Tag Archives: vmware

VCP5 exam: Passed!

Today is August 29th, 2011. This also happens to be the day that the VCP-510 exam goes live, which is also known as the (VMware) VCP5 exam. My VCP4 number was in the 66000 range, and I really wanted a lower number this time around. I also wanted to get the exam out of the way long before the end of February 2012 “upgrade your VCP4 to 5 without taking any additional classes” deadline. After February 2012 you will be required to attend a “What’s New in vSphere 5″ class AND pass the exam in order to earn your VCP5 certification. People who hold the VCP3 were given a reprieve that allows them to take the shorter (read: less expensive) “What’s New in vSphere 5″ class and sit for the VCP5 exam. As with the VCP4, VCP3′s have until the end of February 2012 to take the “What’s New” course and pass the exam after which they will need to take the full vSphere 5 Install/Configure/Manage (or Troubleshooting) course before they can earn their VCP5 cert.

Side note: If you need to take a class JOIN VMUG Advantage! 20% off of classes and exams and you get access to official VMware coursework (visit the link for details). Yes it costs $200 per year but you don’t have to renew. If you are like me virtualization is becoming/has become integral to your career so you probably will renew when the time comes.

What can I say about the test? Nothing specific per the rules of course. I’ll keep my bullet points simple and ambigious:

  • Read the exam blueprint here (you will need to register for a VMware Learning account).
  • Read what “Andre” has to say about the beta version of the exam.
  • Remind yourself that much of what you know about configuring and administering VMware has NOT changed since 4.X.
  • Read the “vSphere 5 What’s New” documents that Duncan Epping has provided links to here.
  • Review the vSphere 5 documentation. Some of the PDF links don’t work but the other versions seem to. I think the VMware employees are all busy at VMworld right now and haven’t fixed the PDF’s yet.
  • The test is 85 questions total; it took me about 90 minutes to complete including about 10 questions I had marked for review.
  • If you passed the VCP4 exam, and feel you could still pass it today, I think you are well on your way to passing the VCP5.
  • The test is fair, in my opinion.
I think the exam is very similar in style, feel, and content to the VCP4 exam. I have about 3.5 years VMware experience, about a year of which is with ESXi 4 and the rest with 3.5. Most of that time was as an administrator of smaller VMware datacenters, but the advantage being that I worked with everything (VMware, Microsoft, EMC storage, Avamar backups) but the core switches (although I could handle what I needed to know for VMware if required). This means I got to do some vSphere setup and upgrades in addition to just administration. I think that it would be very difficult to pass the exam if I had nothing more than VMware administration experience, so if that is you I recommend going through some setups from empty standalone hosts to HA/DRS clusters.
What is next for me certification wise? Well the truth is the exam hasn’t been released yet, nor has the product for that matter. I should be able to answer that one after a few more press releases trickle out of VMworld.

Issue with ESXi 5 upgrades (via VUM) and Iomega IX2-200 VMDK datastores

Over the last couple months I have been performing upgrades from ESXi 4.1, to 5.0 Beta, to 5.0 RTM, and earlier today to 5.0 GA. With the exception of the 5.0 GA release all these upgrades were handled with VMware Update Manager (VUM). I have encountered a few errors along the way I and I felt it was worthwhile to share them.

First of all to use VUM and the ESXi 5.0 GA ISO to upgrade to your hosts to 5.0 GA you must be running  ESXi 4.0.4.1 or later (per details from VUM), but not any previous release of 5.0. The odd thing is that you can do an upgrade of your pre-ESXi 5.0 GA hosts by booting with the install CD and choosing the “upgrade” option. This preserves all the settings as you would expect it to. The ESXi “depot” installer for 5.0 GA for VUM has not been released yet so I do not know if you will be able to use it to upgrade 5.0 Beta or RC to 5.0 GA (stay tuned as I have a ton on hosts running 5.0 RTM so I will test the depot install as soon as I get it!).

