properties
•
Firewall/Secure Gateway
•
•
•
Experience
•
Browser Interface
Connection Properties
Connection Properties define the connection properties of a vWorkspace Web
Access website. To establish a connection to Web Access, specify the display
name and URL path used to connect to the Web Access web site. Multiple Web
Access sites can be added.
409
Firewall/Secure Gateway
The Firewall/Secure Gateway property is used to inform the Workspace
Connector how to communicate with the vWorkspace farm when a connection is
attempted. The Firewall/Secure Gateway property has five settings:
•
Default Rule
•
Custom Rules
•
Secure Gateway
•
Advanced Settings
•
Proxy Server
Default Rule
The Default Rule is the default addressing type that should be used when
accessing remote sessions. This default setting applies to all connecting clients,
unless specifically overridden by custom addressing rules.
The Default Rule options are:
•
Internal Address
•
Alternative Address
•
vWorkspace Secure Gateway
Custom Rules
Custom rules are exceptions to the default addressing rule. Any client address
that does not match a custom rule, access remote sessions using the default
rule. Custom Rules can be used to specify an addressing type and an associated
IP address specification that is added to the Custom Address Rules list. Any client
IP address or outside interface address of a firewall or proxy server that matches
the rule uses the corresponding addressing type.
The Custom Rules Addressing types are:
410
•
Internal — Web Access refers the connecting access device to make
a direct connection to the remote RDP host.
•
Alternate — Web Access refers the connecting access device to
make a connection to the remote RDP host using the configured
alternate address associated with the RDP host (RDSH only).
•
Secure Gateway — Web Access refers the connecting access device
to make a connection to the remote RDP host via Quest Secure
Gateway.
Secure Gateway and the Secure Gateway setting must be installed and
configured for this setting to take effect.
Secure Gateway
The Secure Gateway setting is used to define the path to the Secure Gateway.
Web Access uses the information in this setting to direct a connecting device to
Secure Gateway.
The typically port number for a Secure Gateway service is 443.
Advanced Settings
Advanced Settings can be used to enable NAT for firewall traversal. This is
helpful when your Web Access server and Secure Gateway are separated by a
NAT enabled firewall.
Proxy Server
Web Access can be configured to inform vWorkspace Connectors which proxy
server to use when connecting to a vWorkspace farm. Generally, proxy server
settings are used for internal offices, where the vWorkspace Web Access server
is in a DMZ and the internal office is using a proxy server to connect.
The Proxy Server options are:
•
Do not use a proxy server (This is the default setting.)
•
Use default from the system internet settings
•
Enter an address manually
Domain/Login Settings define what access control methods are used when
authenticating connecting users. The Domain setting must be defined in order
for authentication to the farm to succeed. The other Domain/Login settings are
optional and can be used to further secure access to your vWorkspace farm.
411
The Domain/Login settings are:
•
User Domains
•
Password Management
•
Credentials Pass-Through
•
•
Client Device Identification
•
Auto-Launch
User Domains
A Web Access site passes user credentials to a vWorkspace Connection Broker
for authentication and validation. The vWorkspace Connection Broker must
belong to a Microsoft Active Directory domain for this to work successfully. The
User Domains settings can be used to prepopulate the user domain field, and
authenticate the user account across multiple domains.
Quest vWorkspace allows the use of User Principal Names (UPN) during
logon. For example, [email protected].
Password Management
The Password Management setting is used to configure a Web Access site to
leverage Quest Password Management Service. Multiple password management
servers can be specified and must be associated with a domain defined in the
User Domains setting.
If more than one Password Management Server is listed in the Password
management servers field, users are prompted for which server to use to
change their password.
Credentials Pass-Through
Credentials Pass-Through allows the use of locally cached or Kerberos domain
credentials to login to a vWorkspace farm. This is helpful when the user is
connecting to a vWorkspace farm from a client access device that is a member
of a trusted domain.
412
To use this setting with Microsoft Internet Explorer, you must configure the
following before enabling this feature:
•
If you are using credentials pass-through and there are multiple
farms in which users need to log in to using credentials pass-through,
then you must also select the option, Log Users on to all
configured farms in the Farm settings. Credentials pass-through is
not currently supported when allowing users to select a farm.
•
Enable Integrated Windows Authentication must be turned on in
Advanced Internet Options of Internet Explorer, and the Microsoft IIS
web server must be a member of a domain in the Active Directory
forest containing the user’s account.
•
Web Access site needs to be added to the list in both Trusted Sites
and Local Intranet.
Credentials pass-through is not supported in the vWorkspace Connector for
Java.
If you are using Mozilla Firefox and credentials pass-through, you must configure
Firefox to use Integrated Windows authentication by completing the following
steps:
1.
Open Firefox.
2.
Type about:config in the address bar.
3.
Type network.automatic in the filter box once the config page
loads.
4.
Modify network.automatic-ntlm-auth.trusted-uris by double-clicking
the row, and enter www.mydomain.com.
Multiple URIs must be separated by comas.
To configure Firefox to use Integrated Windows authentication for multiple
Firefox installs, complete the following steps:
1.
Use a decompression tool, such as WinZip, the extract Firefox Setup
2.x.x.exe.
2.
Extract browser.xpi from the setup.
3.
Edit all.js contained in browser.xpi in \bin\jreprefs.
4.
Modify network.automatic-ntlm-auth.trusted-uris by double-clicking
the row, and enter www.mydomain.com.
Multiple URIs must be separated by comas.
5.
Repackage browser.xpi, and use the extracted setup to install
Firefox.
413
The Two-Factor Authentication setting allows for the integration of a two factor
authentication product such as Secure Computing PremierAccess or using
RADIUS to communicate with other 2FA solutions such as Quest Defender or RSA
ACE/Server.
Client Device Identification
When connecting to a vWorkspace farm, the end user's local IP address and
device name may be sent to the connection broker. This allows vWorkspace
resources to be assigned by IP address or device name for users who connect
through Web Access.
This feature is only supported when using Internet Explorer with ActiveX
controls enabled.
Auto-Launch
When a user logs onto a vWorkspace farm a managed application can be
launched automatically, rather than having the user select the application.
The Auto-Launch options are:
•
Do not automatically launch an application
•
Single Application
•
Specified Application
Downloads/Connectors is a group of settings that define whether the
vWorkspace Connector, or other files, are downloadable from the Web Access
user interface.
The Downloads/Connectors settings are:
414
•
General Settings
•
•
Other Downloads
To install the vWorkspace Connector for Windows you must have
administrative rights on the device where the connector is to be installed.
General Settings
The General Settings control whether a download tab is added to the user
interface of Web Access. After enabling the Download page, the link for the page
can be displayed in two locations:
•
On the Web Access login page.
•
On the main page after the user logs in.
The vWorkspace Connectors setting can be used to deliver the vWorkspace
Connector for Windows or the vWorkspace Connector for Java to client access
devices which do not have the Connector installed or have an outdated
vWorkspace Windows Connector. The vWorkspace Windows Connector can be
automatically downloaded if it is not installed or an older version is detected. A
link can also be placed on the Downloads page to allow users to download the
Windows Connector manually.
If you want to use the vWorkspace Connector for Java as a downloadable
connector from Web Access, the Java Connector must be installed on the Web
Access server. This is detailed in the Quest vWorkspace Connector for Java
Administration Guide.
Other Downloads
Other Downloads allows for the addition of custom download links to the
download page. This is helpful in situations where a resource is needed to allow
connections to a vWorkspace farm, such as a root SSL certificate for a private
certificate authority.
Experience
The Experience settings control Microsoft or Quest RDP virtual channels, such as
Desktop Composition and EOP Graphics Acceleration.
Some settings display two tabs, a Default Settings tab and a User Overrides
tab. The Default Settings tab provides the configuration of the specific category
unless the properties of a connection are set to override. The User Overrides tab
defines which values can be overridden by the user.
415
The Experience settings are:
•
Local Resources
•
Performance/EOP
•
Display
Local Resources
The Local Resources settings control the following aspects of a user connection:
•
Remote Audio
•
Keyboard
•
Devices and Features
Each of the Local Resources settings can be set to allow user override by
enabling Allow users to override the default local resource settings on the
User Overrides tab and selecting the override options to present to the user in
the Web Access client.
LOCAL RESOURCES SETTING
DESCRIPTION
Remote Audio
Remote audio playback
• Play on the end user’s computer (this is
the typical setting)
• Do not play
• Play on the remote computer - this is
useful when audio is being redirected via
vWorkspace USB Redirection.
Keyboard
Apply Windows key combinations
•
On the end user’s computer (default
setting)
• On the remote computer
• On the end user’s computer only when
using full screen
Devices and resources
Disk Drives
Select if users need access to the disk drives
on their access device.
Printers
Select if users need to print to autocreated
access device printers using native print
drivers.
416
LOCAL RESOURCES SETTING
DESCRIPTION
Serial Ports
Select if users need access to devices
attached to serial ports on their physical
device.
Smart Cards
Select if users are required to log on to their
session using a Smart Card attached to their
physical device.
USB Devices
Select if users need to make use of USB
devices when connected to the virtual
workspace.
Universal Printers
Select if users need to print by autocreated
access device printers using the Universal
Printer driver.
Microphone
Select if users need to redirect the local
computer microphone when connecting to the
virtual workspace.
Clipboard
Select if users need to redirect the local
computer clipboard when connecting to the
virtual workspace.
Performance/EOP
The Performance/EOP settings control the following aspects of a user
connection:
•
Connection Speed
•
•
•
•
•
•
•
Modem (28.8 Kbps)
Modem (56 Kbps)
Low-speed broadband (256 Kbps - 2 Mbps)
Satellite (2 Mbps - 16 Mbps with high latency)
High-speed broadband (2 Mbps - 10 Mbps)
WAN (10 Mbps or higher with high latency)
LAN (10 Mbps or higher)
Selecting a connection speed defines which of the following
performance options are enabled. For example, if LAN is selected all
of the performance options listed under Connection speed are
selected. If High-speed broadband is selected, only Desktop
composition, Persistent bitmap caching, and Visual styles are
selected.
417
•
Experience Optimized Protocol (EOP)
•
•
•
•
•
•
EOP
EOP
EOP
EOP
EOP
Flash Redirection
Text Echo
Xtream
Multimedia Acceleration
Session Options
The Session options section supports the feature to reconnect
sessions after they have dropped.
Display
The Display settings provide control of the display configuration, color depth,
and other settings, such as Smart Sizing.
•
Display Configuration
Display Configuration sets the default screen resolution for users
when connecting to a remote host.
•
•
•
Full screen (includes the option to span multiple monitors)
Specific resolution
Custom resolution (pixel height and width)
Screen resolution only applies when connected to a seamless windowed
application.
•
Colors
Specify the color depth of the remote session.
•
Other settings
•
•
•
•
418
Display connection bar when in full screen mode
Pin connection bar
Enable Smart Sizing - Smart Sizing resizes the remote sessions
screen resolution to fit the resolution of the client access
device when a connection is made to a disconnected session
on a remote host.
Display remote applications seamlessly on remote desktop This setting enables the remote session screen size and color
depth to match the settings of the client access device, when
connecting to a managed application.
Browser Interface
The Browser Interface setting defines the appearance of the Web Access client
interface. The Web Access client interface can be executed in Internet Explorer,
Mozilla Firefox, or Google Chrome.
The Browser Interface settings are:
•
Messages
•
Layout
•
Themes
Messages
The Messages settings allow for the modification of the messages that users see
in the Web Access client interface.
Layout
The Layout setting controls how application icons are displayed in the Web
Access client Interface.
Each of the parameters in Layout can be set to allow user override by enabling
Allow users to override the default local resource settings on the User
Overrides tab and selecting the override options to present to the user in the
Web Access client interface.
The Layout options are:
•
Default view for application icons:
•
•
•
•
•
Icon View
Details View
List View
Split View Icon
Split View Details
When the view is set to Icon View, pixel spacing between the
application icons can be set. The default spacing is 5.
Themes
The Themes settings allow the colors and images in the Web Access client
interface to be customized.
419
The following items can have their color set:
•
Background
•
Foreground
•
Button
•
Header Text
•
Header
•
Text
•
Login Text
•
Link Text
•
Login Box
•
Highlight Text
The Header Image and Logon Image can both be replaced with custom images.
Other Settings
The Other Settings groups several miscellaneous settings. The settings are:
•
Provide an application search box
•
Display user names and statistics on the main page after login
•
Display detailed Windows error messages
•
Enable debug logging
•
Specify the web session timeout (in minutes)
•
Specify the VDI retry interval (in seconds)
Additional Farms
The Additional Farms settings can be used to aggregate the application sets of
multiple vWorkspace and Citrix farms.
The setting options are:
•
Farm type:
•
•
420
vWorkspace Farm
Citrix
•
Farm name
•
Connection brokers (multiple brokers can be delimited by comas)
This is a mandatory step.
•
Broker TCP port
Update Site
The Update Site settings are used to push the Website configuration in the
vWorkspace Management Console to a Web Access site. The Site Manager utility
is used to generate the site structure and the Update website utility is used to
create the Web Access site’s configuration. The configuration can be pushed to
the site using the Update website utility or exported to an XML file, named
WebSettings.xml, which can then be manually copied into the config folder of
the specific Web Access site.
How to ...
Update a Site in Web Access
1.
From the vWorkspace Management Console, expand the Websites
node.
2.
Right-click on website that needs to be updated, and select Update
Website.
The dialogue will also appear at the end of the New Website Wizard
once Finish is clicked.
3.
Select one of two options:
•
Contact the Web Access site directly and update it’s
configuration — If this option is selected a prompt will appear
asking for the path to the Web Access site.
• Save the configuration to a file and manually update the
Web Access Site — If this option is selected a prompt will
appear asking for the location to save the WebSettings.xml
file. The .xml file needs to be copied to the following location:
\Inetpub\wwwroot\<virtual folder name>\Config
vWorkspace Connector Packages
vWorkspace Connectors are supported on multiple end point devices. The
vWorkspace Connector for Windows installation packages are included with a
Web Access installation and can be made available for download from the
vWorkspace Web Access User page.
421
When the Connector is selected in the Downloads settings in Web Access, a
version and location can be specified. In this case, it checks whether the
vWorkspace Connector for Windows is installed on the end point device. If the
specified version or later version is not installed, it attempts to automatically
download and install the Connector, from the specified location, using Microsoft
ActiveX.
ActiveX must be enabled on the user’s browser for client installation checking
to work. This feature is not supported for browsers other than Internet
Explorer.
The vWorkspace Connector packages available are:
•
VASCLIENT32 — Includes AppPortal and the Web Access.
•
VASCLIENT32T — Includes Web Access support, but not AppPortal.
•
VASCLIENT32TS — Includes a silent install for Web Access support.
See vWorkspace Connectors for more information.
Other vWorkspace Connectors
vWorkspace Web Access supports both Linux, Apple Mac, Android, and Apple
iPad as client connectors. These, however, must be installed through their
respective methods. Web Access cannot be automatically installed on these
platforms.
Integration
Web Access integrates with several third-party products to extend secure access
and productivity for a vWorkspace farm. Web Access provides integration for the
following products.
•
Juniper Secure Access
•
F5 Firepass
•
SharePoint
•
Citrix XenApp and XenDesktop
Juniper Secure Access
Web Access and Juniper Networks Secure Access SSL VPN can be integrated to
be used as a single sign-on solution by using custom headers created by the
Juniper Secure Access Central Manager.
422
Prerequisites
•
Secure Access Device must be running at least System Version 7.0
R0.
•
Authentication Realm must be setup and configured for the correct
Active Directory domain.
•
SSO License has to be installed on the SA Device, if SSO is required.
•
vWorkspace provides integration with WSAM and Network Connect.
•
vWorkspace Web Access server configured properly.
Configure Secure Access
1.
Create a new Role, for example, vWorkspace_Users.
2.
Select the SAM tab.
3.
Click Add Application, and then select PNTSC, which is the Quest
connection tool.
423
4.
Do the following on the Custom Application window, and then click
Save Changes.
a) Enter a Name.
b) Add a description, if needed.
c) Enter Filename as pntsc.exe.
424
5.
If you are using the Quest Connector, AppPortal through the SA
device, do the following on the Custom Application window, and then
click Save Changes.
a) Enter a Name.
c) Enter the Filename as pntsc32.exe.
425
6.
Do the following on the Allowed Server window, and then click Save
Changes.
a) Enter a Name.
c) Add a server. In this example, a subnet is used for the vWorkspace
environment.
d) Set the appropriate ports, such as 80 (Web), 8080 (Broker), and
3389 (Terminal Services).
426
7.
From the vWorkspace Role, select the SAM tab, and then select
Options.
8.
Complete the following on the Options settings.
a) Select Windows SAM.
b) Set appropriate Windows SAM options for this role.
c) Click Save Changes.
427
9.
Select the Web tab, and do the following:
a) Create a bookmark for the vWorkspace Web Access Server.
For vWorkspace version 7.2:
http://server/provision/web-it/default.aspx
For vWorkspace version 7.5: http://server/<identity>
428
10. From the main system menu, go to Users | Resource Policies |
Secure Application Manager Policies.
See step 12 if SSO is required.
429
11. Add a new policy or modify an existing policy by doing the following:
a) Enter a Name for the policy.
b) Enter Resources to which this WSAM role is allowed to access. For
example, 10.1.1.1/25:80,8080,3389.
c) Select Policy applies to SELECTED roles.
d) Select the vWorkspace role created previously.
e) Select Allow socket access.
f) Click Save Changes.
430
12. If SSO is required, from the main menu screen go to Resource
Policies |Headers/Cookies Policies, select the SSO tab, and then
select Headers/Cookies.
13. Select New Policy on the Headers/Cookies Policies window, and do
the following:
a) Enter a Name.
c) Enter a Resource, which is the direct link to the vWorkspace Web
Access site.
For vWorkspace version 7.2: http://server/provision/web-it/*
For vWorkspace version 7.5: http://server/<identity>
d) Set the role to which it applies.
e) Select Append headers as defined below.
f) Create three headers to write during the request process:
•
•
•
PN_Username<User>
PN_Password<Password>
PN_Domain NetBIOS Domain
F5 Firepass
Web Access and F5 FirePass SSL VPN can be integrated to be used as a single
sign-on solution by creating tunnels in the FirePass Administrator Console.
431
Prerequisites
•
F5 FirePass must be running at least version 7.0.0.
•
F5 FirePass Authentication must be configured for the appropriate
Active Directory domain.
•
vWorkspace Web Access server must be installed and configured
properly, if configuring connections to a Web Access server.
F5 Firepass can be configured to tunnel connections to a vWorkspace Connection
Broker or a vWorkspace Web Access server.
All settings are configured under the Application Access node of the system
menu.
How to ...
432
•
Tunnel to a Connection Broker
•
Tunnel to Web Access
Tunnel to a Connection Broker
1.
Select Application Access.
2.
Do the following in the Application Tunnels tab.
a) Click Add New Favorite.
b) Select Favorite as the Type.
c) Enter a Name.
d) Enter servers, IPs, and networks along with ports for the
vWorkspace infrastructure in Allow list.
•
Ports are 8080 (Broker default) and 3389 (Terminal Services).
e) Click Add Favorite.
433
3.
Click Add New Dynamic Tunnel, and do the following:
a) Enter a Name for the application, such as PNTSC or AppPortal.
b) Set the proper path to the pntsc.exe file.
Note that x86 and x64 versions are different paths and locations.
c) Click Update.
4.
434
Repeat the process for each application required.
Tunnel to Web Access
1.
Select the Web Application Tunnels tab.
2.
Click Add New Favorite, and do the following:
a) Select Favorite as the Type.
b) Enter a Name.
c) Enter one of the following URLs.
Web Access version 7.2: http://server/provision/web-it/default.aspx
Web Access version 7.5: http://server/<identity>/Login/F5
d) Enter URL variables.
This is used if SSO is wanted to automatically sign in to the Web
Access server with the credentials which were used to login to the F%
FirePass device.
For example: uname=%username%&pass=%password%&dom=
<NetBIOS_Domain_Name>
435
e) Select Use POST for URL variables.
f) Enter servers, IPs, and networks along ports for the vWorkspace
infrastructure in Allow list.
g) Enter information into the Endpoint Protection required field,
as appropriate.
h) Click Add New.
i) Repeat this process for each Web Access server.
SharePoint
vWorkspace Web Access can be integrated with a SharePoint server, allowing
users to access Web Access from a link on the SharePoint site.
Microsoft SharePoint 2010 was used in the following step process.
Integrate Web Access and SharePoint
436
1.
Log in to SharePoint.
2.
Navigate to the project or directory where Web Access is to be
integrated.
3.
Select Site Actions | More Options.
4.
Open Web Part Page.
5.
Do the following on the New Web Part Page window, and then click
Create.
a) Enter a Name for the Web Part Page.
b) Select Full Page, Vertical as the Layout Template.
c) Select the Document Library where the page is to be saved.
6.
Click Add a Web Part.
7.
Do the following on the next screen, and then click Add.
a) Select Media and Content in the Categories section.
b) Select Page Viewer in the Web Parts section.
c) Select Full Page in the About the Web Part section.
437
8.
Click open the tool pane in the Page Viewer section, and then do
the following.
a) Enter the URL to the Quest vWorkspace Web Access site in the
Link field.
Click on Test Link to verify the link.
b) Expand the Appearance node and enter the Height and Width
for the page.
c) Click Apply.
9.
Click Stop Editing.
The Web Access site is now integrated and available to users at the
specified location.
Citrix XenApp and XenDesktop
Web Access can send user credentials to both vWorkspace Connection Brokers
and servers running the Citrix Program Neighborhood Agent (pnagent). Web
Access will take the data returned from each solution and aggregate it into the
user’s application set. Therefore, the user can access one interface to connect to
presentation hosts from either solution, seamlessly.
438
Web Access can integrate with the following Citrix products:
•
XenApp 5.0
•
Presentation Server 4.0 and 4.5
•
XenDesktop 4.0, 5.0 and 5.5
To achieve this, a PNagent server must be configured to communicate with a
Citrix farm and the Web Access server must be configured with the URL of the
PNagent server.
vWorkspace Reporting
Quest vWorkspace Reporting allows organizations to create real time and
historical reports leveraging data gathered by vWorkspace. By utilizing the
reporting features of vWorkspace, administrators gain a greater understanding
of how the vWorkspace farm is being managed and utilized.
439
The Reporting feature in vWorkspace includes an easy to use tool, the Sample
Report Viewer, which allows vWorkspace administrators to run pre configured
or custom SQL queries against the vWorkspace reporting database. The query
results can be used to generate reports within the Sample Report Viewer, or
exported to CSV files for manipulation using the administrator’s tool of choice.
vWorkspace Reporting uses SQL triggers to export certain data from the
vWorkspace database to the Reporting database. The Reporting database can be
used to run historical reports using vWorkspace Sample Report Viewer or a third
party tool.
vWorkspace Reporting Components
The primary vWorkspace Reporting components are:
•
Sample Report Viewer
•
Databases
•
Reporting Schema
•
Default Reports
vWorkspace Sample Report Viewer comes with a number of preconfigured SQL
scripts. These scripts can be run to obtain real time and historical reports of an
organization's virtual desktops, applications, Session Hosts, and Blade PCs
managed by vWorkspace. This allows easy reporting of information, such as
currently logged users and users logged on each month.
440
Sample Report Viewer Setup
The vWorkspace Sample Report Viewer window is used to configure the
connection to the reporting database and the maximum number of rows to
return from a report query.
This window is displayed at application start up if no connection settings exist,
typically the first time the application is started. It can also be opened from the
main vWorkspace Sample Report Viewer window from File | Setup.
The following fields are provided in the vWorkspace Reporting Setup window.
FIELD
DESCRIPTION
SQL Server Name or IP
Enter the server name of the SQL server of the
vWorkspace Reporting database.
Use the following format:
Database Name
Enter the reporting database name.
For example: vWorkspaceReporting_Database
User Name
Enter the name for the SQL account.
Note: This account only needs read access to the
vWorkspace Reporting database. We recommend
that you only give read access to this account.
Password
Enter the password of the SQL account.
441
FIELD
DESCRIPTION
Max Number of Reporting
Rows to Return
Enter the default maximum number of rows to
return for a report run.
The default number is 1000.
Note: This default can be can be changed on a
per query basis from the main vWorkspace Report
Viewer window.
Save
Click to save the settings.
Saving automatically validates the settings.
Validate Settings
Click to validate the settings without saving.
Validation includes checking that the database
connection information is valid by creating a
connection to the reporting database and
reporting an error if this connection attempt is
unsuccessful.
Close
Click to close the setup window.
Clear
Click to clear all of the settings on the window.
How to ...
Setup the Sample Report Viewer
1.
Enter the appropriate information in the fields of the Sample Report
Viewer window.
2.
To validate the settings without saving them, click Validate
Settings.
If the settings are correct, the vWorkspace Sample Report Viewer
Setup Validation Successful window displays to confirm the settings.
3.
442
Click Save, and then click Close.
Using Sample Report Viewer
The setup can be changed and reports can be run from the Report Viewer
window. Report data is returned to the results pane in the vWorkspace Report
Viewer window. The SQL pane shows the query that will be run.
How to ...
•
Change the Setup
•
Open and Run Report Queries
•
Temporarily Change the Number of Rows to Return
•
Export Report Data
•
Copy SQL Text
Change the Setup
1.
To reconfigure settings, click File | Setup or use the shortcut,
Ctrl + S to open the vWorkspace Reporting Setup window.
443
Open and Run Report Queries
1.
Do one of the following to open the Open Report window:
Select File | Open.
– OR –
Click Ctrl + O.
2.
To open a report query file, select the file and then click Open, or
double-click on the report query file.
The query opens and includes the name, description, results table,
and SQL information.
444
3.
Click Run for the report results.
The number of rows in the result is displayed below the results table.
Temporarily Change the Number of Rows to Return
The application default number of rows to return can be changed using the
vWorkspace Reporting Setup window.
1.
This value can be temporarily changed by setting the value in the
field, Max Rows to Return, and then click Run.
2.
To reset the value back to the default, click Set to Default by the
field, Max Rows to Return.
Some notes about the Max Rows to Return field:
•
If the number of rows returned is less than the number of rows in the
full rest set, a warning message is displayed under the results table.
•
When the SQL used to run the report contains the Union operator, all
rows are returned. The message, This report requires that all
rows be returned, is displayed.
•
If you make the value for the Max Rows to Return field too high,
you may experience performance issues.
Export Report Data
When data is present in the results table, you can export it to a CSV file which
can be loaded into a spreadsheet application, such as Microsoft Excel.
1.
To export the data to a CSV file, do one of the following:
•
•
•
2.
Click Export of the vWorkspace Report Viewer window. All of
the data in the table is exported.
Right-click in the table, and select Export All. All of the data
in the table is exported.
Right-click in the table and select Export Selected. Only the
selected rows are exported.
Save the exported data by entering a File name and selecting the
appropriate directory, then click Save.
445
Copy SQL Text
The SQL used to run the report can be copied to the windows clipboard from the
vWorkspace Report Viewer window. This makes it easier to reuse the SQL in your
own reports.
1.
Select the text to copy.
2.
Right-click in the SQL text area.
3.
Select Copy.
Databases
vWorkspace Reporting pulls data from two separate databases, the vWorkspace
Farm database for real time metrics and the Reporting Database for historical
metrics.
vWorkspace Farm Database
The vWorkspace Farm Database is the central repository for all information
relative to a vWorkspace Farm. The vWorkspace Farm Database is required and
must be available for any administrative function.
The vWorkspace Farm Database stores three classifications of data:
•
Farm configuration data
•
Farm administrative tasks and results
•
Data regarding client connections to virtual desktops and RDSH
The data in the vWorkspace Farm Database is used for real-time reporting.
The Reporting Database is the core database in the vWorkspace Reporting
architecture. Whenever an activity is carried out in the vWorkspace
environment, such as the creation of a virtual machine or the logging on of a
user, it is written to the vWorkspace farm database. SQL triggers in the
vWorkspace database populate changes to the Reporting Database, so tables in
the Reporting Database contain the history of all important activities in the
vWorkspace Farm. SQL Views in the vWorkspace Reporting Database are
designed to provide both historical and real-time views.
446
The vWorkspace Farm Reporting database tracks a large amount of information,
and as a result, a large amount of data is collected in the vWorkspace Reporting
Database. It is important to balance retaining history with data volume. To ease
the management of the data, a data purge mechanism is installed with the
vWorkspace Reporting Database. There are two controls, both accessible from
the vWorkspace Reporting Database field of the farm properties:
•
Frequency of data expiry
•
Age of data expiry
In order to ensure that minimal disk space is consumed, the defaults are very
aggressive.
•
Purge Interval (data expiry task) in the Farm properties, is set to
run every six (6) hours.
•
Data Expiration in the Farm properties, is set to expire data if it is
older than fourteen (14) days.
We would expect most customers to make the data expiry age value much
longer than the default value, but the defaults are there to avoid unnecessary
database bloat for customers who do not want to worry about changing the
defaults. The reporting Database is recommended to be set at an initial size of
four (4) GB with a 10% growth rate.
If reporting is disabled, historical data is no longer added to the
reporting database but real time reports still function.
Reporting Schema
Virtual Machines and Virtual Machine Pools
The vWorkSpace Reporting tool provides history and real-time information of
virtual machine activity. Administrators can access the
VirtualMachinesRealtime View for historical information and
VirtualMachinePoolsRealtime View for real-time information about the
virtual machines. Users can also combine the information with the
RemoteDesktopLogRealtime View to find more specific information with
appropriate log messages.
447
Virtual machines are key components within a virtual desktop infrastructure.
They allow concurrent operation of multiple, heterogeneous operating systems
and applications within an enterprise with consolidated physical hardware and
increased reliability. Quest’s vWorkspace reporting tool allows you access
information about virtual machines and virtual machine pools using Report
Queries.
Real-time Views Schema Diagram
The schema diagram below depicts the relationship between the real-time
views: VirtualMachineRealtime, VirtualMachinePoolsRealtime, and
RemoteDesktopLogRealtime.

