While working at a Workspace ONE project we were implementing a Unified Access Gateways (UAG) for untrusted connections to reach the workspace. Untrusted connections could be Wifi or the big bad interweb. They have two routes, all users reaching the Workspace aka Identity Manager (vIDM Proxy and vIDM) for authentication and choosing the entitlements and the second route after selecting a desktop route and using a tunneled UAG to connect to the Horizon desktop resources. With the latter the user has the option to select the Horizon Client or the browser, both are allowed and should reach the desktop. Do we hear a should? Yes, should. The Horizon client is connecting to the desktop, so an okay here. When using the HTML Web client we were greeted with a 404 error. Hey, wait?!?
Next steps get out the violin and start investigating.
Continue reading UAG Files: Not using the right proxy pattern breaks HTML view-client
In this blog post, I want to describe the manual steps on how to deploy and configure an NSX load balancer for the Platform Service Controllers (PSC). Hey wait, weren’t you doing PowerNSX automation stuff before? Yes and I still mean to do so. But with automation comes checking if the procedure actually works before attempting to automate that procedure. Garbage in is a lot of garbage out with automation….
Implementing NSX for desktop, whether for micro-segmentation or Load Balancing, takes time and effort to design and implement, that’s why I started the HorizonJumpstart to help with a starting point and hopefully some guidance. This post is about the Load Balancing part and the start-up of some additions to NSXHorizonJumpstart to include NSX Edge Gateway Load Balancers.
Continue reading PSC Load Balancing with NSX
We have several components in a Horizon environment that utilize databases, and there are also quite a few situations when those use external databases. With external databases, it is often that organizations are using Microsoft SQL Server databases. And with external databases, like any others btw, requirements might change or lifecycle management of MSSQL or underlying Windows requires the databases to be migrated. And with that…. what better way to write this all down in a post.
Before starting your migration be sure to do an Interoperability check with your to be solution. Horizon, or other VMware products for that fact, versions don’t always have the newest support from other vendors. This takes some testing and certifications and might take a while. But after all is checked, and also with other components that might consume these, we will start the migration.
Continue reading Migrating Horizon Databases
I have seen some search terms on this site lately involving the same query as described in the title of the article: the EUC Unified Access Gateway (UAG) default password. I would like to answer those queries in this post. And to be short, direct and for some blunt, there isn’t any default. You will have to set the password of root and the password of admin in the deployment of the UAG appliance, or is changed via VAMI or the Admin console. I have done this myself a couple of times, with all sorts of VMware appliances, but the main thing for UAG, AP and IDM is that redeployment is much easier than trying to fix issues (and is stable, saves hassle and breaking heads). But what you would like if something goes amiss with deployment or changing, probably regarding some required special characters of admin, is to use some of the options to regain access to the system and try to find out what went wrong (we want to know the why don’t we?!?). If you have worked out the why with the option of regaining access, it is still advisable to redeploy with that knowledge. The procedure of resetting the passwords of root and admin are described in the rest of the article. You might just need the admin procedure if your root password is known and working.
Continue reading Blog Search Queries answers: EUC Unified Access Gateway default password
As announced at https://blogs.vmware.com/euc/2017/09/vrealize-operations-for-horizon-published-apps-6-5.html vROPS for Horizon 6.5 was released on 21 September. Next, to some expected improvements, there are two bonuses to this upgrade:
– one, you can upgrade to vROPS 6.6 which was not supported with vROPS for Horizon 6.4.
– two, you can use NVidia Virtual GPU Management Pack to get some long wished insights of GPUs in the Horizon environments. This one I will described in a later blog post.
– And maybe three, support for the current App Volumes versions and Unified Access Gateways. They were working in vROPS for Horizon 6.4, but not with supported versions.
The starting point to go to vROPS for Horizon 6.5 is either green-fielding to vROPS for Horizon version 6.5, in which you don’t need this blog post; or starting with a current version of vROPS for Horizon 6.4 and want to upgrade. Upgrading to vROPS for Horizon 6.5 is step one, upgrading to vROPS 6.6 is optional but highly recommended. Both will be described in this blog post.
Continue reading vROPS: Upgrading vROPS for Horizon 6.5 and vROPS 6.6
A few blog posts ago (https://www.pascalswereld.nl/2017/08/24/nsx-for-desktop-jumpstart-microsegmentation-with-horizon-service-installer-fling/) I wrote about using the Horizon Service Installer fling for adding Horizon services to NSX for Desktop. From that blog post, I have been continuing to evolve the services file with services, sections, and rules that will normally appear in an EUC solution with VMware products. I tried to maintain the services yml file to keep on working with the fling. Currently you still can, however I don’t know how long this will be.