For further details about upgrade requirements and such visit the vSphere 5 online documentation here about that very subject. I have had nothing but success using VUM; I’ve used it for ESX 4 to ESXi 5 upgrades as well ESXi 4 toESXi 5 upgrades, even with the guest VM’s *suspended* during the upgrade (I was feeling adventurous). The onlyissue I had was with my Iomega IX-200 (Cloud Edition) that I use for iSCSI shared storage in my lab. I had no issues going from 4.X to 5.0 RTM; the datastores were available as expected after the VUM orchestrated upgrade. This morning though I went from 5.0 RTM to 5.0 GA and my datastores were not available, however the iSCSI connected devices did display.

Device View:

 Datastore View:

 Devices looks good, but where is my VMDK volume (only the local volume is shown)?

I’ve done a little work with SAN copied VMDK volumes before and as such have had to deal with VMDK volume resignaturing. VMware has a nice KB articlethat explains why resignaturing is needed:

VMFS3 metadata identifies the volumes by several properties which include the LUN number and the LUN ID (UUID or Serial Number). Because the LUNs now have new UUIDs, the resulting mismatch with the metadata leads to LVM identifying the volumes as snapshots. You must resignature the VMFS3 volumes to make them visible again.

Ignore the bit that specifies VMFS3; the KB article hasn’t been updated and it would appear that this issue applies to VMFS5 as well. In a nutshell what is happening is that ESXi sees the “new” datastore as a snapshot and as such does not mount it as a VMDK volume.
Resignaturing the drives is quick and painless although please remember that it will affect every host that connects to the datastore that may not have been upgraded yet and/or is still accessing it. I had brought down the whole lab so I wasn’t concerned about this. The steps are as follows:
  1. Power off any/all VM’s that may be running on the datastore(s) you will be resignaturing.
  2. SSH into one of the hosts that currently has access to the datastore(s) that are having problems.
  3. Execute “vmkfstools -V” from the ESXi console to rescan the volumes on the host. If this fixes the problem then you are all set. Odds are you already did this via the vSphere client so you need to move on to the next step.
  4. Remove any VM’s from the ESXi inventory that reside on the volume(s) you will resignature.
  5. Verify that the volumes are seen by the host by executing “esxcfg-mpath -l | less” from the ESXi console.
  6. From the ESXi console execute “esxcfg-advcfg -s 1 /LVM/EnableResignature“. This will resignature ALLdatastores that were detected as snapshots during the next rescan, so hopefully you remembered to take all the precautions I specified above.
  7. Repeat step three to initiate the rescan and perform the resignature operation. YOU ARE NOT DONE YET! You should however be able to see the VMDK volumes on the host now at this point (they will have new datastore names that start with “snapshot-“, if not your problem goes beyond the scope of this post.
  8. Execute “esxcfg-advcfg -s 0 /LVM/EnableResignature” to disable the resignature-during-rescan option. If you fail to do this your datastores will be resignatured during EVERY rescan, which I am fairly certain you do not want.
  9. Still not done, now execute step 3 again to make sure the volumes stay mounted after the rescan. Assuming that they appeared during step 7 they should still be present after you run another rescan. If they disappear after this step it means you did something wrong in step 8 and the drives were resignatured again. Repeat step 8 again, then this step, and verify that the volumes remain.
  10. Browse the datastore(s) and re-add all your VM’s to your inventory. You do that by browsing to the VM folder, right clicking on the vmx file within, and selecting “Add to Inventory”.
  11. Rename the datastores to match what they were before. This is an optional step but if you are like me the datastore names have meaning and they are part of your overall design.
Everything is back to normal in the lab:
I must admit that it is scary when the datastores disappear. Remain calm and remember that during a CD based (boot time) install you don’t have access to the iSCSI or NFS volumes (unlike fiber channel) so you are most likely just a resignature away from fixing your problem. The fix takes less than a couple of minutes and you will be off and running with your new ESXi 5.0 GA install.
Update (10-1-2011): I encountered this issue again after updating the firmware of my Iomega IX2-200; he same fix worked to restore access to my datastore.
- Jason

VMware vSphere 5 officially released

This morning VMware decided to “officially” release VMware vSphere 5.

  • To download vSphere 5 access the VMware evaluation center here.
  • The vSphere 5 documentation has also been released; access it here.
  • The ESXi 5 VMware community forum is also available. It is just one of many VMware communities so I encourage you to visit more of them.