ReportGUID acts like a primary key of the tables for all of the views.

VirtualMachinePoolGUID acts like the foreign key for the
VirtualMachinePoolsRealtime view.

VirtualMachineRecordGUID of RemoteDesktopLogRealtime acts
like a foreign key for the VirtualMachineRealtime view.
The historical views are: VirtualMachinesHistory,
VirtualMachinePoolsHistory, and RemoteDesktopLogHistory. The
historical data has the repetition of RecordGuid, ID is used as the unique field
for each record, and acts as a primary key. The additional columns used in
historical views are ChangedStatus and TimeStamp. Users can combine
historical views with real-time ones to get a historical status of virtual machines.
448
View Column Definitions
The following tables explain the columns used in the views.
VirtualMachinesRealtime
COLUMN RETURNED
MEANING
VirtualMachineName
Name of the virtual machine.
DNSName
DNS Name of the virtual machine.
ClientLogoOnState
Log on status of present client.
CurrentUser
Current user of the virtual machine.
CurrentState
Current status of the virtual machine.
LastTimeLoggedIn
Last login time of user of virtual
machine.
CurrentClientDevice
Name of current client device.
VirtualMachineIPAddress
IP address of virtual machine.
PNToolsVersion
Version of PNTools.
MachineType
Type name of virtual machine.
PowerManaged
Power managed virtual machine
(True/False).
VirtualMachineMACAddress
MAC address of virtual machine.
VirtualMachineOS
Operating System of Virtual Machine
VirtualMachineOSServicePack
Service pack information of OS.
CloneType
Name of clone type of virtual machine.
ExpirationAction
Information on expiration action of
virtual machine (Use
Default/Suspend/Power
Down/Delete/Shutdown
Guest/Disable/None).
InactivityAction
Information on inactivity action of
virtual machine (Use
Default/Suspend/None).
449
NetworkOptimizationMaxConnections
Number of max connections for network
optimization.
RDPPort
Remote Desktop Protocol (RDP) port
number.
VirtualMachinePoolsRealtime
COLUMN
RETURNED
MEANING
PoolName
Name of the pool in which the VM exists.
PoolType
Type of virtual machine pool.
LogoffAction
Information on log off action of pool (Use
Default/Reset/Suspend/Reprovision Refresh).
ExpirationAction
Information on expiration action of pool (Use
Default/Suspend/Power Down/Delete/Shutdown
Guest/Disable/None).
PowerManaged
Power managed VM pool (True/False).
StaticClientType
Static client type of VM pool (User/Group/IP Address/ Client
Name/ OU).
RemoteDesktopLogRealtime
COLUMN RETURNED
MEANING
Timestamp
Time stamp of occurrence.
RecordGUID
Unique record ID.
VirtualMachineRecordGUID
Unique ID which relates to the
VirtualMachinesRealtime view.
MessageTime
Occurrence time of log message.
MessageText
Description text of log message.
MessageType_AsInteger
Integer value used for message type.
MessageType
Type of log message
(Success/Failure/Warning/Information).
HostType_AsInteger
Integer value used for host type.
HostType
Name of host type (RDSH(TS)/VDI).
450
Actions
The vWorkspace Reporting tool provides historical and real time information of
actions run on virtual desktops. Actions are the administrative tasks done on
virtual desktops. These actions include powering up virtual desktops, taking a
snapshot, MSI updates, Sysprep, and reprovisioning. These actions are from
sources such as User and MSI Package.
The Action views provide current and historical action status such as, name of
the action, group name of action, action types, source of action, percentage
completion, and virtual desktop details.
Some examples of useful Action report queries are:
•
Locate all the historic actions on a particular virtual machine.
•
Obtain the status of actions on all virtual machines.
•
Define which VMs are currently running particular actions.
The following views are used to retrieve the Action related from vWorkspace:
•
ActionsRealtime
•
ActionGroupsRealtime
•
ActionDetailsRealtime
•
ActionQueueRealtime
•
ActionSchedulesRealtime
Users can combine the Action view information with VirtualMachineRealtime
views to find the actions running on specified virtual machines.
Actions View Schema Diagram
The schema diagram below depicts the relationship between the
ActionsRealtime, ActionGroupsRealtime, ActionDetailsRealtime,
ActionQueueRealtime, ActionSchedulesRealtime, and
VirtualMachineRealtime.
Historical action details can be queried using the historical views provided by the
vWorkSpace Reporting tool. These include ActionsHistory, ActionGroupsHistory,
ActionDetailsHistory, ActionQueueHistory and ActionSchedulesHistory.
451
The historical data has the repetition of RecordGuid, ID is used as the unique
field for each record, and acts as a primary key. The additional columns used in
historical views are ChangedStatus and TimeStamp.
In all of the views, RecordGUID acts as the primary key of the tables. All the
views are related to each other in the following manner.
452

ActionQueueRealtime is connected to VirtualMachineRealtime through
the VirtualMachineGUID.

ActionQueueRealtime View is connected to ActionGroupsRealtime
through ActionGroupGUID.

ActionGroupGUID in ActionsRealtime connects both
ActionGroupsRealtime and ActionsRealtime.

ActionDetailGUID in ActionsRealtime connects ActionDetailsRealtime
to ActionsRealtime.
Actions Views Definitions
ActionsRealtime
COLUMN RETURNED
MEANING
RecordGUID
Unique record ID.
ActionDetailGUID
Connects the records to ActionDetailsRealtime view.
ActionGroupGUID
Connects the records to ActionGroupRealtime view.
TimeStamp
ActionGroupsRealtime
COLUMN RETURNED
MEANING
GroupName
Name of the group of action.
RecordGUID
Unique record ID.
TimeStamp
ActionDetailsRealtime
COLUMN RETURNED
MEANING
Timestamp
RecordGUID
Unique record ID.
ActionName
Name of the action.
ActionType_AsInteger
Integer value of action type.
ActionType
Type of action.
ActionSource_AsInteger
Integer value of action source.
ActionSource
Source of action.
453
The following table explains all Action Types and Action Sources used in
ActionDetailsRealtime.
Action Types
454
KEY
ACTION TYPE
0
None
1
Clone
2
Delete
3
Power up
4
Power down
5
Suspend
6
Resume
7
Restart guest
8
Take snapshot
9
Revert to snapshot
10
Reset
11
Shutdown guest
12
Remove from group
13
Standby
14
Copy file to virtual machine
15
Shell command
16
Initialize
17
Cancel
18
Log off user
19
Reset sessions
20
MSI updates
21
MSI uninstall
22
Enable or disable set
23
Wake up
KEY
ACTION TYPE
24
Configure virtual machine
25
Sysprep
26
Set bandwidth OPT
27
Reprovision
Action Source
ACTIONSOURCE_ASINTEGER
ACTION SCOURCE
0
Built in
1
MSI package
2
User
455
ActionQueueRealtime
COLUMN RETURNED
MEANING
RecordGUID
Unique record ID.
TimeStamp
ActionGroupGUID
Connects the records to ActionGroupsRealtime view.
CurrentActionGUID
Connects the records to ActionsRealtime view.
Status_AsInteger
Integer value of current status of action.
Status
Current status of action.
StartTime
Start time of action.
PercentComplete
Percentage completion of action.
CompletedTime
Completion time of action.
Message
Descriptive message of action.
PostedTime
Action posted time.
BrokerName
Name of the broker.
ActionQueue Status
STATUS_ASINTEGER
STATUS
0
None
1
Pending
2
In progress
3
Failed
4
Succeeded
5
Canceled
456
Applications and Application Restrictions
The vWorkspace Reporting tool provides historical and real time information
about applications and Application Restrictions. The real time views follow:
•
ApplicationPermissionsRealtime
•
ApplicationPermissionGroupsRealtime
•
ClientsApplicationPermissionsRealtime
•
ProgramsRealtime
Applications are the programs installed on the hosting machines and can be
published and accessed by clients (users). In the vWorkspace infrastructure,
applications are installed on the following hosting machines:
•
Microsoft Windows Remote Desktop Session Hosts
•
Virtual desktops running Microsoft Windows XP/Vista/Windows 7
•
Virtualized application packages stored on a Microsoft Application
Virtualization Server.
The vWorkspace user can also report on clients connecting to applications
through a remote presentation services protocol (RDP or RGS) called Managed
Applications.
Application Restrictions is one of the important features used to manage
applications in a vWorkspace infrastructure. It is the access control system that
allows administrators to increase the overall security, reliability, and integrity of
their Session Host environments. Some advantages of Application Restrictions
are:
•
Guards against application spoofing.
•
Fights against virus infections.
•
Prevents users from executing unauthorized programs.
•
Grants access to applications by time and day.
•
Locks down the Session Host.
In Application Restrictions, a list of program executables and program modules
are organized into an application list, enabling administrators to grant or deny
access to entire software suites, not just individual executables. The Application
List is then associated with a group of Session Hosts, known as an Application
Access Control Server Group. The Application List can then be assigned to one
or more vWorkspace clients.
457
Schema Diagram
The Schema Diagram below depicts the relationship between the views
ApplicationPermissionsRealtime,
ApplicationPermissionGroupsRealtime,
ClientsApplicationPermissionsRealtime, and ProgramsRealtime.
In all of the Views:

RecordGUID acts as a primary key of the tables.

ApplicationgroupGUID of ApplicationPermissionsRealtime view acts
like the Foreign Key for ApplicationPermissionGroupsRealtime view.

ApplicationgroupGUID of ClientsApplicationPermissionsRealtime view
acts as a foreign key for ApplicationPermissionGroupsRealtime view.
These real time views give users all the real time information and users can
access the historical information using Historical Views corresponding to the
previous views. The available built-in historical views are as follows:
458
•
ApplicationPermissionsHistory
•
ApplicationPermissionGroups
•
History
•
ClientsApplicationPermissions
•
History
•
ProgramsHistory
Since historical data has repetition of RecordGUID, ID is used as the unique field
for each record, allowing ID to act as a primary key. The additional columns used
in historical views, Changed Status and TimeStamp, keep track of all the records
changed with the timestamp.
Schema Description
ApplicationPermissionsRealtime
COLUMN RETURNED
MEANING
Timestamp
RecordGUID
Unique record ID.
ApplicationGroupGUID
Unique ID that relates the view to
ApplicationPermissionGroupsRealtime View.
ApplicationPath
Path of application.
COLUMN RETURNED
MEANING
Timestamp
RecordGUID
Unique record ID.
ApplicationGroupName
Name of the group that application belongs.
ApplicationGroupDescription
Short description of application group.
Category
Category of application Group that is used to
group multiple applications into a single
category.
TerminateApplications
True or false value that confirms the
termination of applications that are running
outside of the access hours.
TerminateApplications_AsInteger
Integer value (0 or 1) used for
TerminateApplications field.
459
COLUMN RETURNED
MEANING
Timestamp
Time stamp of occurence.
RecordGUID
Unique record ID.
ApplicationGroupGUID
ApplicationPermissionGroupsRealtime view.
ClientGUID
Unique ID which relates the view to
ClientsRealtime view.
Programs Realtime
COLUMN RETURNED
MEANING
RecordGUID
Unique record ID.
TimeStamp
ProgramName
Name of the application used in the
vWorkspace Management Console that is
displayed in the AppPortal and Web-IT clients.
Path
Path of the program or application.
Arguments
Any argument that can be passed while
starting the application.
WorkingDirectory
Path of working directory of application
entered by a user.
IconFile
Each program having an icon file associated
that is displayed on the vWorkspace
Management Console, AppPortal, and Web-IT
clients.
IconIndex
Index of icon file.
ShowCommand
ServerList
Disabled
Specifies whether an application is enabled or
disabled. Disabled applications are not
displayed in the client application list.
Disabled_AsInteger
Integer value 0 (enabled) or 1 (disabled).
AppPortalDisabledMessage
460
Shortcut
Application short cut (Desktop or Start Menu or
Start Menu/Programs).
SessionSharing
ApplicationSourceServer
Source server of application.
IconSourceServer
Source server of application icon.
IsDesktop
Defines if the application short cut is Desktop.
IsDesktop_AsInteger
Integer value IsDesktop field (0 or 1).
FileExtensions
File extension of programs.
ApplicationType
Type of application:
0 – None
1 - Application
2 – Desktop
3 – Content
4 – Content client
VIPEnabled
Specifies if Virtual IP features are enabled for
the application.
VIPEnabled_AsInteger
Integer value VIPEnabled field:
0 - Disabled
1 - Virtual IP
2 - Virtual Loopback
3 - Client IP
DesktopShortcutLocation
Integer value of application shortcut location.
ApplicationPermissionsGroup
GUID
ApplicationPermissionGroupsRealtime view.
ApplicationHostType
Host Type of Application:
0 – Session Host
1 - Virtual Desktop
VirtualMachinePoolGUID
Unique ID which relates the view to
VirtualMachinePoolsRealtime view.
BitmapAcceleration
Specifies the Graphic Acceleration setting
options of Enabled, Disabled, or User Default.
461
BitmapAcceleration
_AsInteger
Integer value of Bitmap acceleration field:
0 – Enabled
1 - Disabled
2 - User Default
Application Type
KEY
APPLICATION TYPE
0
None
1
Application
2
Desktop
3
Content
4
Content client
VIPEnabled
KEY
MEANING
VIPEnabled_AsInteger
VIPEnabled
0
Disabled
1
Virtual IP
2
3
462
Virtual Loopback
Client IP
DesktopShortcutLocation
KEY
DESKTOPSHORTCUTLOCATION
0
None
1
Desktop
2
Start Menu
4
Start Menu/Programs
DesktopShortcutLocation is a multi-value field. When more than one value is
selected, value of application type will be the sum of the individual values.
For example: a value of 7 indicates that all 3 options are selected for the
application.
Application Host Type
KEY
APPLICATIONHOSTTYPE
0
Session Host
1
Virtual Desktop
Clients, Folders, and Locations
The vWorkSpace Reporting tool provides historical and real time information
about clients, folders and geographic locations. The following views are included:
•
ClientsRealtime
•
ClientsHistory
•
FoldersRealtiime
•
FoldersHistory
•
ClientFoldersRealtimne
•
ClientsFoldersHistory
•
GeoLocationsRealtime
•
GeoLocationsHistory
463
Clients are the end users of vWorkspace infrastructure. The type of clients
follows:
•
Users: Any trusted Windows domain or local user account.
•
Groups: Any trusted Windows domain or local user account.
•
Device Addresses: IP address assigned to the client hardware
device.
•
Device Names: NetBIOS name of the client device.
•
Organizational Units: Active Directory Organizational Unit
containing the user, group, or computer account.
Geographic Location is used to specify the location of one or more data centers
and the computers and servers within those data centers. For example, we can
name the location based on the office site.
Schema Diagram
The schema diagram below depicts the relationship between the views
ClientsRealtime, FoldersRealtime, ClientFoldersRealtime, and
GeoLocationsRealtime.
In all the Views:
464

RecordGUID acts as a primary key of the views.

FolderGUID and ClientGUID of ClientFoldersRealtime view act like
the Foreign Key for FoldersRealtime view and ClientsRealtime
view, respectively.

