1.2.1. Lab 1.1: Solutions for VMware View

1.2.1.1. Task 1 – Access VMware View Desktop environment without F5

Test the functional VMware view environment using the internal Connection Servers (Internal use case without F5 integration)

Access the VDI with a client on the internal network. The workstation will be preconfigured to initiate the connection through a specific connection server. Security servers are not used by internal VDI users

image3

Figure 2 - Accessing Internal View Desktop

  1. From the “corporate-pc”.

  2. Use the VMware Horizon View client to access the connection server

    image4

    • VMware Horizon Client
    • + New server

  3. Connection Server address “vmw-connsvr1c.demoisfun.net”

  4. When prompted for credentials

    • Username: demo01
    • Password: password

  5. Double-click the “Agility” icon to launch virtual desktop.

  6. In the Agility virtual desktop, open Notepad and type in something.

  7. Disconnect from Agility desktop by closing View client. (RDP Toolbar on top. May need to slide the blue RDP bar to the left in order to click the X in Agility Toolbar)

  8. Open View client and try to reconnect to “vmw-connsvr1c. demoisfun.net”

  9. Notepad should still be on the desktop with the text you input.

  10. Close the View client. (press the X in Agility Toolbar)

  11. Keep the RDP session open for Task 2

1.2.1.2. Task 2 – Load Balance Connection Servers

Use the F5 iApp for VMware View to configure a load balancing environment for the Connection Servers. This will increase the number of Connection Servers available to internal users and load balance access to these resources (Internal use case with F5 load balancing)

image5

Figure 3 - Load balance Connection Servers

Deploy the iApp

  1. From “corporate-pc”.

  2. Use browser to access the F5 Admin GUI

    • https://f5-bigip1a.demoisfun.net
      • Username: admin
      • Password: password

  3. Create a new Application Service

    • iApps >> Application Services
    • Press the Create button
    • Name the Application Service VM_LAB_1_LBCS
    • Select f5.vmware_view.v1.5.1 for the template

  4. Review the Welcome to the iAPP template for VMware Horizon View

  5. Note the Template Options (leave these default)

  6. Big-IP Access Policy Manager (Set this to No for this exercise)

  7. SSL Encryption (Certs are preloaded for this exercise)

    How should the BIG-IP system handle encrypted traffic? Terminate SSL for clients, re-encrypt to View servers (SSL-bridging)
    Which SSL certificate do you want to use? wild.demoisfun.net.crt
    Which SSL private key do you want to use wild.demoisfun.net.key

  8. PC Over IP (leave these default – No PCoIP connections…)

  9. Virtual Servers and Pools

    What virtual server IP address do you want to use for remote, untrusted clients? 192.168.10.150
    What is the associated service port? 443
    What FQDN will clients use to access the View environment vmw-LB-CS.demoisfun.net
    Which Servers should be included in this pool

    192.168.10.212

    192.168.10.213

  10. Client Optimization (leave these default—Do not compress…)

  11. Application Health

    • Use the pulldown to select a standard https monitor

  12. Press the Finished button

1.2.1.2.1. View the objects which were created by the iApp

  1. Select the Components tab at the top of the page

    image6

  2. Is the Virtual server available?

  3. Are the pool members available?

  4. What is the node status? Why?

  5. Note that a persistence profile was created

    • Check Match Across Services
    • Press update
    • Note the error at the top of the page

  6. Return to iApp>>Application Services

  7. Review the remaining parameters (any questions)

1.2.1.2.2. View the properties of the iApp

  1. Select the Properties tab at the top of the page

    image7

  2. Use the pull down next to Application Service:

  3. Select Advanced

  4. Note the check in Strict Updates

    • Is this related to the screen when editing the persistence profile?
    • What are the pro’s and con’s of unchecking this parameter?

1.2.1.2.3. Test the connection server load balancing using both VMware View client and browser access methods.

  1. From “corporate-pc”
  2. Open View client and connect to the Virtual Server just created with iApp.
    • + New Server
      • vmw-LB-CS.demoisfun.net
      • Connect Button
        • IP address will not work—Certificate contains demoisfun.net
  3. When prompted for credentials
    • Username: demo01
    • Password: password
    • Login Button
  4. Double-click Agility icon to launch View desktop
  5. Verify that the Agility desktop functions
  6. Close the View client. (May need to slide the RDP Toolbar out of the

way)

  1. Open IE and browse to https://vmw-LB-CS.demoisfun.net
  2. Select VMware Horizon View HTML access
  3. Log in
    • Username: demo01
    • Password: password
  4. Double click to launch Agility desktop
  5. At the Cert Warning, click “Continue to this website”
  6. Verify that the Agility desktop functions
  7. Close the IE browser window

1.2.1.3. Task 3 – Access View Desktop through Security Server

Test the functional VMware View environment using external Security Servers. (External use case without F5 integration)

This environment shows a user connecting to a native VMware security server which is statically mapped to a VMware connection server. This is a non-redundant external access model

image8

Figure 4 - Access external View Desktop

  1. From the “home-pc”

    image9

  2. If you are using an existing VMW unfrastructure, it is possible to load balance the Connection servers contacted by the UAG server. We do this by using the VIP created in step 1 in the UAG configuration. No configuration is required by the student. (this parameter is pre configured) Get the Thumbprint by inspecting the details of the certificate when you access the VIP with a browser

    image99

  3. Use the VMware Horizon View client to access the security server

    • + New Server
    • Security Server address vmw-uag1a.demoisfun.net
    • Press Connect Button

  4. When prompted for credentials

    • Username: demo01
    • Password: password

  5. Double-click Agility icon to launch desktop

  6. Close the View client

  7. Access the application through your browser https://vmw-uag1a.demoisfun.net

  8. Select VMware Horizon View HTML access

    • Username: demo01
    • Password: password

  9. Double-click Agility icon to launch desktop

  10. Accept Cert at warning

  11. Select (Agility)

  12. Verify that the desktop functions

  13. Close the browser window

1.2.1.4. Task 4 – Load Balance Security Servers

Use the F5 iApp for VMware View to configure a load balancing environment for the Security Servers. This will increase the number of Security Servers available to internal users and load balance access to these resources (External use case with F5 load balancing)

This environment load balances 2 external facing Security Servers. These Security Servers are directly mapped to 2 existing connection servers in the environment (not the 2 Connections Servers that are load balances in the steps above)

image10

Figure 5 - Load balance Security Servers

Deploy the iApp

#. From “corporate-pc” 0#. Create a new Application Service by selecting

  • iApps >> Application Services
  • Press the Create button
  • Name the Application Service VM_LAB_1_LBUAG
  • Select f5.vmware_view.v1.5.1 for the template

  1. Review the Welcome to the iAPP template for VMware Horizon View

  2. Note the Template Options (leave these default)

  3. Big-IP Access Policy Manager (Set this to No for this exercise)

  4. SSL Encryption (Certs are preloaded for this exercise)

    How should the BIG-IP system handle encrypted traffic? Terminate SSL for clients, re-encrypt…(SSL-Bridging)
    Which SSL certificate do you want to use? wild.demoisfun.net.crt
    Which SSL private key do you want to use? wild.demoisfun.net.key

  5. PC Over IP (leave these default – No PCoIP connections…)

  6. Virtual Servers and Pools

    What virtual server IP address do you want to use for remote, untrusted clients? 192.168.3.150
    What FQDN will clients use to access the View environment? vmw-LB-SS.demoisfun.net
    Which Servers should be included in this pool?

