Great Article “Horizon View Multi-VLAN Explained”

http://myvirtualcloud.net/?p=4730

Posted in View, vlan | Leave a comment

VMware View 5.1 and above SSL Certs

Recently I had the pleasure of setting up GoDaddy certificates on a View Security Server.  In View 5.1 the process has changed somewhat and it reality it has gotten easier!  There are several good blogs as well as KB articles, listed at the end of this entry.  The one that actually outlines it is http://kb.vmware.com/kb/2032400.  

Using the Microsoft Certreq tool on a Windows 2008 R2 server that is the Security Server, here is an outline of the steps:

1.  Create the configuration file in the request.inf format.

;—————– request.inf —————–
[Version]

Signature=”$Windows NT$”

[NewRequest]

Subject = “CN=View_Server_FQDN, OU=Organizational_Unit_Name, O=Organization_Name, L=City_Name, S=State_Name, C=Country_Name” ; replace attributes in this line using example below
KeySpec = 1
KeyLength = 2048
; Can be 2048, 4096, 8192, or 16384.
; Larger key sizes are more secure, but have
; a greater impact on performance.
Exportable = TRUE
FriendlyName = “vdm”
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = “Microsoft RSA SChannel Cryptographic Provider”
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0

[EnhancedKeyUsageExtension]

OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication

[RequestAttributes]

; SAN=”dns=FQDN_you_require&dns=other_FQDN_you_require”
;———————————————–

2.  Open the file in an editor and update the Subject field.

Subject = “CN=view.company.com, OU=Helpdesk, O=IT, L=Palo Alto, S=California, C=US”

3.  Save it to a folder such as C:\Certs.

Generate a CSR using the configuration file:

1.  Open a CMD prompt with “Run as Administrator”.  Change to the directory that the file was saved off to.

cd C:\certs

2.  Generate the CSR file.

certreq -new request.inf certreq.txt

3.  Open the “certreq.txt” file in an editor and paste that into the CA request to obtain a signed certificate.

4.  Save off the resulting certificate files from the CA and copy them into a cert.cer file (as well as the root and intermediate files, root.cer & intermediate.cer).

Import the signed certificate:

1.  Open a CMD prompt with “Run as Administrator”.  Change to the directory that the file was saved off to.

2.  In the directory with the *.cer files run the certreq tool again.

certreq – accept cert.cer

3.  If you originally had a self signed certificate, make sure to remove the friendly name of “vdm” from it.

4.  restart the View services or reboot.

Verify in the MMC snap in for Certificates:

http://pubs.vmware.com/view-51/index.jsp?topic=%2Fcom.vmware.view.installation.doc%2FGUID-FA1BE2EC-D8B9-472E-A4F9-09C79DFC94D5.html

http://pubs.vmware.com/view-51/index.jsp?topic=%2Fcom.vmware.view.installation.doc%2FGUID-E5EA22DE-E8CD-4E8D-8F76-C5105307D09F.html

http://pubs.vmware.com/view-51/index.jsp?topic=%2Fcom.vmware.view.installation.doc%2FGUID-42B85B91-DCFD-4C1D-8E7C-1AA0C81C0BFB.html

 

KB Articles:

http://kb.vmware.com/kb/2032400

http://kb.vmware.com/kb/2021537

http://kb.vmware.com/kb/2020913

 

Blogs: 

http://fojta.wordpress.com/2012/05/27/vmware-view-5-1-and-ssl-certificate-replacement/

http://my-virt.alfadir.net/2012/05/generate-view-5-1-certificat/

Posted in PCoIP, Security, SSL, View | Leave a comment

The Wait is Over

- Great New - 

The wait is over and customers can now use View 5.1 and 5.1.1 with the latest update to ESXi for vSphere 5.1.

http://kb.vmware.com/kb/2035268

Posted in vCenter, VDI, View, vSphere | Leave a comment

Great Blog on upcoming 3D capabilities in View

VMware View 3D Gaming Experience

Simon Long posted a great blog at http://www.simonlong.co.uk/blog/2012/10/25/vmware-view-3d-gaming-experience/ about the both at VMWorld 2012.