GeoLocationGUID of FoldersRealtime view acts as a foreign key for
the GeoLocationsRealtime view.
Since historical data has repetition of RecordGUID, ID is used as the unique field
for each record, acting as a primary key. The additional columns used in
historical views are Changed Status and TimeStamp to keep track of all the
records changed with the timestamp.
465
Schema Description
ClientsRealtime
COLUMN RETURNED
MEANING
Timestamp
Time stamp of occurrence
RecordGUID
Unique Record ID
ClientName
Name of the Client
ClientType
Type of the Client
ClientType_AsChar
Integer value of client type
TimeZoneName
Name of the time zone.
Client Type
KEY
CLIENT TYPE
U
User
G
Group
I
IP Address
C
Client Name
O
OU
FoldersRealtime
COLUMN RETURNED
MEANING
Timestamp
RecordGUID
Unique record ID
FolderType
Type application folder type.
FolderType_AsInteger
Integer value of folder type.
FolderName
Name of the folder.
GeoLocationGUID
GeoLocationsRealtime view.
466
Folder Type
FOLDERTYPE_ASINTEGER
FOLDERTYPE
0
AppPortal
1
Shell
2
Server
ClientFoldersRealtime
COLUMN RETURNED
MEANING
Timestamp
RecordGUID
Unique record ID.
ClientGUID
Unique ID that relates the view to ClientsRealtime
View.
ProgramGUID
ProgramsRealtime View.
FolderGUID
Unique ID that relates the view to FoldersRealtime
View.
GeoLocationsRealtime
COLUMN RETURNED
MEANING
Timestamp
Time stamp of occurrence
RecordGUID
Unique Record ID
GeoLocationName
Geographical location name with one or more data
centers.
Default Reports
vWorkspace Reporting includes a set of default reports that include:
•
Historical Reports
•
Real-Time Reports
•
Audits
•
Custom Reporting
467
Historical Reports
The following default historical reports are available using the vWorkspace
Report Viewer.
REPORT NAME
DESCRIPTION
Failed Action Details in Last
24 Hours
This report shows the details of failed actions
(tasks) in the past 24 hours. It can be used to
help identify what might be causing problems.
Many failed actions highlight possible
environment issues.
If Virtual Machine Pools are deleted they do not
appear in this report.
Failed Action in Last 24
Hours by Pool
Use this report to find the number of failed
actions by pool in the past 24 hours. This report
can be used to help identify what actions might be
causing problems. Many failed actions highlight
possible environment setup issues.
Users Logged on Each Month
This report shows the number of users who use
vWorkspace each month. This is useful to monitor
Virtual Desktop Take-up.
This query only gets the information for virtual
machine based virtual desktops and applications.
Information for Session Hosts based applications
and desktops is available in the
RemoteDesktopLog table.
Users Logged on in Last 24
Hours
This report lists the pools that each user has
logged in to in the past 24 hours. To create a
report for a specific user, the script can be
manually modified. For more details, open the
report with the viewer and see the description.
468
Real-Time Reports
The following default real time reports are available using the vWorkspace
Report Viewer.
REPORT NAME
DESCRIPTION
Assigned Applications by
Application
This report lists all assigned applications. Also
listed are any application restrictions that have
been applied. This is useful for determining
whether appropriate applications have been
assigned and if any restrictions in place are
correct.
Assigned Applications by
User
This report lists all assigned applications by client
type and client. Also listed are any application
restrictions that have been applied.
Current Action Backlog by
Pool
This report shows the number of pending actions
(tasks) in each pool. It can be used to help
determine if there is a large backlog of pending
actions (tasks). A large backlog may be the cause
of other performance related issues.
Current Action Backlog
Details
This report returns all current pending action
(task) details. It can be used to help determine
the details of a large backlog of pending actions
(tasks). A large task backlog may be the cause of
other performance related issues.
Current TS EOP Config by
Server
This report gives the current EOP configuration
for each Session Host. It provides a glance check
to see if the appropriate EOP settings have been
applied.
Current VM EOP Config by
Server
This report gives the current EOP configuration
for each VM Pool. Note that where overrides have
been configured for a specific VM, the report
shows that VM's individual settings. It provides a
glance check to see if the appropriate EOP
settings have been applied.
Number of Users Logged On
Now by Virtual Machine Pool
This report finds the number of users logged into
each pool at the time the report is run.
Users Logged on Now by Pool
This report finds the number of users logged into
each pool at the moment the report is run. This
report can be used to help determine the impact
of a change, for example, who is affected by
unplanned maintenance.
469
REPORT NAME
DESCRIPTION
Number of Queued Actions
by Pool
This report is used to find the number of pending
actions per virtual machine pool. A large action
backlog typically indicates either configuration or
load distribution issues.
Audits
The following default audits are available using the vWorkspace Report Viewer.
REPORT NAME
DESCRIPTION
Count of Requested Actions
by Pool Past 24 Hours
This report shows the total number of actions
requested by an administrator by pool in the
past 24 hours.
Count of Requested Admin
Actions on Virtual Machines
in Last 24 Hours Grouped by
Administrator
This report lists, by Administrator, all admin
actions on virtual machines within the last 24
hours.
Count of total requested
admin actions on Virtual
Machines in last 24 Hours
This report lists a total number of actions
requested by an administrator on virtual
machines in the past 24 hours.
Failed Action Details in Last
24 hours
This report lists the failed actions in the past
24 hours with details, including the
administrator who initiated the action.
List of completed actions in
Last 24 hours
This report lists all administrator requested
actions in the past 24 hours which have
completed (success or failure), with details
including the administrator who initiated the
action.
Successful Action Details in
Last 24 hours
This report lists the successful actions in the
past 24 hours with details, including the
administrator who initiated the action.
Custom Reporting
Custom reporting involves creating SQL scripts that can be run against the farm
database or the Reporting database. Listed below is a series of sample SQL
scripts.
470
The following is an example of a report query that uses the schema described
above. This query can be run in vWorkspace Report Viewer to generate a report
which gives the number of users logged into each virtual desktop at present.
This report can be used to determine the impact of an infrastructure change, for
example, due to unplanned maintenance.
SELECT PoolName as [Pool Name],
COUNT(DISTINCT CurrentUser) AS [Number of Users]
FROM VirtualMachinesRealTime
JOIN VirtualMachinePoolsRealTime
ON VirtualMachinePoolGUID = VirtualMachinePoolsRealtime.RecordGUID
GROUP BY PoolName
above. This query can be run in vWorkspace Report Viewer to find all current
pending action details.
This report can be used to help determine the details of a large backlog of
pending actions.
SELECT DISTINCT PostedTime AS [Posted],
PoolName AS [Pool Name],
VirtualMachineName AS [Computer],
ActionName AS [Task Item],
ISNULL(CAST(StartTime as CHAR), '<As soon as possible>') AS [Start Time],
ISNULL(Message, '') AS [Message]
471
FROM ActionQueueRealTime
JOIN ActionsRealTime
ON ActionsRealTime.RecordGUID = ActionQueueRealTime.CurrentActionGUID
JOIN ActionDetailsRealTime
ON ActionDetailsRealTime.RecordGUID = ActionsRealTime.ActionDetailGUID
JOIN VirtualMachinesRealTime
ON VirtualMachinesRealTime.RecordGUID = ActionQueueRealTime.VirtualMachineGUID
JOIN VirtualMachinePoolsRealTime
ON VirtualMachinePoolsRealTime.RecordGUID = VirtualMachinesRealTime.VirtualMachinePoolGUID
WHERE ActionQueueRealTime.Status = 'Pending'
above. This query can be run in vWorkspace Report Viewer to List all assigned
applications and its restrictions.
This report is useful for determining whether appropriate applications have been
assigned.
SELECT LOWER(Path) AS [Path], ProgramName,
ClientType,ClientName,'' AS [Restrictions]
FROMClientFoldersRealtime
JOIN
472
ClientsRealtime
ON
ClientsRealtime.RecordGUID = ClientFoldersRealtime.ClientGUID
JOIN
ON
ProgramsRealtime
ProgramsRealtime.RecordGuid = ProgramGUID
UNION
SELECT LOWER(ApplicationPath), ApplicationGroupName, ClientType,
ClientName,ClientsApplicationPermissionsRealTime.Schedule
FROM
JOIN
ClientsRealtime
ON
ClientsRealtime.RecordGUID = ClientsApplicationPermissionsRealtime.ClientGUID
JOIN
ON
ApplicationPermissionGroupsRealtime.RecordGUID =
ClientsApplicationPermissionsRealtime.ApplicationGroupGUID
JOIN
ON
=
ApplicationPermissionsRealTime
ApplicationPermissionsRealTime.ApplicationGroupGUID
473
WHERE ClientsApplicationPermissionsRealtime.Schedule <>
'Allow All'
ORDER BY Path, ClientType, ClientName
above. This query can be run in vWorkspace Report Viewer to list all assigned
applications by client details and its restrictions.
SELECT ClientType,ClientName, LOWER(Path) AS [PATH],ProgramName, '' AS [Restrictions]
FROM ClientFoldersRealtime
JOIN ClientsRealtime
ON ClientsRealtime.RecordGUID = ClientFoldersRealtime.ClientGUID
JOIN ProgramsRealtime
ON ProgramsRealtime.RecordGuid = ProgramGUID
UNION
SELECT ClientType, ClientName, ApplicationPath, ApplicationGroupName,
ClientsApplicationPermissionsRealTime.Schedule
FROM ClientsApplicationPermissionsRealtime
JOIN ClientsRealtime
ON ClientsRealtime.RecordGUID = ClientsApplicationPermissionsRealtime.ClientGUID
474
JOIN ApplicationPermissionGroupsRealtime
ON ApplicationPermissionGroupsRealtime.RecordGUID =
JOIN
ON
ApplicationPermissionsRealTime
ApplicationPermissionsRealTime.ApplicationGroupGUID =
WHERE ClientsApplicationPermissionsRealtime.Schedule <>
'Allow All'
ORDER BY ClientType, ClientName, Path
475
476
6
Managing the User
Experience
• Overview
• Universal Printing
• Virtual User Profile Management
• EOP (Experience Optimization Protocol)
• USB Devices
• Load Balancing
• Performance Optimization
• Application Compatibility Enhancements
• Virtual IP
• Additional Components
Overview
What end users think of an applied IT solution can go a long way in increasing
the likelihood of a successful project. Quest vWorkspace includes features that
help organizations provide users, connected to a virtual workspace, with an
experience similar to working on a physical desktop. You can optimize and
manage the end-user experience by utilizing these tools within the vWorkspace
farm, and by providing seamless and reliable access to resources such as
network drives, registry keys, user profiles, and printers.
vWorkspace offers a single-driver printing solution that supports printer
mapping in user sessions and helps you configure user access to client-side,
network, and remote-site printers.
User Profile Management components can be utilized to help you centrally store
user profile settings and retrieve them when a user logs on to a virtual
workspace.
Connections to Remote Desktop Session Hosts and virtual machines hosted on
Hyper-V hypervisors can be grouped and managed so that the workload is
equally distributed and balanced across the group of servers.
Farm utilization and management and be tracked and reported using
vWorkspace Reporting.
This chapter discusses the following components and optimizing extensions of
the vWorkspace solution:
478
•
Universal Printing
•
Virtual User Profile Management
•
EOP (Experience Optimization Protocol)
•
Load Balancing
•
•
•
Virtual IP
•
vWorkspace Password Reset Service
•
Proxy-IT
Managing the User Experience
Universal Printing
Quest vWorkspace Universal Printer is a single driver printing solution that
satisfies both client-side and network printing needs in a vWorkspace
environment. In addition to its driver-independent approach to printing, benefits
include:
•
Support for both EMF and PDF modes of printing.
•
No requirement for Adobe Acrobat Reader on the client.
•
No requirement for the server side fonts to be preinstalled on the
client.
•
Size optimized print streams.
•
Adaptive compression technology (multiple compression algorithms
for color and black and white images).
•
Bandwidth usage control and intelligent font embedding (only fonts
that do not exist on the client are embedded inside the print stream).
•
Partial font embedding (only the used portion of fonts are embedded
inside the print stream).
•
Excellent print quality.
•
Incredible print performance and reliability.
•
Page level streaming for instant printing of large size documents.
•
Support for native printer features, such as bins, paper sizes,
margins, and print quality.
•
Support for private printer features, such as manufacturer specific
features of stapling and watermarks.
•
Support for the RAW data type.
•
Multiple printer naming options.
•
Synchronous or asynchronous printer creation, which ensures the
creation of at least one printer before the server side application is
started.
•
Clientless support for LAN connected print servers.
•
Clientless support for remote site print servers in situated and
distributed environments.
•
Support for virtually any printer make and model.
479
Universal Printer Components
The primary Universal Printer components are:
•
•
Universal Network Print Services
Universal Print Driver enables driver-independent, universal printing to
client-side printers, corporate, and remote site printers in a distributed
enterprise.
The options of Universal Network Printer Auto-Creation and Universal
Client Printer Auto-Creation enable users to access printers, either network
or client without the need for printer specific drivers to be installed on the RD
Session Host.
•
Universal Client Printer Auto-Creation — Enables users to
autocreate and print to their client side printers using a single
universal print driver, eliminating the need to install printer specific
drivers on RD Session Host.
•
Universal Network Printer Auto-Creation — Enables users to
connect and print to shared network printers using a single universal
print driver, eliminating the need to install printer-specific drivers on
RD Session Host.
Universal Client Printer Auto-Creation
Option
The Universal Network Printer Auto-Creation option enables client side printers
to be autocreated during logon for each user session. For each client printer,
Universal Printers autocreates and configures a server side printer using the
universal print driver that has the same printer features as the client printer.
Client printer autocreation relies on a custom virtual channel driver to transfer
the print job from the server to the client. This mode of operation requires the
universal print driver client software to be installed on the client computers.
Administrators specify what types of client printers to autocreate, as well as
allowing users to choose which printers that can be autocreated.The types of
client printers that can be autocreated include:
480
•
Local printers
•
Network printer connections
•
Only the default printer
•
All the printers and printer connections
Administrators can also configure several preferences and performance
parameters including the printer naming convention, print bandwidth upper
limit, and compression options.
To enable the autocreation of client printers, the following criteria must be met:
•
The Universal Client Printer Auto-Creation feature must be
installed on to every Session Host to which users connect.
•
The Client Printer Auto-Creation options, at least one, must be
enabled on every Session Host to which users connect.
•
The universal print driver software must be installed on the client
device, which is installed as part of the vWorkspace Client installation.
•
The Auto-Creation options, at least one, must be enabled in the client.
•
The Universal Printers virtual channel must be enabled on the client.
To print to an autocreated client printer, the user simply selects the Print
command, and a list of printers is presented to them. Print preview is also
available by selecting the Preview before printing from the PNTray menu.
Universal Network Printer Auto-Creation
Option
Shared network printers can be autocreated for vWorkspace clients when
logging on to a Session Host session using Windows native print drivers, the
vWorkspace Universal Print driver, or both. When installed on a traditional
Windows network print server, printers are auto-created and shared using the
universal print driver. These printers have the same features as the original
network printer.
Once the Universal Printers have been created and shared, they can be assigned
to the appropriate clients using the vWorkspace Management Console, or if
appropriate, scripted logic. Printer connections are established successfully
because the same driver is also installed on the servers. Because the
connections are to the universal print driver printers and not the original
printers, the manufacturer-specific print drivers do not need to be present on the
server, leaving them driver-free.
481
When the universal print driver does not support a specialized feature of a
printer or the driver is not compatible with a print device, autocreated printers
can be assigned to clients using the native driver for that printing device.
The network printer autocreation mode is a clientless mode; it does not require
installing the universal print driver client software on the client supporting
devices.
Auto-creating shared network printers for vWorkspace clients using the
vWorkspace Universal Print Driver involves the following items:
482
•
Install vWorkspace Universal Network Print Server Extensions on to
the Windows-based print servers.
•
Install and share the desired printers on the Windows based print
servers as normal.
•
Add the Windows based print servers as print servers in the
•
Select the printers to be defined as universal print driver printers in
the vWorkspace Management Console.
•
Assign the printers to the appropriate vWorkspace clients from the
Universal Printer Properties
When the Universal Client Printer Auto-Creation or Universal Network
Printer Auto-Creation options are installed on an RD Session Host, the
vWorkspace Universal Printer Properties Control Panel applet is used to control
the server’s print settings. Below is a description of the tabs and options that are
available.
General Tab
UNIVERSAL PRINTER PROPERTIES
GENERAL TAB
DESCRIPTION
Print Data Format
The options are PDF or EMF.
Note: It is recommended that you use
EMF, as it is a more robust printing
mechanism.
483
GENERAL TAB
Client Printer Auto-Creation Options
DESCRIPTION
• Auto-create default printer —
Creates a printer mapping only to the
default printer on the client device.
Note: By selecting the Auto-create
default printer option, any other Client
Printer Auto-Creation options that are
also selected do not apply.
• Auto-create local printers —
Creates a printer mapping for all of
the local printers defined on the
client device.
• Auto-create network printers —
Creates a printer mapping for every
network printer defined on the client
device.
• Inherit auto-creation settings
from client — Autocreates printers
based on the properties set on the
client device.
Client Printer Auto-Creation Wait
Mode
• Auto create only default printer
synchronously — Requires the
mapping to the client’s default
printer to be completed before
presenting the application or desktop
window to the user.
• Auto create all printers
synchronously — Requires every
printer on the client device to be
mapped before presenting the
application or desktop window to the
user.
This is the slowest method for login.
• Auto create all printers
asynchronously — Allows the
presentation of the application or
desktop window to the user without
requiring printer mappings to be
made first.
This allows for the fastest login.
484
GENERAL TAB
Advanced Options
DESCRIPTION
• Auto-create printers with full
permissions — Elevates user
permissions to Full Control for all
mapped printers. This is sometimes a
requirement for printing with certain
legacy applications.
• Delete auto-created printers
when sessions disconnect —
Causes all mapped printers to be
deleted from the server if a user’s
session is disconnected. Enabling this
feature can improve the reliability of
printing in a multi-user environment.
• Synchronize default printer on
client and server — Enables
synchronizing the settings of the
default printer in the user’s Session
Host session with those of the default
printer of the session running on the
client device.
Compression Tab
Controls when and to what extent compression is applied to the printer output.
The options on the window depend on the Print Data Format, either PDF or
EMF, that is chosen on the General tab.
485
EMF Format
486
UNIVERSAL PRINTER
PROPERTIES
COMPRESSION TAB
EMF Format
DESCRIPTION
Data Compression controls the level of compression used
for text. Level choices include:
• No compression
• Minimum (best speed)
• Low
• Medium
• High
• Maximum (smallest size)
JPEG Image Compression controls the level of
compression used for graphic images. Selectable Level
options are:
• No compression
• Minimum (best quality)
• Low
• Medium
• High
• Maximum (smallest size)
487
PDF Format
488
UNIVERSAL PRINTER
PROPERTIES COMPRESSION
TAB
PDF Format
DESCRIPTION
Black & White Image Compression controls the
algorithm used for compressing text and graphics.
Algorithm choices include:
• Default compression
• CCITT Fax Group 4
Color Image Compression controls the
algorithm and quality level of compression used for
color images. Selectable Algorithm options are:
• Automatic (recommended)
• Default compression
• 256 compression
• JPEG compression
Selectable options for Quality Level are:
• Maximum (largest file size)
• High
• Medium
• Low
• Minimum (smallest file size)
Remove duplicate images, if selected, embeds
the image once inside the print stream for the
purpose of minimizing the use of bandwidth. For
example, an image of a logo embedded in a
header would only be embedded once.
489
Naming Tab
The Naming tab is used to control which client printer naming convention to use
when naming autocreated client printers.
UNIVERSAL PRINTER
PROPERTIES NAMING TAB
Client Printer Naming Convention
DESCRIPTION
• Printer Name [Session #]
• Printer Name [Client Name:Session #]
• Printer Name [User Name:Session #]
• [Client Name:Session #] Printer Name
• [User Name:Session #] Printer Name
• Printer Name [User Name]
• [User Name] Printer Name
Use UNC names to client network
printers
490
Select if you want to use UNC names.
Bandwidth Tab
Use the bandwidth control slider to limit the amount of bandwidth consumed for
printing purposes with each user session on the RD Session Host. The range is
between 5 Kbps and 2 Mbps.
491
Upgrade Tab
Auto Client Upgrade Options can be used to upgrade older versions of the
universal print driver on the client device with a newer one. To enable this
capability, select Automatically upgrade clients to new version, and enter
the path and file name of the Universal Printers client installer package in the
input box, or browse to it by clicking the folder icon. This location needs to be
the same on the local computer of each server running the server.
You should not select this option if you are using vWorkspace Enterprise or
Desktop Services editions, as the universal print driver is already built into
the vWorkspace client.
492
Logging Tab
The settings on this tab are used to enable trace logging for universal print driver
printers and the Print Monitor. If options are enabled, use the input boxes to
enter or browse to identify the path and file name of log files.
This tab is primarily used by Quest vWorkspace Support to assist in
troubleshooting.
493
License Tab
The License tab is only used when the universal print driver has been purchased
on a per server basis and is not using concurrent user licensing modes.
494
Server Farm Tab
The Server Farm tab is used to propagate property settings to other servers
within your server farm.
UNIVERSAL PRINTER
PROPERTIES SERVER
FARM TAB
Server Types
DESCRIPTION
Filters the display of servers by type. Available types
include:
• Terminal Servers
• vWorkspace Servers
• Custom Server List
Propagate
When selected, the universal printer settings are
propagated to all the servers that were selected.
495
Notification Tab
The Notification tab is used when administrators want a customized print
notification to be sent to user sessions.
UNIVERSAL PRINTER
PROPERTIES NOTIFICATION
TAB
DESCRIPTION
Display notification below
when printing
Select this option for a printing notification
message.
Title
Type the text that is to be displayed on the title
bar of the message window.
Message
Type the text for the print notification message.
496
PDF Publisher
This option enables the creation of a PDF file of any print job that is sent to the
PDF printer.
UNIVERSAL PRINTER
PROPERTIES PDF
PUBLISHER
DESCRIPTION
Create the Universal Printer
PDF Publisher on this server
When selected, autocreates a PDF Publisher
printer for each user session on this server.
Show Universal Printer PDF
Publisher menu items on
client
When selected, a PDF publisher options menu
item is added to the Universal Printers section of
the PNTray context menu.
Universal Printer Client Properties
The Universal Printer Client Properties is installed as part of the client installation
and is used to set various printing options. The Universal Printer Client
properties apply only to autocreated client printers, and not to Universal Printers
assigned by the vWorkspace Management Console.
497
The Universal Printer Client Properties can be accessed in Control Panel, from
the Start option, or from the PNTray as a context menu option once a session
to a RD Session Host has been established.
The tabs and options available on the Universal Printer Client Properties window
are described below.
UNIVERSAL PRINTER CLIENT PROPERTIES GENERAL TAB
Auto-Create Options
• Auto-create default printer only— Creates
a printer mapping to the default printer only,
on the client device.
• Auto-create local printers — Creates a
printer mapping for each local printer defined
on the client device.
• Auto-create network printers — Creates a
printer mapping for each network printer
defined on the client device.
• Auto-create specified printers only —
Creates only the printers selected by the user.
498
Performance Options
• Use Printer Properties Cache — Allows
printer properties from previous sessions to
be cached and used, instead of having to
reenumerate them each time a session is set
up.
UNIVERSAL PRINTER CLIENT PROPERTIES BANDWIDTH TAB
Enables the user to specify the amount of bandwidth available for printing.
UNIVERSAL PRINTER CLIENT PROPERTIES LOGGING TAB
Enables logging for troubleshooting purposes.
Universal Network Print Services
Universal Network Print Services enhances the user’s print experience and
