14-08-14

VCAP-DTA Exam Experience (Redux)

So I got back about an hour ago from my second sitting of the VCAP-DTA exam in Leeds. As regular readers will know, I sat it a couple of weeks ago and failed. The score report I got back gave me some suggestions on the areas I wasn’t quite so hot on, so I spent some extra time going back over those and making sure I understood them (two factor authentication and group policy settings to name but two). I had the mindset that if I didn’t pass it today, it would be a would be a while before I’d be back as my employer wants me to get up to speed with the latest MCSE track and quickly, meaning I wouldn’t have the bandwidth (or the mental capacity!) to take on both at the same time.

Nor did it help that I was running a little late, I’d had a coffee and an early lunch because as usual, my appointment spanned over lunch time and I didn’t want to get hungry. By the time I set off for the test centre, it was getting close to my appointment time start so I had to run the last couple of hundred yards to make it on time. With that and a coffee swilling around inside me, my eyes were on stalks when the exam started!

I’m not sure how large the pool of questions is, but I did get a few I’d had previously, including some I came a little unstuck on. I tried to move on if I felt I was getting bogged down, with the intention of picking up as many points as possible elsewhere. Somewhat surprisingly, by the time I’d completed question 23, I still had 30 minutes left. So I went back, quickly checking my answers and referring to the admin guide on the ones I was stuck on.

It turned out to be a pretty effective strategy, although I did go back to delete and restart one “answer” I’d started and then ran out of time, as the desktop refresh was a little laggier than last time, and I couldn’t quite complete the task in time.

I came out feeling tense as I thought I’d passed last time and didn’t,  and I was mindful that I hadn’t completed all tasks with the loss of points that entails. Anyway, I got the score report back quickly again (thanks Joshua!) and this time thankfully I’ve passed! So now I have four VCAPs and I can afford to dream of the far off pot of gold that is the VCDX. I’m not going to think about that yet, as I’ve a box full of Microsoft exams to get done before I can get to that. Still, in the words of Peter Venkman, “we came, we saw, we kicked it’s ASS!”

 

G-1136 - We came, we saw, we kicked its ass

 

21-07-14

VCAP-DTA Section 6 – Configure and Optimize View Display Protocols

Section 5 and dealing with ThinApp is now behind us, and now we turn to the networking stack. As you may know if you’ve done a bit of light reading, PCoIP is the protocol of choice for connecting to virtual desktops hosted by View. It’s a protocol proprietary to Teradici, so it’s not strictly an “in house” technology to VMware, but it has been in View for many years (since View 4, I think), so it’s a very mature and robust protocol.

One of the cool things about PCoIP is that it can do a level of auto tuning when there is congestion on the network. The VCAP-DTA blueprint has three sections for troubleshooting and configuration of PCoIP with just a couple of skills and abilities being measured per objective.

Objective 6.1 – Configure PCoIP and RDP for Varying Network Conditions

  • Determine appropriate configuration parameters based on network performance – It’s typical that on a slow link you will want to tune PCoIP to be a little less aggressive with the bandwidth it uses. This can be done by using the PCoIP group policy template pcoip.adm which comes with the Connection Server in C:\Program Files\VMware\VMware View\Server\extras\GroupPolicyFiles folder. Import this template into your Group Policy Management MMC view and you are then able to configure PCoIP settings.
  • Configure QoS and CoS settings for PCoIP

pcoipadm

Once imported, go to Computer Configuration | Administrative Templates | Classic Administrative Templates | PCoIP Session Variables to configure PCoIP settings.

pcoipvariables

Typically, you will need to alter the following values to reduce bandwidth on a slow link :-

      • Turn off Build-To-Lossless feature – Enabled
      • Configure the maximum PCoIP session bandwidth – 10% less than WAN link speed 
      • Configure PCoIP image quality levels –
        • Minimum Image Quality default is 50 and can be from 30-100, reduce this value to reduce bandwidth at the expense of user graphics experience
        • Maximum Initial Image Quality default is 90 and can be from 30-100. Reduce this value to reduce the initial screen “burst” as it is drawn.
        • Maxium Frame Rate  default is 30, this can be between 1-120 but if you reduce the value you reduce bandwidth but increase video jitter.
        • PCoIP session bandwidth floor by default is 0 (unset) but this value tells PCoIP the least amount of bandwidth it can expect for an end user and reserves this amount of bandwidth
        • Client image cache size policy is useful when the View Client end has some local storage it can cache to. For example, thin clients and regular PCs (tablets too, I guess) can cache regularly used images to help improve performance. This setting is probably useless on a zero client because it has no local storage, so watch out you don’t get a curveball there on the exam!

