In this video I take you through configuring NVIDIA vGPU with a GRID K2 card on a Microsoft Remote Desktop Services Host (RDSH) with VMware Horizon 6.2. In less than 10 minutes you can configure your RDSH virtual machine with a vGPU profile to deliver high performance 3D applications.
Good news everyone! I’ve accepted a position in the VMware vCloud Air Network team as a Global Cloud Architect. So it’s time to embrace change, but what led me from End User Computing (EUC) to the vCloud Air Network?
Throughout my career I always made a conscious decision to follow the technology, from working with SCO Unix in 1996, Windows NT 4 a year later, getting my MCSE in 2000, and then supporting Cisco firewalls (PIX, ASA) and Linux web services for a service provider. All that was before discovering VMware in 2006.
Since joining VMware almost 5 years ago I realized that I’m not just following the tech, I’m seeking out new challenges! With all that said, I’m not abandoning EUC. In fact this is an area that is undergoing significant change. Take VMware Horizon for example, a product I’ve worked very closely with since the beta back in 2008 with VDM 2.0. Horizon is usually associated with on-premises solutions for end users in the enterprise, whether this be hosted desktops or applications. But Horizon Air is gaining massive traction and popularity. On top of that we have AirWatch Cloud and VMware Identity Manager. Both of which you should really check out!
We all want things quicker than ever before. Want a new device? Sure, it’ll be with you tomorrow morning. Need a new development platform? Sure, make some coffee as it’s already waiting for you. I don’t see it being much different with End User Computing or hybrid cloud computing. So I’m going to bring EUC skills into the team and learn a whole bunch of new stuff too!
If you’ve read my blog posts on becoming a VCDX you’ll know how much time and effort go into gaining the certification. This reflects what the majority of us are like as individuals. Sure, we love technology but what really drives us is our desire to continually learn and push ourselves to improve as individuals.
Gaining Double VCDX certifications has been an amazing journey for me through my career at VMware, but it doesn’t have to end there. I love design and architecture and the complex myriad of challenges that we love to solve here at VMware, ultimately producing amazing solutions. My decision to move into the vCloud Air Network means that I can work with the many service providers (over 4,000 of them!) and start helping them design for tomorrows hybrid cloud (XaaS).
Here is a look at the current service offerings:
- Hybrid Cloud
- Disaster Recovery as a Service / DRaaS (On-premises to vCloud Air DR)
- Horizon DaaS
- Infrastructure as a Service (IaaS)
- Managed Services
The technology associated with these services is what makes VMware vCloud Air such so amazing to work with. Cloud Automation and Orchestration, Operations, Networking, and Security just to name a few. I’m very excited and can’t wait to start sharing new blog posts and content, and get even more involved in the community for 2016!
Finally, I want to say that the team I’m about to join are all incredibly talented having such a high concentration of VCDX’s. Many of them I know from my PSO days at VMware, and I can’t wait to be part of that.
With the recent release of VMware Horizon 6.2, I’d like to share some excellent technical videos by my colleague Alex Birch. This release brings many new features (see the release notes), and I’ve shared these videos below. At VMworld 2015 in San Francisco, Jim Yanik and I also presented a session on Horizon 6.2 What’s New. You can check that our here: https://www.youtube.com/watch?v=SsbwpBKWc2c
RDS Host Load-Balancing
First up we have an overview of the new RDSH load-balancing capability. In prior versions of VMware Horizon, it tracked the current session count (and limit) as the only method to determine where to place a new session. With Horizon 6.2 it provides enhanced RDSH load-balancing functionality by using perfmon counters, and it also allows the specification of rules to control the number of instances of a particular application.
RDS Hosts with View Composer.
Another cool feature is the ability to compose RDS hosts with View Composer. Yep, you heard that right! You can now provision your RDSH virtual machines with View Composer, giving you the benefits of managing a single RDS master image.
If you are familiar with VMware Horizon environments then you will know that today we provide external access using the Security server, which is installed on a Windows server and then placed in the DMZ, typically behind a load-balancer. Access Point is a hardened SLES 11 Linux virtual appliance that has feature parity with the Security server. One of the huge benefits of this, is you can scale the number of Access Point appliances without any Connection server pairing. Without this 1:1 pairing, you can scale independently with the added advantage that it’s a Linux appliance in he DMZ and not a Windows server.
RDS File Type Association
Providing you are running the latest Horizon Client (3.5 or later), you will now benefit from file-type association for RDS published applications. It features secure SHA 256 encryption from the Horizon client, and allows file types to be associated with RDS either automatically as applications are added, or manually by the administrator.
Following the theme for ELS (Essential Linux Skills) with CentOS 7 (see part 1), today I want to share what I consider to the the most important topic of the lot. Firewalls. Securing your Linux host is, in my opinion, the first thing you should be doing before hosting any web services. In my last post, you learned all about systemd and hopefully are now comfortable with the switch from SysV init.
If you are responsible for building Linux hosts for web applications then this will be an especially important topic for you. The same applies if you want to master security with Linux. This might get a little technical, but hang in there.
RHEL (RedHat Enterprise Linux) and CentOS 7 introduces firewalld which is now installed by default instead of iptables. Another newcomer, but not yet loaded by default with CentOS 7 is nftables. What’s the difference? Well firewalld is new to the user-space, but it doesn’t replace iptables. Nftables will eventually replace iptables.
Confused? I don’t blame you, so let me explain the iptables architecture. It’s important to understand how iptables works in order to understand the changes that firewalld and what nftables brings to the table (pun intended).
