Upgrading to Horizon View 6 – Part 4 – Security Servers

Upgrading to Horizon View 6 – Part 1 – Prepwork

Upgrading to Horizon View 6 – Part 2 – View Composer

Upgrading to Horizon View 6 – Part 3 – Connection Servers

Upgrading to Horizon View 6 – Part 4 – Security Servers

Upgrading to Horizon View 6 – Part 5 – Desktops

Remember our prepwork from the first post:

Prepare for View Security Servers (As in you’re about to perform the upgrade)

  • Make sure you understand whether or not you’re using IPsec tunneling between your connection broker and and security server. Understand the implications that the Windows firewall must be running.
  • In the View Administrator, select the security servers and click More Commands > Prepare for Upgrade or Reinstallation. This will disable the aforementioned IPsec rules if they are enabled.

Let’s go!

Prepare for Upgrade or Reinstall if you need to break the IPsec tunnel between connection broker and security server. vss01 Specify the security server paring passwordvss02 vss03 Gogo upgrade on VSS1!vss04 vss05 vss06 vss07 Your information here should be the URL on the public facing side, and your public IP address for the PCoIP external URL. vss08 vss09 vss10 vss11 One down, one to go. vss12 Make sure to specify the paring password and prepare for upgrade BEFORE clicking here. Revert back to the beginning if you can’t remember how. vss13a vss13b vss14 vss15 vss16 vss17 vss18

Huzzah! Security servers upgraded to 6.0. Next up, VM side!

vss22

Upgrading to Horizon View 6 – Part 3 – Connection Servers

Upgrading to Horizon View 6 – Part 1 – Prepwork

Upgrading to Horizon View 6 – Part 2 – View Composer

Upgrading to Horizon View 6 – Part 3 – Connection Servers

Upgrading to Horizon View 6 – Part 4 – Security Servers

Upgrading to Horizon View 6 – Part 5 – Desktops

OK, let’s not forget what we posted in the prepwork  post, let’s make sure we do the following before proceeding:

  •  Verify your connection servers have at least 2 vCPU (4 is recommended but I’ve seen 2 work just fine) and 10GB of RAM. You can use 4, but only plan on servicing <50 desktops
  • If virtual, take a snapshot of the first connection broker (we’ll revert using this guy if we absolutely have to, then completely uninstall and re-install the other connection brokers and their LDS instances to re-sync back up from the authoritative rollback)
  • Ensure that the pools still have provisioning disabled,
  • Navigate to C:\Program Files\VMware\VMware View\Server\tools\bin\vdmexport.exe. Create a backup of the AD-LDS Datastore by issuing the command: vdmexport > myvdmbackup.ldf
  • !! Ensure that the IIS console is not installed as a role on any of your connection servers

Alright time to gogo with screen shots!

Reader beware: I ran into an issue! Apparently because I had the IIS console installed when I upgraded VCS1. Before you all jump up on my shizzle, I only had the CONSOLE installed. I often times install the IIS console to perform certificate administration since it’s a little easier than the MMC snapin. Since the console doesn’t listen on either ports 80 or 443, this has never been issue previously. However, I noticed that when it was installed, the first View Connection Server services wouldn’t start and the /admin page was nonresponsive. We’ll see later in the screenshot guide how I ended up removing the service and reinstalling the connection server, after which it worked OK.

Stop all connection server services in the replicated instance

CSUpgrade01

Upgrade connection server 1CSUpgrade02 CSUpgrade03 CSUpgrade04 CSUpgrade05 CSUpgrade06 CSUpgrade07 CSUpgrade08

Tada! When it’s finished, make sure to stop the View Connection Server service before continuing on to the next broker. CSUpgrade09

Now start on Connection server 2. CSUpgrade10 CSUpgrade11 CSUpgrade12 CSUpgrade13 CSUpgrade14 CSUpgrade15

Huzzah! Now let’s go start the services. CSUpgrade16

 

Except, what the heck? At this point, while some of the services would start, the admin page was unresponsive. This is usually indicative of a cert problem, but I made no changes to a working cert with the proper friendly name. CSUpgrade17

