Monthly Archives: August 2011

VMware View 5 group policies

This is the first post in a small series I am doing that will walk through some of the new features of VMware View 5. This product was announced on August 30th at VMworld, and features a number of improvements.

The subject for today is new group policy templates that have been introduced with VMware View 5. VMware has introduced new (Microsoft Active Directory) group policies that will grant View admins and architects further control over their VDI environment. The big two policies focus on two things: maintaining control over bandwidth utilization by allowing a more granular control over session image quality AND user persona control.

Some of the more prominent policies in these new templates focus on new View 5 features such as:

  • Client side caching: Caches image content on client to avoid retransmission
  • Build to lossless: 0-60 second window for the View client to “build” images to a fully lossless state
    • Perceptually lossless: Known as “build to lossless disabled”. Primarily for task and knowledge workers as well as the majority of desktop use cases. Use when bandwidth efficiency is more important than image quality.
    • Lossless (aka “fully lossless”): Best quality available. Use cases include healthcare imaging, designers, illustrators, etc.
  • Persona management: View 5 Persona Management is designed to extend the use cases for stateless desktops by enabling control over more end user settings than ever before. View admins will be able to “manage settings and files, policies such as access privileges, performance and various other settings, as well as suspend-on-logoff, from a central location”. View Persona Management will maintain this personalization across sessions with higher level of performance than previous options.

Lets get to the policies! I am detailing all of the View 5 policies that are available today, although only the first two templates are what you would call new. Most of these settings will be familiar to existing View admins if not Microsoft admins, so I am just going to list all the settings for the time being. If you want to know more about a setting comment on the article and I will provide more details.

PCoIP Configuration group policy template – pcoip.adm

This template focuses on PCoIP optimization settings and contains machine group policies located in two different sections: “Overridable Administrator Defaults” and “Not Overridable Administrator Settings”. The settings for each section are the same, the only difference is whether or not the values can be overridden.

Top level hierarchy of the PCoIP Session Variables policies:

image

The settings in detail (Again, the settings are the same for both the “Overridable Administrator Defaults” and “Not Overridable Administrator Settings”):

image

These settings are all fairly self explanatory, and combine to give the View admin a significant amount of control over View PCoIP client connections.

View Persona Management group policy template – ViewPM.adm

This template is for View 5 Persona Management settings and contains machine group policies located in four different sections: Roaming & Synchronization, Folder Redirection, Desktop UI, and Logging.

Top level hierarchy of the VMware View Persona Management computer policies:

image

VMware View Persona Management > Roaming & Synchronization – Computer Policies:

image

VMware View Persona Management > Folder Redirection – Computer Policies:

image

VMware View Persona Management > Desktop UI – Computer Policies:

image

VMware View Persona Management > Logging – Computer Policies:

image

Remaining group policy templates (4 in all) – vdm_agent.adm, vdm_client.adm, vdm_common.adm, and vdm_server.adm

These templates are similar to what was included with View 4.6, and are for controlling general settings of theView agents, clients, servers, and other common settings. The policies are broken down as follows:

Top level hierarchy of the View 5 computer policies:

image

VMware View Agent Configuration (folder root) – Computer Policies:

image

VMware View Agent Configuration > Agent Configuration – Computer Policies:

image

VMware View Client Configuration (folder root) – Computer Policies:

image

VMware View Client Configuration > Scripting Definitions – Computer Policies:

image

VMware View Client Configuration > Security Settings – Computer Policies:

image

VMware View Common Configuration (folder root) – Computer Policies:

image

VMware View Common Configuration > Log Configuration – Computer Policies:

image

VMware View Common Configuration > Performance Alarms – Computer Policies:

image

VMware View Server Configuration (folder root) – Computer Policies:

image

Top level hierarchy of the View 5 user policies:

image

VMware View Agent Configuration > Agent Configuration – User Policies:

image

VMware View Client Configuration (folder root) – User Policies:

image

VMware View Client Configuration > Scripting Definitions – User Policies:

image

VMware View Client Configuration > RDP Settings – User Policies:

image

VMware View Client Configuration > Security Settings – User Policies:

image

 

That completes the listing of all the View 5 policies that were in place as of this post. If things change when View 5is officially released I will update this post with the most current information and make a note of any changes of interest.

If you have questions please don’t hesitate to ask! I’ll do my best to get answers for you.

- Jason

VCP5 exam: Passed!

Today is August 29th, 2011. This also happens to be the day that the VCP-510 exam goes live, which is also known as the (VMware) VCP5 exam. My VCP4 number was in the 66000 range, and I really wanted a lower number this time around. I also wanted to get the exam out of the way long before the end of February 2012 “upgrade your VCP4 to 5 without taking any additional classes” deadline. After February 2012 you will be required to attend a “What’s New in vSphere 5″ class AND pass the exam in order to earn your VCP5 certification. People who hold the VCP3 were given a reprieve that allows them to take the shorter (read: less expensive) “What’s New in vSphere 5″ class and sit for the VCP5 exam. As with the VCP4, VCP3′s have until the end of February 2012 to take the “What’s New” course and pass the exam after which they will need to take the full vSphere 5 Install/Configure/Manage (or Troubleshooting) course before they can earn their VCP5 cert.

Side note: If you need to take a class JOIN VMUG Advantage! 20% off of classes and exams and you get access to official VMware coursework (visit the link for details). Yes it costs $200 per year but you don’t have to renew. If you are like me virtualization is becoming/has become integral to your career so you probably will renew when the time comes.

What can I say about the test? Nothing specific per the rules of course. I’ll keep my bullet points simple and ambigious:

  • Read the exam blueprint here (you will need to register for a VMware Learning account).
  • Read what “Andre” has to say about the beta version of the exam.
  • Remind yourself that much of what you know about configuring and administering VMware has NOT changed since 4.X.
  • Read the “vSphere 5 What’s New” documents that Duncan Epping has provided links to here.
  • Review the vSphere 5 documentation. Some of the PDF links don’t work but the other versions seem to. I think the VMware employees are all busy at VMworld right now and haven’t fixed the PDF’s yet.
  • The test is 85 questions total; it took me about 90 minutes to complete including about 10 questions I had marked for review.
  • If you passed the VCP4 exam, and feel you could still pass it today, I think you are well on your way to passing the VCP5.
  • The test is fair, in my opinion.
I think the exam is very similar in style, feel, and content to the VCP4 exam. I have about 3.5 years VMware experience, about a year of which is with ESXi 4 and the rest with 3.5. Most of that time was as an administrator of smaller VMware datacenters, but the advantage being that I worked with everything (VMware, Microsoft, EMC storage, Avamar backups) but the core switches (although I could handle what I needed to know for VMware if required). This means I got to do some vSphere setup and upgrades in addition to just administration. I think that it would be very difficult to pass the exam if I had nothing more than VMware administration experience, so if that is you I recommend going through some setups from empty standalone hosts to HA/DRS clusters.
What is next for me certification wise? Well the truth is the exam hasn’t been released yet, nor has the product for that matter. I should be able to answer that one after a few more press releases trickle out of VMworld.

Issue with ESXi 5 upgrades (via VUM) and Iomega IX2-200 VMDK datastores

Over the last couple months I have been performing upgrades from ESXi 4.1, to 5.0 Beta, to 5.0 RTM, and earlier today to 5.0 GA. With the exception of the 5.0 GA release all these upgrades were handled with VMware Update Manager (VUM). I have encountered a few errors along the way I and I felt it was worthwhile to share them.

First of all to use VUM and the ESXi 5.0 GA ISO to upgrade to your hosts to 5.0 GA you must be running  ESXi 4.0.4.1 or later (per details from VUM), but not any previous release of 5.0. The odd thing is that you can do an upgrade of your pre-ESXi 5.0 GA hosts by booting with the install CD and choosing the “upgrade” option. This preserves all the settings as you would expect it to. The ESXi “depot” installer for 5.0 GA for VUM has not been released yet so I do not know if you will be able to use it to upgrade 5.0 Beta or RC to 5.0 GA (stay tuned as I have a ton on hosts running 5.0 RTM so I will test the depot install as soon as I get it!).

For further details about upgrade requirements and such visit the vSphere 5 online documentation here about that very subject. I have had nothing but success using VUM; I’ve used it for ESX 4 to ESXi 5 upgrades as well ESXi 4 toESXi 5 upgrades, even with the guest VM’s *suspended* during the upgrade (I was feeling adventurous). The onlyissue I had was with my Iomega IX-200 (Cloud Edition) that I use for iSCSI shared storage in my lab. I had no issues going from 4.X to 5.0 RTM; the datastores were available as expected after the VUM orchestrated upgrade. This morning though I went from 5.0 RTM to 5.0 GA and my datastores were not available, however the iSCSI connected devices did display.

Device View:

 Datastore View:

 Devices looks good, but where is my VMDK volume (only the local volume is shown)?

I’ve done a little work with SAN copied VMDK volumes before and as such have had to deal with VMDK volume resignaturing. VMware has a nice KB articlethat explains why resignaturing is needed:

VMFS3 metadata identifies the volumes by several properties which include the LUN number and the LUN ID (UUID or Serial Number). Because the LUNs now have new UUIDs, the resulting mismatch with the metadata leads to LVM identifying the volumes as snapshots. You must resignature the VMFS3 volumes to make them visible again.

Ignore the bit that specifies VMFS3; the KB article hasn’t been updated and it would appear that this issue applies to VMFS5 as well. In a nutshell what is happening is that ESXi sees the “new” datastore as a snapshot and as such does not mount it as a VMDK volume.
Resignaturing the drives is quick and painless although please remember that it will affect every host that connects to the datastore that may not have been upgraded yet and/or is still accessing it. I had brought down the whole lab so I wasn’t concerned about this. The steps are as follows:
  1. Power off any/all VM’s that may be running on the datastore(s) you will be resignaturing.
  2. SSH into one of the hosts that currently has access to the datastore(s) that are having problems.
  3. Execute “vmkfstools -V” from the ESXi console to rescan the volumes on the host. If this fixes the problem then you are all set. Odds are you already did this via the vSphere client so you need to move on to the next step.
  4. Remove any VM’s from the ESXi inventory that reside on the volume(s) you will resignature.
  5. Verify that the volumes are seen by the host by executing “esxcfg-mpath -l | less” from the ESXi console.
  6. From the ESXi console execute “esxcfg-advcfg -s 1 /LVM/EnableResignature“. This will resignature ALLdatastores that were detected as snapshots during the next rescan, so hopefully you remembered to take all the precautions I specified above.
  7. Repeat step three to initiate the rescan and perform the resignature operation. YOU ARE NOT DONE YET! You should however be able to see the VMDK volumes on the host now at this point (they will have new datastore names that start with “snapshot-“, if not your problem goes beyond the scope of this post.
  8. Execute “esxcfg-advcfg -s 0 /LVM/EnableResignature” to disable the resignature-during-rescan option. If you fail to do this your datastores will be resignatured during EVERY rescan, which I am fairly certain you do not want.
  9. Still not done, now execute step 3 again to make sure the volumes stay mounted after the rescan. Assuming that they appeared during step 7 they should still be present after you run another rescan. If they disappear after this step it means you did something wrong in step 8 and the drives were resignatured again. Repeat step 8 again, then this step, and verify that the volumes remain.
  10. Browse the datastore(s) and re-add all your VM’s to your inventory. You do that by browsing to the VM folder, right clicking on the vmx file within, and selecting “Add to Inventory”.
  11. Rename the datastores to match what they were before. This is an optional step but if you are like me the datastore names have meaning and they are part of your overall design.
Everything is back to normal in the lab:
I must admit that it is scary when the datastores disappear. Remain calm and remember that during a CD based (boot time) install you don’t have access to the iSCSI or NFS volumes (unlike fiber channel) so you are most likely just a resignature away from fixing your problem. The fix takes less than a couple of minutes and you will be off and running with your new ESXi 5.0 GA install.
Update (10-1-2011): I encountered this issue again after updating the firmware of my Iomega IX2-200; he same fix worked to restore access to my datastore.
- Jason

VMware vSphere 5 officially released

This morning VMware decided to “officially” release VMware vSphere 5.

  • To download vSphere 5 access the VMware evaluation center here.
  • The vSphere 5 documentation has also been released; access it here.
  • The ESXi 5 VMware community forum is also available. It is just one of many VMware communities so I encourage you to visit more of them.

I will save my comments for a later blog post since I now have 5 vCenter instances and 30+ hosts that need upgraded. In the interim I encourage you to try out vSphere 5 and learn about all the exciting new features that many bloggers before me have already discussed.