I will save my comments for a later blog post since I now have 5 vCenter instances and 30+ hosts that need upgraded. In the interim I encourage you to try out vSphere 5 and learn about all the exciting new features that many bloggers before me have already discussed.

VMware View 4.6 Bootcamp Day 9 – View Reference Architecture for Stateless Virtual Desktops

The VMware View Bootcamp ends today with a talk about the View Reference Architecture. Mac Binesh, a Sr. Technical Marketing Manager outlines some of the typical costs associated with and benefits of adopting a virtual desktop infrastructure. I found the content a fitting end to the View Bootcamp series. When I look back at the previous discussions I realize that many of the regular posters have already come to realize the ways that a product such as View can benefit their organization, and not just with regard to CAPEX/OPEX per physical desktop. My notes from the Day 9 video. What is a Stateless Desktop?

  • Referred to as a “floating” desktop in View 4.5/4.6
  • Generic user desktop that is allocated to a user at login
  • User changed to the desktop are discarded at logoff
  • No User installed application
  • The VM returns to the desktop pool upon log off
  • Lower cost per VM can be realized with tiered storage
  • Starting with View 4.5 the “floating” VM can be placed on solid state disk on a blade server; previously the VM could only reside on the SAN

Reference Architecture Goals and Benefits

  • The reference architecture represents a validated VDI solution that was built and tested by VMware
  • The reference architecture represents a realistic desktop workload, a task/knowledge worker
  • Lower the CAPEX (capital expense) costs as measured on a per desktop basis
Benefits of Using Stateless Desktops
  • To the User:
    • Fast login times
    • Fast access to applications
    • Easy to reboot the VM
  • To the IT Department:
    • Improved SLA’s
    • Easier to manage than physical desktops
    • No “storms” (boot, login)
    • No SAN required
    • Scales easily
  • To the Business:
    • Reduced CAPEX and OPEX compared to physical desktops
    • Enhanced user productivity (more stable and consistent desktop experience)
    • Enhanced IT productivity (less to manage)
    • Plus all the other benefits associated with leveraging VDI

Cost Analysis

  • Since 2008 the datacenter hardware required by VMware View has decreased in cost by approximately 75%.
  • CAPEX Datacenter (Hardware) Cost Per Stateless Virtual Desktop (figures from VMware): $242
    • Qty 12: 8 core server w/96GB of ram: $212,796
      • 12 desktops per server core
      • Windows 7 23-bit with 1Gb of ram.
    • Datacenter switch: $11,842
    • SAN (20TB): $69,450
    • Qty 32: 160GB SSD drives for servers: $15,968
    • Total: $309,756 ($242 per desktop)

Key Use Cases

  • Remote Office/Branch Office OR Business Process Outsourcing
    • Reduced costs since desktops and users are centrally managed.
    • Sensitive data stays in the data center.
    • Streamlines application and desktop deployment.
  • Labs, Kiosks, and Training Centers
    • Supports distance learning environments.
    • Rapidly provision desktops.
    • Enhanced security with centralized control and management.
    • Reduced costs and increased control.

View 4.5 Scalability Testing and Results

  • For VMware testing the following architecture was used:
    • Linked clone replica base image resided on local SSD storage
    • Parent base image, user data, and the VM’s .vswp file resided on the SAN (shared storage)
      • .vswp files and infrastructure VM’s  (parent base image and View servers themselves) resided on NFS
      • Standard file shares were used for Windows user data redirections
    • Non persistent automated pool that refreshes immediately
  • Test Strategy and Success Criteria
    • Establish a baseline for desktops per server
      • Gradually increase the number of desktops until the resources of the server are maxed out
      • Reduce the number of desktops until utilization is at an acceptable level (VMware used ~70% CPU utilization as their figure)
    • Start with two servers, then scale out in two server increments
      • Validate application performance with each server scale out
    • Monitor SSD utilization
  • Test Results
    • VMware was able to scale to 96 desktops on an 8 core server (12 VM’s to server core)
    • Varied reboots of VM’s were sustained without consuming 100% of the system resources
    • 10Gbit ethernet combined with the use of local storage made it obvious that the networking environment could handle a fully scaled server load
    • The traffic observed is similar to that of a typical file server
Takeaways
  • VMware View 4.5/4.6 with tiered storage will drastically lower CAPEX, and simplifies cost modeling of desktop virtualization
  • Testking has proven that VMware View 4.5/4.6 provides linear scalability across both compute and storage regardless of scale