And this is because of another part I am working on, using PowerNSX for adding the services file to the NSX environment, and in turn, replace the need of the fling. You can read about me starting this at the post PowerCLI Collection: PowerNSX Desktop Jumpstart and process YAML (yml) config file. And this blog post is about explaining the first version to reach feature parity to the Horizon Service installer fling. The NSXHorizonJumpstart script now reads and adds to the complete yml file to NSX services, service groups, security groups and adds the Firewall sections with the firewall groups.
You can find both the services file as the current version of the script from the master branch at: https://github.com/Paikke/NSXHorizonJumpstart.
Continue reading PowerCLI Collection: PowerNSX Horizon Jumpstart script ready to rumble
In my last blog post (https://www.pascalswereld.nl/2017/08/24/nsx-for-desktop-jumpstart-microsegmentation-with-horizon-service-installer-fling/) I wrote about using the Horizon Service Installer fling for adding Horizon services to NSX for Desktop. From that blog post I have been evolving the services file with services and rules that will normally appear in an EUC solution with VMware products. Not just sticking with Horizon 7, but also getting App Volumes, UEM, UAG, and infrastructure components in the picture. And I will be continuing to evolve the services.
Another part I am working on is using PowerShell/PowerNSX for adding the services file to the NSX environment, and in turn, replace the need of the fling. And this blog post is about explaining the current structure from reading the yml file and using this information to check and add to NSX. For now, the services yml file will be maintained to keep on working with the fling.
Continue reading PowerCLI Collection: PowerNSX Desktop Jumpstart and process YAML (yml) config file
We fortunately see a lot more NSX with EUC deployments. Used for microsegmentation of the virtual desktop infrastructure, virtual desktop security protection and load balancing of the workspace components (see my previous post here: https://www.pascalswereld.nl/2017/06/09/euc-layers-horizon-connectivity-from-nsx-load-balancers-with-love/).
I want to focus a bit on the microsegmentation and mainly on the NSX service profiles, groups and standard set of rules for EUC with VMware Horizon. Currently neither NSX for Desktop as Horizon ships with a prepared set to use. Well the Horizon suite does not ship with NSX in any form, what is still a miss in my humble opinion. It can be a little difficult I know.
This blog post will try to focus on the expected to be part of your desktop environment and Horizon components and their NSX rules. Focussing on static Horizon services, static Infrastructure services and dynamic applications based on group membership. And using a fling to get them in your environment. I also have added more services and rules to the fling configuration file, and put up a github project to manage these changes. You can download an updated yml file from there, details a little later on so do read or scroll ahead ;). This is a work in progress as I am also just working on it in my current project.
Continue reading NSX for Desktop: Jumpstart microsegmentation with Horizon Service Installer fling
Here we are again! Holiday is unfortunately over. Lots seen and done, lovely travel companion and a great time. But yes back again to this crazy little thing called work. Some nice projects to be working on. This week started with the deployment of a Workspace ONE environment.As there are several phases in a EUC project, and I was doing assess and design a lot more often than deploy jobs, I wanted to get back with some hands-on experience outside the lab. I think this a) is good for the overall quality of this consultant, b) aligning the assess, design and deployment phased is part of continual improvement of a EUC solution and c) there will always be this techie inside who likes to brea…. erm build… I mean build stuff. Nice putting together some components and with this blog post some of the current deploy experience gotchas need to be recorded. First up App Volumes.
On with some deploy activities
Within the build a Workspace ONE infrastructure one of the tasks is deploying the App Volumes infrastructure. No problem, get a VM, run the installer and do the initial configuration no iceberg straight ahead. Clicky the click tappy the tap. Stopped at a credentials error on the AD Domains page . Erm what happened here
Continue reading App Volumes configuration: Active Directory bind user and use the short username captain!
On June 20th the latest version of Horizon was released, namely Horizon 7.2. The highlights of this release include the added Horizon Help Desk tool, and general availability of Skype for Business enhancements in the Horizon environment to enable Horizon users to use Skype in a production environment. You can for example find the VMware Virtualization Pack for Skype in the Horizon Agent installer.
Both features are what organizations often asked about, so it is good that these are included in this release. Other somewhat important are the usual upgrade release updates, scale and product interoperability improvements. As expected and delivered, nothing fancy here.
Continue reading Horizon 7.2: With a little helpdesk from my friends