simplifies network printer manageability in vWorkspace environments by
automatically creating shared network printer mappings throughout a
distributed enterprise, using a single universal print driver.
The following Universal Network Print Services printing options are available for
installation on Windows based network print servers:
•
Universal Network Print Server Extensions — Installs on existing
dedicated Windows network print servers. Eliminates the need of
installing large numbers of drivers on Remote Desktop Session Hosts
and managed computers by using a single universal print driver to
create shared network printers. Also improves network print
performance by taking advantage of the highly efficient compression
engine found in the vWorkspace Universal Print Driver.
•
Universal Print Relay Service for Remote Sites — Installs on
remote site and branch office network print servers and works in
conjunction with Universal Network Print Server Extensions to extend
the benefits of the universal printing architecture across the
enterprise. Includes encryption, compression, and bandwidth usage
control for high performance and security.
These options enable file servers to efficiently store user profile settings and
enhance the accessibility to corporate and remote site print servers through
autocreating and sharing network printers using a single universal printer.
499
Universal Network Print Server Extensions Option
The Universal Network Print Server Extensions option is used to install the
universal print driver onto Microsoft Windows print servers. This option
eliminates the need for brand specific print drivers to be installed onto RD
Session Host and hosted desktops; instead using a single, universal print driver.
This option can also be used along with the Universal Print Relay Service for
Remote Sites to further optimize the printing process.
How to ...
•
Setup Universal Printers
•
Add Network Printers
•
Assign Printers to Clients
•
Universal Print Relay Service for Remote Sites
Setup Universal Printers
500
1.
2.
Expand the Resources node, and then click Printers.
3.
Click Manage Print-IT Printers on the toolbar of the information
pane. It is the computer icon with the letter U.
4.
Click Add on the Print-IT Servers on the Manage Print-IT Printers
window.
5.
Type the NetBIOS name or IP address of the Windows print server or
browse to it by using the ellipsis on the Add Print Server window.
6.
Click Add below the Print-IT Printers section to select printers to be
created as Print-IT printers.
7.
Browse to the Microsoft Windows Network and select the printer or
printers in the Select Network Printer window.
You may select printers shared from any Windows server, not just
those with Print-IT installed on them.
Use Ctrl to make multiple selections.
8.
Click Close to complete the task.
Add Network Printers
If a device or print feature is incompatible with Universal Printers, use the
following steps to configure autocreation of network printers using their native
drivers.
1.
2.
3.
Click Manage Network Printers on the toolbar of the information
pane. It is the computer icon with the letter N.
4.
Click Add on the Print Server frame on the Manage Network Printers
window.
5.
Type the NetBIOS name of the Windows print server or use the
ellipsis to browse to it, on the Add Print Server window.
6.
To select printers to be autocreated, select the desired server from
the list in Print Servers.
7.
Select each print to be autocreated in Shared Printers on.
501
8.
Click Close to complete the task.
Printers created using native Microsoft Windows print drivers are named
using the names that appear in the Printer and Faxes folder of the client
device. However, once they are added to the vWorkspace database, the
name can be changed.
Assign Printers to Clients
Universal printers and Network Printers must be assigned to vWorkspace clients
before they can be autocreated.
1.
2.
3.
Click Toggle Client Assignment List Display on the toolbar of the
information pane to change the layout.
4.
Select a printer or printers from the list of Network Printers or
Universal Printers.
You may select printers shared from any Windows server, not just
those with Universal Printers installed on them.
5.
Use Assign to assign the printers to clients.
6.
Click OK to close the Select Clients window.
Universal Print Relay Service for Remote Sites
Universal Print Relay Service for Remote Sites is a WAN-optimized
adaptation of the vWorkspace Universal Network Print Services.
Organizations with geographically disbursed offices containing one or more local
print servers can use Universal Print Relay Service for Remote Sites to
allow their branch office users to access and print from server based applications
hosted at the central office.
Application service providers (ASP) might also use this service to deliver
bandwidth efficient printing capabilities to their customers over private links,
Internet, and VPN connections.
The advantages of using Universal Print Relay Service for Remote Sites
include:
•
502
Clientless printing — The client software does not need to be
installed on the remote clients; only Universal Print Relay Service for
Remote Sites needs to be installed on the remote site print servers.
•
Bandwidth management — The print streams are sent on a WAN
link at a preset rate, specified in Kbps, to prevent a print job from
consuming all the available bandwidth.
•
Size optimization — The print streams produce as small as 10
percent of the size of conventional PCL or Postscript print jobs using
techniques such as intelligent/partial font embedding, duplicate
image removal, and dynamic compression.
The process of deploying the Universal Print Relay Service for Remote Sites
involves the following items:
•
Install the Universal Print Relay Service for Remote Sites on the
print servers at each remote site.
•
Use the Universal Printer Site Relay Control Panel applet to configure
network communication parameters and identify the printers that are
to be exported to vWorkspace clients when connecting to a
vWorkspace RD Session Host.
•
Import the exported network printers from each remote site. Each
imported printer is created as a universal printer and shared from a
designated print server.
•
Assign the printers to the appropriate vWorkspace clients.
Mutual machine level authentication can be configured using an assigned shared
pass phrase. Once authenticated, the Universal Printer Site Relay server and
Universal Network Print server can encrypt the print data before it is passed
across the WAN link, eliminating the requirement for complex Windows or
Kerberos trust relations and obtaining commercial server certificates.
Universal Print Relay Service for Remote Sites can be configured to use any
port that security administrators allow to be open on the firewalls.
How to ...
•
Configure Universal Print Relay Service for Remote Sites
•
Add Remote Relay Servers
•
Import Remote Printers
503
Configure Universal Print Relay Service for Remote Sites
1.
Open the Quest Universal Printer Site Relay applet from the Control
Panel. The system opens the Universal Printer Site Relay Properties
window.
2.
Complete the following information on the General tab.
Remote Site Relay Information
This section is used to configure the network communication
protocol and security used by Universal Print Relay Service for
Remote Sites on this server.
TCP Port
Enter a port number.
Default is 82.
Secret Pass Phrase
Enter a secret pass phrase for
mutual machine level
authentication when Use
Encryption is selected.
A maximum of 20 alphanumeric
characters is allowed.
504
Use Encryption
Select for encryption between
the Universal Printer Site Relay
server and the Universal Printers
print server.
Bandwidth Control
Select the maximum amount of
network bandwidth allowed for
passing print data to an exported
printer on the Universal Printer
Site Relay server from a server.
The bandwidth limit is set on a
per exported printer basis,
allowing each printer to receive
the maximum bandwidth limit.
3.
Complete the following information on the Export List tab.
a) Select the printer or printers to be exported.
The list of printers that appear here are the ones that
have been installed and shared on the Universal Printer
Site Relay server.
b) Select Properties to set printing preferences for each printer.
c) Select Use Printer Properties Cache, if appropriate.
505
4.
Complete the Logging tab if you need to enable trace logging for
troubleshooting.
5.
Click OK.
After making configuration changes using the Universal Printer Site Relay
Control Panel applet, it may be necessary to restart the vWorkspace
Universal Printer Site Relay service for the changes to be implemented.
Manage Relay Servers
Once Universal Printer Site Relay servers have been configured, their exported
printers can be imported into the vWorkspace infrastructure database. In
addition to creating a database object representing each printer, the import
process also creates and shares a new printer using the universal print driver on
the designated print server.
Add Remote Relay Servers
506
1.
2.
Expand the Resources node, and then select Printers.
3.
Click the Manage Print-IT Printers icon from the toolbar of the
information pane.
4.
Click Site Relay on the Manage Print-IT Printers window.
5.
Select the Manage Relay Servers tab.
6.
Click Add.
7.
Enter the name or IP address of the Universal Printer Site Relay
server to be added or browse to select it using the ellipsis, and then
click OK.
8.
Select Add new site on the Add Relay Server window, and then click
OK.
9.
Enter the name for the new site on the New Printer Relay Site
window, and then click OK.
10. Enter the two letter suffix to be used to identify the site, and then
click OK.
11. Enter and confirm the secret Pass Phrase to be used for
authentication to the Print-IT Remote Site Relay server, and then
click OK.
12. Set the TCP Port number to the appropriate value.
13. Set the Bandwidth limit for printing.
The bandwidth value that is the lowest, either on the relay server or
the print server, is the value that is used.
14. Repeat step 6 to step 11 for each additional remote Universal Printer
Site Relay servers.
15. Click OK to complete the task.
Import Remote Printers
1.
2.
Expand the Resources node, and then select Printers.
3.
Click the Manage Print-IT Printers icon from the toolbar of the
details window.
4.
Click Site Relay on the Manage Print-IT Printers window.
5.
Select the Import Remote Printers tab.
6.
Select the Universal Printer Site Relay server that is to be used to
import the Relay Sites and Relay Servers listed.
7.
Select the server from the list of Print-IT Servers in which the
imported printers are to be created.
8.
Click Import Now to start the import process.
9.
Review the message box confirming the import process has been
initiated, and then click OK.
10. Click Close to close the Print-IT Relay Servers window.
11. Click Close on the Manage Print-IT Printers window.
507
Printers Window in vWorkspace
Management Console
Once printers have been added to the vWorkspace Management Console, you
can change the printer properties, assign printers to users, and view the printers
by using the following path:
vWorkspace Management Console| Resources |Printers
The Printers window in the details pane includes information such as:
•
Listing of the network printers, as well as the universal printers.
•
Naming conventions for the printers are as follows:
•
508
•
Universal printers are designated with a (U) after their name.
•
Printer names that are relay site related appear with the
administrator designated two digit suffix.
Printer properties for the printers can be viewed and edited by
right-clicking on the printer.
Assign Remote Printers to Clients
Printers imported from Universal Printer Site Relay servers are assigned to
vWorkspace clients in the same manner as Universal Printers and Network
Printers. Imported printers are listed under Universal Printers on the details
pane of the Resource | Printers section of the vWorkspace Management
Console, and have the two letter remote site suffix appended to their names.
1.
2.
Expand Resources, and then click Printers.
3.
a) Right-click on the printer in the navigation pane to which users are
to be assigned, and select Assign option.
b) Highlight the printer in the navigation pane, and then click the
Assign icon, which is the plus sign inside a blue circle.
4.
Select the client or clients for the assignment from the list, and then
click OK.
You can multiselect by using the Ctrl button.
Universal Printer Properties
The properties for a Universal printer can be set by the vWorkspace
administrator.
View and Edit Universal Printer Properties
1.
2.
3.
4.
Right-click the printer from the list of Universal Printers.
5.
Select Properties from the context menu to view and edit the
properties.
6.
On the General window, change the printer name, as appropriate,
and then click Apply.
7.
Select PDF or EMF on the Data Format window, and then click Apply.
509
8.
Select the image compression options of the Performance Options
window, and then select Apply.
The options presented depend on the Print Data Format selected. For
PDF format the available options are:
•
B & W Image Compression
•
Color Image Compression
•
Color Image Quality Level
•
Duplicate Images Removal
For EMF format, the available options are:
9.
•
Data Compression Level
•
JPEG Image Compression Level
Change the client assignments, as appropriate, and then click Apply.
10. Change permissions as appropriate, and then click Apply.
11. Click OK to complete the task and save changes.
– OR –
Click Cancel to close without saving the changes.
510
Network Printer Properties
The properties for a Network printer can be set by the vWorkspace
administrator.
View and Edit Network Printer Properties
1.
2.
3.
4.
Right-click the printer from the list of Network Printers.
5.
Select Properties from the context menu to view and edit the
properties.
6.
Change the client assignments, as appropriate, and then click Apply.
7.
Change permissions as appropriate, and then click Apply.
8.
Click OK to complete the task and save changes.
– OR –
Click Cancel to close without saving the changes.
511
Virtual User Profile Management
Quest vWorkspace Virtual User Profiles (MetaProfiles-IT) is an alternative
to roaming profiles. Virtual User Profiles eliminate potential profile corruption
and accelerate logon and logoff times by combining the use of a mandatory
profile with a custom persistence layer designed to preserve user profile settings
between sessions.
The following is a list of the features and benefits of Virtual User Profiles:
•
Assign Virtual User Profiles for both RD Session Host and computer
groups.
•
Combines the persistence of a conventional roaming profile with the
speed and robustness of a mandatory profile.
•
Achieves unprecedented logon speeds and stability levels (time to
load mandatory profile + 1- 2 seconds).
•
Multiple profile data sets per user account to satisfy multifarm and
server silo requirements.
•
Data sets can include HKCU registry subkeys and special folders.
•
Data sets can be merged into mandatory profiles, synchronously or
asynchronously.
•
Data set sizes are typically around 50-200KB.
•
Users do not require access permissions to the file servers storing the
data sets.
•
Temporarily use with local or roaming profiles, which is useful if
current profiles contain user settings that must be preserved upon
permanently switching to mandatory profiles.
•
No scripting required.
•
Relies on Windows events such as Logon, Logoff, Connect, and
Disconnect.
•
Database driven management console.
Virtual User Profiles may be temporarily used in conjunction with existing local
and roaming profiles until the relevant data has been completely exported from
these profiles. Users whose data has been exported can then be reconfigured to
use a mandatory profile.
Virtual User Profiles does not support roaming between different generations
of Microsoft Windows. For example, a user cannot roam from an Microsoft
Windows XP computer, and then log on to a Microsoft Vista computer and
have their profile follow them, as XP and Vista are not the same generation.
512
There are three components of Virtual User Profiles:
•
User Profile Storage Server — This option is part of the Peripheral
Server Extensions and is only available if RD Session Host is not
detected.
•
User Profile (Agent for Session Hosts) — This option installs on
Session Hosts. Once installed, it creates the Quest User Profile Agent
service.
•
User Profile (Agent for Desktops) — This option installs on
Desktops, using Virtual Desktop Extensions (PNTools). See Virtual
Desktop Extensions (PNTools) for more information.
How Virtual User Profiles Work
The following describes how Virtual User Profiles simulates roaming profiles
during user logon and logoff.
1.
User accounts are reconfigured to use a small-size mandatory
profile. This mandatory profile is typically stored locally on each
Remote Desktop Session Host.
2.
One or more file servers are designated as storage servers for
storing user data sets, subset of HKCU and non-redirected shell
folders. These file servers run a very low overhead service dubbed
the User State Management Storage Service (User Profiles Storage
Service).
3.
All Session Hosts must run the User Profiles Agent Service. A RD
Session Host running the Agent Service is typically referred to as an
Agent Server.
4.
Using the vWorkspace Management Console, the administrator
specifies all the relevant HKCU subkeys and non-redirected special
folders that must persist from one logon to the next. Additional
properties are also set to specify the scope of the subkey or folder to
either Global or Silo specific.
A Global setting is to be used when the registry subkey or folders are
located on every server.
A Silo setting is to be used when the registry subkey or folders are
only located on a few specified servers, and those servers are grouped
together to create a silo.
5.
When a user logs off, the User Profiles Agent Service exports all the
relevant subkeys and folders specified by the administrator. The
Agent Service then compresses the exported data and sends one or
two compressed files (global, silo, or both) to the storage server.
513
6.
When a user logs on again, the Agent Service requests the
previously exported data from the storage server. It then
decompresses the data and merges the subkeys and folders into the
mandatory profile.
7.
Compressed files are stored on the storage server and named
according to the user’s account SID.
Virtual User Profiles Properties
Virtual User Profiles Properties are used to define such things as storage servers,
assign compression levels, define silos, and assign permissions to users so that
they can be allowed to or denied access to adding, modifying, or deleting Virtual
User Profiles.
Virtual User Profile properties can be configured after components have been
installed on the appropriate servers. User Profiles can be accessed by
expanding the Resources node of the vWorkspace Management Console. Then,
the Properties menu option is available one of the following ways:
•
Highlight User Profiles and click on the Properties icon in the toolbar.
•
Right-click on User Profiles and select Properties.
The following is a list of properties that can be configured.
514
•
General
•
Storage Servers
•
Silos
•
Permissions
General
GENERAL
PROPERTY
DESCRIPTION
Compression
Level
The level of compression used when storing user profile
element data to the storage server.
The options are:
• High
• Medium
• Low
• None
Log Level
The level of logging that takes place inside of the profile.
The options are:
• Detailed
• Basic
Refresh Interval
The interval, in minutes, that checks are made for User Profiles
configuration changes.
515
Storage Servers
A Storage Server is a Windows file server running the Quest vWorkspace User
State Management Storage Service (User Profiles Storage Service). This service
receives and stores the user’s compressed data subset from the Quest
vWorkspace User Profiles Agent service running on the Session Host when the
user logs off.
It also retrieves the user’s compressed data subset and sends it to the Quest
vWorkspace User Profiles Agent service when the user logs on. The User Profiles
data subsets are typically in the range of 50 to 200 KB per user.
User State Management Storage Service should be installed on a Windows
server that is configured and optimized as a file server. This service is
unavailable for installation if the vWorkspace installation program detects that
Session Host (Application Server Mode) is installed on a Windows server.
516
STORAGE SERVER PROPERTIES
DESCRIPTION
Server Name
The NetBIOS name of the computer which
vWorkspace User State Management Storage
Service has been installed.
Note: The storage server name cannot
include: , \ * + = | : ; ? < > " <space>.
Base Folder
The root or base folder where the user profile
element data is stored. The specified folder is
created if it does not already exist.
Default value is C:\UserProfiles.
Global Folder
The name of the folder where the profile
elements defined as global is copied. This folder
is created as a subfolder of the Base Folder.
Default is Global.
TCP Port
The TCP listening port that the vWorkspace
User State Management Storage Service is
configured to listen on.
Default value is 5206 if you installed using the
Simple type of installation.
Silos
A silo is a logical group of Session Hosts that have a common role or purpose,
and have Virtual User Profiles installed on them. Exportable registry subkeys and
shell folders can be marked for the Scope of Silo specific.
At least one Silo must be defined, or profile storage fails.
The Silo Wizard is used to create silo groups. To open the Silo Wizard, do one of
the following:
•
Expand Resources in the vWorkspace Management Console, and
then right-click on User Profiles and select Properties. Click Silos
from the left pane, and then click New.
517
•
Expand Resources in the vWorkspace Management Console, and
then highlight User Profiles. Select the green plus icon from the
toolbar or the information pane to open the Registry Key Properties
window. Change Scope to Silo, and then click the Edit Silos.
Before a Session Host can participate in a silo, the Virtual User Profiles
component must be installed on the server.
To complete the Silo wizard, do the following:
1.
Click Next on the welcome window.
2.
Enter a name for the Silo on the Silo Name window, and then click
Next.
3.
To add Session Hosts:
a) Click Add Session Hosts.
b) Expand the location and select the Session Host or Session Hosts
that are to be added to this silo, and then click OK.
c) Click Next on the Members window to continue the Silo wizard.
Session Hosts can only be added to one silo at a time.
4.
To add computer groups:
a) Click Add Computer Groups.
b) Expand the location and select the computer group or groups that
are to be added to this silo, and then click OK.
c) Click Next on the Members window to continue the Silo wizard.
Computer groups can only be added to one silo at a time.
5.
518
Specify the User State Management Storage Service from the list,
Silo properties can be edited from the User Profiles | Properties option, as
well as from an individual Virtual User Profile by using the Properties button.
519
Permissions
Permissions enable administrators to allow or deny actions for activities within
the vWorkspace Management Console. Users and groups of users who are
selected as system administrators have implicit allow permissions for all actions,
and may add and remove other system administrators.
See Administration for more information on using permissions.
Configure Virtual User Profiles
The following items must be configured to use Virtual User Profiles:
520
•
Virtual User Profiles Properties
•
Mandatory Virtual User Profile
How to ...
Configure Virtual User Profiles Properties
1.
2.
Expand the Resources node, and then highlight User Profiles.
3.
Do one of the following to open the User Profiles Properties window:
•
Right-click on User Profiles and select Properties.
•
Highlight the User Profiles option, and then select the Properties
icon from the toolbar.
4.
Define the Compression level, Log level, and Refresh interval as
appropriate on the General window, and then click Next.
5.
Define Storage Servers by clicking New on the Storage Server
window and then do the following:
a) Enter a name for the Storage Server, and then click OK.
b) Click in the columns on the ellipsis to change the Base Folder,
Global Folder, and TCP Port settings.
Base Folder is to where the profiles are saved. It should be a local
path on the server.
Global Folder is the name of the folder for Global settings/profiles.
521
6.
Setup Silos by clicking New on the Members window, and then do
the following:
a) Click Next on the Welcome window of the Silo wizard.
b) Enter a name for this silo group, and then click Next.
c) Click Add Session Hosts or Add Computer Groups to define the
silo. Select the appropriate Terminal Server or computer group
from the Select window, and then click OK.
Session Hosts and computer groups can only be added to one silo at
a time.
d) Click Next on the Members window.
e) Select the User Profile Storage Server from the list, and then click
Finish.
The silo you just added appears on the list.
f) Click Next on the Silos window.
7.
522
Specify the Auto-Save setting, as appropriate, and then click Finish
to close the Silo Wizard and return to the User Profile Properties
window.
Mandatory Virtual User Profile
It is recommended that you use mandatory virtual user profiles in conjunction
with Virtual User Profiles. When creating a mandatory virtual user profile,
consider the following:
•
Use a specialized local or domain user account for purposes of profile
management.
•
Create the mandatory virtual user profile in which users are logging
in to on one of the Session Hosts.
•
Make the mandatory virtual user profile as generic as possible.
•
Use Virtual User Profiles, User Environment Control (Manage-IT), and
other management features within the vWorkspace Management
Console to control user profiles.
•
Remember to rename ntuser.dat to ntuser.man to make the HKCU
registry hive mandatory (read-only).
•
Use the System Control Panel applet to copy the mandatory user
profile to the target Session Hosts and set Permitted to Use to
Everyone.
•
Add a MAN extension to the root folder name of the mandatory user
profile to make it read-only (use folder redirection user profile
elements with Virtual User Profiles to give users write access to
needed folders).
•
Assign the mandatory virtual user profile to the appropriate user
accounts in Active Directory.
Assign Mandatory Virtual User Profiles
After the mandatory profile has been created and copied to all servers in the
Session Host group, it then must be assigned to the appropriate user accounts.
When specifying the profile path keep the following in mind:
•
The path should be expressed as a local file system path, not a UNC
path.
•
