Jun 202014
 

It’s a major release this time, Horizon 6.0 is out.  You can get to the downloads here.  As always, here’s the What’s New from the release notes:

This release of View delivers a number of important new features and enhancements.

Hosted Apps and Desktops

  • Delivers Hosted Apps and desktops (remote applications and desktops) through expanded integration with Microsoft Remote Desktop Services (RDS) on Windows Server operating systems.
  • Provides a robust way to access one or more remote applications seamlessly from any Horizon Client 3.0 or later using PCoIP.
  • Provides the ability to remote shared session desktops from RDS hosts using PCoIP.

Cloud Pod Architecture

  • Lets you deploy View in multiple datacenters that you can manage as a single deployment.
  • Provides global entitlements to desktops in multiple datacenters.
  • Provices the ability to scale up to 20K desktops across two sites and four View pods.

View integration with VMware Virtual SAN technology

  • Aggregates local server-attached storage to satisfy performance and capacity requirements of virtual desktops.
  • View recognizes the Virtual SAN storage type and automates the creation of Virtual SAN storage policies based on the type of desktops being deployed.
  • If you intend to use Virtual SAN, download vSphere 5.5 U1, which is required to support the Virtual SAN feature.

Additional Features

  • View Connection Server, security server, and View Composer are supported on Windows Server 2012 R2 operating systems.
  • Ability to send View logs to a Syslog server such as VMware vCenter Log Insight.
  • Support for RDS remote applications and desktops with the View Agent Direct-Connection Plug-in.
  • Enhanced smart card authentication for View Administrator.
  • Integration of remote applications with Workspace. Users can launch View applications from the Workspace user portal.
  • Real-Time Audio-Video installs a new kernel-mode webcam driver on View desktops that provides better compatibility with browser-based video apps and other 3rd-party conferencing software.
  • The Remote Experience Agent is now integrated with View Agent. Previously, you had to install View Agent and the Remote Experience Agent to use features such as HTML Access, Unity Touch, Real-Time Audio-Video, and Windows 7 Multimedia Redirection. Now you obtain these features by installing View Agent only.
  • Virtual machine space reclamation is supported for Windows 8 and 8.1 linked clone machines in a vSphere 5.5 or later environment.
  • View Persona Management is supported on Windows 8.1 desktops. It is also supported on Windows Server 2008 R2 SP1 desktops that are based on physical or virtual machines.
  • The Blast Secure Gateway (BSG) now supports up to 800 connections to remote desktops from clients using HTML Access. This connection limit applies to a BSG on one View Connection Server instance or security server.
Jun 202014
 

A major release with some great new features.  Also read this article on the removal of Horizon Files (with Airwatch as an alternative).  Go get the download or check the What’s New from the Release Notes:

This release of VMware Workspace Portal 2.0 delivers the following new features.

    • Support for VMware Horizon 6 with View Hosted Applications

To launch View Hosted apps in Horizon 6, Horizon Client version 3.0 or later must be installed.

  • Workspace is simplified to provide exclusively identity and app management features
    • Horizon Files feature is removed
    • Horizon Switch device management is removed
  • Support for multiple View pod instances from the same Active Directory
  • ThinApp 5.0 64-bit support is now native in the Windows Agent (works out of the box)
  • ThinApp 5.0.1 support
  • Improved audit log reporting using Elasticsearch
  • Enhanced reporting of users’ activity and application utilization
  • More extensive custom branding controls
  • Improved entitlement and directory sync performance
  • Support for multiple DNS servers in Workspace vApp
  • Updated to the OPENSSL library version openssl-1.0.1h where necessary to address CVE-2014-0224, CVE-2014-0198, CVE-2010-5298, and CVE-2014-3470

Internationalization

VMware Workspace Portal 2.0 is available in the following languages:

  • English
  • French
  • German
  • Japanese
  • Simplified Chinese
Sep 092013
 

In working with a customer on a demo yesterday and they asked this question:

So Mirage is licensed by named user, we just need to license it for our users and the number of devices does not matter, correct?

“Yes, that’s correct,” I said.

The reality is that it is correct, although it may not appear to be.  Let me explain:

The best description of this scenario can be found in this VMware KB article entitled VMware Horizon Suite 1.0 licensing.

In the Q&A section in the bottom of this article, you will find the following question (as of this writing):

“Q: When I purchase a particular number of Horizon Mirage licenses, how do I count the named-user licenses used?

A: Each named user who has access to a Mirage-managed endpoint consumes one license. One named user can have multiple Mirage-managed endpoints, and this named user still consumes only one license. The Workstation virtual machines that the administrator creates for ThinApp packaging are not counted as named-user licenses. Nor are the Fusion Pro base restricted virtual machines, which will be distributed to end users.”

That sounds correct, exactly as I understood it.  Each named user consumes 1 license and they can login to as many devices as necessary.

My customer then asked, “Can you show me where I can see the number of licenses in use currently?”

