VMworld 2013: What's New with VMware Horizon Workspace: Technical Deep Dive
-
Upload
vmworld -
Category
Technology
-
view
187 -
download
4
description
Transcript of VMworld 2013: What's New with VMware Horizon Workspace: Technical Deep Dive
What's New with Horizon Workspace:
Technical Deep Dive
Jared Cook, VMware
Ashish Jain, VMware
Andrew Johnson, VMware
EUC4833
#EUC4833
2 2
Agenda
Overview
• Applications
• Data
• Desktop
• Clients
Architecture
• Infrastructure Services
• vApp Overview
• Prerequisites
• Database
• External access
• File Preview Services
• Maintenance and Upgrades
Q&A
3 3
Horizon Workspace 1.5 Overview
4 4
Overview
Benefits
Unified User / Identity Management
Catalog manages Suite Apps & Services:
Apps: web, iOS, Android, Windows
Services: Data (Files), Apps, View
Centralized Entitlement Management
Unified Policies Mgmt for all Suite Modules
(Q2 and enhanced thereafter)
Leverage and Extend existing investments
in AD/identity infrastructure
IT admins have a single place to publish,
entitle and audit all resources.
Admins can efficiently entitle resources
Granular controls enables IT to efficiently
set policies at desired level
Horizon Workspace Management
5 5
Overview
Benefits
Horizon Workspace – Aggregated Resource Catalog
Single catalog to manage all Suite Apps
and Services:
Apps: web, iOS, Android, Windows
Services: Files, Apps, View
End to end application life cycle mgmt from
“app publishing” to “analytics”
IT admins have a single place to publish,
entitle and audit all resources
End users have a single place to get all
their “work apps” regardless of app type
6 6
Overview
Benefits
Horizon Workspace – Web Applications
Access to Global SaaS Catalog
Add custom Web/SaaS apps
Custom integration to application provisioning
Increase security of SaaS apps
Single view of all applications
Reduce Management Effort
Simplify Application Licensing
7 7
Secure Mobile Workspace Management
IT Admin
Android
(Available in limited
markets)
IOS
(Upcoming release)
Challenge
Users want to use a single mobile device
Keep personal data private
IT doesn’t want to be liable for personal content
Protect sensitive corporate data and take control of mobile apps and updates
Solution
A mobile workspace that is completely enterprise-owned and controlled
Ability to provision, manage, and remove corporate data and applications on employees’ devices
Benefit
Complete separation of personal and corporate data—IT is not liable for personal content
Support for corporate security, compliance and privacy policies
Corporate data is encrypted and isolated
Solves Android fragmentation problem
8 8
Horizon Workspace – Data and File Preview
Overview
Benefits
High fidelity mobile/browser doc previews
Internal & external sharing
Document versions, audit trail
Notifications & commenting
Policy enforcement (quota, sharing, file
types, mobile controls)
Personal & team productivity
Share documents in an IT friendly way
Stay up to date effortlessly
IT governs end user usage
v3
v2
v1
Internal External
9 9
Horizon Workspace – ThinApp Integration
Horizon Workspace can integrate with
VMware ThinApp 4.7 and later to:
• Stream or download ThinApp
applications to Windows
domain workstations
• ThinApp must be enabled
for Horizon Workspace
• Point to ThinApp share
(Windows CIFS share)
• Only .exe format is supported
(no MSI format)
10 10
Horizon Workspace – VMware View Integration
Horizon Workspace with Horizon View 5.2:
• Install Horizon View 5.2 with Feature Pack 1
to provide HTML access to View desktops
• Make sure forward and reverse DNS records
exist for Horizon View Servers
• Enable the Horizon View Module
in Horizon Workspace
• Be sure to join or verify the Connector used for
View integration has been added to the domain
• Configure SAML 2.0 authentication
in Horizon View
• Configure Horizon View using the Connector
VA web interface
11 11
Overview
Benefits
Track users, resources (files,
apps, desktops) and usage
Easy access to prepared reports
Support for 3rd party reporting tools to
access data stored in Horizon repository
Easy access to key analysis based
on prepared reports
Leverage existing investments in 3rd party
reporting tools by integrating them with
data stored in Horizon repository
Reporting and Analytics
Smart Analysis to gain key insights
12 12
Horizon Workspace – Client Compatible Matrix
Operating Systems
• WinXP sp3, Win Vista,
Win7 SP1, Win8
• Mac OSX 10.6+
Windows based web browsers
• IE8+ (blast IE9+), Chrome, Firefox
MAC based web browsers
• Safari, Chrome, Firefox
Mobile Devices
• Apple iPad 2+
• Apple iPhone 4+ running iOS 5.0+
• Android 2.2, 2.3, 3.x, 4.x
13 13
Horizon Workspace 1.5 Architecture
14 14
Horizon Workspace – VMware Product Compatibility
VMware Product Horizon Workspace
1.5
Horizon Workspace
1.0
VMware vCenter Server 5.1 U1 ✔ ✔
VMware vCenter Server 5.1
✔ ✔
VMware vCenter Server 5.0 U2
✔ ✔
VMware ESXi 5.1 U1 ✔
VMware ESXi 5.1
✔ ✔
VMware ESXi 5.0 U2
✔ ✔
VMware Horizon View 5.2 ✔ ✔
VMware ThinApp 4.7 ✔ ✔
15 15
Horizon Workspace – Infrastructure Dependencies
• Active Directory – Horizon Workspace requires Active Directory to sync users and groups.
• DNS – All the virtual appliances refer to each other by their hostnames. Both forward and reverse records are required for all the virtual appliances in the Horizon Workspace vApp. Make sure that each machine can search for the Horizon Workspace FQDN.
• SMTP – The Horizon Workspace vApp requires access to a SMTP server. The SMTP server FQDN and port number are needed at installation time.
• NTP – All virtual appliances rely on time synchronization. Enable and configure time sync on the vSphere hosts to point to your enterprise NTP server. Failing to do so can cause time drift between the virtual appliances. Kerberos-enabled connectors sync time to the Primary Domain Controller (PDC) role.
• Load Balancer and Reverse Proxy – This reference architecture uses a software-based load balancer and reverse proxy.
• External Storage – Horizon Workspace vApp supports external NFS volumes for Horizon file sharing..
16 16
Horizon Workspace vApp
Workspace vApp
Configurator
VA
OS (SLES)
tcserver
Management VA
OS (SLES)
App
API
DB tcserver
Data VA
OS (SLES)
App
API
DB LDAP Jetty
App
Connector
VA
OS (SLES)
tcserver
App
Gateway
VA
OS (SLES)
Nginx
Modules
• Central Wizard UI
• Distributes settings
across VAs
• Network, Gateway,
vCenter, SMTP
attributes
• Add / remove modules
• Manage certs, security
• User authentication (RSA SecureID)
• AD secure bind and synchronization
• Set replication schedule
• Sync View pools and ThinApp
• Enables single user-
facing domain
• Routes requests to
correct node
• Reverse proxy
insulates VAs
• Workspace Admin UI
• Application Catalog
• Manage user entitlements
• Workspace Groups
• Reporting
• Stores files
• Controls file sharing policy for
internal and external users
• Manage file preview server
• Serves end user web UI
17 17
Horizon Workspace – POC Checklist
Workspace FQDN for End Users
VA IPs and Hostnames
vCenter IP Pool/Credentials
ESXi - NTP Enabled
Active Directory Information
DNS Forward and Reverse Lookup
• VAs, FQDN, Preview Server, VMware View
External Database (optional)
SMTP Server
NFS Mount Information (optional)
SSL Certificate (optional)
Workspace Download and License Key
18 18
Horizon Workspace – Architecture Diagram
VMware Horizon 1.5 Architecture Diagram
19 19
Horizon Workspace – System Requirements
Virtual Appliance Minimum Recommended
vCPU RAM Disk vCPU RAM Disk
Configurator-va 1 1GB 5GB 1 1GB 5GB
Connector-va
2 4GB 12GB 2 4GB 12GB
Manager-va
2 4GB 4GB 6 8GB 32GB
Gateway-va 1 1GB 9GB 6 32GB 9GB
Data-va 2 4GB 175GB 6 32GB 175GB
20 20
Horizon Workspace – Database Support
Small Deployments – Internal DB
Horizon Service and Horizon Data
Larger Deployments – External
Postgres DB for Horizon Service
Recommended:
VMware vFabric Postgres
21 21
Horizon Workspace – Oracle Database Support
External database support for High Availability and load balancing
Support for both Oracle 11g Enterprise Edition
or VMware vFabric Postrges 9.2.4
Required for production deployments
22 22
Horizon Workspace – External Access
Specify Horizon Workspace FQDN for End Users
Provides link to the Gateway Root CA Certificate
Upload Load Balancer Root CA Certificate
23 23
Horizon Workspace – Gateway-va Diagram
24 24
Horizon Workspace – Data Disk Layout
Contains SLES OS (40GB)
VMFS Datastore
Horizon Data Application root /opt/zimbra