References from the presentation plus some I have added:

I hope everyone has enjoyed my summaries of the VMware View Bootcamp videos. I was interested in viewing the videos simply because I am doing increasing amounts of work with VDI and virtualization in general. My focus is more on validating the data center architecture so I find these videos valuable as they remind me of the end to end requirements of the solution as a whole. Follow the Day 9 discussions on the VMware forum page.

VMware View 4.6 Bootcamp Day 8 – Leveraging Security Server for PCoIP

Day 8 of the VMware Bootcamp was delivered by Mark Benson, a View Architect with VMware. The subject of the day is how and where to deploy VMware View Security Servers to provide secure remote access to View desktops. Earlier videos have touched on the function of the Security Server role but Mark lays out what exactly you need to do to integrate them into your View environment. How does a View Security Server work?

  • A remote user connects to View Security Server over a HTTPS connection using a URL that is configured in theView client.
  • If authentication is successful a secure HTTPS tunnel is established between the client device (View client) and the Security Server.
  • What happens next depends on the version of View:
    • View 4.5: The View Security Server would initiate a RDP connection to a View desktop and provide user access to this session over the HTTPS tunnel established in the previous step.
      • If PCoIP is the preferred protocol the only option is to connect over a VPN; the View 4.5 Security Servercannot tunnel PCoIP traffic.
    • View 4.6: The View Security Server initiates either a RDP or PCoIP connection to the View desktop depending on the configuration of the View Connection Server, again using the tunnel to extend the connection to the end user.
  • At the end of the day the View Security Server just performs a subset of the functionality of the ViewConnection Server.

Why use the View Security Server?

  • Recommended for DMZ deployments or environments with separated networks (no direct/private connection between locations)
  • Only authorized users can gain access through the View Security Server.
  • Ensures that the only traffic that enters the internal data center is that of authenticated users.
  • Ensures that users can only access resources (virtual desktops) that they are authorized to access.
  • Zero administration required beyond the initial setup.
  • View Security Servers offload the HTTPS processing and all desktop protocol traffic away from the ViewConnection Servers.
  • Multiple View Security Servers can be used to for scalability and high availability needs.

What is involved in making a remote PCoIP connection in VMware View 4.6 with a security server?

  • HTTPS must be open from the outside to the View Security Servers (and load balancers if used).
  • Port 4172 TCP and UDP traffic must be allowed inbound from the external clients to the Security Server and from the Security Server to the View Desktops.
  • Port 4172 UDP traffic must also be allowed outbound from the View Desktops to the Security Server and from the Security Server to the external clients.
Basic Troubleshooting and Things to Remember
  • Load balancers can be used to manage load but once the Security Server has been assigned remote clients must be able to connect to that server directly.
  • View Security Servers are only supported on Windows 2008R2 due to PCoIP support.
    • The View Security Server will utilize Intel AESNI instruction set to enhance PCoIP performance if available.
  • The View Connection Server can be run on Windows Server 2003 if you don’t need PCoIP gateway functionality.
  • The View Connection Server must have “PCoIP Gateway Functionality” turned onto enable SS to tunnel it.
    • Edit the “properties” of the View Connection Server to configure this setting.
  • Remember: On the View Connection Server, “Secure Tunnel” is enabled by default, “Secure Gateway” is disabled by default.
  • External facing View Security Servers typically get 2 URLS:
    • “External” URL is used by clients to establish the tunnel.
    • “PCoIP External URL is used by the View Clients to establish the PCoIP connection through the PCoIPgateway.
    • These settings are set in the security server properties; by default they are set to the server IP.
      • You will also have the option to specify these URLs during install time, if known.
  • Multiple View Security Servers can be connected to a single View Connection Server.
  • A single View Security Server supports 2000 active sessions (although it is recommended to have multipleSecurity Severs for resiliency).

