In this part of the series, we will be deploying the VMware Horizon Unitied Access Gateway Appliance. It’s similar to the old Horizon Security server, and I myself mainly use it so I can connect to my Horizon connection server from a public IP address. (from my /24 block)
First what we do is download and deploy the UAG OVA template. In my set-up, a normal deployment will suffice and two NICs are enough. One is for the internal LAN, and one is for the external network.
Continue to go through the steps and turn the VM on, then after a while browse to the IP of the appliance on port 9443 followed by logging in with the admin account and password you provided during installation.
When we log in we get a screen, on this screen we click on select under manual. Enable “Edge Service Settings” and click on the gear at Horizon Settings, then enable Horizon and copy the settings below. PCOIP URL should be the public IP address of the UAG. Blast and Tunnel External URL should be the public FQDN of the UAG.
Next we log into the Connection Server. Click on Servers under Settings and then click on Connection Servers. Click on your Connection Server and then edit.
We want to disable Secure Tunnel, PCoIP Secure Gateway and Blast Secure Gateway, as our UAG will handling doing this.
We can also let the UAG appear under gateways in the dashboard. To do this, we log into the UAG and click on select under manual again (if you have logged out already). Then we click on the gear at System Configuration under Advanced Settings. Change the UAG name to something friendly. We will need it later.
Back to the Horizon 7 Console, we expand Settings and then click on Servers. Click on Gateway and click Register. In here, fill in the friendly name you gave the UAG in the previous step.
One final thing that I want to do is change the TLS and chiper settings: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA should give you good security and good results. You can change this under the UAG Admin page, then under Advanced Settings followed by System Configuration.
Finally, I want to configure a trusted SSL certificate for the internet facing side. We can do this under “TLS Server Certificate Settings” under Advanced Settings in the UAG Admin panel. You will have to upload the private key file and the full chain certificate file along with choosing what interface to apply it to. In my case I selected Internet interface.
This covers this part of the Horizon 7.11 series. In the next part, we will be creating a Windows 10 Desktop image.
I hope that this was useful for you and see you in the next post.
In this third part of the series, we will be deploying the Connection Server., the base of the Horizon package.
First, we will need a server or virtual machine running Windows Server 2012 or higher. The OS requirement is simple (source):
Windows Server 2008 R2 SP1
Standard Enterprise Datacenter
Windows Server 2012 R2
Windows Server 2016
Windows Server 2019
The following hardware requirements apply (source):
Pentium IV 2.0GHz processor or higher
Memory Windows Server 2008 R2 64-bit
4GB RAM or higher
At least 10GB RAM for deployments of 50 or more remote desktops
Memory Windows Server 2012 R2 64-bit
4GB RAM or higher
At least 10GB RAM for deployments of 50 or more remote desktops
Here I have installed a Windows Server 2016 VM. We mount the Connection Server ISO and start the installation .exe file. We accept the license agreements, and install the Horizon 7 Standard Server. In my case, I want to use HTML Access so I use that too.
Next we fill in the data recovery password. Be sure to keep it somewhere safe. Then I choose to let the installer update Windows Firewall to open some ports. Followed by authorizing as a Domain Admin.
After the installation, we can access the console through this link:
It will ask for a license. Fill in your license or your trial license.
Here I added a vCenter so I can use it in the next part.
If you would like more information or have any questions, feel free to contact me. There’s also a nice TechZone article that goes a bit more in-depth in the process of this.
Welcome to part two of the Horizon 7.11 deployment series. In this short post, we will go over what we will deploy in this series, what it is and in what part it will be deployed.
We will deploy the following:
Active Directory. (An ADDS server for our domain. This is a requirement that I will not go over. On request I may make a post about this.)
Horizon Connection Server. (This Connection Server will be the brain of our Horizon deployment. It will handle assignments, allocation, and management of desktops and RDSH servers.) – This will be deployed in Part 3.
Optional: Unified Access Gateway. (For my deployment, I want to be able to connect to a public IP from my /24 block, and access the Connection Server this way. Previously the Security Server was used for this.) – This will be deployed in Part 4.
Optional: a Remote Desktop Session Host. With this, one of the use cases is to allow users to connect to applications on the RDSH host. (I will just use this to experiment.) This will be deployed in Part 6.
In part 4, I will be going over a TechZone article and show you how to create a Windows 10 image that can be cloned easily to fit your deployment. For now, I will not go over View Composer. However, later in the series I will, once I’ve deployed a copy of this set-up as a lab. However, due to SSD space issues this may take a while. I may try to balance it in HDDs, but I have to be careful to avoid this insanity.
