Mar
17
2009

VirtualCenter permissions for Vmware View

To use vCenter with View Manager, administrator must have the appropiate permissions in order to carry out certain operations in vCenter.
These permissions are granted through a role in vCenter. Here a overview of the permissions:

  1. In vCenter go to the Administration Tab and Add a new Role. Let’s give the Role the name “View Administrator”
  2. In the section Privileges, give the following privileges:
    • Virtual Machine
      Inventory: Create and Remove
      Interaction: Power On, Power Off, Suspend, and Reset
      Configuration: Add new disk, Add or Remove Devices, Modify Device Settings, and Advanced
      Provision: Customize, Deploy Template, and Read Customiztion Specification
    • Resource
      Assing Virtual Machine to Resource Pool
  3. Click Ok

Now you can assign the role to a User.

If this Role is also used for Linked Clones you also have to asign to following privileges:

  • Folder
    Create Folder
  • Datastore
    Browse Datastore
    File Management
  • Virtual Machine
    Inventory
    Configuration
    State
    Provisioning>Clone
    Provisioning>Allow Disk Access
  • Resource
    Assign Virtual Machine to Resource Pool
  • Global
    Enable Methods
    Disable Methods
Mar
17
2009

How to create a local update server for SLES10 with OES2

It’s not difficult to create a local update server for SLES10 with OES2.
The tricky part is that in Yup (The update software who downloads the patches from Novell) can only handle one
service pack level. So if you define service pack level 1, Yup will only download the patches for SLES10 SP1 and OES2 sp1. Now we all know that this combination isn’t right. It’s SLES10SP1 with OES2 and later this year (Q4 of 2008) it will be SLES10 SP2 with OES2 SP1.

But let start at the beginning.
The Novell software updater can access Yup repositories via FTP or HTTP.

FTP Access
SLES10 come with a ftp server called vsftpd. Default only anonymous users can download from this server.
To configure Yup to store the update files in that directory, set
YUP_DEST_DIR=”/srv/ftp/yup”.
Be sure that this directories exists.

HTTP Access
Make sure that you have configured your apache webserver. Create a /etc/apache2/conf.d/yup-server.conf file with the content below:

<IfDefine yup_server>

Alias /yup/ /srv/ftp/yup
<Directory /srv/ftp/yup/>
Options +Indexes +FollowSymlinks
IndexOptions +Namewidth=*
Order deny,allow
Deny from all
Allow from YourSubnet
</Directory>

<IfDefine>

Edit the /etc/sysconfig/apache2 file and add yup_server to the APACHE_SERVER_FLAGS

So know we have a place to store and download our updates.

Mar
17
2009

Prepare a Parent Virtual Machine

In this post where going to prepare a Windows XP SP2 Virtual Machine for a linked clone deplyment for VMware View.

First you have to install the VMware agent in the Guest OS.

Second make sure that the Virtual Machine:

  • is joined the Active Directory domain in which you want linked clone desktops to reside.
  • Network settings (proxies, etc) are properly configured
  • Use DHCP to obtain a IP Adress.
  • System disk is configured to use Virtual SCSI Device node 0:0
  • Operating power settings are set to remain on at all times.
  • System disk contains a single volume (multiple volumes disks are supported, multiple volumes due multiple partitions are not supported)
  • The View Agent is installed and running

If you have accomplisch the above. Shutdown the VM and create a Snapshot. This Snapshot will be the base image.

After creating the Base Snapshot, where going to add the Virtual Machine as a Linked clone Desktop.
In the VMware View Administrator:

  1. Click the Desktop button and then Click the Inventory tab. In the Desktop pane, ensure that the Desktops tab is selected and click Add.

    no images were found

  2. Select if you want to use ad Persistent on Non-Persistent Desktop.

    no images were found

  3. Select the vCenter server who you wanne use. Make sure you enable Use linked clone technology to create desktops in this pool. If you cannot enable this option, you must enable the composer function Configuration Tab | Click on the vCenter server | Edit | Enable View Composer and add a Domain Administrator Account.

    no images were found

  4. Provide a Unique ID (Example: Corporate Desktops), Display Name (Example: Standard Desktop WilmsenIT) and a description.
    If you don’t provide a Display Name, the Unique ID will be used.

    no images were found

  5. Provide the Desktop/Pool Settings:
    • State: Enabled (After being created the desktop is automatically enabled and ready to use), Disabled (After being created the desktop is not enabled. This is useful if you want to to post deployment tasks.)
    • When VM is not is use: Do nothing (VM remains on), Ensure VM is always powered on (if the user shutdown the desktop it’s immediately restarted), Suspend, Power off.
    • Automatic log off after disconnect: Never, Immediately or After (time in minutes when the desktop is logged off).
    • Power off and delete virtual machine after first use: This is for Non-Persistent Pools only. When a users logs off, the Virtual Machine is deleted.
    • Allow users to rest their desktop: User can without administrative assistance reset their desktop.
    • Allow multiple sessions per user: This is for Non-Persistent Pools only. This enables users to make more connections to multiple desktops at the same time in the same pool.