02-04-14

VCAP-DTA – Objective 5.2 – Deploy ThinApp Applications using Active Directory

Once we have a repository configured for our ThinApps, we next continue the groundwork by preparing Active Directory. We can then harness Active Directory groups to control access to the ThinApps.

  • Create an Active Directory OU for ThinApp packages or groups – From your domain server, go to Administrative Tools and select Active Directory Users and Groups. From wherever in the hierarchy the exam asks you to, right click and select New, Organizational Unit. Give the OU a name and click OK.
  • Add users to individual ThinApp package OU or groups – Again not really a View skill as such, just some basic AD administration. Now you created your OU(s) as above, to create a user right click on the ThinApp OU, click New, User, fill out the appropriate details, click Next, enter password information and click Next and Finish. To add a group, right click on the appropriate OU, click New, Group, give the group a name and select the type and click OK. To add users to an existing group, double click the group, click Members, Add and enter the user names and click Check Names. Click OK twice.
  • Leverage AD GPOs for individual ThinApp MSIs – Group Policy can be used to publish an existing ThinApp MSI without the need for a repository, or in parallel. To configure this, go to Administrative Tools, Group Policy Management. Right click the OU in which you would like to create the GPO. Select Create a GPO in this domain, and link it here (for a new GPO, or select Link an existing GPO if asked).Name the GPO and click OK. Once the GPO is created, right click on it and select Edit. In either Computer Configuration or User Configuration select Policies and then Software Settings. Right click on Software Installation and select New, Package. Browse to the network location of the MSI and select the MSI and then Open. Accept the defaults to Assign the package to a user or computer or click Advanced for further settings. Click OK. If you select Advanced, use the tabs across the top to make changes as appropriate and click OK. You may need to run gpupdate.exe to refresh Group Policy.
  • Create and maintain a ThinApp login script – The ThinReg utility can be used in an existing login script to deploy ThinApps to users. For example, in the NETLOGON share, you can add a line or lines into the logon script to invoke thinreg.exe. In it’s simplest form, just add the line thinreg.exe \\server\share\application.exe /Q. The /Q switch just runs the command silently. It may well crop up as a specific requirement on the exam.

01-04-14

VCAP-DTA – Objective 5.1 – Create a ThinApp Repository

There are two objectives in this section which are around setting up the ThinApp repository on the network to be used by the View infrastructure to distribute applications from. It’s telling that this topic has several tools references to it, so we’re going outside the confines of the View Administration guide really for the first time.

Again it’s difficult to imagine within the confines of a tight three hour exam that you will be asked to package up anything other than a relatively simple application, but be prepared for the odd curve ball. Ultimately as long as you understand the fundamentals, you can go a long way to scoring points on this objective, even if you don’t get it completely right.

  • Create and configure a ThinApp repository – The creation of the ThinApp repository is done from within View Administrator. Go to View Configuration, ThinApp Configuration, Add Repository then enter in a Display Name and Share Path (e.g. \\server\thinapp\repo) and add a Description if you like.
     
  • Configure a ThinApp repository for fault tolerance using DFS or similar tools – In order to create a DFS share, you need to have the File Services role enabled on the server. DFS is basically a network share made up of chunks of storage from different servers. You reach the DFS share by using the path \\domain\\dfsroot, so for example \\beckett.local\dfs-share. DFS also has file replication technology built in you can use for further resilience. I can’t really think you’ll be asked to do too much with DFS in the exam as much of this is based on the Windows server itself. What you will probably need to know is how to point a ThinApp repository at a DFS share (so use the example syntax above). This is pretty much all that is listed in the ThinApp reference materials.