Common issues

  • Make sure the View Connection Server is configured to gateway PCoIP (this is the default setting for 4.6).
  • Remote access without a VPN will not work unless you configure the View Connection Server to “Use PCoIPSecure Gateway for PCoIP Connections to desktop”.
    • Edit the “properties” of the View Connection Server to configure this setting.
  • Make sure the external URL’s are set correctly.
    • Edit the “properties” of the View Security Server to configure this setting.
  • Verify that PCoIP is not blocked by a firewall or web proxy.

Final notes:

  • Read the View 4.6 Architecture and Planning Guide.
  • May want multiple View Connection Servers so you can use different settings for internal and external access:
    • Gateway mode for external clients who will use the View Security Server.
    • Direct connections for internal clients who will connect directly to the View Desktops.
  • Plan your deployment and consider the needs for local access and remote access
  • Remember the three key steps:
    • Turn on PCoIP Gateway Functionality on the Connection Server.
    • Set up the two External URL’s on each View Security Server.
    • Set the firewall rules to allow PCoIP and HTTPS traffic as required.
While the video for the day did yield a lot of notes the overall implementation of View Security Servers seems rather straightforward. The View Architecture and Planning Guide and the Day 8 video are great resources for understanding how to deploy resilient and secure external access to View Desktops. Follow the discussions for the day here.

VMware View 4.6 Bootcamp Day 7 – Automating View 4.5 with PowerShell

Day 7 of the VMware View Boot Camp is about leveraging VMware PowerCLI to perform various View tasks. The presentation was given by Tom Elliot, a developer on the VMware View team. My notes for today are just that; there isn’t a lot of opinion to introduce into the subject at hand. I did update some of the links mentioned in the video to reference the current version of View (4.6) as well as the current version of the vSphere PowerCLI (4.1U1). Overview of View PowerCLI

  • The first automation tool released for VMware View.
  • Command line interface that is a snap-in for Windows PowerShell
  • Allows for management of View Desktop Pools, Individual View Desktops, Connection Servers, View registered vCenter Server configuration, User Entitlements, and View Configuration including licensing.
  • Some sample use cases:
    • Manage power consumption by shrinking pools overnight.
    • Manage new users and increase pool size automatically.
    • Schedule recurring Composer operations such as refresh, re-balance, and recompose.

Architecture

  • View PowerCLI communicates with the Broker Service that runs on the Connection Server.
    • By default PowerCLI must be run from the Connection Server to manage View.
      • Remote connections can be enabled using the Enable-PSRemoting cmdlet.
    • The Broker Service acts as an intermediary between PowerCLI and other View components.

Anatomy of a Cmdlet

  • Verb-Noun Structure:
    • Get-Pool, Set-License, Add-ManualPool
  • Commands utilize input parameters:
    • Set-License -key XXXX-XXXX-XXXX-XXXX
  • Commands can be piped together:
    • Get-Pool -pool_id Sample1 | Remove-Pool
    • Multiple commands pipes are possible
  • View IDs used in PowerCLI:
    • pool_id
    • vc_id
    • machine_id

Setting up an Environment

  • Install View Connection Server
  • Install Windows Management Framework
    • PowerShell 2.0 and WinRM 2.0 (included in Windows 2008/2008R2 and Windows 7)
    • Microsoft KB968930 hosts the files for download for other OS’s.
    • Can be installed on a workstation for remote management.
  • Optional: Install vSphere PowerCLI Toolkit to enable vSphere management cmdlets.
  • Set PowerShell Execution Policy
    • To use your own scripts: Set-ExecutionPolicy Unrestricted
    • To use only signed scripts: Set-ExecutionPolicy AllSigned
    • Enable-PSRemoting allows commands to be executed remotely.
      • Must be enabled using PowerCLI on the Connection Server.
      • Must connect with Domain Admin credentials as View cmdlets require Admin privileges.

