May 16 2012

What is SAML and OAuth 2.0

VMware’s upcoming On-Premise Horizon Application Manager 1.5 supports SAML and OAuth 2.0 for authentication. SInce I had no idea what SAML and OAuth 2.0 was all about I googled a bit and found some nice videos on the subjects.

A VMware paper on Identity, Access Control, and VMware Horizon can be found here

SAML

SAML stands for “Security Assertion Markup Language.” It is an XML-based standard for communicating identity information between organizations and the cloud, It is used for enabling the secure transmittal of authentication tokens and other user attributes across cloud domains.

 

OAuth 2.0

 

 

 

Permanent link to this article: https://ituda.com/what-is-saml-and-oauth-2/

May 04 2012

Files installed in the VMware Thinapp folder

After installing the VMware Thinapp Virtualization package on aager software on a clean machine a new folder is created under c:\Program Files\VMware\VMware Thinapp.

This folder contains a number of files.

 

Captures folder – Stores the ThinApp virtualized application project files. Note that the Captures folder is not visible right after the installation of VMware ThinApp. It becomes visible after you run the Setup Capture wizard to capture a target application.

AppSync.exe – Keeps captured applications up-to-date with the latest available version.

Capture.ini – used in conjunction with log_monitor.exe to provide advanced logging settings

dll_dump.exe  – Lists all captured applications that are currently running on a system.

log_monitor.exe – Helps in the generation of .trace files, which contain the execution information about the application including any errors. Also, this utility helps in converting .trace files to human readable .txt files.

LogFilter.ini – used in conjunction with log_monitor.exe to provide advanced filtering settings.

logging.dll  – Generates .trace files.

relink.exe – You can use the relink.exe utility to update an existing package or tree of packages to the latest version of ThinApp. Although you can install the latest version of ThinApp and run the build.bat utility to rebuild each target package with the latest ThinApp version, the relink.exe utility is a faster method to upgrade the ThinApp version of existing packages. You may want to update your package to benefit from the latest ThinApp features or support enhancements. You will learn more about the Relink feature in Module 4: Basic Troubleshooting.

sbmerge.exe – Merges runtime changes recorded in the application sandbox with the ThinApp project and updates the captured application. The sandbox is a folder that holds runtime modifications that users make as they run an application. The sandbox is where all the changes made by the application are stored.

Setup Capture.exe – Captures and configures applications through the Setup Capture wizard.

snapshot.exe  –  Takes snapshots on the capture machine and compares the preinstallation environment and postinstallation environment during the application capture process. The ThinApp Setup Capture wizard starts this utility during the capture process at the prescan and the postscan steps.

snapshot.ini  – Stores entries for the virtual registry and virtual file system that ThinApp should ignore during the process of capturing an application. The snapshot.exe file references the snapshot.ini file. Advanced users might modify the snapshot.ini file to ensure ThinApp does not capture certain entries when creating an application package.

template.msi – Builds the MSI files. You can customize this template to ensure the .msi files generated by ThinApp adhere to company deployment procedures and standards. For example, you can add registry settings that you want ThinApp to add to client computers as part of the installation.

ThinAppConverter.exe – Command line tool to perform mass conversion of applications to virtual applications. ThinApp Converter calls upon other executables within the ThinApp Program Files directory to perform the application capture and conversion. (see http://kb.vmware.com/kb/1030949)

ThinAppConverter.ini – The ThinApp Converter executable works in conjunction with a ThinApp Converter configuration file. The configuration file points to the components involved in the conversion process and specifies optional actions (see http://kb.vmware.com/kb/1030344)

ThinDirect.adm – An administrative temokate to import into Windows Group Policy Management in the Active Directory Environment. It allows you to easily change the ThinDirect.txt files thta have already been deployed to users machines. (see http://kb.vmware.com/kb/1026677)

ThinDirect.msi – The installer for the thindirect plug-in for native Internet Explorer (Thindirect.dll) and for the ThinDirectLauncher executable, which launches the virtual browser when necessary for redirected web pages. (see http://kb.vmware.com/kb/1026675)

thinreg.exe – Registers captured applications on a computer. This registration includes setting up shortcuts and the Start menu and setting up file type associations that allow you to start applications.

tlink.exe  – Links key modules during the build process of the captured application.

vftool.exe – Compiles the virtual file system during the build process of the captured application.

vmw.lic – the license information is save in this file

vregtool.exe  – Compiles the virtual registry during the build process of the captured application.