Currently busy with making the screenshots and writing the posts, they will be coming soon. I’ll see you in the next post.
This post is the first part of a VMware Horizon 7.11 Deployment series. In this first part, we will look into what Horizon is, what it is used for and why you should use it.
As VMware puts it out, which is a great explanation of what Horizon 8 is for; VMware Horizon 7: “simplifies the management and delivery of virtual desktops and apps on-premises, in the cloud, or in a hybrid or multi-cloud configuration through a single platform to end-users. By leveraging complete workspace environment management and optimized for the software-defined data center, Horizon 7 helps IT control, manage, and protect all of the Windows resources end users want, at the speed they expect, with the efficiency business demands.“
The main use case is for VDI. What is VDI? VDI is Virtual Desktop Infrastructure. This means that, for example, employees in your company can connect to a Windows virtual machine which has their corporate applications on it from anywhere where there is an internet connection. From your laptop, tablet, computer, smartphone, Mac, thin client devices and more. This also works with just applications. The two above is just a bit of what VMware Horizon 7 offers, though this is one of the most popular use-cases.
Why would you choose VMware Horizon 7? If you already a vSphere Stack, it integrates very well into this. For example, it leverages the capabilities of VMware vCenter server to easily clone Windows desktops VMs from a template, on an on-demand basis for your employees. After this, further restrictions such as policies can be applied.
Here is another example of why to use Horizon 7:
For example, a user starts writing a report on the branch office PC, and suddenly the power goes out in their building. The user can pick up where they left off at home on their MacBook or iPad because their virtual desktop resides in the data center.
In fact, if a user does not happen to have a device of their own at the moment, they can borrow one and use the Horizon 7 HTML Access web client. The web client does not require installing any software on the client device.
VMs can reside on high-availability clusters of VMware vSphere servers.
Here is an amazing VMware Tech Zone blog post, which describes it very well as well. Here is a nice picture of Horizon 7 features:
As you can see, this is many more features compared to most other VDI applications.
In the next part, we will be deploying the requirements for VMware Horizon 7.
I hope that this was useful and see you in the next post.
This is part two of my VMware Cloud Foundation series. In this part, we will be upgrading all components to the latest version. At the time of writing 3.9 is the latest version and currently I am running 3.8.
In part one, we have done a bring-up on our SDDC, creating and deploying the management Workload Domain (WLD).
First what you need to do, is to connect a My VMware account, so it can download the upgrade bundles.
Go to Repository Settings under Administration, and log in with your MyVMware credentials. Once that has been done, the SDDC Manager will look for updates and after a while, under Repository –> Bundles, it will show the available downloads.
I let it download “VMware Cloud Foundation Update 220.127.116.11”. After this is done, which will take a while, I went to Workload Domains under Inventory. Clicked on details of VI, and the on the MGMT domain. Under update/patches, an update is shown. I ran the prechecks, and it failed under a few parts:
vSAN failed with the HCL check, which is understandable seen that this is run nested. I ignored that. VRLI VRSLCM checks also failed, this is because I do not have VRSLCM deployed yet.
After applying the update, I’ve also applied the configuration bundle.
Unfortunately, it is here that the series on Cloud Foundation ends abruptly, as I do not have access to my Cloud Foundation lab server anymore.
If anyone happens to know a place where I could tempiraily get access to one, or anything like that, please email me at michael-at-masterwayz-dot-nl.
PowerVCF is, as from their GitHub page: “PowerVCF is a PowerShell Module for interacting with the VMware Cloud Foundation (SDDC Manager) public API.”
It has been tested with PowerShell 5.x and PowerShell Core 6.x To install the module, open PowerShell as an Administrator and run: Install-Module -Name PowerVCF Or, alternatively, you can install the module download from the zip file in th GitHub repo: Import-Module .\PowerVCF
To get started, you need to authenticate with the SDDC Manager. To do this, run: Connect-VCFManager -fqdn sddc-manager.lab.local -username admin -password VMware1!
Note that not all cmdlets work with VMware Cloud Foundation on VxRail. Please see the GitHub page for what is not supported.
Currently I do not have a lab envirounment that I can further test this with, so this post ends here. However, please give them a thank you for creating it and try it out for yourself, I think that it can be very useful for automation, for example.
Note that this cmdlet is NOT supported by VMware.
Thank you for reading this post and I hope to see you in the next one.
VMware Hands on Labs allows you to test drive products within your browser, at no cost. With HOL, you can evaluate the features and functionality of VMware products without the need to have your own physical lab hardware.