Basic Tasks / Sample View PowerCLI Cmdlets

  • Get-Pool : Used to return information about one or multiple pools.
  • Get-DesktopVM : Used to return information about one or multiple View desktops.
  • Add-PoolEntitlement : Used to grant a user or group rights to a View pool.
  • Update-AutomaticPool : Used to expand the size of an automatic pool.
  • Send-SessionLogoff : Used to log a user off of a View desktop.
  • Add-AutomaticLinkedClonePool : Used to create a new automatic linked clone pool.

Getting Help

  • Prepend a cmdlet with Get-Help
    • Get-Help Send-SessionDisconnect
    • Returns information about, a description of, and parameters to the supplied cmdlet.
  • VMware View 4.6 Integration Guide

Creating Your Own Scripts

  • Script files are a text file with a .ps1 extension.
  • You must load the View Cmdlets into the script first by including this line:
    • . “C:Program FilesVMwareVMware ViewServerextrasPowershelladd-snapin.ps1″
  • Syntax used to schedule scripts with Windows Scheduled tasks:
    • powershell.exe c:scriptsmyscript.ps1

Integrating with vSphere

  • vSphere components that are related to View can be administered from the View PowerCLI.
  • vSphere Cmdlets will be loaded by the View PowerCLI if they are present.
  • Limited support exists for piping vSphere Cmdlet output to View Cmdlet and for use of vSphere ID’s.

Advanced Topics Remoting:

  • To remotely manage View you use use the Enter-PSSession cmdlet and load the View Cmdlets as well:
    • Line 1: Enter-PSSession viewcs.vjason.local -Credential (Get-Credential)
    • Line 2: . “C:Program FilesVMwareVMware ViewServerextrasPowershelladd-snapin.ps1″
    • When done log out: Exit-PSSession
    • Notes:
      • Examples shown use the currently logged in account (-Credential (Get-Credential)) as the account used to connect to the View Connection Server (viewcs.vjason.local).
      • All commands are executed against the connection broker.
Known Issues:
  • Executing Update-AutomaticLinkedClone on a pool with profile or temp disks disabled will re-enable the setting.
    • Subsequent desktops that are provisioned will be provisioned with unwanted disks.
    • Existing desktops will not be affected.
  • Get-DesktopVM output is incorrect when multiple vCenter Servers are in use.
    • Reason is that vCenter VM MOID (managed object ID) value may not be unique across all vCenter servers.
    • Use -machine_id rather than -id (which is the MOID) to reference VM’s.
    • Also affects Send-LocalSessionRollback and Send-VMReset cmdlets.
Useful Links

PowerCLI for View is fairly straightforward if you are already using vSphere PowerCLI or even PowerShell for that matter. It is a key tool for automating those tasks that would otherwise require an admin to get up late at night and as such is a worthy topic to learn more about. Follow the Day 7 forum for the video here.

VMware View 4.6 Bootcamp Day 6 – PCoIP Deployment Best Practices and Tuning

The VMware View Bootcamp continues with Day 6:

“PCoIP Deployment Best Practices and Tuning. The speaker for today was Chuck Hirstius, a Senior Consultant with VMware. PCoIP is of course one of the protocols, if not the primary protocol, you use to connect clients to your View environment. I say primary because PCoIP enables secure end to end communications between the clients and the View VM’s, or should I say more secure than the other protocols supported by View. The video of the day generated a lot of notes as nearly every bit of information conveyed is very important when it comes to making View perform as expected. Day 6 notes:

PCoIP Protocol Background

  • Designed for high end workloads such as CAD, video/multimedia, and medical imaging.
  • Initially a hardware solution; starting with View 4.0 it was a software to software solution.
  • Encryption is inherent to the protocol; every packet within the protocol is encrypted.
  • In May ’09 enhancements were added to optimize performance over WAN links (latency, etc).
  • Host-based pixel encoding; sends only the pixels that have changed from frame to frame.
  • Endpoints are essentially simple “video streaming devices” as they are just viewing a streamed presentation of the session.
  • Performance consistent regardless of status  client side rending.
  • Uses a UDP transport. Ideal for real time protocols such as PCoIP which just send new display “pixels”.
  • Build to lossless display; static screens areas are gradually built to perfect.
  • Multiple codecs may be used to decompose the image based on the screen content.
  • Adaptive bandwidth consumption to help ensure a consistent client experience.

PCoIP Deployment Best Practices

  • QoS/CoS: Properly classify PCoIP as real-time interactive, typically below VoIP and ensure that the QoS mappings are preserved across WAN links.
  • Use the View Security Server (PCoIP gateway) for remote access to maximize security. Most efficient remote access solution and most secure since connections are proxied through a server in a DMZ.
  • If VPN is used favor IPSEC/L2TP/GRE/DTLS over SSL based since View traffic is already SSL encrypted.
  • Pass View traffic through any IDS/IPS/Endpoint Protection software as well as WAN optimization solutions (Bluecoat, Riverbed, Cisco, etc).
  • Fixed bandwidth WAN links are preferred over “burstable” links as burstable traffic is typically low priority from the provided. Key to ensure performance when traffic peaks.
  • Use Weighted Red (WRED) on virtual interfaces (not physical) to help avoid network congestion. Avoid “tail drop” as we don’t want packets to be dropped since we are using UDP.
  • Avoid use cases where network latency is greater than 300ms.
  • Avoid per-packet load balancing as packets may be delivered out of order (very bad for UDP traffic).
  • Use View desktop VM optimization guides to ensure optimal visual settings.
  • Optimize PCoIP to your use case!

Tuning PCoIP

  • Have a plan!
  • Identify and understand the problem you are trying to solve.
  • Be diligent about benchmarking and recording data.
  • Old change one variable at a time and record all changes that are made.
Tuning Parameters
  • PCoIP can be adjusted with group policies. Template is located on View Connection Server at: Program FilesVMwareVMware ViewServerExtrasGroupPolicyFilespcoip.adm.
  • PCoIP registry settings located at: HKLMSOFTWAREPoliciesTeradiciPCoIPpcoip_admin|defaults
  • Settings include:
    • pcoip.max_link_rate : Maximum session bandwidth.
    • pcoip.device_bandwidth_floor : Lowest bandwidth to use when congestion is detected.
    • pcoip.mtu_size : Packet size.
    • pcoip.minimum_image_quality : Lower bound of image quality compression used when congestion triggers build to lossless
    • pcoip.maximum_initial_image_quality : Lower bound of image quality PCoIP attempts to deliver initially; leads to more “pixel perfect” screens but with more bandwith peaks.
    • pcoip.maximum_frame_rate : Maximum frequency of  client screen updates.
    • pcoip.enable_audio : Enable/disable audio.
    • pcoip.audio_bandwidth_limit : Maximum audio bandwidth.

Tuning Guidelines

  • Cover the best practices first: network environment and desktop image optimization!
  • PCoIP adapts so altering default parameters may lead to unpredictable results.
  • For low bandwidth links set the limit at or below the maximum link rate.
  • Limits may even make sense for a LAN if throughput is a concern.
  • Configure a session floor when: PCoIP is experiencing packet loss but the network link has plenty of headroom OR when packet loss is seen on WiFi networks. Be careful to avoid unintentional over saturation by setting the floor too high.
  • 30 fps is the default frame rate but 20-24 fps will lead to almost no noticable impact (but little gain).
  • Rich media requires higher frame rates (at least 15 fps) but tasks workers with no media requires may be able to function with 6-8 fps.
  • Configure the maximum initial image quality; if on a WAN link with constrained bandwidth reduce to 60-70%. If the value is too low images may appear “fuzzy” or “blurry”.
  • Configure the minimum image quality (must be lower than max of course). 50% is typically acceptable for most cases.
  • Configure the audio bandwidth limit. Helpful in increasing connection density; vary between 450-50Kbps until ideal mix of bandwidth savings and audio quality is achieved. Audio bandwidth limit is a target, not a literal value!
Conclusion:
  • Always start with the basics! Optimize image, address external issues (much more common than PCoIP issues!), and size the network accordingly based on the use case.
  • Use the PCoIP logs to identify where the problems are!
  • No more than one change at a time when working on issues! Test changes multiple times against the use case and repeat the process used to uncover the issue.
  • Don’t forget VMware / Teradici support!
Helpful links:

Lots of info today but as I said critical to getting the necessary performance out of your View environment. Follow the discussion for the day here or feel free to post questions below!