    no images were found

  6. Configure the desktop provision properties:
    • Provisioning: Enabled (The desktop in the Pool will be immediately created upon completions of the deployment procedure or after a desktop is deleted), Disabled (The desktop in the pool will not be immediately created upon completion of the deployment procedure or after a desktop is deleted.).
    • Number off Desktops: Specify the number of desktops created in this pool. This setting is disabled if you select  the “Enable Advanced Pool Settings” check box in the “Advanced Settings” Panel.
    • VM naming Pattern: By default, a prefix is used to identify all desktops in a pool as part of the same group. The prefix can be up to 13 characters in length and a numeric suffix is appended to this entry in order to distinguish each desktop from others in the same pool.
      You can override thsi behavior by entering a name that contains a token representing the pool number {n} (Example: Finance-{n}-Desktop). You can add a fixed length token {fixed=3} (Example: Finance-{n:fixed=3}. The output can be: Finance-001 or Finance-002).
    • Stop provisioning on error: This stops the provisioning of new virtual machines when error occur (for example no disk space left).
    • Advanced Settings: Enable this option if you want to configure random provisioning. Give the number of “Minimum Desktops“, “Maximum Desktops” and “Availible Desktops“.]
  7. Select the Parent VM (you only see VM that have one or more snapshots) and click Next.

    no images were found

  8. Select the snapshot you earlier created in its inactive state and click Next.

    no images were found

  9. Select where you wanne store the Virtual Machines and click Next.

    no images were found

  10. Select a host or a Cluster on which to run the VM used by this desktop and click Next.

    no images were found

  11. Select a Resource pool (optional) and click Next.

    no images were found

  12. Select one or more Datastores on which to store the desktop pool.

    no images were found

  13. Select the Domain Administrator Account, this user will provide access to the Active Directory for the Linked Clones. Optional you can provide a Power-off script, Post synchronization script and the container where to put the Workstation objects.

    no images were found

  14. You are provide with a summary. Check your configuration a click Finish.

The last thing you have to accomplish is to Entitle the Desktop to users.

Mar
17
2009

Group policy rights for VMWare View

If you want to allow users to connect to a VMware View Desktop you will have to give the users the rights through Grouppolicies to login interactivly. Otherwise you will get a error like: “local policy does not allow you to login interactively”

Edit the Grouppolicy for you OU in MMC and goto: Computer Configuration | Security Settings | Local Policy | User rights Assigments | Allow log on through Terminal Serivice.
Here you have to add a Domain Group or User.

Mar
10
2009

Admin-defined fields in Groupwise 8

Novell has made some changes in the way Groupwise 8 (HP1) handles admin-defined fields. Especially in a mixed environment with Groupwise 8 and 7 clients this can be confusing. I have also noticed inconsistencies in the Groupwise 8 client.  (Fields not being available/visible either in the Adress book listing or the contact details) Below you will find the  solution I have used to resolve this problem.

Novell announces the changes regarding the admin-defined fields here: http://www.novell.com/documentation/gw8/gw8_readmeen/data/gw8_readmeen.html#bbk7qjj

In my case I needed to have the ‘Mobile’ and ‘otherPhoneNumber’ phone numbers available in the “Groupwise Address Book” of the Groupwise 7 and 8 clients. I wanted the fields to show in the listing mode (as a column) of the address book as well as the ‘contact details’ view.

I have achieved this in the following way:

In console one add the following fields to the admin-defined fields lists through: Tools->Groupwise system operations->Admin Defined Fields (The naming of the fields below is crucial)

  • otherPhonenumber
  • mobile (you might need to add this one manually to the schema and then add it as an attribute to the user object)

In the ‘Admin-Defined fields’ dialog, keep entry 1 empty since there are known issues with this field (at least in Groupwise 7).

Next, go to the domain properties to the “Adress book” tab.

Add the folowing fields to the list on the left side:

  • Other Phone
  • Mobile Phone
  • otherPhonenumber (Admin-defined – You may change the label, in my case “Internal number”)
  • mobile (Admin-defined – Do not change the label)

Now run “Maintenance->Rebuild index for listing” for domain and POA.
Synchronize all user objects.

Wait for the automatic address book rebuild to start at night. The next day you’ll see the field contents at all the right locations in the Groupwise 7 client as well as the Groupwise 8 client.

Note: The ‘mobile’ field will show up redundandly in the Groupwise 8 Address book under the contact details, I do not know wether this can be solved without breaking this field in the Groupwise 7 client.