If you browse through the catalog you will see that there is plenty of choices. Ranging from Getting Started with vSphere, to VMC on AWS, Cloud Foundation, PKS and even challenge and Odyssey labs. (Odyssey labs deserve their own blog post that will be posted later)
Now, you might think that they offer a lot in their lab catalogs, and they do! And I personally think that it’s great that they do so. You may be wondering how this all works on the backend. For this, a special blog post will be made later which I will link here once it’s up.
I hope that you will all give HOL a go, you can learn a lot from it and the contents it has.
Thank you for reading and I hope to see you in the next post.
EDIT: The vExpert 2020 first half applications are now closed!
Don’t forget to apply for vExpert if you haven’t already! According to Twitter, the closing date has moved to 1/13 at 10 AM MT.
Apply here with your blog posts, VMUG events, other events, talks, and much more. There are also more paths, like customer path, VCDX path and more!
Be sure to give it a go, I have too! On my Twitter, I replied to VMware’s tweet saying that I applied as well, and that I’ve applied again and that hopefully third time’s a charm. Well, to my surprise, one of the VMware people replied to me:
If you don’t know what vExpert is, you are missing out on a lot, quoting from the site: “The VMware vExpert program is VMware’s global evangelism and advocacy program. The program is designed to put VMware’s marketing resources towards your advocacy efforts. Promotion of your articles, exposure at our global events, co-op advertising, traffic analysis, and early access to beta programs and VMware’s roadmap. The awards are for individuals, not companies, and last for one year. Employees of both customers and partners can receive the awards. In the application, we consider various community activities from the previous year as well as the current year’s (only for 2nd half applications) activities in determining who gets awards. We look to see that not only were you active but are still active in the path you chose to apply for. “
Good luck to all vExpert applicants and we will see who gets picked!
Thank you for reading this post and I hope to see you in the next one.
In this part, we will be deploying VMware Cloud Foundation in a nested environment using vCF Lab Constructor, which you can read more about here. TLDR: it is a PowerShell script designed to automatically deploy vCF along with the management Workload Domain (WLD).
VCF Lab Constructor (aka VLC) is a great PowerShell tool created by Ben Sier and Heath Johnson working at VMware in the Technical Marketing team. A big thank you for them for making this amazing script! Quoting from a blog post (which is how I learned about it), found here: “It’s the easiest way to essentially deploy a Cloud Foundation nested environment, without having to manually install ESXi, Cloud Builder as well as doing lots of validation on your own.”
But what is VMware Cloud Foundation? Quoting from VMware: “VMware Cloud Foundation makes it easy to deploy and run a hybrid cloud. VMware Cloud Foundation provides integrated cloud infrastructure (compute, storage, networking, and security) and cloud management services to run enterprise applications in both private and public environments.”
The requirements for the lab, is to have a server with at least 192 GB of memory, 8 cores or more, and preferably SSDs. In the default configuration, it will deploy the following VMs:
Cloud Builder (4 cores, 8GB RAM, 350GB disk space)
ESX01 (8 cores, 64GB RAM, 551GB disk space)
ESX02 (8 cores, 64GB RAM, 476GB disk space)
ESX03 (8 cores, 64GB RAM, 476GB disk space)
ESX04 (8 cores, 32GB RAM, 176GB disk space)
Within the ESXi hosts, the following will be deployed for the management Workload Domain:
What I would recommend is to enable TPS with salting, for which you can find more info in the blog post here.
VLC comes with a guide that explains how the program works and how to use it. Here are some screenshots of my deployment:
To deploy using this script, you have to choices. You can either use your own DNS and NTP server, or you let the script run DNS and NTP on the CloudBuilder virtual machine. You do this my checking the “internal svcs” checkbox, which will install and configure maradns on the CloudBuilder virtual machine.
Some things to note before deployment: it will take a few hours. Especially on older hardware or HDDs. Also note that you can only access the Cloud Builder through its IP address and not through the hostname. Plus that if you want to see the deployment status from the Cloud Builder, and if you have selected that the script does the bring-up, you will need to upload a bogus JSON file (such as the one used for the script), followed by cancelling and then going to https://cloudbuilder-ip/bringup-result
Another thing to note: when deploying the using the script, be sure to use a ESXi version that is compatible with your Cloud Builder version! For Cloud Builder 18.104.22.168, this is ESXi 6.7 13981272. If you do not do this, you may get weird errors with vSAN or other weird issues. The correct ESXi ISO is located on the Cloud Builder itself, at: /mnt/iso/sddc-foundation-bundle-xxxx/esx_iso
Have fun deploying VMware Cloud Foundation! In the upcoming parts I will be upgrading, adding workload domains and more!