    192.168.3.210

    192.168.3.211

  7. Application Health

    • Use the pulldown to select a standard https monitor

  8. Press the Finished button

1.2.1.4.1. View the objects which were created by the iApp

  1. Select the Components tab at the top of the page
  2. Is the Virtual server available?
  3. Are the pool members available?
  4. Is the Node Available?
  5. Review the remaining parameters (any questions)

1.2.1.4.2. Test the Security Server load balancing using both VMware View client and browser access methods

  1. From “home-pc”
  2. Open View client and connect to the Virtual Server just created with iApp.
    • + New Server
      • vmw-LB-SS.demoisfun.net (192.168.3.150)
      • Press the Connect button
      • IP address will not work—Certificate contains demoisfun.net
  3. When prompted for credentials
    • Username: demo01
    • Password: password
  4. Double-click Agility icon to launch desktop
  5. Verify the desktop functions
  6. Close the View client
  7. Open IE and browser to
    • https://vmw-LB-SS.demoisfun.net
  8. Select VMware Horizon View HTML access
  9. Enter Credentials
    • Username: demo01
    • Password: password
  10. Select (Agility)
  11. Accept Cert warning
  12. Select (Agility)
  13. Verify that the desktop functions
  14. Close the browser window

1.2.1.5. Task 5 – Replace Security Servers and leverage APM as a PCOIP proxy

This environment will utilize Big-IP as a PCOIP Proxy. This eliminates the requirement for all Security Servers. The Connection Servers will be load balanced. Authentication is handled by the F5 APM module

image11

Figure 6 - Replace Security Servers

Deploy the iApp

  1. From “corporate-pc”
  2. Create a new Application Service by selecting iApps -> Application Services and selecting Create
    • iApps >> Application Services
    • Press the Create button
    • Name the Application Service VM_LAB_1_PCOIP
    • Select f5.vmware_view.v1.5.1 for the template

1.2.1.5.1. iApp Configuration

  1. Review the Welcome to the iAPP template for VMware Horizon View

  2. Note the Template Options (leave these default)

  3. BIG-IP Access Policy Manager

    Do you want to deploy BIG-IP Access Policy Manager? Yes, deploy BIG-IP Access Policy Manager
       
    Do you want to support browser based connections, including the View HTML5 client? Yes, support HTML 5 view clientless browser connections
    Should the BIG-IP system support RSA SecureID two-factor authentication NO, do not support RSA SecureID two-factor authentication
    Should the BIG_IP system show a message to View users during logon No, do not add a message during logon
    What is the NetBIOS domain name for your environment demoisfun
    Create a new AAA Server object or select an existing one AD1

  4. SSL Encryption (Certs are preloaded for this exercise)

    How should the BIG-IP system handle encrypted traffic? Terminate SSL for clients, re-encrypt…(SSL-Bridging)
    Which SSL certificate do you want to use? wild.demoisfun.net.crt
    Which SSL private key do you want to use? wild.demoisfun.net.key

  5. PC Over IP (leave these default)

  6. Virtual Servers and Pools

    What virtual server IP address do you want to use for remote, untrusted clients? 192.168.3.152
    What FQDN will clients use to access the View environment? vmw-PROXY-VIEW.demoisfun.net
    Which Servers should be included in this pool?

    192.168.10.212

    192.168.10.213

  7. Application Health

    • Use the pull down to select a standard https monitor

  8. Press the Finished button

1.2.1.5.2. View the objects which were created by the iApp

  1. Select the Components tab at the top of the page
  2. Note the increase in objects compared to Task 2 and Task 4
  3. Are the pool members available?
  4. Note the APM objects which were not present in the prior exercises
  5. Review the remaining parameters (any questions)

1.2.1.5.3. Test the APM (PCoIP) functionality using both VMware View client and browser access methods

  1. From “home-pc”
  2. Open IE and browse to https://vmw-PROXY-VIEW.demoisfun.net
    • Username: demo01
    • Password: password
  3. Click Agility on APM webtop
  4. Select VMware View Client
  5. Note the error and inspect the certificate
  6. Close the error box and cert view boxes
  7. Close the View client
  8. Open IE and browse to
    • https://vmw-PROXY-VIEW.demoisfun.net
  9. Select VMware Horizon View HTML access
  10. Enter Credentials
    • Username: demo01
    • Password: password
  11. Click Agility
  12. Select HTML5 Client
  13. Verify that the desktop functions
  14. Close the browser
Previous Next