User Files Store /opt/zimbra/store
/
/opt/zimbra/db
/opt/zimbra/index
/opt/zimbra/redolog
/opt/zimbra/log
/opt/zimbra/backup
/opt/zimbra/data
VMDK
VMDK
VMDK
VMDK
VMDK
VMDK
VMDK
VMDK
VMDK
MySQL database
Lucene indexes
Not being used
Main logs directory
Component backup files
tmp folder for processes
NFS
User Files Store
/opt/zimbra/store##
http://kb.vmware.com/kb/2053549
25 25
Horizon Workspace – Data Preview Services
MS Office Preview Server
• Windows 7 Enterprise
or Windows 2008 R2
Standard required
• MS Office 2010 Professional, 64-
bit required
• Install Horizon Data
Preview installer
• Admin account w/ permissions to
create local accounts
• Disable UAC
• Conversion of documents
real-time
26 26
Horizon Workspace – Maintenance and Upgrades
Virtual Appliance Management Infrastructure
(VAMI)
Standard way to update Virtual appliances
GA builds to GA Builds
Resolve – http://vapp-updates.vmware.com
Go to CLI – updatemgr.hzn
27 27
Horizon Workspace – Backup Best Practices
Three Types of Persistently Stored Data
• External Database (vPostgres or Oracle)
• Data Stored in a VMDK (virtual machine disk format)
• Horizon File blobs stored on NAS volumes or on VMDKs
Backing Up Horizon Workspace
1. Create a point-in-time backup of external database
2. Take a point-in-time backup of each VA in the the Horizon Workspace vApp
3. If using external storage take a point-in-time backup of Horizon Data blob store
• If using VMDK, the data blob backup is part of the step 2
DR Restoration Sequence
1. If using NAS, restore blobs from blob backup, if using VMDK go to step 2
2. Restore the Horizon Workspace VAs from the VA backup
3. Restore external database
4. Power on the Horizon Workspace vApp and MS Preview Server
28 28
What’s Next ?
29 29
Horizon Workspace: Manage Data & Application Access
IT manages policies for apps, data & more
Users access workloads across devices
Secure Syncing, Sharing &
Remote Access
Security & Compliance
Anywhere Access
Multi-Device Access
BYOD Mobile Mgmt.
Collaboration
30 30
Secure Single Sign-On access to Web Applications
Secure on-premise document storage, collaboration and
archiving solution
Connect to View desktops, with and without native View clients
Access and delivery of ThinApps
Windows, Mac, iOS and Android as well as Web browser clients
to connect from anywhere
Unified management of endpoints (desktops, apps, policies,
devices
Released March 2013
Workspace 1.0
31 31
Integrated the secure Android workspace into HWS
Oracle database support
Changes to policy framework for consistency and flexibility
Revised iOS apps – Files and Web Apps in two separate apps
Localization to French, German, Japanese, Simplified Chinese
Numerous bug fixes
Released July 2013
What’s new in Horizon Workspace 1.5 ?
32 32
The Horizon Workspace Journey Continues…
Support for XenApp in Application catalog and launcher.
Non Domain support for ThinApps
Android Mobile Enhancements
iOS Enterprise Mobility Management
Enterprise Integration Improvements
…
33 33
Other VMware Activities Related to This Session
HOL:
HOL-MBL-1304
Horizon Workspace - Explore and Deploy
Group Discussions:
EUC1005-GD
Workspace with Rasmus Jensen
THANK YOU
What's New with Horizon Workspace:
Technical Deep Dive
Jared Cook, VMware
Ashish Jain, VMware
Andrew Johnson, VMware
EUC4833
#EUC4833