06-03-14

VCAP-DTA – Objective 3.2 – Configure and Manage Pool Tags and Policies

This objective is relatively short and only has one skill being measured, the ability to correctly configure tags. As a refresher, tags can be used to provide a level of security on connection servers and pools and gives the ability to provide what VMware refers to as “Restricted Entitlement”, which means Connection Servers can only access certain pools. The most obvious and common use case for tagging is when Security Servers are in play, and you want to restrict incoming users from the internet to only use particular Connection Servers.

So then, with only one skill/ability being measured in this section, let’s get to it!

  • Configure tagging for specific Connection Server or security server access – Tagging is done from within View Administrator. You can set tags on Connection Servers and also on pools. One thing you need to be aware of is tag matching – this defines whether or not a user is permitted access to a desktop and will most likely be something you’ll be tested on in the exam.
    • To set a tag on a Connection Server, go to View Administrator and View Configuration, Servers, Connection Servers, choose your Connection Server, click Edit and in the top box, assign the tags you want to use. The example below illustrates two tags in use. This is an internal Connection Server, so it’s been tagged as “Internal” and “Secure”. Note a comma separating multiple tags.

tags

    • To add tags to an existing pool, in View Administrator go to Inventory, Pools, select the Pool you wish to tag, click Edit and then Pool Settings. At the top of this screen is General and Connection Server Restrictions. Click Browse and click the Restricted to these tags radio button. Select the appropriate tag as per below :-

pool-tags

    • Click OK to apply the setting.
    • To apply a tag during pool creation, when you get to the Pool Settings screen, you basically access the same dialog screen. So under the General heading at the top, go to Connection Server Restrictions, click Browse and select the appropriate tag as shown above.
  • In respect of tag matching, be aware of the following matrix as you may be asked to troubleshoot an access issue during the exam which may be caused by incorrect tagging :-
    • Connection Server no tags – Pool no tags – access permitted
    • Connection Server no tags – Pool tags  – one or more tags – access denied
    • Connection Server one or more tags – Pool no tags – access permitted
    • Connection Server one or more tags – Pool one or more tags – access depends on tags matching

VCAP-DTA – Objective 3.3 – Administer View Desktop Pools

This objective is the guts of spinning up virtual desktops for users, and covers the full range of desktop pool types available. So full and linked clone pools, assignment types, Terminal Services or manual pools, user and group entitlements and finally refreshing, recomposing and rebalancing pools. Sounds like a lot, but actually there’s a nice flow to this objective and it should be quite straight forward.

  • Create and modify full or linked-clone pools – To create a new pool in View Administrator, go to  Inventory, Pools, Add. The pool creation wizard is generally pretty easy to follow and there’s not much value I can to it here. Click Next until you reach the third screen of the wizard, entitled vCenter Server. This screen provides the option for Full virtual machines or View Composer Linked Clones. Select the appropriate radio button for the type you want and continue on through the screens to finish the pool creation wizard. The choice selection screen is shown below :-

pool-type

    • To modify an existing pool, go to Inventory, Pools, select the pool you are interested in and click Edit. You can change various settings on an existing pool, such as the pool display name, remote protocol settings, power management, storage accelerator etc. You cannot change the pool type once it has been created.
  • Create and modify dedicated or floating Pools – To create a floating pool, you can only select Automated Pool or Manual Pool in the initial pool definition type screen. When you click Next, you then get presented with the choice of creating a Dedicated or Floating pool. Remember dedicated pools mean once a user is assigned a desktop, they own it “forever” whereas a floating pool is in essence the “next cab off the rank” and is not persistently tied to a single user. Each type has their own use case. From here, complete the wizard with the required settings to provision the pool.
    • To modify an existing pool, go to Inventory, Pools and select the pool you wish to modify. Click Edit and make changes as appropriate. With a dedicated pool, your only option is to enable/disable automatic assignment. A floating pool has additional options for editing settings, including vCenter Settings (changing datastores etc.) and also Guest Customizations.
  • Build and maintain Terminal Server or manual desktop pools – Manual and Terminal Services pools are an extension of View by adding in the View Agent to an existing virtual machine, Terminal Server or even a physical PC or blade PC.
    • To add a manual pool, ensure the agent is installed on the endpoint (and you may be tested on this!), go to Inventory, Pools, Add, Manual Pool. Again the wizard is pretty straight forward, populate all the settings you need.
    • To add a Terminal Services pool, again make sure the View Agent is installed on the endpoint before you proceed.
  • Entitle or remove users and groups to or from pools – Once you’ve built your pools, you also need to add an entitlement. This is simply users and/or groups from Active Directory that you want to grant access to desktops to. This can be done in one of two ways – either when the pool is created (final wizard screen, tick the box for entitle users after this wizard finishes) or afterwards if you forget during pool creation, or if you want to add additional users or groups. If you select to entitle on completion, click Add and use the search box to find the users or groups you want to entitle, as shown below :-