Variables such as %SystemDrive% can be used.
•
Do not add the user account name or %username% at the end of the
path.
523
•
Use the Terminal Services Profile tab rather than the Profile tab
of User Properties.
•
Path cannot be set using Active Directory Group Policy as it requires
using a UNC path and automatically appends %username% to end of
path.
How to ...
Modify a User’s Profile Path in Active Directory
1.
Open Active Directory Users and Computers MMC snap-in.
2.
Locate the user object that is to be modified using Browse or Find.
3.
Right-click on the user object, and then select Properties.
4.
Click on the Terminal Services Profile tab.
The Terminal Services Profile path can be set via Active Directory
Group policy if the domain controllers are Windows Server 2003
Service Pack 1 and appropriate hotfixes have been applied.
5.
In the Profile Path box, enter the local file system path to the
mandatory user profile.
6.
Click OK.
Visual Basic scripting can be used to automatically modify the profile path for
existing users. The sample below is from Microsoft TechNet Script Center
Library.
Define Virtual User Profiles
Virtual User Profile Elements determine which keys in the HKEY_CURRENT_USER
registry hive are exported and saved on the User State Management Storage
Service.
524
Normally, when using a mandatory user profile, a user or applications being used
cannot save changes to ntuser.man, the file that makes up the user’s
HKEY_CURRENT_USER registry hive. User preferences and other user specific
application settings are not saved. However, the user and applications being
used by the user can modify any of the keys that have been exported.
It is important for the vWorkspace administrator to accurately determine all the
HKEY_CURRENT_USER keys the user might need to modify, and then define
them as User Profile Elements to be exported.
If registry subkeys and folders are only located on a few specified servers, then
those servers should be grouped together into a single silo and the registry
subkey should be marked Silo. For example, if Microsoft Office is only installed
on some Session Hosts in the farm, then it makes sense to only import and
export the registry subkey HKCU\Software\Microsoft\Office when users
access those servers.
Or, if registry subkeys and folders are located on every server, such as if Adobe
Acrobat Reader is installed on all the Session Hosts, then it makes sense to
always import and export the registry subkey
HKCU\Software\Adobe\Acrobat Reader and select Global as the Scope.
There are two ways to configure user profiles in vWorkspace:
•
Manually Configure User Profiles
•
Import and Export User Profiles
The vWorkspace Management Console is used to add, edit, and remove user
profile items. There are default profile items for some commonly used profile
items to assist administrators in getting started setting up user profiles.
Manually Configure User Profiles
In the vWorkspace Management Console, the Resources | User Profile node
can be used to configure user profiles. Select the green plus sign to start the
User Profile Wizard and complete the user profile elements. You can also
right-click on any of the default user profiles and assign them to the appropriate
targets.
Special Folder User Profiles determine which folders within the user’s profile
are exported and saved on the User State Management Storage Server. As with
registry keys, any folders or applications being used need change permissions
to be exported.
525
This mechanism offers control over a broader selection of folders, and higher
levels of compression for increased performance and reduced storage
requirements.
Each User Profile element has the following properties associated with it.
USER PROFILE ELEMENT
PROPERTY
DESCRIPTION
Category
A user definable name used to associate one or
more user profile elements with each other.
Type & Location
This setting is used to define the User Profile
element being configured as either a Registry
Key or a Special Folder.
The Registry Key input box used to specify which
registry key or special folder is to be exported.
526
USER PROFILE ELEMENT
PROPERTY
Logon Processing
DESCRIPTION
If this setting is Synchronous, all elements must
be retrieved and merged before the user’s Window
desktop is presented.
If this setting is Asynchronous, not all registry
keys, files, and folders need to be present prior to
the presentation of the user’s Window desktop.
Profile Persistence
This setting is used to specify when the user
profile service saves modified profile data to the
storage servers.
• At a specified interval (auto-save) — Data
is periodically save to the storage servers
based on a specified interval. The interval
used is specified in the silo properties.
• At logoff only
Scope
This setting specifies if the User Profile element is
applied on a Global or a Silo basis.
• Global is all Session Hosts in the vWorkspace
infrastructure.
• Silo is only those that are members of a
specified Session Host group. If Silo is
selected, a Silo input box appears.
See Silos for more information on defining
Silos.
Client Assignments
This setting is used to specify the clients to which
the user profile is to be assigned.
Permissions
This setting is used to specify permissions for this
user profile item.
How to ...
•
Define a Registry Key in User Profiles
•
Define a Special Folder User Profile Element
527
Define a Registry Key in User Profiles
1.
Open the vWorkspace Management Console from the desktop of a
Session Host that is known to have the appropriate body of registry
keys.
2.
Expand the Resources node, and then select the User Profiles.
3.
Right-click User Profiles, and then select New User Profile.
Alternatively, you can select the New icon, which is the green plus
sign (+) in the information pane or the toolbar, or from the Actions
menu item.
4.
Click Next on the welcome window of the User Profile wizard.
5.
Type a new Category name or select an existing one from the list,
This is used only for organization within the console.
If there are no categories in the database, the drop-down list is
empty. Once you create a category, it becomes available from the list.
528
6.
On the Type & Location window, select Registry Key, and then enter
the desired Registry Key path and name or use the ellipsis to
browse to it. Click Next.
7.
Select Asynchronous or Synchronous in the Logon Processing
8.
Select one of the settings to specify when modified profile data is to
be saved on the Profile Persistence window, and then click Next.
529
9.
Select Global or Silo on the Scope window. If Silo is selected, use
the Silo field to identify the group that will use this profile element or
click Edit Silos to add a new silo.
See Silos for more information on adding silos.
10. To assign this User Profile to a user, complete the Client
Assignments window as appropriate, and then click Next.
11. To assign permissions to this User Profile, complete the Permissions
window as appropriate, and then click Finish.
Define a Special Folder User Profile Element
530
1.
Open the vWorkspace Management Console from the desktop of a
Session Host that is known to have the appropriate body of registry
keys.
2.
Expand the Resources node, and then highlight the User Profiles
node in the navigation pane.
3.
Select New User Profile from the context menu of User Profiles,
or click the New icon, which is the green plus sign (+) in the
information pane toolbar.
4.
Click Next on the welcome window of the User Profiles wizard.
5.
Type a new Category name or select an existing one from the list,
This is used only for organization within the console.
If there are no categories in the database, the drop-down list is
empty. Once you create a category, it becomes available from the list.
6.
On the Type & Location window, select Special Folder, and then
enter the desired Special Folder path and name or use the ellipsis
to browse to it.
7.
Click Next.
8.
Select Asynchronous or Synchronous in the Logon Processing
9.
Select one of the settings to specify when modified profile data is to
be saved on the Profile Persistence window, and then click Next.
531
10. Select Global or Silo on the Scope window. If Silo is selected, use
the Silo field to identify the group that will use this profile element or
click Edit Silos to add a new silo.
See Silos for more information on adding silos.
11. To assign this User Profile to a user, complete the Client
Assignments window as appropriate, and then click Next.
To assign permissions to this User Profile, complete the Permissions window as
appropriate, and then click Finish.
Import and Export User Profiles
vWorkspace administrators can use an XML file to import and export profile
items. The ability to import and export through an XML file allows the
vWorkspace community to share profile items that can be used for specific
purpose with other administrators.
Administrators must have User Profile add permissions to import XML files, but
no special permissions are necessary to export an XML file.
To import or export an XML file, locate User Profiles under the Resources node
in the vWorkspace Management Console. You can select the import or export
XML icon from the right-pane, or by right-clicking on a profile item and select
Import from XML or Export to XML from the menu options.
532
Import an XML File
After selecting to import an XML file, you need to confirm that you are about to
import user profile items. Once the import process has completed, another
window displays the number items found and the number items imported.
The default folder location for the XML file is My Documents.
Export to an XML File
After selecting to export an XML file, the default location, My Documents folder,
opens and includes the default file name, UserProfileItems.xml.
By default, version number attributes are not written to the export file. To add
a version to an export file item, select SHIFT+CTRL and Export to XML at the
same time.
XML File Format
In addition to the default user profiles that are found in the vWorkspace
Management Console, administrators can also manually add items to an XML
file.
The user profile settings of Scope and Profile Persistence are not exported.
During the import process, the value for Scope defaults to Global, and the value
for Profile Persistence defaults to Logoff only. These settings can be manually
set after importing.
The following table displays the XML format used in user profiles.
<vWorkspace>
<UserProfiles>
<ProfileItem version="1" type="1" synchronous="1" autosave="0">
<Path>HKCU\Software\Adobe</Path>
<Category>Adobe Reader</Category>
</ProfileItem>
</UserProfiles>
</vWorkspace>
ITEM
TYPE
VALUE(S)
REQUIRED
COMMENTS
vWorkspace
Element
N/A
Yes
Contains the
UserProfiles element.
UseProfiles
Element
N/A
Yes
Contains the
ProfileItem elements.
533
ITEM
TYPE
VALUE(S)
REQUIRED
COMMENTS
ProfileItem
Element
N/A
Yes
Represents a profile
item.
Type
Attribute
Reg key = 1
No, default
is 1.
File path = 2
Synchronous
Attribute
Yes = 1
No = 0
Autosave
Attribute
Yes = 1
No = 0
No, default
is 0.
No, default
is 0.
Path
Element
Contains the
profile item
folder or reg
key.
Yes
Category
Element
User defined
category for
this item.
No
Version
Attribute
<integer 1 to
9999>
No
Reg keys must begin
with HKCU\.
Internal use only, for
auto-load of default
profile items.
EOP (Experience Optimization
Protocol)
The Experience Optimized Protocol (EOP) components address the user
experience challenges of presenting applications and desktops via a remote
display protocol by providing seamless, reliable, high-performance
enhancements to Microsoft’s Remote Desktop Protocol. These enhancements
ensure that your VDI and RD Session Host deployment can deliver on the
promise of virtualization and a true local-desktop experience.
The following features are available through the Experience Optimized Protocol:
534
•
EOP Xtream — Accelerates RDP and EOP traffic on wide area
networks (WANs). This provides for an improved user experience by
providing faster RDP screen responses and improved performance of
all EOP features.
•
EOP MultiMon — Enables support for multiple monitors which is
monitor aware.
•
EOP Audio (Bidirectional Audio) — Enables support for
applications that require the use of a microphone, such as dictation,
collaboration, and certain VOIP applications such as Office
Communicator.
•
EOP Text Echo — Enhances the user experience when typing, if they
are connecting over a high latency network connection. A client
Control Panel applet is used to adjust settings of this feature.
•
EOP Multimedia Acceleration (Media Player Redirection) —
Enables the redirection of Flash content and Microsoft DirectShow
content (anything that can be played in Microsoft Windows Media
Player) from the VDI or Windows RDSH Session through an RDP
Virtual Channel to the client access device, where it is played using
the local compression/decompression technology (CODEC).
•
EOP Graphics Acceleration — Reduces bandwidth consumption and
dramatically improves the user experience, making RDP usable over
WAN connections.
These features can be assigned to Users, Groups, OU, Client IP, Client Device
Name or Advanced boolean targets.
Optimization Settings
The features of EOP are installed by deploying Virtual Desktop Extensions to a
virtual desktop or by installing the vWorkspace Session Host role on a Remote
Desktop Session Host. In the vWorkspace Management Console, administrators
can manage which features govern a user’s connection to the virtual workspace.
The optimizations settings of Graphics Acceleration, Flash Redirection,
Local Text Echo, and Media Player Redirection can be found at the following
locations. The options are set to disabled by default.
•
Using the Quest vWorkspace Remote Desktop Connection
•
Using vWorkspace AppPortal
•
•
•
Experience tab | Optimizations section
Actions | Manage Connections | User Experience
Optimizations section
Using Web Access
•
In the properties of a Web Site| Performance /EOP section
535
EOP Audio
The EOP Audio feature enables users to redirect their audio devices to RD
Session Hosts and hosted desktops to use with applications involving dictation
and for certain VOIP applications. These settings are disabled by default.
This feature does not support Windows COM-based audio API found in some
Windows Vista, Win7, and Win2008 applications. This means that the software
does not work with applications using COM-based API.
•
In the case of upstream audio, the result is the inability of the
application to detect the microphone.
•
In the case of downstream audio, the result is that the sound is
transmitted to the Client computer through the Microsoft RDP audio
drive without using the Quest downstream audio driver.
Microphone sound quality is best with sufficient bandwidth, at least 25 to 30
Kbps, to support the audio channels.
The Connection Policies, Remote Computer Sound option overrides the
setting for Remote computer sound on the Local Resources window in the
AppPortal setup, as well as the Local Resource Settings window in the Web
Access preferences.
536
EOP Audio for the AppPortal can be setup several different ways:
•
Manage Connections | Local Resources
•
Quest vWorkspace Client Remote Desktop Connection | Local
Resources
If you use the setup option of Manage Connections, you need to set Remote
computer sound to Bring to Local Computer and select the Microphone
option.
537
If you use Quest vWorkspace Remote Desktop Connection, set the Remote
computer sound option to Bring to this computer, and select the
Microphone option.
538
The setup option for this feature for the Web Access client is Remote computer
sound, of the Local Resources option.
539
There are additional client side settings in the Quest vWorkspace
Bidirectional Audio, Control Panel applet. Use these settings to further define
quality, network buffering, and microphone settings.
540
EOP Text Echo
The EOP Text Echo (Local Text Echo) feature enables a local presentation of
keystrokes when a user is connecting over a high latency network connection.
The user can type at full speed without waiting for the keystrokes to appear, as
the text appears in a bubble as it is typed.
When a password field is selected and EOP Text Echo opens to show the text
being typed, characters can be shown in clear text revealing a user’s
password. EOP Text Echo does not automatically detect every known
password field. For applications where password fields are not detected, an
Enhancement Request (contact Quest Support) can be made to make sure
the specific password field is enabled in the EOP Text Echo code.
Note that there are some instances where the password fields cannot be
enabled in EOP Text Echo, such as when using a Telnet application through
the Command Prompt.
541
A client Control Panel applet, Local Text Echo Client, is used to change the
default settings, such as the bubble size and latency speed.
A server Control Panel applet, Local Text Echo Server, is used to set a list of
application exclusions for text echo.
542
EOP Multimedia Acceleration
This feature includes the components of Media Player Redirection and Flash
Redirection.
Media Player Redirection
This feature redirects Microsoft Windows Media content through an RDP virtual
channel to the client, where it is played using the local
compression/decompression (CODEC) technology. This enables support for full
fidelity playback of Microsoft Windows Media content.
Media Player Redirection accelerates the delivery of multimedia content such as
recorded webcasts and web-based training from remote virtualized desktops
and applications.
The requirements for media player redirection include:
•
Microsoft Windows Media Player installed on the virtual host (server).
•
All vWorkspace components, including PNTools and the vWorkspace
client need to be on the same version.
•
Microsoft Windows Media Player and proper CODEC to decode the
required media format needs to be installed on the client.
If you are experiencing problems with Media Player Redirection, you
may consider installing a bundle of codecs, such as K-Lite Code Pack.
Flash Redirection
vWorkspace Flash Redirection allows playing of Flash content.
vWorkspace Flash Redirection option needs to be selected as an installation
option. Adobe Flash Player version needs to be installed on the server and client
access device.
The client Adobe Flash player version must match the version (major
versions) that is installed on the server.
If the versions do not match, then the flash content plays without Flash
Redirection.
vWorkspace Flash Redirection supports websites that use asynchronous Java
script for their content.
543
Flash Redirection Windowless Support
Flash Redirection Windowless support allows web sites that use windowless Flash
content to be played properly with vWorkspace Flash Redirection.
Flash Redirection Windowless support is enabled by default. To disable this
feature, you need to change the following registry value.
HKLM\System\CurrentControlSet\Control\Terminal Server\
AddIns\PNFlash
Wndless (Type="integer")=1
Values:
0 = no windowless mode support
1 = windowless mode supported
Flash Redirection Setup
The following outlines the steps for using vWorkspace Flash Redirection.
Define Connection Policies
1.
Open the vWorkspace Management Console and expand Resources.
2.
Highlight the Connection Policies node, and do one of the following:
3.
544
•
Right-click and select New Connection Policy.
•
Click on the New Connection Policy icon on the main toolbar or the
information pane toolbar.
•
Select Actions | New Connection Policy Setting from the main
menu.
Click Next on the Welcome window of the New Connection Policy
wizard.
4.
Enter a name in the Name field, and then click Next.
5.
Define Remote Computer Sound by selecting one of the following
options, and then click Next.
•
Bring to Local Computer
•
Leave at Remote Computer
•
Do Not Play
•
Defer Setting to End User
•
Undefined
6.
Specify the Local Devices settings, and then click Next.
545
7.
Set the options for Flash Redirection as appropriate.
The options for selection are: Yes, No, Defer to End User, or
Undefined.
8.
Assign users to this connection policy property on the Client
Assignments window, and then click Next.
9.
Set permissions, as appropriate, on the Permissions window, and
then click Finish.
Enable Flash Redirection in AppPortal
546
1.
Open the AppPortal.
2.
Select Actions | Manage Connections to open the Farm
Connections wizard.
3.
On the Experience window, select Flash Redirection in the
Optimizations section, and then click OK.
Set Flash Redirection in Web Access
1.
Open the Web Access Management Console.
2.
Select a specific farm or all farms to which graphics acceleration is to
be enabled.
547
3.
Select Performance in the User Experience settings section.
4.
Select Flash Redirection, and then click Save Changes.
EOP Graphics Acceleration
vWorkspace EOP Graphics Acceleration adds additional compression to
Microsoft’s Remote Desktop Protocol (RDP) to dramatically reduce bandwidth
consumption and improve end user experience, making RDP usable over WAN
connections. EOP Graphic Acceleration can be assigned to Users, Groups, OU,
Client IP or Client Device Name.
EOP Graphics Acceleration performs better with applications and documents that
contain a high degree of graphics, and may not perform as well with text based
applications. It is recommended that EOP Graphics Acceleration be thoroughly
tested with each application before implementing in a production environment.
Enabling the vWorkspace EOP Graphics Acceleration feature for specified
applications ensures the benefits of this feature to the end users.
EOP Graphics Acceleration Implementation
In this section, recommended procedures for implementing and using
vWorkspace EOP Graphics Acceleration are discussed. Appropriate testing for
compatibility and performance before implementing into a production
environment is a recommended practice.
548
After the vWorkspace EOP Graphics Acceleration feature has been enabled on
the appropriate managed application, you can set a Connection Policies property
to manage the enabling or disabling of graphics acceleration. Connection Policies
Properties are defined by using Connection Policies in the vWorkspace
Management Console Resources section. The following are the available
Connection Policies.
•
User
•
Group
•
Organizational Unit
•
Client IP/IP Range
•
Client Name/Naming Convention
EOP Graphics Acceleration Registry Settings
Below are two registry settings for EOP Graphics Acceleration that can be used
to set progressive image display and compression quality that can be set per
application.
Altering registry settings should only be completed by an administrator who
understands these types of settings, and your environment should be backed up
prior to changing any registry setting.
HKLM\Software\Provision Networks\Image Acceleration
Note: Progressive Image Display is disabled by default.
ProgressiveUpdate (REG_DWORD): 0 disable progressive update, 1
enable
Jpeg Quality (REG_DWORD): Jpeg quality 20-100 [Note: this
overrides Quality when present]
Jpeg Subsampling (REG_DWORD): 0 4:4:4, 1 4:1:1 (default), 2 4:2:2
Jpeg RGB (REB_DWORD): 1 using RGB instead YCbCr
ExcludedWindows: REG_MULTI-SZ (the window class names to be
excluded in GA)
549
HKLM\Software\Provision Networks\Terminal Server
Note: EOP Graphics Acceleration can be enabled or disabled and set
compression quality per application.
HKLM\Software\Provision Networks\Image
Acceleration\AppList\<executable name>
– OR –
HKCU\Software\Provision Networks\Image
Acceleration\AppList\<executable name>
Enabled (REG_DWORD): 1 Enable GA for this executable, 0 Disable
GA
Jpeg Quality (REG_DWORD): compression quality (20-100)
Note: EOP Graphics Acceleration checks the HKCU AppList first, if the
executable is not on the list, it checks the HKLM settings. If the executable is not
on the HKLM AppList setting, EOP Graphics Acceleration uses the global setting,
HKLM\Software\Provision Networks\Image Acceleration.
EOP Graphics Acceleration Setup
The following procedures outline the steps for using vWorkspace EOP Graphics
Acceleration.
•
Enable EOP Graphics Acceleration Globally
•
Disable EOP Graphics Acceleration by Applications
•
•
Enable EOP Graphics Acceleration in AppPortal
•
Set EOP Graphics Acceleration in Web Access
Enable EOP Graphics Acceleration Globally
550
1.
2.
Highlight on Managed Applications, and then select Properties.
3.
Do the following on the Graphics Acceleration window:
a) Select Enabled on the Graphics Acceleration window.
b) Select one of the image quality options, and then click Apply.
4.
Click OK to close the window.
Disable EOP Graphics Acceleration by Applications
1.
2.
Expand Resources, and then select Managed Applications.
For the purposes of this procedure we are going to disable Graphics
Acceleration on the managed application called Command Prompt.
3.
Select Command Prompt from the list of managed applications.
4.
Open the Managed Applications Properties window by doing one of
the following:
a) Highlight Command Prompt, and then right-click and select
Properties.
– OR –
b) Highlight Command Prompt, and then select the Properties icon
from the information pane.
551
5.
On the EOP Graphics Acceleration window of the Command Prompt,
Managed Application, set graphics acceleration to Disabled.
6.
Click Apply to save the change.
7.
552
1.
2.
Highlight the Connection Policies node and do one of the following:
•
Right-click and select New Connection Policy.
•
Click on the New Connection Policy icon (green plus sign) on the
toolbar or the information pane toolbar.
•
Select Actions | New Connection Policy from the main menu.
3.
Click Next on the Welcome window of the New Connection Policy
wizard.
4.
Enter a name on the Name window, and then click Next.
5.
Define Remote Computer Sound by selecting one of the following
options, and then click Next.
•
Bring to Local Computer
•
Leave at Remote Computer
•
Do Not Play
•
Defer Setting to End User
•
Undefined
6.
Specify the Local Devices settings, and then click Next.
7.
Set the options for Graphics Acceleration as appropriate.
The options for selection are: Yes, No, Defer to End User, or
Undefined.
8.
Assign users to this connection policy property on the Client
Assignments window, and then click Next.
9.
then click Finish.
Enable EOP Graphics Acceleration in AppPortal
1.
Open the AppPortal.
2.
Select Manage Connections.
553
3.
On the User Experience window, select Graphics Acceleration in
the Optimizations section, and then click OK.
Set EOP Graphics Acceleration in Web Access
554
1.
Open the Web Access Management Console.
2.
Select a specific farm or all farms to which graphics acceleration is to
be enabled.
3.
Select Performance in the User Experience settings section.
4.
Select Graphics Acceleration, and then click Save Changes.
EOP Xtream
The patent-pending technology, Quest EOP Xtream, accelerates RDP and EOP
traffic on wide area networks (WANs). This provides for an improved user
experience by providing faster RDP screen responses and improved performance
of all EOP features.