After fiddling around and looking at logs, I decided to remove the IIS role.
CSUpgrade18 CSUpgrade19 After removing the role and restarting the server, I uninstalled and re-installed the Connection Server. (Remember the data is stored in the AD LDS Instance pictured below, not in connection server config files. You can remove-reinstall without losing your database, pool configuration, etc.)CSUpgrade20

During the re-install, you will get this prompt which lets you know that it found the LDS instance and will use that instead of your choice in the Wizard. CSUpgrade21 Once I removed the IIS Console all services started and were happy happy. CSUpgrade22 Make sure to add your license in post upgrade. CSUpgrade23

CSUpgrade24

And done! Next up we will tackle the security servers.

CSUpgrade25

Horizon 6.0.1 – PRINT ALL THE THINGS

Horizon 6.0.1! And everyone together said:

PATT

Big picture this minor build update includes:

  • Systray notifications in Hosted Apps for both Mac and Windows Users
  • USB 3.0 Support with the Horizon Client 3.1
  • Virtual printing support for Hosted apps, hosted apps within remote desktops, RDS desktops, and 2008 R2 Desktops
  • Expanded location based printing support with hosted apps, hosted apps within remote desktops, RDS desktops and 2008 R2 desktops
  • Location Based Printing files are now included in the ZIP file (not a huge deal)
  • HTML Access is now fully supported on Windows 8 and 8.1 remote desktops

Full notes here:

https://www.vmware.com/support/horizon-view/doc/horizon-view-601-release-notes.html

 

Upgrading to Horizon View 6 – Part 2 – View Composer

Upgrading to Horizon View 6 – Part 1 – Prepwork

Upgrading to Horizon View 6 – Part 2 – View Composer

Upgrading to Horizon View 6 – Part 3 – Connection Servers

Upgrading to Horizon View 6 – Part 4 – Security Servers

Upgrading to Horizon View 6 – Part 5 – Desktops

Let’s remember from Part one that we first need to do these steps.

Prepare for View Composer Upgrade (As in you’re about to perform the upgrade)

  • Verify physical requirements are met on the vCenter or standalone machine (Standalone, 2 vCPU 8GB RAM, 60GB Disk, usually recommended, 4 vCPU 16GB memory for vCenter co-located composer)
  • Disable provisioning on all the linked clone pools
  • If any pools are set to refresh on logoff, change them to Never.
  • Grab a copy of all the SSL certs ( at %ALLUSERSPROFILE%\Application Data\VMware\VMware VirtualCenter)
  • Stop the View Composer service and backup the View Composer Database
  • Stop the vCenter service and backup the vCenter Databases
  • Snapshot the vCenter and/or standalone Composer VM(s)
  • Start the vCenter service
  • Start the View Composer service

Once we have a full backup plan, let’s upgrade View composer.

Remember to budget about 30 minutes of downtime and make sure that all your provisioning and automatic refresh actions are turned off.

I recommend the automatic upgrade of the View Composer database if possible. If you need to migrate View Composer to a different virtual, or change from a co-located Composer to a standalone, make sure to follow the upgrade guide to the letter. That’s outside the scope of this post, since I don’t have to do that in my lab.

MeltWizards

Start the View Composer Upgrade by running the EXE we downloaded already (make sure to run as administrator if you have UAC on). And now, WIZARRRD PICTURES!

 

ViewComposer01 ViewComposer02 ViewComposer03 ViewComposer04

If you use integrated (AD) authentication instead of SQL auth, you will need to make sure you are logged in as the user who has access to the database.
ViewComposer05

I re-used the existing certificate. ViewComposer06 ViewComposer07 ViewComposer08 ViewComposer09 ViewComposer10 ViewComposer11 ViewComposer12 ViewComposer13

 

And completed! Next up connection servers.

ViewComposer14

Upgrading to Horizon View 6 – Part 1 – Prepwork

The goal of this blog post is to show you how to navigate through a Horizon 6 upgrade procedure. This upgrade procedure takes you through the upgrade I will have performed in my lab, from Horizon View 5.2 to Horizon View 6.0.

Upgrading to Horizon View 6 – Part 1 – Prepwork

Upgrading to Horizon View 6 – Part 2 – View Composer

Upgrading to Horizon View 6 – Part 3 – Connection Servers

Upgrading to Horizon View 6 – Part 4 – Security Servers

Upgrading to Horizon View 6 – Part 5 – Desktops

The first part of any upgrade is the prepwork.

First, go read this VMware provided upgrade guide. It is the long version of what I’m going to write below.

  1. Healthcheck and remedy your environment.
    1. Look for and clean up any problem desktops
    2. Visit the dashboard and check for any red marks, investigate and remediate
    3. Look for any desktops stuck deleting or orphaned replica VMs and clean them up
    4. Ensure that all pools are currently provisioning OK
    5. Ensure certificates are installed properly and that connections function as intended
  2. Take note of your vCenter and ESXi version levels. Make sure they’re supported with 6.0 on the interop matrix. Here is a screen shot from present day (click opens in new tab)
  3. Interop
  4. If you require a vCenter or ESXi update make sure to visit this KB page, which lays out the update sequence, which is pretty critical during the upgrade phase. Here’s what you should expect if you’re doing a View only upgrade versus a View and vCenter upgrade. I think the next post I do will be a vCenter and View upgrade together.
  5. UpgradeSequence
  6. Check your databases for compatibility with View, Events and Composer. Make sure they’re still supported on the interop (Note, 2012 SQL is now supported with Horizon View 6.0, previously 2008 R2 was the highest you could go).
  7. Make sure your servers are sized correctly and meet the hardware reqs. 10GB memory for connection servers and I usually recommend 4 vCPU 16GB of memory for the vCenter is composer is co-located and the environment has a chance of going bigger than 500 computers.
  8. Download the binaries and make sure they’re downloaded with the MD5 hashes checking out AOK. The one’s we’ll actually use in this post series are highlighted below.

downloaded

Prepare for View Composer Upgrade (As in you’re about to perform the upgrade)

  • Verify physical requirements are met on the vCenter or standalone machine (Standalone, 2 vCPU 8GB RAM, 60GB Disk, usually recommended, 4 vCPU 16GB memory for vCenter co-located composer)
  • Disable provisioning on all the linked clone pools
  • If any pools are set to refresh on logoff, change them to Never.
  • Grab a copy of all the SSL certs ( at %ALLUSERSPROFILE%\Application Data\VMware\VMware VirtualCenter)
  • Stop the View Composer service and backup the View Composer Database
  • Stop the vCenter service and backup the vCenter Databases
  • Snapshot the vCenter and/or standalone Composer VM(s)
  • Start the vCenter service
  • Start the View Composer service

Prepare for View Connection Servers (As in you’re about to perform the upgrade)

  •  Verify your connection servers have at least 2 vCPU (4 is recommended but I’ve seen 2 work just fine) and 10GB of RAM. You can have less, but only plan on servicing <50 desktops
  • If virtual, take a snapshot of the first connection broker (we’ll revert using this guy if we absolutely have to, then uninstall and re-install the other connection brokers to re-sync back up)
  • Ensure that the pools still have provisioning disabled, and navigate to C:\Program Files\VMware\VMware View\Server\tools\bin\vdmexport.exe. Create a backup of the AD-LDS Datastore by issuing the command: vdmexport > myvdmbackup.ldf

Prepare for View Security Servers (As in you’re about to perform the upgrade)

  • Make sure you understand whether or not you’re using IPsec tunneling between your connection broker and and security server. Understand the implications that the Windows firewall must be running.
  • In the View Administrator, select the security servers and click More Commands > Prepare for Upgrade or Reinstallation. This will disable the aforementioned IPsec rules if they are enabled.

We now have a solid failback plan for the critical components and databases and are ready to perform the composer upgrade.

As a part of this blog post series, I will actually take you through the upgrade procedure in my lab environment. Here’s a quick look at the environment.

LabLayout

Next up, let’s do this!