entitlements

    • To add entitlements retrospectively, go to Inventory, Pools, Entitlements and this brings you into the same dialog as above where you simply repeat the same steps to add users and/or groups.
  • Refresh, recompose or rebalance pools – Depending on your design or operational procedures (or if you’re asked to by the exam!), you will need to refresh, recompose or rebalance your desktop pools. As a refresher, this is what each term means :-
    • Refresh – Reverts the OS disk back to the original snapshot of the clone’s OS disk
    • Recompose – Simultaneously updates all linked clone machines from the anchored parent VM, so think Service Pack rollout as a potential use case
    • Rebalance – Evenly redistributes linked clone desktops among available datastores
    • To perform these operations, the desktops must be in a logged off state with no users connected. Go to View Administrator, Inventory, Pools and select the pool you want to manage. Under the Settings tab, click the View Composer button and choose the operation – refresh, rebalance or recompose
    • When you choose the refresh action, you specify when you want the task to run and whether you want to force users to log off or wait for them to log off. You can also specify a logoff time and message, this is customisable from Global Settings. Check your settings and hit Finish to start the operation.
    • When you select recompose, select the snapshot you want to use and whether or not to change the default image for new desktops. Again run through the scheduling page and choose your settings, click Next and Finish.
    • When you select rebalance, you simply fill out the scheduling page and click Finish.
    • Remember if you’re asked to set a custom logoff message, this is done from View Configuration, Global Settings, Display warning before forced logoff.

02-03-14

VCAP-DTA – Objective 3.1 – Configure Pool Storage for Optimal Performance

So this objective sees us moving into section 3 which is entitled “Deploy, Manage, and Customize Pool Implementations”. This objective deals with how we use storage tiers for different virtual disks and use cases, and the sub settings within them. So as usual, let’s run through the skills and abilities for this objective :-

  • Implement storage tiers – When creating a Composer based pool, select the option in the Storage Optimization wizard screen to separate out disks to different datastores. Depending on the exam scenario, you may be asked to separate the Persistent Disks and/or the Replica Disks. Depending on what you select, when you click Next you will get a differing set of options. Assuming you select both, on the vCenter Settings screen, use options 6, 7 and optionally 8  to choose which datastores are used and for which purpose. Once you have completed your choices, complete the wizard out to create the pool.
  • Optimize placement of replica virtual machine – The replica disk is the disk that gets hammered for read read requests from users, so you will be asked to place this on high performance storage, most likely SSD. Using the steps detailed above, use the vCenter Settings screen of the pool wizard to choose a high performance datastore for the replica disk. The diagram below illustrates this point.

replica-ds

  • Configure disposable files and persistent disks – Again this is selected in the pool wizard. You can see from above that there is a View Composer Disks section. This defines how disposable (so think temp files) and persistent disk (user profile) are handled. So for the Persistent Disk, you can select a disk size and drive letter and to redirect the user profile to this disk. The same goes for the Disposable Disk, select the size, whether or not to redirect and which drive letter to use. See below for an illustration of this.

composer-disks

  • Configure and optimize storage for floating or dedicated pools – This is pretty much covered by the first section, Implement Storage Tiers.
  • Configure overcommit settings –  This setting is used when using View Composer. The purpose of overcommit is to allow more disks to be created than physical space exists on the datastore. This is because the disks are sparse disks  on the datastore. The choices for overcommit are None (x0), Conservative (x4, default), Moderate (x7) and Aggressive (x15).  Select the datastore and choose the level of overcommitment from the drop down menu. These choices are only available for OS and Persistent Disks. See below for an example of the dialog.

overcommit

  • Determine implications of using local or shared storage – So in most cases you will be looking to use shared storage, but there may be occasions (and exam scenarios) where you will be asked to use local storage (or it’s use is implied by the question). Bear the following in mind from the View Administration Guide :-
    • You cannot load-balance virtual machines across a resource pool. For example, you cannot use the View Composer rebalance operation with linked-clones that are stored on datastores
    • You cannot use VMware High Availability
    • You cannot use the vSphere Distributed Resource Scheduler (DRS)
    • You cannot store a View Composer replica and linked clones on separate datastores if the replica is on a local datastore
    • When you store linked clones on datastores, VMware strongly recommends that you store the replica on the same volume as the linked clones. Although it is possible to store linked clones on local datastores and the replica on a shared datastore if all ESXi hosts in the cluster can access the replica, VMware does not recommend this configuration
    • If you use floating assignments and perform regular refresh and delete operations, you can successfully deploy linked clones to local datastores.
  • Configure View Storage Accelerator and regeneration cycle – The View Storage Accelerator is also known as the Content Based Read Cache (CBRC) on the ESXi host. This is especially useful as common read based requests are cached into host RAM and is useful for use cases such as desktop boot storms. Configuration is pretty simple – in the pool creation wizard you make your choices in the Advanced Storage Options screen. Check the box to Use View Storage Accelerator, choose between OS Disks  or OS and Persistent Disks. The default is OS disks as this is the usual use case. You also have the option to set a default value for Regenerate Storage Accelerator after days. This basically creates new indexes of the disks and stores them in the digest file for each VM. It’s also worth noting you can configure blackout periods when storage accelerator regeneration will not be run. An obvious example is to suspend this during backups. You may be asked this in the exam. See below for an example.

cbrc

22-02-14

VCAP-DTA – Objective 2.5 – Configure Location Based Printing

So we come to the final objective in section 2, configuring location based printing. In essence, this is harnessing the abilities of ThinPrint to enable printing from the View environment, using physical printers located nearby to the end users. There are three measured skills and abilities in this section, and are listed below.

  • Configure location-based printing using a Group Policy Object – To start with, you need to register the ThinPrint DLL on an Active Directory server to enable the functionality within MMC. To do this, go to any of your Connection Servers and find the file TPVMGPoACmap.dll. There are both 32 bit and 64 bit versions. This file is located under C:\Program Files\VMware\VMware View\Server\extras\GroupPolicyFiles\ThinPrint.
    • Copy TPVMGPoACmap.dll to the Active Directory server (choose the appropriate version, 32/64 bit)
    • Register the DLL by running regsvr32 “C:\TPVMGPoACmap.dll” from a command prompt
    • Start Group Policy Management from Administrative Tools on an Active Directory server
    • Either create and link a new GPO or edit an existing one (depending on the exam scenario)
    • Go to Computer Configuration, Policies, Software Settings and Configure AutoConnect Map Additional Printers.
    • Ensure to select the Enabled radio button to start entering entries into the mapping table. Remember that selecting Disable without saving first will delete all of your printers!
    • Printer mappings can be used to map printers depending on certain rules, as per the example dialog below

 

thinprint

 

    • You will also need to know the syntax of each column for settings to become effective :-
      • IP Range – 10.10.1.1-10.10.1.50, for example. Or you can use an entire subnet, e.g. 10.10.1.0/24. You can also use an asterisk as a wildcard.
      • Client Name – So in the above example, PC01 maps a specific printer “Printer2”, again an asterisk is used as a wildcard.
      • Mac Address – Use the hyphenated format 01-02-03-04-05-CD for Windows and colons for Linux clients, so 01:02:03:04:05:CD.
      • User/Group – Map a specific printer to a specific user or group, such as jsmith or Finance.
      • Printer Name – This is the printer name as shown in the View session. The name doesn’t have to match names on the client system.
      • Printer Driver – Simply the printer driver name in Windows. This driver must be installed on the desktop.
      • IP Port/ThinPrint Port – the IP address of a networked printer to connect to, must be prepended with “IP”, so IP_192.168.0.50 for example.
      • Default – Whether this printer is the default printer.