Quest EOP Xtream is specifically designed for users on WAN links with modest
to high round trip latency. For example, the typical amount of latency that is
common when connecting from the United States to Europe. Quest EOP Xtream
is also effective on WAN links that are much closer, such as a VPN link from a
home to a corporate office in the same city.
Quest EOP Xtream operates transparently to the users. Quest EOP Xtream is
enabled with RDP pass-through mode configured by default.
555
Latency Effectiveness
Quest EOP Xtream is specifically designed for users on WAN links with modest
to high round trip latency. Quest EOP Xtream is not recommended for LAN traffic
or WAN traffic with low latency. The recommended network conditions listed
below are guidelines. Network type, packet loss, and other factors impact the
effective useful range of Quest EOP Xtream.
•
Typical effective round trip latency: 30ms-400ms.
Quest EOP Xtream is designed to improve performance of screen updates
and other EOP features. Quest EOP Xtream is not designed to reduce the
effect of keystroke latency (echo) commonly observed on WAN links that
exceed 200ms of latency. The Quest vWorkspace EOP feature, EOP Text
Echo, is designed to lessen this effect.
Firewall Considerations
The Quest EOP Xtream Server listens on TCP port 3389 (RDP port). No additional
configuration is needed, as the Windows firewall port 3389 is automatically
opened. This functionality is enabled by RDP Pass-Through mode.
Configure Quest EOP Xtream
Quest EOP Xtream settings can be altered on the Experience Optimization
window of the computer group or the individual computer Properties window.
Any changes made to the default options require a reboot. The reboot is
automatic in a VDI environment, but requires a manually reboot in an RD
Session Host environment.
556
QUEST EOP XTREAM
SETTING
DESCRIPTION
Enable RDP pass-through mode
Selecting this option allows EOP Xtream to use the
RDP port, eliminating the need to configure
additional firewall settings.
EOP Xtream Port Number
Enter a port number to be used, if other than the
default number, which is 3389.
Note: Any changes made to the default options
require a reboot. The reboot is automatic in a VDI
environment, but requires a manually reboot in an
RD Session Host environment.
Maximum number of
connections
Enter a maximum number of connections.
557
There is also a Connection Policy, WAN Acceleration (EOP Xtream), in the
vWorkspace Management Console. Connection policies are used to define
automatic device connection and optimizations when users log on to the virtual
workspace. Connection policies can be configured, and assignments and
permissions defined. Connection policies are set to Undefined by default.
558
You can also enable EOP Xtream from the following settings:
•
vWorkspace AppPortal, User Experience settings
•
vWorkspace Web Access, Performance settings
559
•
vWorkspace Client Remote Desktop Connection, Experience settings
Settings defined in Connection Policies override any settings made in
AppPortal and Web Access.
A configurable client side timeout is available for the EOP Xtream. The default
timeout is 5 seconds, if no other value is stated in the registry entry.
The registry value that needs to be set is:
HKLM\Software\Provision Networks\PNDNACLI
"ConnectTimeout" (REG_DWORD) = "15"
USB Devices
From headsets to mobile devices, USB devices are frequently used, but can
sometimes be problematic when used in a virtualized environment. However,
with the vWorkspace features of vWorkspace Virtual USB Hub Client and USB-IT,
USB device integration issues can be solved.
560
vWorkspace Virtual USB Hub Client
Quest vWorkspace Virtual USB Hub Client enables the use of virtually any USB
connected device, such as PDAs, local printers, scanners, cameras, and headsets
to be used in conjunction with VDI. Users can connect multiple USB devices, and
then decide which devices to share.
When the Virtual USB Hub Auto-share check box is selected, a confirmation
message box is displayed. The message warns users that auto-share
disconnects devices from the local system, and that most USB keyboards and
mice are automatically excluded from Auto-share.
However, some multi-interface (composite USB) keyboards might not be
automatically excluded from auto-share. These types of devices should be
manually excluded before enabling Auto-share.
The vWorkspace Virtual USB Hub does not generally support Composite USB
devices that include a mouse or keyboard class device. A Composite USB device
is a USB device that is not one entity, but two or more, such as a keyboard with
an integrated mouse or a scanner/printer/fax device. It is important that you
test all composite devices for vWorkspace compatibility on a case by case basis.
Requirements
The vWorkspace Virtual USB Hub is installed on managed computers as a
component of Virtual Desktop Extensions (PNTools). An Enterprise or Desktop
license is also required to use this feature.
vWorkspace Virtual USB Hub Client
The vWorkspace Virtual USB Hub client side contains the following components:
•
Control Panel Applet
•
System tray display
•
Microsoft Windows Service component
561
vWorkspace Virtual USB Hub Client Applet
The vWorkspace Virtual USB Hub Client applet is available from the Control Panel
setting. The client Control Panel applet appears as follows:
Devices Tab
Share
Selecting this option makes the device available to the
server. When a device is shared, it is unavailable to the
client computer.
Unshare
Selecting this option makes the device unavailable to the
server, which makes it available to the client computer.
Exclude
Selecting this option excludes this device from being
shared.
See Note in Auto-connect devices.
Unexclude
562
Selecting this option allows the device to automatically be
shared.
Properties
Selecting this option displays the USB Device Properties
window. The ability to add an optional nickname for the
device is included in the properties.
Information on this window includes:
• Nickname
• Name
• Location
• Serial Number
• Information
• Status
Auto-share devices
Selecting this check box allows the connected devices to
automatically be shared with the server.
Note: If a user is going to select this option and they are
using a USB keyboard or mouse, they need to confirm that
these devices have been excluded before selecting this
check box. The keyboard and mouse might not function
locally on the client while being shared.
Use Taskbar Icon
Selecting this check box allows the system tray to be used.
563
Advanced Tab
Bandwidth Control
Select Bandwidth Control, and then set the
bandwidth control by moving the slider to the
threshold amount.
Compression
Set Compression Type to Zip compression,
and then do the following:
• Move the slider to set the minimum packet
size.
For example, if you set the compression to
1024 bytes, compression occurs only if the
amount is greater than 1024 bytes.
• Enter a number from one to ten in the
Settings field. The setting values are:
1 = best speed
10 = best compression
564
vWorkspace Virtual USB Hub Client System Tray
The client system tray becomes available when the vWorkspace Virtual USB Hub
icon is selected.
Devices are listed with their name, current status, and if they are shared
(indicated with a check mark) or excluded (indicated with an X).
To share a device using the system tray, click on it. To exclude a device using
the system tray, use CTRL + left-click.
The option Advanced is used to display the Control Panel applet.
vWorkspace Virtual USB Hub Client Services
A Microsoft Windows Services option is available for the client side.
565
vWorkspace Virtual USB Hub Server
The Quest vWorkspace Virtual USB Hub server side contains the following
components:
•
Control Panel applet
•
System tray display
•
Microsoft Windows Service component
vWorkspace Virtual USB Hub Server Applet
The server Control Panel applet appears as follows:
Connect
Selecting this option enables the device on the server.
Disconnect
Selecting this option disables the device on the server.
Exclude
Selecting this option excludes the device from being
automatically connected.
See Auto-connect devices.
Unexclude
566
Selecting this option allows the device to be
automatically connected.
Properties
Selecting this option displays the USB Device Properties
window.
Auto-connect devices
Selecting this check box allows devices to be
automatically connected when they are available to the
server.
Use Taskbar Icon
Selecting this check box allows the system tray to be
used.
The Advanced tab on the server Control Panel applet allows you to set a priority
for this service on the server. The setting options are Normal, Low, or High,
and the default setting is Normal.
vWorkspace Virtual USB Hub Server System Tray
The server system tray becomes available when the USB Redirection icon is
selected.
Devices are listed with their name, current status, and if they are shared
(indicated with a check mark) or excluded (indicated with an X).
567
To share a device using the system tray, click on it. To exclude a device using
the system tray, use CTRL + left-click.
The option Advanced is used to display the Control Panel applet.
The server-side system tray appears like this:
vWorkspace Virtual USB Hub Server Services
A Microsoft Windows Services option is available for the server side.
How to ...
Manage USB Devices
The Quest vWorkspace Virtual USB Hub software needs to be installed on the
virtual desktop, in addition to PNTools.
1.
Open the Quest vWorkspace Virtual USB Hub Client Control Panel
applet.
As devices are plugged in, they appear on the device list.
2.
Highlight a device from the list and select one of the options, as
appropriate.
If users are using a USB keyboard or mouse, prior to selecting the
Auto-share devices check box, they need to exclude those devices, If
those devices are not excluded on the list, they do not function on the
client while being shared.
568
Autoexclude any USB Device
vWorkspace can be configured to autoexclude any USB device.
1.
Install this Client version on the user access device. This install can
be completed as a new installation, an upgrade from the previous
Client version, or by uninstalling the previous client version and
installing this client version.
2.
Open the Quest vWorkspace Virtual USB Hub Client from the Control
Panel.
3.
Deselect the Auto-share devices check box, so that devices are not
autoshared.
4.
Plug in the USB device that is to be autoexcluded. The device will be
displayed in the list of devices on the Quest vWorkspace Virtual USB
Hub Client window.
5.
Select the device, and click Properties.
6.
From the USB Device Properties window, you need the following
information:
•
VendorID
•
ProductID
•
Revision
7.
Create the following key in the registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Quest Software,
Inc.\Quest Software USB Virtual Hub\Excluded USB Devices
8.
Create a sub key with a unique name under the Excluded USB
Devices key. This key name can be any name.
9.
In the sub key, create a value "Hardwareld" of type REG_BINARY.
10. Enter the hardware id information into this key in binary format.
You have the option to be more or less specific about the devices you
want to autoexclude. Entering only the VendorID excludes all devices
with that VendorID, which may exclude more devices than you want
to exclude. Entering the VendorID, ProductID, and Revision
information from the USB device allows you to be very specific with
the excluded USB device.
569
The following table provides examples of a binary format:
USB DEVICE INFORMATION
BINARY FORMAT
VendorID:
0x04f2
f2 04
ProductID:
0x0112
12 01
Revision:
0x0103
03 01
For example, using the device information from the above table, the
registry entries might be:
VendorID:
f2 04
VendorID and
ProductID:
f2 04 12 01
VendorID, ProductID,
and Revision:
f2 04 12 01 03 01
11. After changing the registry key, unplug the device.
12. Select the Auto-share devices check box, so that devices are
autoshared.
13. Plug in the device.
The device should now be autoexcluded in the Quest vWorkspace Virtual USB
Hub Client window.
Smart Card USB Redirection
You can redirect smart cards from a virtual desktop or RD Session Host session
using USB Redirection. This feature allows you to use a Smart Card for
authentication inside a virtual desktop rather than using it to log on.
The .dll to use this feature will be packaged with PNTools in the
\Windows\System32 folder. In order to use this feature, you need to add to the
following registry value and a list of the executables that are to be redirected.
You may manually install this feature if desired.
570
The installation steps are as follows:
1.
Locate PNSCHOOK.DLL in the \windows\system32 directory.
2.
Add PNSCHOOK.DLL to the AppInit_DLLs key.
3.
Configure apps to hook in SCHookList registry value; that is, in the
pathname HKLM\Software\Provision Networks\Provision-IT locate a
REG_SZ value called SCHookList (which is a comma-delimited list of
EXEs to be hooked).
USB-IT
USB-IT enables Remote Desktop Session Host clients to seamlessly access their
USB-based handhelds over RDP connections. With USB-IT, the Blackberry
Desktop Manager, the Palm Desktop, and the ActiveSync software can be
installed and published on the server. Users can gain instant access to their
handhelds for the purpose of synchronizing e-mail, calendar, contacts, and other
personal information with back-end messaging and collaboration systems such
as Microsoft Exchange and Lotus Domino.
USB-IT supports some BlackBerry models; Palm and OEM handhelds running
Palm OS; and Windows CE-based Pocket PC devices. USB-IT requires a plug-in
on the client, which when installed, registers automatically with RDC (Remote
Desktop Connection) clients. Third-party WIN32 RDP clients capable of loading
a virtual channel driver also can use USB-IT.
In order to take advantage of USB-IT, the appropriate components must be
installed on the client devices and RD Session Host as follows:
•
RD Session Host — USB-IT is installed onto RD Session Host
automatically with the installation of the RD Session Host role.
•
vWorkspace Client (AppPortal and Web Access) — PDA
Redirection (USB-IT) is automatically installed when the
vWorkspace client software is installed.
571
How USB-IT Works
USB-IT features a virtual USB hub controller that provides true USB support for
three distinct handheld devices, BlackBerry, Palm, and Windows CE-based
Pocket PC.
How to ...
Configure USB-IT
572
1.
Start the USB-IT Control Panel applet (RD Session Host).
2.
Select the Devices tab.
3.
Select the class of handhelds.
4.
Click Add.
5.
Specify the maximum number of device instances that are to be
supported simultaneously on the server.
6.
Repeat the process for other handhelds, as appropriate.
7.
Repeat process on all Session Hosts as appropriate.
8.
Select USB Handhelds in the vWorkspace client, AppPortal using
the following path:
Manage Connections | Local Resources
Load Balancing
Load balancing can be enabled in a Quest vWorkspace infrastructure when
published applications are hosted across multiple RD Session Hosts or multiple
Hyper-V hypervisors. Load balancing rules are assigned SCVMM managed
computer groups, Hyper-V managed computer groups or RD Session Hosts.
Load Balancing Rules
Load balancing rules dictate how to calculate user session workloads between
session hosts, published applications, and SCVMM managed desktop groups.
Load balancing rules are comprised of counters and associated values that set
minimum and maximum parameters and well as assigned weight. To be
effective, rules should use as few counters as possible, and the counters selected
should be those that most closely reflect a server’s load. vWorkspace provides
two default load balancing rules and three custom load balancing rules. Both
Default and Custom rules can be duplicated, renamed, and used as a template
to create new custom rules.
The available load balancing rules are:
LOAD BALANCING RULE
DESCRIPTION
Default
Default RD Session Host
(read-only)
Load balances users over the available RD Session
Hosts based on the amount of users already
logged on. This default rule uses a maximum of
100 users per host (x86 users may need a lower
maximum).
Default VDI for SCVMM
(read-only)
Load balances users over the available Hyper-V
hosts based on the users already on the hosts.
This default rule uses a maximum of 75 users per
host.
573
LOAD BALANCING RULE
DESCRIPTION
Custom
Advanced RD Session Host
Load balances users over the available RD Session
Hosts based on a calculated average of: CPU Load,
Disk Queue Length and Memory Load. This custom
rule configures a maximum of 100 users per host.
Advanced VDI for SCVMM
hosts based on a calculated average of: CPU Load,
Disk Queue Length and Memory Load. This custom
rule configures a maximum of 75 users per host.
RFX for SCVMM
hosts based on an average GPU response time
from capture. The user will connect to a virtual
desktop that has the lowest GPU response time
from capture, resulting in the best RemoteFX user
experience.
How Load Balancing Works
Based on the load balance assigned, the server evaluates its current workload
and reports that value to the Connection Broker. Connection Brokers maintain a
memory table of the current workload index of each server on which load
balancing has been enabled.
When a Connection Broker receives a client request to connect to a published
application, it queries the list of servers on which the application is hosted and
determines which one currently has the lowest workload index value. The
address of the least busy server is then returned to the vWorkspace client. When
the vWorkspace client completes the connection to the least busy server, that
server’s load is changed. The new workload is then reevaluated and reported to
the Connection Broker.
It is important to note that load balancing applies only when a vWorkspace client
initiates a request for a new connection. If a vWorkspace client is already
connected to an RD Session Host and requests to start another application that
is available on that same server, the application is run through the existing
session and load balancing is not applied.
Multiple counters can be included in a load balance. Each counter within a load
balance has an upper and lower threshold setting that is used to determine when
the server is under maximum or minimum load based on that counter. Each
counter can also be assigned a weight which can be used to adjust the relative
importance of one counter over another.
574
The available counters are:
COUNTER NAME
DESCRIPTION
Context Switches Per Second
This counter measures the overall rate of switches
from one thread to another. Thread switches can
occur either inside a single process or across
processes.
A thread switch can be caused by one thread
asking another for information, or by a thread
being preempted by another higher priority
thread.
CPU Load
This counter measures the percentage of time
CPUs in the system are actively executing threads
belonging to processes.
This counter does not include the System Idle
Process.
CPU Queue Length
This counter measures the number of threads in
the processor queue. Unlike disk queue, processor
queue length shows ready threads, not threads
that are currently running.
There is a single queue for processor time, even
on systems with multiple processor cores and
sockets. Therefore, if the system has multiple
processors, you need to divide this value by the
number of processors servicing the workload.
A sustained processor queue of less than 10
threads per processor is usually acceptable.
Disk Load
This counter measures the percentage of time the
disks in the system are active.
Disk Queue Length
This counter measures the average number of
read and write requests that were queued for the
selected disk during the sampling interval.
GPU Response Time From
Capture
This counter measures the latency within
RemoteFX Capture (in microseconds) for GPU
operations to complete.
575
COUNTER NAME
DESCRIPTION
Interrupts Per Second
This counter measures the average number of
hardware interrupts that were received and
serviced by the processor each second.
Interrupts per second is an indirect indicator of the
activity of hardware devices in the system that
generate interrupt requests, such as the system
clock, disk drives, and network interface cards.
These devices generate interrupt requests when
they complete a task or need attention from the
processor. Each service interrupt request
consumes CPU time, so an excessive amount can
degrade system performance and can be an
indicator of a malfunctioning device.
Memory Load
This counter measures the percentage of memory
being used by the system.
Memory Pool Pages Bytes
This counter measures the size, in bytes, of the
paged pool.
The paged pool is an area of physical memory
used by the system for objects that can be written
to disk (paged) when they are not being actively
used.
Number of Powered-On
Virtual Machines
This counter measures the number of powered-on
virtual computers currently running on the host.
Number of Processes
This counter measures the total number of
process contexts currently running on the system.
Number of Users
This counter measures the total number of user
sessions for which the operating system is
currently storing computer state information.
Number of Virtual Machines
This counter measures the number of virtual
computers defined on the client.
Page Faults Per Second
This counter measures the overall rate at which
faulted pages are handled by the processor. This
counter includes both hard faults (where the
memory page has to be retrieved from disk) and
soft faults (where the data is stored elsewhere in
physical memory).
A page fault occurs when a process requires code
or data that is not in its space in physical memory.
Most processors can handle large numbers of soft
faults without consequence. However, hard faults
can cause significant performance delays.
576
COUNTER NAME
DESCRIPTION
Pages Per Second
This counter measures the number of pages
written to or read from disk to resolve hard page
faults.
Redirector Current
Commands
This counter measures the number of requests to
the redirector that are currently queued for
service.
If this counter is much larger than the number of
NICs installed on the system, then network
throughput is likely becoming a bottleneck.
TDRs in Server GPUs
This counter measures the Total number of times
that the TDR times out in the GPU on the server.
Load Balancing on Session Hosts
To enable load balancing of vWorkspace enabled Session Hosts, the following
conditions must be met:
•
The RD Session Host role must be installed on one or more Session
Hosts in the vWorkspace infrastructure.
•
The setting Accept “least busy” connection requests must be
enabled (it is by default) on each Session Host that participates in
load balancing. This setting is found on the General tab of the
Session Host properties under Roles.
•
The Session Host must host at least one of the configured managed
applications.
•
A load balance must be assigned to either the server or a managed
application hosted on the server.
Load Balancing Guidelines
Consider these guidelines when using load balancing:
•
Use as few counters as possible. Each counter used in a load balance
requires additional processing.
•
Use the counters that are most likely to reflect the critical resources
of the server. For example, a server with insufficient memory would
likely need a load balance that uses the Memory Load and Pages Per
Second counters.
577
•
Avoid using extreme limits for counters that use percentages for
minimum and maximum values.
•
Use a counter only if you understand its meaning and what values are
appropriate.
•
Group Session Hosts by their hardware configuration and applications
hosted on them. Load balances can be created and optimized for
specific hardware or application groups.
How to ...
•
Creating a Load Balancer
•
Assign Load Balancing to Session Hosts
•
Assign Load Balancing to SCVMM Computer Groups
•
Assign Load Balancing to Managed Applications
Creating a Load Balancer
The Number of Users counter is the default load balance assigned by the
system, and its values cannot be modified.
1.
Open the vWorkspace Management Console, highlight the Load
Balancing node, and do one of the following:
a) Select Actions | New Load Balancing Rule, or
b) Right-click on the Load Balancing node, and then select New
Load Balancing Rule, or
c) Select the green plus sign icon from the information pane, or
d) Select the green plus sign icon from the toolbar.
2.
Click Next on the welcome window of the Load Balancing Rule
Wizard.
3.
Enter a name for the New Load Balancing Rule in the Name box, on
the Name & Description window.
4.
Enter a description for the New Load Balancing Rule in the
Description box on the Name & Description window. This is
optional.
5.
Click Next on the Name & Description window.
6.
Do the following on the Counters window:
a) Select the counter to be used by clicking in the Assigned column.
b) Set the minimum value for each counter selected by clicking on its
current value in the Min Value column, and then type a new value
in the input box.
578
c) Set the maximum value for each counter selected by clicking on
its current value in the Max Value column, and then type a new
value in the input box.
d) Set the weight value for each counter selected by clicking on its
current value in the Weight column, and then select a new value
from the list.
e) Select Report full load when at least one counter has
reached its maximum value, if appropriate.
f) Click Next.
7.
Set permissions, as appropriate, and then click Finish to complete
the task of creating a new load balancing rule.
Assign Load Balancing to Session Hosts
1.
2.
Expand the Locations node, and then expand the location in which
the RD Session Host is located.
3.
Expand the Session Hosts node, and then highlight the RD Session
Host.
4.
Activate the context menu for the server object to which the load
balancing rule is to be assigned, (highlight the server and right-click)
and select Properties.
579
5.
Highlight the Load Balancing item from the Server Properties
window.
6.
Click the Specify a custom load balancing rule: action button to
enable the custom rules. Select the desired custom Load Balancing
Rule from the custom load balancing rule list. Otherwise, the default
load balancing rule will apply.
7.
Click OK to complete the task.
Assign Load Balancing to SCVMM Computer Groups
1.
2.
Expand the Locations node, highlight the Desktops node, and
right-click.
3.
Select New Computer Group.
4.
On the New Computer Group Wizard System Type window, select the
Microsoft SCVMM box. This disables Load Balancing for all other
system types.
5.
On the New Computer Group Wizard Load Balancing window, do one
of the following:
•
•
•
•
Click the Do not specify a load balancing rule action button to
disable load balancing rules.
Click the Use the default load balancing rule action button to use
the default SCVMM rule.
Rule from the Load Balancing Rule list.
Click the View button on any action button selection to view the rule