Posted in 3D, VDI, View | Leave a comment

Bypassing KMS activation on Windows 7/Vista in View Composer

There used to be a VMware KB article that described how to bypass license activation for MAK copies of Windows (KB 1026556), it was updated and now doesn’t include how to do bypass – instead it says contact support.  Of coarse use of MAK licenses are not supported, but in testing there are two registry keys that will allow you to move forward.  So, here they are, but use at your own risk!

To enable QuickPrep to activate licenses for MAK clients:
In the guest operating system on the parent virtual machine, start the Windows Registry Editor and navigate to this registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vmware-viewcomposer-ga

Navigate to the AllowActivateMAKLicense registry value. The default value is 0.
Set the value to 1.

To bypass license activation by QuickPrep:
In the guest operating system on the parent virtual machine, start the Windows Registry Editor and navigate to this registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vmware-viewcomposer-ga

Navigate to the SkipLicenseActivation registry value. The default value is 0.
Set the value to 1.

Posted in Security, VDI, View | Leave a comment

Windows 8 in View

Do you want to run Windows 8 in View? With the release of Windows 8 rapidly approaching, VMware is ahead of the game! Robert Baesman just released a great blog on how to set it up over on the VMware EUC blog (http://blogs.vmware.com/euc/2012/07/experimenting-with-windows-8-desktops-in-view.html). Go for it!!!

Posted in VDI, View | Leave a comment

VMware vC Ops for View

Ran into an issue this week with environments that are running vC Ops for View and have upgraded their View environment from 5.0 to 5.1, for some reason the collector seems to check out OK on all the test, but the information doesn’t get back into the vC Ops appliance.  Looks like this:

vC Ops

This is because the View credentials used by the View adapter do not have correct privileges.  Previously we’ve recommended that the account used by the View adapter be part of the local admins group on the View Connection Server. In View 5.0 this group was included with View administrators by default but that doesn’t appear to be the case in 5.1. Therefore, the View PowerShell commands don’t work because the account doesn’t have sufficient privileges.

To work around this, simply make sure that the credentials used by the View adapter are included with at least the “Administrators (Read only)” role in the View admin console (either directly or by group membership).

Posted in Enterprise Management, vCenter, VDI, View | Leave a comment

VMware View Mobile Secure Desktop

Great new series from VMware training.  Register for this 12 part series and get a free ebook with all the material.  Quote from the VMware page below:

The VMware View Mobile Secure Desktop is a pre-tested and fully validated solution that provides end users with contextually aware, policy-driven access to virtual desktops across devices and locations.

In this 12 part bootcamp we will show you how to get started and how to successfully roll out and deploy virtual desktops and applications and infrastructure to securely support mobile users. We will have sessions covering everything from design considerations to location based printing and implementing high-performance, policy driven access through vShield and leading security technologies. 

We will also touch on VMware’s new vCOPs for View and how you can take advantage of Radius for two factor authentication. At the end of this bootcamp, you should have a good understanding of the VMware View Mobile Secure Desktop Solution, how to roll it out and how to optimize View in your environment.

The bootcamp begins Monday, July 16th. A new bootcamp video will be released each subsequent morning. Be sure to also check for related blog postings along the way!

Register here - http://info.vmware.com/content/17583_Mobile_Desktop_Bootcamp_REG

Posted in ThinApp, VDI, View | Leave a comment

New VMware ThinApp Point Release

VMware ThinApp 4.7.2: Minor release, major new features for Horizon!

This new release of VMware ThinApp includes:

  • A mechanism for updating ThinApp packages in Horizon Application Manager
  • A new relink –h command to enable prior ThinApp packages for Horizon
  • RemoveSandboxOnStart, a new Package.ini parameter

Read more here - http://blogs.vmware.com/euc/2012/07/vmware-thinapp-4-7-2-horizon-features.html

Posted in ThinApp | Leave a comment

Independence Day

Have a happy and safe Fourth of July!

Posted in Uncategorized | Leave a comment