We’ll start with this basic architecture diagram for netfilter:
This is the first of two Essential Linux Skills for CentOS blogs (see part 2). For many years I’ve become used to using service and chkconfig commands to manage services with RHEL (RedHat Enterprise Linux) and CentOS. In fact I first got my hands on a Unix system back in 1993, then got my first ever job as a Unix admin in 1996. I learned about SystemV runlevels, and then became used to using /etc/init.d/<service> to manage services. It takes a while to shake
bad old habits, but CentOS 7 now uses systemd as the default init system.
Init (short for initialization) was the first process to start and the last to stop on a SysV (System V Unix) Linux system, and therefore we have the concept of runlevels. Each runlevel represents the state of the system, with runlevel 0 being shutdown (halt), 3 being multiuser mode (in other words it has now booted), and runlevel 5 is running the desktop environment if you use one (X Server starts and you have a desktop). Oh and runlevel 6 restarts the system.
Why is this important? Well, whether you like it or not, having core Linux skills is essential in the IT world we live in. In fact just a few weeks ago I was presenting at VMworld in San Francisco on VMware Horizon for Linux Virtual Desktops technical deep dive. I was approached after the session by a customer that has a project to deploy RHEL virtual desktops to hundreds of students in a college. He thanked me as he had to go home the following week to configure some of those virtual desktops with direct pass-through to NVIDIA GRID graphics cards. The process of doing that requires installation of the driver at runlevel 3, but he had no idea what it meant despite it being a simple command (init 3). It also meant that he learned about how to optimize RHEL by disabling unnecessary services that start at runlevel 3.
At VMware I see more and more customers deploying Linux desktops, but also server workloads are often running Linux (such as the server hosting this blog!), and virtual appliances.
SysV is still present on CentOS 7, but you’ll not find much there. If you run the following command, you can see which services are enabled at boot (runlevel 3). [Read more…] about Essential Linux Skills with CentOS 7 – Managing Services with systemd
With the recent release of VMware Horizon 6.1.1 (June 2015) come many new features and changes. For 3 years now I’ve been maintaining a diagram detailing all of the network ports used by VMware Horizon (formerly View), and I am pleased to share the third version for the latest release. Many new components are present such as Blast on Linux virtual desktops, the new JMS enhanced security mode (JMS SSL), App Volumes and RDS hosts just to name a few.
I’ve also taken the opportunity to separate tunneled (E.g. PCoIP Secure Gateway or Blast Gateway) connections at the top of the diagram and direct connections at the bottom.
The diagram is an A0 PDF (118.88cm x 84.1cm) which is simply huge! Feel free to print this out and use it as a wall poster 🙂
Key Firewall Considerations for VMware Horizon 6
Update: App Volumes was showing incorrectly in the DMZ, the diagram has now been updated to show App Volumes Manager in the LAN segment
- TCP/UDP 4173: PCoIP port used internally on RDS hosts (note the diagram needs updating, it still uses 4172 from the client) – See page 221 here
- TCP 4002: JMS enhanced security mode (SSL)
- TCP 5443: Blast protocol listening port for Linux virtual desktop direct connections. Requires Horizon Client (requires Horizon Client 3.3 or higher)
- TCP 8443: Blast protocol listening port for Linux virtual desktop connections via Blast Secure Gateway. Requires Horizon Client (requires Horizon Client 3.3 or higher)
- TCP 8472: View interpod API (Cloud Pod Architecture)
- TCP 22389: Global ADLDS (Cloud Pod Architecture)
- HTTPS (443): Horizon Client access, authentication and RDP tunnel (HTTPS Secure Gateway)*
- HTTPS (8443): Used for HTML Access. Note: HTML Access for Linux virtual desktops are not officially supported, although most browsers do work.
- HTTPS (22443): HTML Access (Blast) to Windows virtual desktops
- TCP 9427: Used by Windows multimedia redirection (MMR) and Client Drive Redirection (CDR)
- TCP 32111: USB Redirection
- ESP (Protocol 50) used for Security Server and Connection Server IPSEC communication (requires Windows firewall with Advanced Security to be enabled)
- UDP 500: IPsec negotiation for Security Server and Connection Server communication and pairing.
*I’d also like to point out that if you enable HTTP(S) Secure Gateway, MMR, CDR and USB redirection channels will use HTTPS.
For a full list of network ports please refer to the latest Horizon 6 documentation: https://www.vmware.com/support/pubs/view_pubs.html
Starting my day as usual, I make a coffee and check Twitter to see what folks are up to. I notice some tweets about sacrifice, lack of sleep and the struggle finding time for VCDX study. This isn’t the first time I’ve heard this, and I want to deal with this head on. No more excuses!
No matter what our goal, it seems that the obstacles life throws in front of us simply get in our way. In particular you have it worse than others right? I mean, where the hell do these people seem to find the time?
- I’m just too busy with the day job.
- I have kids!
- I don’t have a design to use / it’s out of date.
- I have blogging to do!
- I don’t have a mentor.
- My dog ate it.
I do not usually write blog posts of this nature, but as many of the readers of my blog are in the also into technology and gadgets then you may want to hear about the terrible customer service I have received from OnePlus. On February 2nd 2015 I ordered a OnePlus One 64GB Sandstone Black which arrived next day. I am extremely pleased with the phone itself, but in less than 2 weeks the charger stopped working. In my line of work I travel a lot, and depend on using my phone at the airport for my BA tickets, navigation, email, calendar and it goes without saying that a charger is essential. [Read more…] about OnePlus One – The Worst Customer Service