properties.
6.
Proceed through the windows to configure the New Computer Group.
7.
Click Finish to complete the task.
For more detail on adding new SCVMM computer groups, see the Microsoft
SCVMM Integration section.
Assign Load Balancing to Managed Applications
You may need to assign load balancing to specific published applications if the
number of instances of the application must be restricted due to licensing
constraints or the application consumes a lot of system resources.
580
1.
2.
Expand the Resources node, highlight the Managed Applications
node, and right-click.
3.
Open the Properties for the desired published application.
4.
Click on Load Balancing on the Managed Applications Properties
window.
5.
Rule from the Load Balancing Rule list.
6.
Click OK to complete the task.
CPU and Memory Optimization (Max-IT) is a Power Tool for Session Hosts
used to improve application response time and increase overall server capacity
by streamlining and optimizing the use of virtual memory and CPU resources in
a multi-user environment.
Max-IT should not be installed on the same computer as the Connection Broker.
CPU Utilization Management improves application response times by ensuring
that users and programs receive CPU resources.
The following is a list of issues pertaining to CPU scheduling in a multi-user
environment:
•
Due to design limitations and programming techniques, many
applications monopolize the server’s processors. Such applications
are often referred to as rogue or runaway applications.
A rogue or runaway application is one whose threads use up excessive
amounts of CPU resources. In other words, they consistently remain
in the running state for the entire lifetime of their allotted time slice.
A time slice is often referred as quantum, and its value is typically 10
to 15 milliseconds (hardware-dependent).
•
Windows scheduler does not include a fair sharing mechanism. It does
not prevent rogue applications from consuming all of the CPU time.
•
Priority boosting performed by Windows balance set manager does
not effectively address the CPU issues caused by runaway
applications, especially in Session Host environments.
581
•
From a CPU management perspective, the thread priorities of interest
are Waiting, Ready, and Running. In the case of a word processor,
the latter could be waiting for user input. As soon as it receives input,
it is ready to run, and as soon as the processor becomes free, it runs.
•
Given two threads in the Ready state, the scheduler always favors
the process with the higher priority level over the other.
CPU Utilization Management ensures that each running process receives CPU
resources to enable it to run smoothly and coexist alongside CPU hungry and
rogue applications by implementing the following:
•
A fixed share of CPU resources is reserved to NT Authority. By default,
this share is 20 percent.
•
The target percent CPU time is then computed as follows, where
Reserved is the percent CPU share reserved for NT Authority:
(100 - Reserved) / (number of active processes)
•
The average percent CPU time is calculated for each active process.
•
Those processes whose average percent CPU time has fallen below
the target percent CPU time have their priority levels set to Normal.
•
Those processes whose average percent CPU time has risen above the
target percent CPU time have their priority levels set to Below
Normal.
•
Those processes whose average percent CPU time has fallen to zero
have their priority levels set to Above Normal.
•
The above process is then repeated every several hundred
milliseconds. The default setting is 100 milliseconds.
Virtual Memory Optimization
Below is a list of background items to consider for memory management in a
multi-user environment:
582
•
Every executable and DLL module has a preferred base address which
represents the ideal location where the module should get mapped
inside the process’s address space.
•
When a software developer builds a DLL module, the linker sets the
preferred base address at 0x10000000.
•
When two or more modules are loaded, each having the same
preferred base address, a memory space conflict occurs. The
operating systems memory manager has to resolve this conflict by
relocating one of the conflicting modules into another base address.
It then has to recalculate all the offset addresses defined within the
module relative to this new base address.
•
Relocating DLLs and performing the necessary fix-up operations is
taxing on system resources. The loader has to relocate hundreds of
DLLs and modify a significant portion each code. This leads to more
memory consumption, excessive copy on write operations, and
additional CPU cycles.
This runtime overhead can be very damaging to the performance of a
system and should be avoided. When multiplied by the number of
users on a Session Host, this overhead can have implications on
performance and application response times.
vWorkspace Virtual Memory Optimization significantly increases the
performance and capacity of a Session Host by performing two optimization
techniques: module rebasing and module rebinding.
•
Module Rebasing — A process by which colliding DLLs are identified
and relocated to unique base addresses within the virtual memory
spaces of their respective programs. This technique drastically
reduces virtual memory requirements, page file usage, and I/O
operations.
•
Module Binding — Fine-tunes the import section of a given module
according to the new base addresses of the rebased DLLs. This
technique accelerates application load times and yields further
reductions in virtual memory requirements and page file usage.
The Virtual Memory Optimization system continuously monitors which DLLs
are being loaded by applications and identifies the DLLs that cause collisions.
When a future request is made to load the module, it automatically loads in a
new base address to avoid conflict. After collecting sufficient data, Virtual
Memory Optimization can then further enhance performance by permanently
rebasing the colliding DLLs and perform the necessary code fix-up operations.
Some of the benefits include:
•
DLLs that have been optimized by Virtual Memory Optimization no
longer require relocations or fixes by the loader.
•
Less physical memory is consumed.
•
Working set trimming no longer requires that working sets be
swapped out to the paging file (copy on write) before the trimming
can occur.
583
•
Significant reductions in the overhead associated with relocation and
fix-up operations. When multiplied by the number of users on a
Session Host, the results can be an overall capacity increase of 25 to
30 percent.
Enable CPU and Memory Optimization
Virtual Memory Optimization and CPU Utilization Management are
disabled by default even after being installed. To enable them, use the following
steps:
1.
2.
Expand the Locations node, and then expand the location in which
the RD Session Host is located.
3.
Expand the Session Hosts node, and then highlight the RD Session
Host.
4.
Open the Properties for the Session Host object that is to be
enabled.
5.
Select the Performance Optimization tab of the Server Properties
window.
6.
Select the option that is to be installed.
7.
Max-IT Master Policy Settings
Max-IT Master Policy is used to set the default CPU Utilization and Virtual
Memory Optimization settings used by all Session Hosts in the vWorkspace
infrastructure. Max-IT Server Policy can then be configured to override master
policy settings on a per server basis as needed.
Max-IT Master Policy is accessed from the vWorkspace Management Console
by expanding Performance Optimization in the navigation pane, and then
selecting the Servers node. Max-IT Master Policy command is available from
either the toolbar or the Servers node context menu.
The Max-IT Master Policy window tabs are described as follows:
584
•
General
•
VM Default Optimization
•
VM Exception Files
•
CPU Policy
•
Advanced
General
GENERAL TAB
VIRTUAL MEMORY OPTIMIZATIONS
Analysis Interval
Specifies the sampling interval for detecting memory load address collisions. At the specified interval, Max-IT VM Optimization takes a snapshot
of what applications are loaded into memory and
detects any load address collisions.
Applications that are started and then closed
within the sampling interval are not included in
the analysis.
Optimization Time
Specifies what time of day virtual memory optimizations are applied. The optimizations applied are
based on the settings found on the VM Default
Optimizations and VM Exception Files tabs.
Applying virtual memory optimizations has the
potential for consuming large amounts of system
resources and should be performed at a time
when user activity will be low.
Sampling Interval (Milliseconds)
Determines how often process average calculations are performed and priority adjustments are
made. Shorter intervals result in a more even distribution of processor time, but at the expense of
higher system overhead.
Sampling History Depth
Determines the number of sampling points used
when calculating average percent CPU time of processes.
585
VM Default Optimization
VM DEFAULT OPTIMIZATION TAB
Applications (EXE, etc.)
The two optimization options available for applications are:
• Allow applications to load rebased modules
(rebasing).
• Allow applications to be bound and to load
bound modules (binding).
Modules (DLL,OCX, etc.)
The two optimization options available for modules
are:
• Allow modules to be rebased (rebasing).
• Allow modules to be bound (binding).
VM Exception Files
Some applications and modules do not work properly when rebased or bound,
such as any executable or module file that has been digitally signed. This is
because the rebasing and binding information is written to the alternate data
stream of the file.
Because of this file modification, the binary hash the digital certificate was based
on is no longer valid and the file is rendered unusable. These files must be
excluded from rebasing and binding.
The Applications and Modules tabs include a list of preconfigured executable
and module files that are known to have problems with rebasing and binding.
Use the Add, Remove, or Browse buttons to modify the list.
After adding a file, select it from the list and use the buttons to the right to
control the level of optimization to apply. The optimization option buttons are:
586
•
Rebasing Only
•
Binding Only
•
Rebasing and Binding
•
No Optimizations
CPU Policy
The CPU Policy tab is used to control how CPU Utilization adjustments are
applied.
CPU POLICY TAB
Policy Type
Policy type is used to control how CPU allocation rules are
applied. The three policy types are:
• User/Group — CPU rules can be assigned based on
any combination of user accounts, group accounts, or
Active Directory Organizational Units.
• OS CPU Allocation — OS CPU Allocation is used to
guarantee the operating system will have a minimum
percentage of the systems total CPU time. The default
value is 20%.
• Application — CPU utilization rules can be assigned to
specific applications.
User/Group Rules
This tab is used to view or modify CPU Allocation when Policy Type is set to User/Group.
The Add and Remove buttons are used for users, groups,
and organizational units.
The Up and Down arrow buttons are used to adjust priority
for user entries who are also members of a listed group or
OU. Entries higher in the list take precedence over lower
ones.
For each entry, use the CPU Allocation column to set the
minimum guaranteed CPU time allotment. There are three
ways CPU Allocation can be modified:
1. Double-click on the CPU Allocation column and select
a value from the context menu.
2. Click on the ellipsis to the right of the CPU Allocation
column and select a value from the context menu
3. Click on the existing value in the CPU Allocation column, and hold down the left mouse button, to drag and
adjust the value.
587
CPU POLICY TAB
Application Rules
This tab is used to view or modify CPU Allocation when Policy Type is set to Application.
Use the Add or Remove buttons to add or remove an
application entry name.
Use the CPU Allocation column to set minimum guaranteed CPU time allotment for the selected application. There
are three ways CPU Allocation can be modified:
1. Double-click on the CPU Allocation column and select
a value from the context menu.
2. Click on the ellipsis to the right of the CPU Allocation
column and select a value from the context menu
3. Click on the existing value in the CPU Allocation column, and hold down the left mouse button, to drag and
adjust the value.
Application Executables
This tab is used to build a list of executable program files
and associate them with the appropriate application entries
defined on the Application Rules tab when Policy Type is
set to Application.
Use the Add button to add an executable, identify its parent process (if any), and associate it with an application
rule. Files may be entered individually or you can choose to
select all the files contained in a specified folder.
Use the Remove button to remove an application executable entry.
Use the Up and Down arrow buttons to adjust priority for
application executables that are included in multiple rules.
Entries higher on the list take precedence over lower ones.
Allocation Type
This tab controls whether CPU allocation rules are based on
percentages or shares.
• Percentage — CPU allocation by percentage guarantees the user, group, or application a minimum percentage of the available CPU time. Available CPU time
is 100% - OS CPU Allocation.
• Shares — Each entry is given a percentage of CPU
time based on the number of shares assigned to the
entry divided by the total number of assigned shares.
For example, if user A is assigned 25 shares and user B
is assigned 50 shares, then user A is allocated 33.3%
of the available CPU time and user B is allocated
66.7%.
588
Advanced
This tab is used to reset the exception lists to the default values.
Max-IT Server Policy
By default, all Session Hosts in the vWorkspace infrastructure on which
performance optimization has been enabled use the Max-IT Master Policy.
However, it might be necessary to set the Max-IT policy on a per server basis.
An example of this would be when the VM Exception Files list must be modified
because a different set of applications are installed on one or more of the Session
Hosts.
How to ...
Set the Max-IT Policy for Specific Servers
1.
2.
Expand the Performance Optimization, and the Servers node.
3.
Right-click on the server object, and select Max-IT Server Policy
from the context menu.
4.
Click on the tab associated with the portion of the policy that needs
to be different from the Master Policy, and click Use these settings
for server [server_name].
5.
Enter the changes as appropriate, and then click Apply for each tab
that is changed.
6.
Click OK to save the changes.
View VM Optimization Results
The results of virtual memory optimization can be viewed in various forms within
the vWorkspace Management Console. Viewing these results can help the
vWorkspace administrator fine-tune the virtual memory optimizations.
Results can be viewed by session summary, for a specific session, or by
application.
How to ...
•
View Session Summary Information
•
View Results for a Specific Session
•
View Results per Application
589
View Session Summary Information
1.
2.
Expand the Performance Optimization and Servers nodes.
3.
Expand the desired server object.
4.
Click on the Optimization Sessions container object.
The Optimization Summary by Session graph is displayed in the
information pane on the right.
The vertical axis displays the cumulative amount (in megabytes) of
memory savings. The horizontal axis displays the date and time of
each optimization event.
To avoid unnecessary recalculations by Max-IT, binding should be delayed
until the graph is flat.
View Results for a Specific Session
1.
2.
3.
4.
Expand the Optimization Sessions container object.
5.
Click on the appropriate date and time to display a graph showing
the current (blue) and possible (green) virtual memory savings.
Under the Optimization Sessions container object each optimization
event is listed in chronological order by the date and time of its
occurrence.
View Results per Application
1.
2.
3.
4.
Click on the Optimized Applications container object.
The Per-Application Virtual Memory Usage and Savings graph is
displayed in the right panel.
590
Vertical Axis
Displays memory in kilobytes.
Horizontal Axis
Displays the name of the executables.
Red bar
Shows the amount of virtual
memory used by the executable
before rebasing.
Yellow bar
Shows the amount of virtual
memory used by the executable
after rebasing.
Blue bar
Represents the current memory
savings as a result of optimization.
Green bar
Represents the possible memory
savings as a result of optimization.
Ideally, the blue and green bars for all executables should be equal. At this
point it is safe to implement binding as long as no changes are made to the
applications installed on the servers.
Manually Apply Optimizations
Virtual memory optimizations are automatically applied based on the
Optimization Time setting of the Max-IT Masters Policy and Max-IT Server
Policy. However, optimizations can also be applied manually by selecting
Optimize Now.
The Optimize Now icon is available from the toolbar of the information pane
when a server object, or any object under the server object, is selected in the
navigation pane under the Performance Optimization | Servers container.
The context menu for the Optimization Sessions and Optimized Applications
containers, and all objects under these containers, include the option Run
Max-IT Optimizations, which can also be used to manually apply optimizations.
Application Compatibility
Enhancements
Many applications store user specific data and configuration settings in
systemwide locations, such as the HKey_Local_Machine (HKLM) or common files
and folders. In multi-user environments such as Session Host, the storage of
information can lead to such issues as data corruption, access conflicts, and the
inability to customize application settings by user.
591
Application Compatibility Enhancements is a registry and file system
redirection engine designed to eliminate these issues in Session Hosts
environment. Application Compatibility Enhancements intercept an application’s
request for common subkeys and files by creating private instances of these in
the user’s registry hive (HKCU) or home directory. All application requests to
these common subkeys or files are redirected to the user’s private instances.
The vWorkspace administrator uses the vWorkspace Management Console to
create redirection rules. The types of rules include:
•
Registry
•
File
•
Folder
How Application Compatibility Enhancements Work
Application Compatibility Enhancements (Redirect-IT) operates in the
background using an Application Compatibility Enhancements (ACE) engine.
Application Compatibility Enhancements perform the following corrective steps:
1.
Intercepts registry and file operations targeting the common data,
such as HKLM subkeys and common files and folders specified in the
redirection rules.
2.
Copies the common data from their original locations to the user
private locations, such as HKCU or the home folder as specified in the
redirection rules. This step is only performed if user private instances
of the common data does not already exist.
3.
Performs the registry and file operations on the user private
instances of the data.
Application Compatibility Enhancements (Redirect-IT) can only be
installed on Microsoft Windows servers with Session Hosts installed in
Application Server mode.
Create Redirection Rules
How to ...
592
•
Create a Registry Redirection Rule
•
Create a File Redirection Rule
•
Create a Folder Redirection Rule
•
View a Redirection Rule
•
Edit a Redirection Rule
Create a Registry Redirection Rule
1.
Start the vWorkspace Management Console.
It is recommended that you open the vWorkspace Management
Console from the Session Host where the application is installed, so
that file is available.
2.
Right-click File & Registry Redirection from the navigation pane,
and select New Redirection Rule.
– OR –
Select File & Registry Redirection from the navigation pane, and
click the green + on the toolbar in the right pane.
3.
Enter a new name for the rule in the Rule Name field on the General
window.
4.
Select the Redirection Type Registry on the New Redirection Role
window.
5.
Type a new category or select an existing category from the list in
the Category box on the General window, and then click Next.
593
6.
Complete the following information on the Values window for the
redirection rule, and then click Next.
a) Type a path and file name of the executable, or click the ellipsis to
browse to the executable in the Program field.
b) Type the location of the registry key location that is to be
redirected, or click the ellipsis to browse to the location in the
Original Registry Key field.
c) Type the new path and file name, or click the ellipsis to browse to
the location where the key should be redirected in the New
Registry Key field.
7.
then click Finish.
Create a File Redirection Rule
1.
2.
– OR –
3.
On the General window, specify the following settings for the
a) Enter a new name for the rule in the Rule Name field.
b) Select the Redirection Type, File.
c) Type a new category, or select an existing category from the list
in the Category field.
4.
On the Values window, complete the following values for the
b) Type the path and file name of the existing location of the file, or
click the ellipsis to browse to the file in the Original File field.
594
c) Type the path and file name, or click the ellipsis to browse to the
location where the file is to be redirected in the New File field.
d) Select Copy original file(s) to new folder if it doesn’t already
exist, if appropriate.
5.
then click Finish.
Create a Folder Redirection Rule
1.
2.
– OR –
595
3.
On the General window, specify the following settings for the
a) Enter a new name for the rule in the Rule Name field.
b) Select the Redirection Type, Folder.
c) Type a new category, or select an existing category from the list
in the Category field.
4.
On the Values window, complete the following values for the
b) Type the path and file name of the existing location of the file, or
click the ellipsis to browse to the file in the Original Folder field.
c) Type the path and file name, or click the ellipsis to browse to the
location where the file is to be redirected in the New Folder field.
d) Select Copy original file(s) to new folder if it doesn’t already
exist, if appropriate.
5.
then click Finish.
View a Redirection Rule
1.
2.
Select File & Registry Redirection from the navigation pane.
3.
View the details on the information pane.
Edit a Redirection Rule
1.
2.
Select File & Registry Redirection from the navigation pane.
3.
On the information pane, right-click on the Redirection rule that is to
be changed, and then select Properties.
Edit the redirection rule as appropriate.
596
Virtual IP
Virtual IP enables each user instance of a legacy application to be bound to a
distinct IP address. This allows many legacy applications to run concurrently and
reliably on RD Session Hosts. The following features are supported by Virtual
IP:
•
Virtual IP — Assigns a unique IP address to each instance of a
configured application running on RD Session Hosts.
•
Client IP — Uses the client device IP address as a unique identifier
for each instance of a configured application running on RD Session
Hosts.
•
Virtual Loopback — Assigns a unique loopback address to each
instance of a configured application running on RD Session Hosts.
•
Logging — Enables logging of Virtual IP activity on a RD Session
Hosts.
Virtual IP Configuration
How to ...
•
Enable Virtual IP on a RD Session Host
•
Configure Virtual IP Address Ranges
•
Configure Applications
Enable Virtual IP on a RD Session Host
You can enable Virtual IP on RD Session Hosts by doing one of the following
procedures, either using Terminal Server Properties or Virtual IP Server
Configuration.
1.
2.
Expand Locations, and then expand the location where the RD
Session Host is located.
3.
Expand Session Hosts and right-click on the selected Session Host,
and then select Properties.
4.
Select the Virtual IP tab on the Server Properties window.
5.
Select the Virtual IP features to be enabled, and then click OK.
6.
Repeat the above steps for each Session Host.
597
Enable Virtual IP through Virtual IP Server Configuration
1.
2.
Expand Virtual IP, and then click Server Configuration.
3.
Click Show only Virtual IP Enabled Servers or Show All Servers
on the information pane.
Your selection controls which servers appear in the server list.
4.
Select the Virtual IP features to be enabled (check the box in the
Virtual IP column), by server, and then click Update Virtual IP
Servers.
Configure Virtual IP Address Ranges
Each RD Session Host must be configured with an appropriate range of IP
addresses. Follow these guidelines when configuring Virtual IP address ranges:
•
Virtual IP address ranges must be compatible with the IP subnet to
which the Session Host is attached.
•
Do not include IP addresses that are already statically assigned to
other computers on the network.
•
Do not include IP addresses that are part of existing DHCP server
scopes.
•
Do include enough IP addresses in the range to account for the
maximum number of concurrent instances expected for a configured
application.
To add a Master Range, do the following:
598
1.
2.
Expand the Virtual IP node, and click Address Range.
3.
Click Add on the information pane. The Virtual IP Address Ranges
window opens.
4.
Enter the appropriate values for Starting Address, Ending
Address, and Subnet Mask.
5.
Click OK.
To add a Server to a Master Range, do the following:
1.
2.
3.
On the information pane, click on the ellipsis at the end of the
Master IP Range or right-click on it and select Add Server(s) to
Master Range from the context menu.
599
4.
In the list of servers presented in the window, select the boxes
associated with the servers to be added to the master range and
click OK.
5.
Enter the number of addresses to allocate to each selected server
and click OK.
To modify Address Range Allocations, do the following:
1.
2.
3.
On the information pane, right-click the Session Host that is to be
modified, and then select the appropriate option.
The options include:
•
Remover Server — Removes the server from the Master IP range.
•
Allocation for Server — Defines the number of IP addresses to
allocate to the server.
•
Set Allocations for All Servers in Master Range to — Defines the
number of IP addresses to allocate to each server in the master
range.
•
Equally Allocate Addresses to All Servers in Master Range — Sets
the number of IP addresses to allocate to each server in the
master range to the maximum of one.
•
Manually Edit Ranges — Opens the Edit IP Address window to edit
address ranges for each server manually.
Configure Applications
600
1.
2.
Expand the Virtual IP node, and then select Application
