VCAP-DTA Objective 1.2 – Deploy and configure View Composer

So in case you forgot, View Composer is the optional View component that allows us to provision linked clone desktops. It used to be that in older versions of View (5.0 backwards, as far as I remember), you had to install View Composer on the same Windows server as vCenter, the two could simply not live apart. However, in 5.1 and newer, this dependency was broken and you can now put View Composer on it’s own Windows server, away from vCenter Server. When I went on the View 5.1 ICM course, we ruminated that this was mainly for vCenter Server Appliance customers who also used View.

One of the limitations of this setup was that as the VCSA is a Linux box, you can’t really stack Composer on top of this in any meaningful way. So to workaround this and give customers a choice of vCenter platform, View Composer became effectively a “stand alone” component away from vCenter.

So in terms of skills being measured, this is what we need to know :-

  • Install, Configure and Upgrade View Composer. Hmm, OK. Right. So I would guess it’s likely we’ll have to both install and upgrade Composer, as there are a couple of vCenters and therefore most likely a couple of desktop pods. So what is required?
    •  Create a database for View Composer. If you’re a SQL shop, anything from 2005 upwards looks good. If you’re an Oracle shop, 10g R2 and above. To be honest, I’d expect the database to already exist. Again it comes down to what the exam blueprint is asking you to do, and you are not pointed towards database documentation, so it should already be there, albeit in an empty state.
    • Windows 2008 R2 and above server
    • 4 vCPU, 8GB and 60GB disk space. Again I wouldn’t expect to be asked to provision this VM, I’d expect it to be there, ready for some Composer goodness. This is only a 3 hour exam, remember!
    • Remember that Composer can’t co-exist on the same server as any other View component, such as Connection, Transfer or Security Server. Even a VM with the View client or agent is out too.
    • You should quickly check the SQL DSN if you have time, in Data Sources in Control Panel. I’d expect this task to be completed for you, anyway.
    • You can add your own certificate at this point, but for this guide, I’ll just concentrate on using self signed for now.
    • Run the installer as an administrator and run through the steps to install the service. Remember that the user account specified as the Composer user must be a local Administrator on the server it’s on.
    • If you want to specify a custom certificate during the installation, see the section below on certificates.
    • Once Composer itself is installed and the service started, you go into View Administrator and enter in the details under View Configuration | Servers | vCenter Servers | Add. Enable View Composer, verify the correct port is specified (defaults usually work pretty well) and add the domains you wish to put linked clones into.
    • If you’re asked to upgrade, run the Composer 5.2 installer as an administrator and follow the prompts, it’s pretty straightforward. Choose to upgrade the Composer database when prompted.
  • Implement and Upgrade Certificates for View Composer. The good news is that certificates in View 5.2 are a lot less fiddly than they used to be in version 4.x. Instead of having to mess about with command line tools and bits of OpenSSL, you just get the trusted root certificate and server certificate (and intermediate certificate, if appropriate) and import them into the certificate store of the local computer (not the current user, if you have to go through the steps). This is done via MMC, adding in the Certificates snap-in.
    • Remember to change the friendly name of the certificate in MMC to vdm.
    • Import and verify the SSL certificate you want to use in MMC before you run the tool to setup Composer SSL certificates.
    • Stop the Composer service.
    • Run sviconfig -operation=ReplaceCertificate – delete=false, select the certificate you want to use from the Windows certificate store.
    • Restart the Composer service.
    • Verify Composer is running successfully.
  • Configure View Composer for one-way and two-way trust scenarios. My interpretation of this objective is actually quite simple (and I’m no AD expert!). If you have a two way trust then one single service account is enough in Composer to be able  to provision linked clone desktops in a domain that has a two way trust with the domain that the Composer server is a member of. On the other hand, if there is just a one way trust, you may need to configure another service account in the domain where you want to create desktops, if that’s different from the domain that Composer lives in.
    • Adding details of Service Accounts is done from View Administrator, View Configuration, Servers, vCenter Servers, Edit and in the View Composer pane at the bottom of the dialog, click Add and fill out the service account details. This dialog can be quite pernickety, so ensure you put in the full FQDN of the domain in the top box and then username and password. If you get an error even though you know the details are correct, check this account has Administrator rights to the Composer server. Jason Langer’s website has a good example of this.
  • Migrate View Composer to a standalone installation. This is quite an involved process so I would imagine you can bank on this being tested on during the exam. There are several options around how migration can be performed, but what it mainly boils down to is whether or not you want to use the existing Composer database when you move the service to another Windows Server. If you already have linked clone pools then this is pretty much a given. You can either leave the Composer database where it is and point to it from the new Composer server, or you can move the database at the same time you move the Composer server. Either way, the key thing to remember here is that the Composer service uses RSA keys to encrypt and and decrypt information from the Composer database. When you move Composer from one Windows Server to another, you have to ensure the keys get carried across, otherwise you basically lose the ability to access your existing linked clone pools.
    • Remember Composer instances must have their own databases, they cannot share the same database but can be on the same database server.
    • If your current Composer instance does not have any linked clone pools defined, you can migrate Composer without worrying about maintaining database links, as there is basically nothing in there you need.
    • You may well be tested on both migrating Composer with an existing “populated” database and also without, so it’s worth knowing how to accomplish both goals.
    • Migrate with an existing Composer database – In View Administrator, click View Configuration, Servers and click “Disable Provisioning”. If you need to relocate the database elsewhere, this is when you would do it. I would expect this to be out of scope for the exam as it’s a DBA task. You then need to uninstall Composer from its current location and then export the RSA keys out, to send over to your new Composer Server. .NET and ASP.NET IIS needs to be installed on both source and target, but I think we can assume this will be done for you in advance.
      • On the Composer source server, open a command prompt and go to %windir%\Microsoft.NET\Framework\v2.0xxx folder (where xxx  is the installed version number)
      • Run the key export by running aspnet_iisreg -px “SviKeyContainer” “keys.xml” -pri. This will export the public and private keys to a file called keys.xml.
      • Copy keys.xml to the target Composer server
      • Open a command prompt and go to the .NET directory as per the first step
      • Run the command aspnet_iisreg -pi “SviKeyContainer” “<path>\keys.xml” -exp. This command imports the RSA keys into the local key container. The -exp switch marks the keys as exportable, in case you need to export then again in future
      • Install Composer on the target server, selecting the appropriate SQL DSN during the installation
      • Configure SSL certificates for Composer as needed, as per above
      • In View Administrator, click View Configuration Servers, select the vCenter Server instance that is associated with this View Composer service, and click Edit
      • In the View Composer tab, provide the new View Composer settings. If you are installing View Composer with vCenter Server on the new computer, select View Composer co-installed with the vCenter Server. If you are installing View Composer on a standalone computer, select Standalone View Composer Server and provide the FQDN of the View Composer computer and the user name and password of the View Composer user.
      • In the Domains pane, click Verify Server Information and add or edit the View Composer domains as needed. Click OK.

One thought on “19-01-14

  1. Quick question. You mention “Remember to change the friendly name of the certificate in MMC to vdm.” under the Implement and Upgrade Certificates for View Composer section. I was under the impression this was only a requirement for the Connection Servers certs. The default ones have friendly names of vdm and must be renamed. Then the ones you provide must be named to vdm.

    Just starting to follow along for my VCAP-DTA exam. Thanks for this resource!

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.