I proceded to go to the license screen which showed our demo license for 500 CVDs.  (CVDs are Centralized Virtual Desktops.  They are a enpoint that is protected by Mirage.)

The customer then asked, “Since a CVD represents an endpoint, how is your 500 user count accurate if the product draws off one license for each endpoint?”

“That’s a great question,” I said.

It would appear that the product is not actually managing the licenses as the software license policy dictates.  I have run into this quandary before in Mirage and I’ve not dug deep into the info to figure it out until now.

Surely I’m not looking at the right screen in the product so I grab my latest version (v4.2.3 as of this writing) of the Mirage Installation Guide and head to the section entitled “Managing Horizon Mirage Software Licenses”.

There I find this: “The Horizon Mirage Management server requires a license. The license file enforces the number of CVDs that you can run on your system and the duration of the license agreement.”  

Uh, wait what???  The admin guide says that the license is consumed by each CVD (or endpoint) and the KB Article says that the policy is per user.  Who’s right?

The answer is the policy.  The reason the product is drawing off licenses for CVDs is because Wanova (the company who VMware acquired who created Mirage) origionally licensed the product by endpoint.  It would appear that VMware changed the licensing policy so that it would work in a unified fashion with the rest of the Horizon Suite.  Unfortunately, it would seem, that the change in policy has not been updated in the current release of the product.

What is a customer to do?

My recommendation to my customers has been that if they find themselves approaching the CVD limit in Mirage but they have not exceeded their named user limit, to file a support request with VMware to request additional licenses for Mirage and reference the KB article above.  I am very confident that VMware will correct the code in Mirage to reflect the current policy in an upcoming release.  Unfortunately this has been confusing customers until the product code and the licensing policy become concurrent.  Hopefully this helps in the interim.

Aug 202013
 

Customers have been really loving the convenience of HTML access in Horizon View.  This provides a full desktop experience to a web browser with just HTML5 and no plugins, java, flash, etc required.  Very handy for users in many scenarios.  As of the time of this writing, there are some important features in the GUI client that are not available to HTML access.

Here is the functionality you get when using HTML access:

  • RSA SecurID and RADIUS authentication
  • Single SignOn to the desktop
  • Blast display protocol

Here is the functionality you do not get when using HTML access:

  • Printing from the virtual desktop
  • Audio
  • Clipboard support (copying from the endpoint to/from the clipboard in the VM)
  • USB device mapping
  • RDP protocol
  • PCoIP Protocol (HTML uses the Blast Protocol)
  • Smart Cards
  • Multiple monitors
  • Local Mode

For more information you can refer to the HTML Access User’s Guide.  VMware is constantly adding features to View and I expect this list to change.  I will try to revise this article as things change.  If I am outdated in my information, please comment and I’ll get it updated.

Jul 162013
 

I do a lot of work with customers who want to share files between all of their user’s devices.  There are a number of commercial solutions available on the market like DropBox, Box, SkyDrive, iCloud, or Google Drive which utilize the public cloud to provide this data storage.  Unfortunately for them, the latest revelation from Edward Snowden was that allegedly, Microsoft was working closely with the NSA to provide direct access to Office 365, Skype and Skydrive (which Microsoft has since refuted).  Wither true or not, this does not create a good public relations experience for the world of public cloud storage.

Customers that I work with are always concerned with public cloud data leakage.  Data leakage is the possible release of company information caused by the unavoidable release of control over the security of the company’s data when stored in the public cloud.  The fear is that once this data is stored in the public cloud, the customer has no control over where it is stored or who has access to it.  As Edward Snowden revealed last week, it is possible that the NSA has access to files you store in the public cloud.  The problem is not that the NSA has this access, the problem is that the NSA is not impervious to data leakage themselves, as Mr. Snowden has shown.  Even though public cloud storage companies state that your data is protected, they are required to by the Foreign Intelligence Surveillance Act court orders.  Not exactly installing me with a load of confidence.

So what’s a customer to do?  Intro: Horizon Workspace Data and Citrix Sharefile.  Horizon Workspace Data from VMware is private cloud only and does not contain any public cloud components.  It allows customers to share files between all of their user devices(Tablets, desktops, laptops, smartphones, etc) while storing the main copy of the data on private cloud servers in your datacenter.   Citrix Sharefile can store your data in the public cloud or on-premise storage zones.  However, even if you do use your own on-premise storage zones, Sharefile does house a directory inventory on the control plane in the public cloud.  So while the data can be stored in the private cloud, the directory listing gets shared with the public cloud.  Either way, the data itself is in your datacenter and not in the public cloud.

These two solutions (as well as a host of others) are looking more and more enticing to customers looking to provide access to their data for their users while still maintaining as much control as possible.  In the meantime, the public cloud alternatives will need to bandage their image for a while.  The bottom line is that there is no guarantee that our data is 100% private when it traverses the internet.  Maybe we should follow Russia and go back to using typewriters.  Or maybe we learn to accept the fact that this is the world we live in and that our data is never 100% secure.