 

Permanent link to this article: https://ituda.com/files-installed-in-the-vmware-thinapp-folder/

Apr 30 2012

Horizon Application Manager 1.5 On-Premise Beta – How-to video’s

Horizon 1.5 Demo Video

 

Horizon Service VA Configuration

Horizon Service Org Setup

Horizon Connector Install

Horizon Connector Setup

Horizon MS Kerberos Service Account Setup in AD

Horizon AD GPO to deploy Internet Explorer Settings

 

 

 

 

Permanent link to this article: https://ituda.com/horizon-application-manager-on-premise-1-5-how-to-videos/

Apr 22 2012

VMware View 5.x – Windows 7 Golden Image

Some notes on creating your golden Windows 7 (32-bit) image to be used in VMware View projects

 

STEP 1: Optimizing the VM within ESXi

Hardware version: use the latest available for your vSphere platform

vCPUs: 1

vRAM: 1024 MB

Disk Size: 40 GB (disk size depends on the umber of locally installed applications)

SCSI Controller: LSI Logic SAS

vNIC: VMXNET3

Video Card: Do not “Auto detect” (see VMware KB 1017380), set to 2 displays and 128 MB video memory

Video Card: Enable 3D support

Disable Virtual Machine logging (via Edit Settings – Options – Advanced – General)

Remove Floppy Drive

CD-ROM: set to Client Device – Passthrough IDE

BIOS: Disable Serial Ports, Parallel Ports and Floppy Disk Controllers, change boot order to HDD first

 

STEP 2: Installing + Optimizing the Windows 7 OS

Connect the Win7 iso file to the VM CD-ROM

Install Win7 from iso

Note: Install with an 8K allocation size as described here on page 14

Install VMware Tools and reboot VM

Note: Enable Virtual Printing. This driver enables the virtual printing feature on Microsoft Windows virtual machines. With virtual printing, printers added to the operating system on the client or host appear in the list of available printers in the guest operating system. No additional printer drivers must be installed in the virtual machine.

Note: If you intend to use a vShield Endpoint based solution to protect your VMs from viruses makes sure to also install the vShield Endpoint Thin Agent driver which is not installed by default during a typical VMware Tools installation process. (Custom Install – Add VMCI driver\vShield Drivers)

Remove he following components (features) from the OS (unless you really need them) and reboot VM:

  • Games
  • Media Features – Windows DVD Maker
  • Media Features – Windows Media Center
  • Print and Document Services – Internet Printing Client
  • Print and Document Services – Windows Fax and Scan
  • Tablet PC components
  • Windows Gadget Platform

Run Windows update and install all the latest patches (including SP1) and reboot VM

Note: Repeat this process until all Windows updates have been installed)

Install Microsoft hotfix http://support.microsoft.com/kb/2550978 (see also VMware KB 2007319)

Note: this is not needed anymore if you installed all Windows patches as described above

Run the optimization script attached to the VMware View optimization guide for Windows 7

Note: since I will be using VMware View’s Persona Management capabïlities, I choose the file CommandsPersonaManagement.txt

Note: Edit the file CommandPersonaManagement.txt and add the following lines

diskperf -N

reg Add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager” /v DisablePagingExecutive /t REG_DWORD /d 0x100000 /f

reg Delete “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon” /v LegalNoticeCaption /f

reg Delete “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon” /v LegalNoticeText /f

Note: rename the file CommandPersonaManagement.txt to CommandPersonaManagement.bat and “Run as Administrator

Note: An version of the file can be downloaded directly here: CommandsNoPersonaManagementWin7_ITUDA

Disconnect the installation media in the VM properties in vCenter (set to client device)

Install and adjust all necessary keyboards and regional settings

No GUI BOOT: launch msconfig – boot tab – check “No GUI Boot” and “Base Video”

OTHER ENHANCEMENTS

  • Adjust for best performance: computer – Properties – Advanced Systems Settings – Advanced – Performance – Settings ==> Adjust for best performance
  • If you are planning to use dual monitor’s follow the steps described in VMware KB 2010359
  • Set registry key HKLM\System\CurrentControlSet\Services\Afd\ParametersFastSendDatagramThreshold to 1500 (see http://blogs.vmware.com/performance/2012/10/turbo-charge-view-video-performance.html)
  • Disable offline File feature (see http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2016416)
  • Turn off notification messages:
    • Control Panel – Action Center – Chanhe Action Center Settings – deselect all options
    • Customer Experience Improvement Program Settings: No, I don’t want to participate in the program.
    • Problem Reporting Settings: Never check for solutions (for all users)
    • Windows Update:
      • Never check for updates
      • Uncheck “Give me recommended updates …”
      • Uncheck “Allow all users to install updates on this computer”
  • Turn off notificationicons on taskbar: Control Panel – Notification Area Icons – Turn system icons on or off – turn off as many notifications as possible

Shut down your machine and take a snapshot

 

STEP 3: Installation of some standard applications (OPTIONAL STEP)

Install the latest version of Adobe Flash Player:

Install the latest version of Adobe Reader

  • Browse to http://get.adobe.com/reader with Internet Explorer
  • Do not select the option to install “McAfee Security Scan Plus”, “Google Toolbar”, …
  • Manually check for and install updates
  • Enable the “Adobe PDF LInk Helper” add-on
  • Delete shortcut which was added to the desktop

Install the latest version of Adobe Shockwave player

  • Browse to http://get.adobe.com/shockwave with Internet Explorer
  • Do not select the option to install “McAfee Security Scan Plus”, “Google Toolbar”, …

Install the latest version of Java (install both 32 and 64 bit on a Win7 64-bit OS)

Run and test all the applications

Delete registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Adobe ARM

Delete registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SunjavaUpdateShed

Stop and disable “Adobe Acrobat Update Service”

Shut down the VM and take a snapshot

 

STEP 4: Add VM to your Active Directory domain

Create a custom default user profile as described here on page 24

Join the VM to your Active Directory Domain

Add an Active Directory group containing the users/groups which will be allowed to open Remote Desktop connections to the VM (= all users/groups which will be allowed to connect to a VMware View Desktop)

Install View 5.x Agent (install all components) ==> Make sure that the version of the View Agent you are using is compatible with the View Connection server version you will be using.