Configuration.
3.
Click Show All Applications on the information pane.
4.
Select Virtual IP, Client IP, or Virtual Loopback for each
application, as appropriate.
5.
Click Update Virtual IP Servers.
Additional Components
The vWorkspace Additional Components features consist of the following:
•
•
RDP Gateway (Proxy-IT)
vWorkspace Password Reset Service
The Quest vWorkspace Password Reset Service facilitates SSL-protected
password reset requests from clients, to allow them to reset their Active
Directory Credentials via the Web Access Portal or the AppPortal Connector. This
service requires an SSL Certificate and listens on port 443 (by default).
The vWorkspace Password Reset Service can be installed on any Windows
computer, physical or virtual, that is joined to a domain trusted by the domain
containing the accounts of the users connecting in to the vWorkspace
infrastructure.
The vWorkspace Password Reset Service should never be installed on a
computer that is in the DMZ network.
601
How to ...
•
Configure the vWorkspace Password Reset Service
•
Configure vWorkspace Password Management in AppPortal
•
Configure vWorkspace Password Management in Web Access
Configure the vWorkspace Password Reset Service
Use the following steps to configure the vWorkspace Password Reset Service.
1.
Use the following path to open the Quest Password Manager Control
Panel applet.
Start | Control Panel | Quest Password Manager
602
2.
On the General tab, enter the TCP Port.
3.
Click the Lock icon by Certificate Name.
4.
Select the certificate on the Select Certificate window, and then click
OK.
5.
If you want to use logging, select the Logging tab and then Enable
trace logging to the specified file.
6.
Enter the path and file name for the log file, or use the folder button
to browse to it.
7.
Click OK on the Quest Management Properties window.
Configure vWorkspace Password Management in AppPortal
1.
Open the AppPortal client.
2.
Use the following path to open the Farm Connections window.
Actions | Manage Connections
3.
If you are configuring Password Management on an existing farm, do
the following:
a) Select Modify existing farm on the Select Farm window, and
then select the farm that is to be edited from the list.
b) Select Password Management from the left pane, and complete
the information as appropriate.
c) Click OK.
4.
If you are configuring Password Management on a new farm, do the
following:
a) Select Create new farm on the Select Farm window.
b) Complete the information on the Farm Connections windows as
appropriate.
603
Configure vWorkspace Password Management in Web Access
This option can only be configured as a global setting.
1.
Select Password Management under the Authentication options on
the Web Access Management Console.
2.
Enter a Domain using the NetBIOS name of the Password
Management server.
3.
Enter the Server (FQDN).
The host name, NetBIOS name, or IP address can be used in this field.
4.
Enter a Port number, and then click Add.
The usual number to use is 443.
5.
Repeat the above steps to add multiple Password Management
servers.
6.
Click Save Changes.
Proxy-IT
Proxy-IT is designed to deliver more connectivity options for accessing Microsoft
Windows Session Hosts from legacy, non-Win32, open source, or third-party
RDP devices. Multiple Proxy-IT servers can be clustered using Microsoft Network
Load Balancing (NLB) or another third-party load balancing switch.
Proxy-IT listens for client requests on a configured TCP port, which is port 3389
by default.
It is recommended that the current version of Proxy-IT be used with
Microsoft Session Directory to enable users to reconnect to their
disconnected sessions.
How to ...
Configure Proxy-IT
1.
604
Open the Quest Proxy-IT applet from the Control Panel.
2.
Complete the information on the Quest Proxy-IT Properties window
as appropriate, and then click Apply.
Accept connections on this
TCP port
Enter the TCP port.
Inactivity timeout (minutes)
Enter a number of minutes.
The default is 3389.
A value of 0 indicates that
connections never time out.
Connection Broker Settings
Use Add Server to add the IP
addresses or host names.
Connect to broker on this
TCP port
Enter the TCP port associated
with the Connection Broker
settings.
Connect to broker using SSL
Select if connecting using SSL.
Enable NAT support for
firewall traversal
Select if network address
translation is being used.
Server Logging
Select to enable trace logging,
and then enter the file name or
use the folder button to browse
to the file.
605
Proxy-IT with Session Directory Services
Proxy-IT can be used in conjunction with Session Directory Services. By using
Proxy-IT and Session Directory Services, users can be reconnected to their
disconnected session, should the session be dropped.
Proxy-IT Prerequisites
The following items are required:
•
All Proxy-IT servers cannot be configured for the multi-users
application mode.
•
Proxy-IT uses RDP port 3389 for its service, making it impossible to
administer the server remotely. However, you can remap the local
RDP listener to alternative port, such as 3390 or 2290 to allow for
remote administration.
•
Administrators can connect to this server using mstsc.exe by adding
the alternative port.
•
The RDP port needs to be remapped in the following registry location:
HKLM\SYSTEM\CurrentControlSet\Control\TerminalServer\
WinStation \RDP-TCP
1.
Value: PortNumber
2.
Type: REG_DWORD
3.
Data: 0x000003d3 (3389) — Change this value to something else,
such as 3390 or 2290.
4.
Reboot the server.
Use the following steps to use Proxy-IT with Session Directory Service.
Enable Session Directory Service
To enable Session Directory Services, you must enable the service on all of your
Proxy-IT servers. Use the following steps to complete this task:
1.
Open up the Services tool by selecting Start | Run, and then type
Services.msc
2.
Scroll to the Remote Desktop Services Session Directory and set it to
automatic.
3.
Start the service.
These steps need to be completed on all of your Proxy-IT servers.
606
Enable Session Directory on Remote Desktop Services
Use the following steps to enable Session Directory Services on all of your RD
Session Hosts:
1.
Open the Terminal Services Configuration tool, and go to the Server
Settings Node.
2.
On the details pane, right-click on the Session Directory and select
Enable.
These steps need to be completed on all of your RD Session Hosts.
Setup Group Policies
There are two ways to setup Group Policies, using Group Policies or using the
Terminal Services Configuration. It is recommended that you use the Group
Policies method.
Using Group Policies Editor
1.
Open the Group Policy Editor. To do this, select Start | Run and then
type gpedit.msc.
2.
Enable Join Session Directory in the following:
Computer Configuration/Administration Templates/Windows
Components/Terminal Services/Session Directory
3.
Click Session Directory Server. In the Session Directory Server
Properties window, select the Enabled option, and then in the
Session Directory Server field, type the name of the server where
the Terminal Server Session Directory service is running. Click OK.
4.
Click Session Directory Cluster Name. In the Session Directory
cluster Name Properties window, select the Enabled option, and then
in the Session Directory Cluster Name field, type the name of the
cluster to which the RD Session Host belongs. Click OK.
5.
Optionally, enable the Terminal Server IP Address Redirection
setting.
This policy should only be applied to the RD Session Host, so you may
need to create a separate Organizational Units (OU) for them to
reside.
Using Terminal Services
1.
Open Terminal Services Configuration by using the following path:
Start | Control Panel | Administrative Tools | Terminal
Services Configuration
2.
Click Server Settings in the console tree.
607
3.
Right-click Session Directory in the details pane, and then click
Properties.
4.
Select the Join session directory option in the Session Directory
Settings window.
5.
In Cluster name, type the name of the RD Session Host cluster.
6.
In Session directory server name, type the DNS name or IP
address of the domain server where the Terminal Services Session
Directory service is running.
The server name must be a valid server name, and cannot be left
blank.
7.
Select an IP address and network adapter form the Network
adapter and IP address session directory should redirect
users to list.
8.
Optionally, unselect the IP address redirection (uncheck for
routing token redirection) to have client devices reconnect to
disconnected sessions by using the virtual IP address of the RD
Session Host cluster.
This option is selected by default, which enables clients to reconnect
by using the individual IP addresses for the RD Session Host in the
Session Directory.
You should unselect this option if clients have visibility only to the virtual IP
address of the cluster and cannot connect to the IP address of an individual RD
Session Host.
608
Appendices
•
Configurable Registry Settings
•
Sentillion Integration
Appendix A
Configurable Registry Settings
Active Setup
This setting controls whether Active Setup is run on Windows 7 desktops during
first time logins. PNShell on VDI will run Active Setup by default during a
first-time login. If an administrator wishes to disable ActiveSetup on Windows 7
the following registry value should be created:
HKLM\Software\Provision Networks\Provision-IT
DisableActiveSetupOnWin7 REG_DWORD 0=run active setup(default) 1=don't
run active setup
PNTSC
This setting controls whether a message box is displayed when PNTSC
disconnects. By default PNTSC will display a message box on disconnect. To
disable the message box on disconnect create the following registry value:
HKLM\SOFTWARE\Provision Networks\Provision-IT
TSClientShowMsgBoxOnDisconnect
1=show msgbox (default)
REG_DWORD
0=don't show msgbox
609
InitialAppWaitTime
This setting controls the default initial application wait time. The default wait
time value is set to 10 seconds. To change the default wait time value to some
other value create the following registry value. In the example below the initial
wait time value is set to 15 seconds.
HKLM\SOFTWARE\Provision Networks\Provision-IT
"InitialAppWaitTime" (REG_SZ) = "15"
This registry value needs to be placed in the SysWOW64 directory and
Wow6432Node on a 64-bit platform.
610
Appendix B
Sentillion markets numerous health care integration products that unify single
sign-on (SSO), context management and strong authentication, into a fully
integrated managed clinical workstation enabling caregivers to quickly access
their applications and the associated patient data. Sentillion components install
a custom Sentillion GINA that integrates with the clinical desktop to provide SSO
services and chains to subsequent GINAs. Thus, the Sentillion components
should be installed after Virtual Desktop Extensions (PNTools) to ensure proper
GINA chaining with vWorkspace.
This section describes the registry entry necessary for the integration of
vWorkspace and Sentillion. Because of the Sentillion GINA, vWorkspace must
properly initialize Windows Explorer and bypass the normal PNStart execution.
With the following integration, you are able to complete a single sign-on to a
virtual computer using the Sentillion solution.
The following registry entry needs to be added to the client endpoint running
AppPortal or PNTSC that is connecting to the Sentillion desktop. By setting this
registry entry, pnstart.exe is bypassed, launching Explorer directly, allowing
Sentillion to obtain credentials for further application logon pass thru.
HKLM\Software\Provision Networks\Provision-IT
"TSClientUsePNStart" (REG_DWORD) = "0"
This setting is only effective for TS. PNStart is executed on VDI VMs using the
registry value:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon Shell REG_SZ
PNTools setup will set this value to ’PNSTART.EXE’. To disable PNSTART.EXE
from running on VDI machines, change this value to ’EXPLORER.EXE’.
611
612
INDEX
A
access control list
scheduling access hours for
users 369
action views definitions
vWorkspace Reporting 453
Active Directory credentials
setting in locations 132
add computers tool
about 153
Microsoft SCVMM 236
Parallels Virtuozzo 272
VMware 260
adding new locations 120
additional components
about 601
additional customizations
Resources node 358
administration
about 82
adding a new administrator 86
editing settings 86
removing an administrator 87
setting permissions 87
Advanced installation
about 21
installing 25
Application Compatibility
Enhancements (Redirect-IT)
about 591
creating a file redirection rule 594
creating a folder redirection
rule 595
creating a registry redirection
rule 593
how it works 592
installing 592
application restrictions (Block-IT)
about 11
application restrictions server
groups 365
assigning clients to the client
list 369
hash checking 361
how application restrictions
work 361
path checking 362
properties 363
Resources node 361
scheduling access hours for
users 369
termination of applications 362
unassigning clients to the access
control list 369
application restrictions list
properties 366
application restrictions server
groups 365
AppPortal
about 315
about desktop-integrated
mode 315
actions menu 340
configuring new connection 321
configuring new RD Connection
Broker connection 53
connectivity tab 326
credentials tab 330
desktop integration mode
options 343
desktop integration tab 338
display tab 331
experience tab 335
farm type tab 325
local resources tab 333
managing connection
properties 324
password management tab 337
PNTray 342
settings menu 342
App-V import wizard 111
App-V node
about 108
editing imported application
properties 113
editing properties 110
establishing server
connections 109
importing applications 111
Assign Load Balancing to Managed
Applications 580
613
C
certificate
Secure Gateway 390
clone types Microsoft SCVMM 235
clone types VMware 260
color schemes 375
computer group wizard 138
computer groups
add computers tool 153
adding a group 145
adding published applications 309
modifying properties 149
ordering columns 150
properties 140
resizing columns 150
selecting columns 150
session protocol RGS option 144
task automation 151
viewing logs 148
viewing tasks 148
config.xml
about 346
location section 356
connect to an existing database 91
Connection Brokers
adding a new Connection
Broker 133
load balancing 574
permissions 136
properties 127
removing 136
connection policies
about 370
defining properties 371
Control Panel
Universal Printer applet 497
create a new database and DSN 90
credentials pass-through
using with Firefox 413
D
data collector service
about 7
Databases
deferred authentication 318
desktop cloud
about 73
desktop cloud maintenance 229
Desktops
modifying published
applications 310
614
properties 127
setting properties 137
starting new applications 294
terminologies 137
differencing disks
about 234
disabling vWorkspace Reporting 40
disk and memory persistence 256
documentation
conventions xiv
drive mappings 375
E
environment variables 377
EOP Multimedia Acceleration 543
EOP Text Echo 541
EOP Xtream
about 555
client side timeout 560
configuring 556
experience optimized protocol
EOP Text Echo (local text echo) 541
graphics acceleration 548
optimization settings 535
overview 534
F
F5 Firepass integration
about 431
tunneling to a Connection
Broker 433
Farm node 93
File & Registry Redirection node
about 118
file redirection rule
creating 594
flash redirection
defining in connection policies 544
enabling in AppPortal 546
enabling in Web Access 547
setting up 544
folder redirection rule
creating 595
G
graphics acceleration
about 548
defining in connection policies 552
disabling by application 551
enabling globally 550
enabling in AppPortal 553
enabling in Web Access 554
implementation 548
registry settings 549
setup 550
H
hash checking 361
host restrictions
about 378
creating 378
HyperCache report 226
Hyper-V catalyst
about 226
HyperCache 226
HyperDeploy 226
I
importing existing computers 276
initialize computer
about 186
common failures 187
triggers 187
installation
vWorkspace Connector 45
Web Access 34
Internet Explorer compatibility 311
J
Juniper Secure Access integration
about 422
configuring 423
K
kerberos credentials pass-through 14
L
latency reduction 541
licensing
about 87
access in the Management
Console 87
adding licenses 31
linked clones
VMware 250
load balancing
about 573
assigning load balancing to
servers 579
counters 574
guidelines 577
how it works 574
terminal servers 577
Load Balancing node
about 118
local text echo 541
locations
about 118
Active Directory credentials
setting 132
adding new locations 120
deleting 127
node options 119
properties 127
M
managed applications
overview 289
properties 291
session sharing 302
managed computer groups
deleting 149
publishing a managed desktop 303
viewing 146
managed computers
about 153
network interface card 155
properties 155
publishing an application 305
session protocol RGS option 168
viewing 184
viewing logs 185
viewing tasks 185
management servers
about 210
adding network storage
servers 218
adding virtualization servers 213
management servers window 211
mandatory virtual user profiles
about 523
assigning 523
Max-IT
See Performance Optimization
media player redirection
MetaProfiles-IT
See Virtual User Profiles
Microsoft Hyper-V
about connection-time load
balancing 227
about integration 225
615
about provision-time load
balancing 227
broker helper service 247
desktop cloud maintenance 229
Hyper-V catalyst 226
Hyper-V host context menu 227
Hyper-V host properties 227
Microsoft RD Connection Broker
about 274
add an RD Connection Broker 50
AppPortal 53
install 46
RemoteApp Support 275
Microsoft SCVMM
about integration 233
adding computers using the
standard clone method 236
clone types 235
reconfigure computers 245
video adapter and static/dynamic
memory 243
module binding
about 583
module rebasing
about 583
monitor the cloning process 279
MSI Packages
about 114
adding a new package 114
multiple monitor support 322
N
network interface card 155
network storage servers
about 210
adding servers 218
implementation 249
rapid provisioning 248
requirements 249
O
operating system customization
creating 175
creating for unattend.xml 179
importing sysprep.inf file 175
optimized settings 535
optional one-session-per-user within
a farm 319
P
Packaged Applications node
about 108
616
Parallels Virtuozzo
about 271
about independent and slave
nodes 271
adding computers to a managed
computer group 272
password reset service
about 601
configuring 602
path checking 362
Performance Optimization (Max-IT)
about 581
how it works 582
master policy settings 584
setting the policy for specific
servers 589
permissions
about 84
setting 87
user profiles properties 520
PNTray
about 342
Universal Printer options 343
power management 282
progressive image display 549
Proxy-IT
about 604
configuring 604
enable session directory
service 606
using with session directory
services 606
publish content
about 306
published application
deleting 311
duplicating 311
Q
Quest vWorkspace
contacting support xvi
Quick Start Wizard
about 71
blade PCs 75
desktop cloud 73
remote desktop session host 74
virtual desktops 74
R
RDP
vWorkspace remote computer
sound 538
registry redirection rule
creating 593
registry settings
deferred authentication 318
optional one-session-per-user
within a farm 318
registry tasks
about 379
modifying 379
remote control session
viewing from Computers tab 81
viewing from User Sessions 79
Report Viewer Setup 441
Reporting and Logging Role 34
Reporting installation
installing 35
Reporting Schema
reprovision computers
SCVMM 234
VMware 253
Resources node
about 105
about the Printers window 508
additional customizations 358
application restrictions 361
color schemes 375
connection policies 370
drive mappings 375
environment variables 377
host restrictions 378
modifying published
applications 311
registry tasks 379
scripts 382
time zones 383
user policies 384
wallpapers 386
RGS
computer group property 144
managed computer property 168
S
about 440
using 443
sample report viewer
setting up 442
Scripted Installation
about 41
scripts
about 382
assigning 382
Secure Gateway
accessing by AppPortal and the
Web Access 403
certificate 390
configuring 391
configuring AppPortal access 401
configuring for both AppPortal and
Web Access access 404
installing 389
about 611
session directory service
enabling 606
session hosts
properties 127
Session Hosts node
about 190
modifying published
applications 310
session sharing
application 302
silos
about 517
Simple installation
about 20
installing 23
storage servers
about 516
special folder in user profiles 525
support
contacting Quest vWorkspace xvi
T
Targets node
about 98
about advanced targets 102
defining advanced targets 105
defining clients by device
address 101
defining clients by device
name 101
defining clients by groups 100
defining clients by organizational
unit 102
defining clients by users 99
types 98
task automation
about 151
617
adding 152
automated task wizard 152
TCP/IP ports
requirements 22
terminal servers
adding 190
adding permissions 194
adding published applications 308
assigning load balancing to
servers 579
load balancing 577
removing 195
server wizard 190
setting properties 194
viewing applications 201
viewing processes 200
viewing sessions 197
viewing users connected 195
termination of applications 362
time zones
assigning 383
overview 383
U
U3 AppPortal
client modes 345
Universal Client Printer
Auto-Creation 480
Universal Network Print Server
Extensions 500
adding network printers 501
assigning printers to clients 502
setting up Universal Printer
printers 500
Universal Network Printer
Auto-Creation 480
about 480
Universal Print Relay Service for
Remote Sites 502
adding remote relay servers 506
assigning remote printers to
clients 509
configuring 504
importing remote printers 507
Universal Printer 479
about the Control Panel applet 497
about Universal Network Print
Server Extensions 499
about Universal Network Print
Services 499
adding network printers 501
618
adding printers to remote relay
servers 506
assigning printers to clients 502
assigning remote printers to
clients 509
autocreating network printers 481
configuring remote site relay 504
Control Panel applet properties 483
importing remote printers 507
network printer properties 511
setting up Universal Printer
printers 500
Universal Client Printer
Auto-Creation 480
Universal Network Print Server
Extensions 500
universal network printer
auto-creation 480
Universal Print Relay Service for
Remote Sites 502
universal printer properties 509
viewing and editing network printer
properties 511
viewing and editing universal
properties 509
Universal Printer properties
bandwidth tab 491
compression tab 485
general tab 483
license tab 494
logging tab 493
naming tab 490
notification tab 496
PDF publisher tab 497
server farm tab 495
upgrade tab 492
unlock VM
VMware 250
upgrading
about 59
USB-IT
about 571
configuring 572
how it works 572
user policies
about 384
creating 385
modifying 386
viewing properties 384
user profile elements
properties 526
User Profiles
about special folders 525
configuring properties 521
defining a registry key 528
defining special folders 530
silo wizard 517
V
VAS client 32 package 317
VAS client 32T package 317
VAS client 32TS package 318
video adapter and static/dynamic
memory
about 243
view column definitions
about 188
installing 189
Virtual IP
about 597
adding a master range 598
configuring 597
configuring applications 600
configuring virtual IP address
ranges 598
enabling 597
modifying address range
allocations 600
virtual memory optimization
about 582
benefits 583
manually applying 591
module binding 583
module rebasing 583
viewing results for a specific
session 590
viewing results per application 590
viewing session summary
information 590
Virtual USB Hub Client
about 561
client applet 562
client components 561
client services 565
client system tray 565
requirements 561
Virtual USB Hub Server
about 566
server applet 566
server services 568
server system tray 567
about export and import 532
about registry elements 524
about silos 517
assigning mandatory user
profiles 523
features and benefits 512
how it works 513
mandatory user profiles 523
manually configure profiles 525
overview 512
properties 514
storage servers 516
xml file format 533
Virtual User Profiles (MetaProfiles-IT)
about 12
about 210
virtualization server wizard 213
virtualization servers
adding connections 213
VMware
about linked clones 250
adding computers using the NetApp
FlexClone method 263
standard clone method 261
VMware linked clone
method 266
clone types 260
customizations 258
disk and memory persistence 256
rapid provisioning 248
unlock VM 250
vWorkspace
benefits 4
remote desktop connection 538
upgrading 59
vWorkspace Connector
about 16
about silent installation 56
AppPortal 315
client packages 44
configuring 320
executable files 318
installation 45
overview 315
VAS client 32 package 317
VAS client 32T package 317
VAS client 32TS package 318
619
about 68
administration 82
connect to an existing database 91
create a new database and DSN 90
Farm node 93
first time use 89
icons 76
interface 68
menu options 76
monitoring the cloning process 279
Packaged Applications node 108
permissions 84
Resources node 105
Session Hosts node 190
Targets node 98
viewing and editing network printer
properties 511
viewing and editing universal
printer properties 509
viewing client information for an
active session 199
viewing terminal server
applications 201
processes 200
sessions 197
viewing users connected to
terminal servers 195
vWorkspace RD Connection Broker
Support
about 45
vWorkspace Reporting
actions views definitions 453
applications and application
restrictions 457
Databases 446
disabling 40
overview 439
Reporting Schema 447
Sample Report Viewer 440
setting up the sample report
Viewer 442
setup window 441
view column definitions 449
vWorkspace Welcome window
about 75
W
wallpapers
about 386
620
adding new wallpaper 388
assigning 387
changing properties 387
Web Access
about 407
about Websites node 409
connection properties 409
creating a new web access site 408
defining websites 409
firewall/secure gateway 410
installing 34
updating a site 421
upgrading 35
Web Access Site Manager
about 407
Websites node
about 409
wizards
App-V import 111
automated task 152
computer group 138
MSI Packages 114
new locations 120
operating system
customization 175
operating system customization
unattend.xml 179
server wizard 133
silo 517
task automation 151
virtualization servers 213

vWorkspace 7.5

Transcription

Documents pareils

Securing the Virtual Desktop: Removing the Last Barrier to

Machine A Sous Flash 888 Machine Poker Casino Gratuit Regles

alleges

Performance Consolidation Protection

Life Fitness - you

Game Capture HD PRO Quick Start Guide

Dynamics of Platform Competition: Exploring the Role of Installed

Approved Canadian Pharmacy! - Bien Utiliser Levitra

Interactive Brokers Hong Kong Fully Disclosed Clearing Agreement

- Wiley Online Library

What`s next for US banks - Maths-Fi