Horizon View Design Decision: Should Composer be Co-Located or Standalone?

View Composer: Standalone or Co-Located with vCenter

The View Composer services which are responsible for provisioning, recomposing, rebalancing and refreshing linked clone desktops can be set up either as either a standalone machine or co-located with vCenter.

Option 1 – Co-Located Composer

Advantages:

  • This traditionally was the only option before View 5.1 was released. The ability to support standalone install was introduced to provide support for the VCSA.
  • Ensures that the all provisioning services reside on a single server; all provisioning services will be started together after the server is restarted
  • Reduced chance of a network/firewall problems between vCenter and Composer

Drawbacks:

  • Resources must be adjusted for the both services by the entire virtual machine
  • Not an option when utilizing the VCSA

Option 2 – Standalone Composer

Advantages:

  • Dedicated resources for each can be adjusted individually for each service
  • Required when utilizing the VCSA

Drawbacks:

  • Services are located on multiple machines, which means there is an increased chance that a network or firewall problem may cause an issue
  • Requires a separate virtual machine which overall increases management overhead for the environment

View Composer Cautions regardless of design choice:

  • Each View Composer instance and associated vCenter must be a 1:1 mapping
  • Ensure that the vCenter and/or vCenter and composer servers have enough resources per the documentation to perform their respective roles (see links in sources below for details)
  • It is recommended that all SQL databases be run on a separate machine
Design Quality Co-Located Standalone Comments
Availability o o The availability of each of these solutions is tied directly to the availability of the management cluster; all of them depend on vSphere HA to be restarted in the event of a failure of host.
Manageability Placing the composer on a standalone server increases the management overhead.
Performance o In a standalone configuration, the performance of the virtual machines is correlated with each service’s performance characteristics, rather than a single VM. Important: this design decision does NOT impact performance of virtual desktops, rather it is merely the isolation of server resources that is in question.
Recoverability o In the event that SRM is utilized to failover the management cluster, having a co-located instance drastically simplifies recovery.
Security o o None of the options have a positive or negative impact on securability as both options can utilize either SQL or Integrated authentication for the database.

Legend: ↑ = positive impact on quality; ↓ = negative impact on quality; o = no impact on quality.

Recommendation

Real world consulting experience has shown me that a 4 vCPU 16GB vCenter 5.5 with View Composer co-located can manage a full 2000 powered on linked clone virtual machines as well as a management cluster. Once scaling beyond 2000 linked clone desktops, you need to take into consideration the recompose time, which is not limited by actions initiated by View composer, but rather by the vCenter and ESXi limited concurrent queue of operations (See fig. 1 below). I do not recommend allowing a single linked clone block to go above 2000 desktops.

Typically View Composer does not consume a large amount of CPU and Memory resources and the database should not grow beyond 5GB. If there is a requirement to use the VCSA, standalone is your only choice. If VCSA is not a requirement, I typically recommend co-located for increased simplicity and reduced management overhead.  Both are fully supported configurations, but considering that View Composer is not a resource intensive service and I prefer simplicity wherever possible in my designs, I typically prefer co-located even for large scale designs.

Sources

Horizon View 6.0 – vCenter Server and View Composer Virtual Machine Configuration

https://pubs.vmware.com/horizon-view-60/index.jsp#com.vmware.horizon-view.planning.doc/GUID-E5BEA591-D474-4CEE-9646-E9FB3CAF87B4.html

Horizon View 5.3 – vCenter Server and View Composer Virtual Machine Configuration

http://pubs.vmware.com/view-52/index.jsp#com.vmware.view.planning.doc/GUID-E5BEA591-D474-4CEE-9646-E9FB3CAF87B4.html

Fig. 1. Concurrent Operations with Linked Clone Desktops

ConcurrentOperations

This figure is from VMworld 2012 EUC1470 – “Demystifying Large Scale Enterprise View Architecture: Illustrated with

Lighthouse Case Studies”, by Lebin Cheng, VMware, Inc, and John Dodge, VMware, Inc.

Upgrading to Horizon View 6 – Part 4 – Security Servers

Upgrading to Horizon View 6 – Part 1 – Prepwork

Upgrading to Horizon View 6 – Part 2 – View Composer

Upgrading to Horizon View 6 – Part 3 – Connection Servers

Upgrading to Horizon View 6 – Part 4 – Security Servers

Upgrading to Horizon View 6 – Part 5 – Desktops

Remember our prepwork from the first post:

Prepare for View Security Servers (As in you’re about to perform the upgrade)

  • Make sure you understand whether or not you’re using IPsec tunneling between your connection broker and and security server. Understand the implications that the Windows firewall must be running.
  • In the View Administrator, select the security servers and click More Commands > Prepare for Upgrade or Reinstallation. This will disable the aforementioned IPsec rules if they are enabled.

Let’s go!

Prepare for Upgrade or Reinstall if you need to break the IPsec tunnel between connection broker and security server. vss01 Specify the security server paring passwordvss02 vss03 Gogo upgrade on VSS1!vss04 vss05 vss06 vss07 Your information here should be the URL on the public facing side, and your public IP address for the PCoIP external URL. vss08 vss09 vss10 vss11 One down, one to go. vss12 Make sure to specify the paring password and prepare for upgrade BEFORE clicking here. Revert back to the beginning if you can’t remember how. vss13a vss13b vss14 vss15 vss16 vss17 vss18

Huzzah! Security servers upgraded to 6.0. Next up, VM side!

vss22

Upgrading to Horizon View 6 – Part 3 – Connection Servers

Upgrading to Horizon View 6 – Part 1 – Prepwork

Upgrading to Horizon View 6 – Part 2 – View Composer

Upgrading to Horizon View 6 – Part 3 – Connection Servers

Upgrading to Horizon View 6 – Part 4 – Security Servers

Upgrading to Horizon View 6 – Part 5 – Desktops

OK, let’s not forget what we posted in the prepwork  post, let’s make sure we do the following before proceeding:

  •  Verify your connection servers have at least 2 vCPU (4 is recommended but I’ve seen 2 work just fine) and 10GB of RAM. You can use 4, but only plan on servicing <50 desktops
  • If virtual, take a snapshot of the first connection broker (we’ll revert using this guy if we absolutely have to, then completely uninstall and re-install the other connection brokers and their LDS instances to re-sync back up from the authoritative rollback)
  • Ensure that the pools still have provisioning disabled,
  • Navigate to C:\Program Files\VMware\VMware View\Server\tools\bin\vdmexport.exe. Create a backup of the AD-LDS Datastore by issuing the command: vdmexport > myvdmbackup.ldf
  • !! Ensure that the IIS console is not installed as a role on any of your connection servers

Alright time to gogo with screen shots!

Reader beware: I ran into an issue! Apparently because I had the IIS console installed when I upgraded VCS1. Before you all jump up on my shizzle, I only had the CONSOLE installed. I often times install the IIS console to perform certificate administration since it’s a little easier than the MMC snapin. Since the console doesn’t listen on either ports 80 or 443, this has never been issue previously. However, I noticed that when it was installed, the first View Connection Server services wouldn’t start and the /admin page was nonresponsive. We’ll see later in the screenshot guide how I ended up removing the service and reinstalling the connection server, after which it worked OK.

Stop all connection server services in the replicated instance

CSUpgrade01

Upgrade connection server 1CSUpgrade02 CSUpgrade03 CSUpgrade04 CSUpgrade05 CSUpgrade06 CSUpgrade07 CSUpgrade08

Tada! When it’s finished, make sure to stop the View Connection Server service before continuing on to the next broker. CSUpgrade09

Now start on Connection server 2. CSUpgrade10 CSUpgrade11 CSUpgrade12 CSUpgrade13 CSUpgrade14 CSUpgrade15

Huzzah! Now let’s go start the services. CSUpgrade16

 

Except, what the heck? At this point, while some of the services would start, the admin page was unresponsive. This is usually indicative of a cert problem, but I made no changes to a working cert with the proper friendly name. CSUpgrade17

After fiddling around and looking at logs, I decided to remove the IIS role.
CSUpgrade18 CSUpgrade19 After removing the role and restarting the server, I uninstalled and re-installed the Connection Server. (Remember the data is stored in the AD LDS Instance pictured below, not in connection server config files. You can remove-reinstall without losing your database, pool configuration, etc.)CSUpgrade20

During the re-install, you will get this prompt which lets you know that it found the LDS instance and will use that instead of your choice in the Wizard. CSUpgrade21 Once I removed the IIS Console all services started and were happy happy. CSUpgrade22 Make sure to add your license in post upgrade. CSUpgrade23

CSUpgrade24

And done! Next up we will tackle the security servers.

CSUpgrade25

Horizon 6.0.1 – PRINT ALL THE THINGS

Horizon 6.0.1! And everyone together said:

PATT

Big picture this minor build update includes:

  • Systray notifications in Hosted Apps for both Mac and Windows Users
  • USB 3.0 Support with the Horizon Client 3.1
  • Virtual printing support for Hosted apps, hosted apps within remote desktops, RDS desktops, and 2008 R2 Desktops
  • Expanded location based printing support with hosted apps, hosted apps within remote desktops, RDS desktops and 2008 R2 desktops
  • Location Based Printing files are now included in the ZIP file (not a huge deal)
  • HTML Access is now fully supported on Windows 8 and 8.1 remote desktops

Full notes here:

https://www.vmware.com/support/horizon-view/doc/horizon-view-601-release-notes.html

 

Upgrading to Horizon View 6 – Part 2 – View Composer

Upgrading to Horizon View 6 – Part 1 – Prepwork

Upgrading to Horizon View 6 – Part 2 – View Composer

Upgrading to Horizon View 6 – Part 3 – Connection Servers

Upgrading to Horizon View 6 – Part 4 – Security Servers

Upgrading to Horizon View 6 – Part 5 – Desktops

Let’s remember from Part one that we first need to do these steps.

Prepare for View Composer Upgrade (As in you’re about to perform the upgrade)

  • Verify physical requirements are met on the vCenter or standalone machine (Standalone, 2 vCPU 8GB RAM, 60GB Disk, usually recommended, 4 vCPU 16GB memory for vCenter co-located composer)
  • Disable provisioning on all the linked clone pools
  • If any pools are set to refresh on logoff, change them to Never.
  • Grab a copy of all the SSL certs ( at %ALLUSERSPROFILE%\Application Data\VMware\VMware VirtualCenter)
  • Stop the View Composer service and backup the View Composer Database
  • Stop the vCenter service and backup the vCenter Databases
  • Snapshot the vCenter and/or standalone Composer VM(s)
  • Start the vCenter service
  • Start the View Composer service

Once we have a full backup plan, let’s upgrade View composer.

Remember to budget about 30 minutes of downtime and make sure that all your provisioning and automatic refresh actions are turned off.

I recommend the automatic upgrade of the View Composer database if possible. If you need to migrate View Composer to a different virtual, or change from a co-located Composer to a standalone, make sure to follow the upgrade guide to the letter. That’s outside the scope of this post, since I don’t have to do that in my lab.

MeltWizards

Start the View Composer Upgrade by running the EXE we downloaded already (make sure to run as administrator if you have UAC on). And now, WIZARRRD PICTURES!

 

ViewComposer01 ViewComposer02 ViewComposer03 ViewComposer04

If you use integrated (AD) authentication instead of SQL auth, you will need to make sure you are logged in as the user who has access to the database.
ViewComposer05

I re-used the existing certificate. ViewComposer06 ViewComposer07 ViewComposer08 ViewComposer09 ViewComposer10 ViewComposer11 ViewComposer12 ViewComposer13

 

And completed! Next up connection servers.

ViewComposer14