If you are going to use Horizon Application manager: Install VMware Horizon Agent

Clean up the machine

  • Open a command prompt and run C:\WINDOWS\Microsoft.NET\Framework\v2.0.5072\ngen.exe executeQueuedItems. This will precompile all .NET assemblies which might still be queued.
  • Delete all files under c:\Windows\SoftwareDistribution\Download
  • Clear all eventlogs by running the following command in a cmd prompt (Run as Administrator)

wevtutil el >a.txt

for /f %x in (a.txt) do wevtutil cl %x

del a.txt

  • Run Disk Cleanup to remove temp files, empty recycle bin and remove other unneeded files
  • Defragment the VM disk

Enable and start the the defragmentation service
Run a full defragmentation (disable also scheduled defragmentation)
Stop and disable the defragmentation service

  • Release IP address: ipconfig /release
  • Flush DNS: ipconfig /flushdns

Shut down the VM and take a snapshot

 

References:

Deploying Microsoft Windows 7 Virtual Desktops with VMware View (EMC article)

VMware View optimization guide for Windows 7 (VMware article)

 

Permanent link to this article: https://ituda.com/vmware-view-5-x-windows-7-golden-image/

Apr 20 2012

Implement full vSphere Distributed Swith or hybrid?

Today I received an email from my friend Tom Arentsen (http://blog.arentcs.com/) with some useful info I would like to share. If you don’t know who Tom is, he is one of the latest members of the select club of VMware Certified Design Experts.
Tom was playing in his lab (servers with a single NIC ) and he wanted to migrate from vSwitch to vDS, he realized that when he would do so he would lose connection with the vCenter (and when vCenter is down no changes to the vDS can happen).
He found out that the solution is really easy:
  • Normally we set our binding of our vDS to static, because when the vCenter is down everything continues to run normally except that you cannot make any changes.
  • In addition to the normal dvportgroups, he created an additional dvportgroup with ephemeral binding and tagged it with the same VLAN ID as the one which is required by vCenter server.
  • Ephemeral binding pretty much works the same as the standard vSwitch, so the nice thing of Ephemeral port groups is that administrators can login directly to an ESXi hosts and reconfigure a VM to connect to an ephemeral port group (just like you do with a vSwitch) -> EVEN WHEN VCENTER IS POWERED-OFF.
So bottom-line, the answer to the question “Are we going to implement full vDS or hybrid?” is full vDS.
Ephemeral port groups are a very nice solution for solving this issue, so do the following:
  • Don’t use Ephemeral port groups for production networks
  • BUT create an ephemeral port groups as a backup for the most critical VLAN’s like your vCenter one.
Test this out for yourself and hopefully you will feel more comfortable going forward with a full vDS design.

Permanent link to this article: https://ituda.com/implement-full-vsphere-distributed-swith-or-hybrid/

Apr 16 2012

Top 10 things to know about MyVMware

WIth the introduction of MyVMware a lot of people have questions.

KB article 2017468 lists the top 10 things to know about MyVMware.

Permanent link to this article: https://ituda.com/top-10-things-to-know-about-myvmware/

Apr 03 2012

Kaspersky Security for Virtualization

Kaspersky Security for Virtualization in 2 minutes. Watch the video here

More info here

Permanent link to this article: https://ituda.com/kaspersky-security-for-virtualization/

Mar 16 2012

Veeam – Backup and Replication v6: Info and Deployment

More info here

 

 

 

 

Permanent link to this article: https://ituda.com/veeam-backup-and-replication-v6-info-and-deployment/

Feb 08 2012

HP Software Delivery Repository – vibsdepot

http://vibsdepot.hp.com/  is the place where you can find all VIBs your HP server need to run ESXi properly, stateless and stateful mode are supported .

To use this depot with Powershell: run Add-EsxSoftwareDepot – DepotUrl http://vibsdepot.hp.com/

Permanent link to this article: https://ituda.com/hp-software-delivery-repository-vibsdepot/

Jan 21 2012

VMware View 5.0 – TCP and UDP Ports

A link to the VMware View 5.0 Documentation Center documenting the TCP and UDP Ports needed for VMware View 5.0: http://pubs.vmware.com/view-50/index.jsp?topic=/com.vmware.view.security.doc/GUID-A0B8412C-6C42-4C78-90B2-C1B2A2237AD1.html

 

See also http://dharmgolf.blogspot.com/2011/12/vmware-view-50-port-information-for.html

 

 

Permanent link to this article: https://ituda.com/vmware-view-5-0-tcp-and-udp-ports/

Older posts «

» Newer posts

Fetch more items

%d bloggers like this: