VMware Identity Manager (vIDM) Web App Integrations

Our vIDM (FKA Workspace Portal) developers are hard at work delivering SAML-based SSO integration documentation for Web apps and other 3rd party identity provider integrations. Since previous versions of Workspace had a "This functionality exists.. so good luck!" mentality, I'm really excited to share a new landing page for these support resources:
https://www.vmware.com/support/pubs/vidm_webapp_sso.html 

At the time of this post, white papers are available for

• AirWatch Applications


• Office365


• Salesforce


• ServiceNow


• Webex


• vIDM and ADFS 2.0

Read More

Demystifying Horizon View Certs - Easily install a signed certificate

Horizon View certs giving you a headache? Follow this post to take away the complication and get those servers green! This post will cover installing certs for all versions of VMware View (Horizon).

Disclaimer: This post is based off KB 2068666

Generate the Certificate Request

We'll be using the Microsoft Management Console (MMC) Certificates Snap-in.

1. From your Connection Server or some other Windows Server click Start > Run > MMC


2. Click File > Add/Remove Snap-in...
   


3. Highlight Certificates and click Add >
   


4. Choose  Computer account and click Next


5. Choose Local Computer > Finish
   


6. Ensure you see Certificates (Local Computer) under Selected snap-ins and click OK


7. Expand Certificates (Local Computer) and right click Personal > All Tasks > Advanced Operations > Create Custom Request
   


8. Per the splash screen, verify the computer is connected to the network and you have credentials that can be used to verify your right to obtain the certificate and click Next


9. Under Custom Request, highlight Proceed without enrollment policy and click Next


10. Select No Template Legacy key from the drop down and ensure PKCS #10 is selected. Click Next
    


11. Expand Details and click Properties
    


12. On the General tab, type vdm for the Friendly name
    


13. Click the Subject tab and enter the below values

Common Name	Value = FQDN of View Server	Click on Add Button
Country	Value = (2 Letter Country Code, e.g., US)	Click on Add Button
Locality	Value = (Your City Location)	Click on Add Button
Organization	Value = (Your Company)	Click on Add Button
Organization Unit	Value = (Department, e.g., IT)	Click on Add Button
State	Value = (2 Letter State Code, e.g, CA)	Click on Add Button

1. Click the Private Key tab > Click on Key Options Details > Select Keysize 2048


2. Check the box for Make private key exportable and click Ok > Next
   


3. Save the file as a .req
   


4. Provide this certreq.req file to your Certificate Authority per their requirements.

Installing the Certificate

Once the 3rd Party CA has provided you the certificate, download the necessary files (in most cases this would be the Tomcat/P7B/bundle provided by the CA). If they provide host, intermediate, and root certs, download all 3 files. Now we'll launch MMC on the Connection Server to install the cert.

1. Assuming the MMC console is still open and the cert snap-in is enabled, expand Certificates (Local Computer) > Personal > Certificates


2. Right click and choose All Tasks > Import
   


3. Select the cert bundle you downloaded
   NOTE: Make sure that whenever you're prompted you choose:
   
   
   
   • Yes to Mark the Private Key Exportable
   
   
   • Yes to all extended properties
   
   
   • Yes to all certificates in the certification path


4. Choose Automatically select the certificate store based on the type of certificate and click Next
   


5. Finish the Import wizard.

NOTE: If importing a PFX file, you will be prompted for the private key password. Check both boxes to mark as exportable and include all extended properties

Important: Completing the certificate installation

If you're on View 5.1 or later, you're done! All you need to do is restart the View Connection Server Service for it to pick up the new certificate. After the service starts, wait up to 5 minutes before the View Admin page reflects the Green status.

If you're on View 5.0.x or earlier, you must now export the cert as a PFX from the MMC console, place into the local SSL directory, and update your locked.properties file with the cert's path.

1. Copy the PFX you exported to the SSL Gateway directory on the Connection Server (usually install_directory\VMware\VMware View\Server\sslgateway\conf)


2. Edit locked.properties in the same directory to contain the PFX file name and password you set during export (if you don't have a locked.properties file, you'll need to create it)
   keyfile=key.pfx
   keypass=secret


3. Restart the Connection Server service

If this post helped you get your cert installed, let me know in the comments! Good luck!

Read More

Socialcast: How & Why it Works

Excellent post showing Socialcast in action! Socialcast has transformed how I work on a daily basis and is a critical yet fun way to communicate and collaborate across the entire company. Check out more at socialcast.com

Read More

Composer Fault: Virtual Machine with Input Specification already exists

Error During Provisioning: View Composer Fault: Virtual Machine with Input Specification already exists

If you've ever run into this error when composing linked clones with VMware Horizon View Composer, you are very much not alone. This is a common error that ultimately comes down to this: your Composer database already has an entry with that VM name in it. There are 3 ways to fix it depending on your View version and scenario. But first, let's understand the issue.

Why does this error happen? Usually due to a delete operation not fully completing. When you click Delete for a linked clone in Horizon View, it has to be removed from the View ADAM database, the vCenter Server database, and the Composer database. If the linked clone gets removed from ADAM and VC but fails to be removed from the Composer DB for some reason, when you go to recompose that VM with the same name, you'll see this error.

Let's say the VM is deleted from vCenter only, it's gone from the VCDB and won't show up in vCenter Inventory, but will likely show in View with an error until it's removed from the ADAM database. Once it's removed from ADAM all will appear to be well, until you re-create that linked clone - you'll see the title error.

If you're at the point where the VM is gone from View, meaning you don't see it in View Administrator or in any pool.. and you're at the point where the VM isn't anywhere to be found in vCenter, meaning you've done a search and verified the VM has been deleted from the vCenter Inventory, and you're seeing the title error, you should follow the sviconfig processes outlined in in http://kb.vmware.com/kb/2015112 (for View 5.2 and earlier)

If you're on View 5.3 or later, use the ViewDBchck tool from http://kb.vmware.com/kb/2118050

If you continue to have issues, try running the below scripts on your Composer's SQL database. There are two scripts below: a Query script and a Delete script. To see if the VM does indeed exist in the Composer DB, run the query script changing the blue fields to match your VM name and the Composer Database name. This does not modify anything in the DB, just does a search. If it returns data in any tables, then you know that's the issue and you can proceed to use the Delete script (editing the same vm-name and Composer DB name fields as the query script).

I cannot take credit for these scripts, but they have proven invaluable during my time in support! Let me know in the comments if these helped!

Composer SQL DB Scripts

Caution: The scripts are provided as-is. Do not use the scripts without first taking a backup of the composer database to restore in case of a problem. The scripts only work on MS SQL.

Query Script:

/*This SQL Query will allow FAST access to see if remnant vm's Exist inside the Composer DB*/ 
DECLARE @name nvarchar(255) 
/*Enter Name Below for VM on line with set [@name='vm_name_here'] */ 
set @name='enter-VM-name-here'
/*Enter Name of VMware View Composer Database for line below [use database_name]*/ 
use Composer-database-name
 
 SELECT *
 FROM [dbo].SVI_TASK_STATE
 WHERE SIM_CLONE_ID = (SELECT ID FROM [dbo].SVI_SIM_CLONE WHERE VM_NAME like @name)
 
 SELECT *
 FROM [dbo].SVI_VM_NAME
 WHERE NAME = @name
 
 SELECT *
 FROM [dbo].SVI_SIM_CLONE
 WHERE VM_NAME = @name
 
 SELECT *
 FROM [dbo].SVI_SC_PDISK_INFO
 WHERE PARENT_ID = (SELECT ID FROM [dbo].SVI_SIM_CLONE WHERE VM_NAME like @name)
 
 SELECT *
 FROM [dbo].SVI_SC_BASE_DISK_KEYS
 WHERE PARENT_ID = (SELECT ID FROM [dbo].SVI_SIM_CLONE WHERE VM_NAME like @name)
 
 SELECT *
 FROM [dbo].SVI_COMPUTER_NAME
 WHERE NAME = @name

Delete Script:

/*!!!DELETES VM FROM SQL DB CAUTION!!!*/ 
/*Enter Name Below for VM on line with set [@name='vm_name_here'] */ 
DECLARE @name nvarchar(255) 
set @name='enter-VM-name-here'
/*Enter Name of VMware View Composer Database for line below [use database_name]*/ 
use Composer-database-name
 
 DELETE
 FROM [dbo].SVI_TASK_STATE
 WHERE SIM_CLONE_ID = (SELECT ID FROM [dbo].SVI_SIM_CLONE WHERE VM_NAME like @name)
 
 DELETE
 FROM [dbo].SVI_SC_PDISK_INFO
 WHERE PARENT_ID = (SELECT ID FROM [dbo].SVI_SIM_CLONE WHERE VM_NAME like @name)
 
 DELETE
 FROM [dbo].SVI_SC_BASE_DISK_KEYS
 WHERE PARENT_ID = (SELECT ID FROM [dbo].SVI_SIM_CLONE WHERE VM_NAME like @name)
 
 DELETE
 FROM [dbo].SVI_SIM_CLONE
 WHERE VM_NAME = @name
 
 DELETE
 FROM [dbo].SVI_COMPUTER_NAME
 WHERE NAME = @name
 
 DELETE
 FROM [dbo].SVI_VM_NAME
 WHERE NAME = @name

Read More

How to backup and restore the Horizon 6 View ADAM database

The ADAM database is the heart and soul of your Horizon View environment. It contains all sorts of great stuff from Pool inventory, to persistent disk assignment, to licensing information. Long story short, if you lose your ADAM database, you straight up lose. Be a winner and backup your database!

Did you know?

View is smart enough to backup its own database. If you jump onto one of your Connection Servers and navigate to C:\ProgramData\VMware\VDM\backups you should see a slew of .LDF files.



These are your automated backups. You can see when your last backup ran by launching the Horizon View Administration page and navigating to View Configuration > Servers > Connection Servers and looking at the Last Backup column.

Like any good admin, you take your own backups

You don't want to rely only on these backups. They are local to the Connection Server after all, causing a single point of failure if you lose that VM for any reason. You can always copy the latest LDF to another server somewhere, or you can take a manual backup of the current state of the ADAM database. This is extremely simple and highly recommended!

NOTE: You'll also want to know what your data recovery password is before you can restore any backup you have. If you don't know what it is, you can change it by launching View Administrator > View Configuration > Global Settings > Security > Change data security password

Taking a manual backup of the ADAM database

Before we take the backup, you might be asking, "Do I need to take a backup of all my replica Connection Servers' databases?" The short answer is no, you need only take one backup. This is due to how the restore procedure is carried out (outlined below).

1. First off, ensure your View environment isn't currently creating or deleting any VMs and disable all pools from provisioning
   
   
   
   1. Launch View Administrator and navigate to View Configuration > Servers > vCenter Server
   
   
   2. Click Disable Provisioning
      


2. Now get a console to your Connection Server


3. Launch an elevated Windows Command Prompt


4. Navigate to the directory you want the backup to reside temporarily and run
   

   vdmexport > vdmconfig.ldf

   
   


5. This created an LDF file on my desktop. You can compare its size to that of your automated backups (they should be similar)
   


6. Let's move this LDF to a backup file share for safe keeping and you've got yourself a current ADAM database backup!

It should be noted that in the event of an actual outage that requires a restore of the ADAM database, best practice is to also restore the Composer and vCenter databases from the same time frame of the ADAM backup. Otherwise the VM inventory of the databases could be out of sync causing orphaned VMs and other missing data that could take additional downtime to recover from. The backup and restore of Composer and vCenter are generally quite simple as they follow simple SQL backup and restore procedures. It goes without saying, however, that whatever database you're using, refer to that database vendor for proper backup/restore procedures.

Restoring an ADAM database LDF backup

When it comes time to restore the ADAM database (preferably after Composer and vCenter databases have been restored) the simplest way to get View back up is to reinstall the Connection Server service.

1. Uninstall the VMware Horizon View Connection Server software (from Add-Remove Programs / Programs and Features / appwiz.cpl / etc)


2. Uninstall the AD LDS Instance VMwareVDMDS software (This is the ADAM instance which gets installed with View)
   


3. Remove the ADLDS Role from Server Configuration
   


4. Reboot the server


5. Install the Connection Server software
   
   
   
   1. Be sure to choose Standard Server during install
   
   
   2. If you have replicas in the environment, we'll deal with those later.


6. Decrypt the LDF backup you took earlier by launching command prompt and typing
   

    vdmimport -d -f MyEncryptedexport.LDF > MyDecryptedexport.LDF



7. This will prompt you to enter your data recovery password.


8. Now you can import the database into the fresh ADAM instance by typing
   

    vdmimport -f VDMConfig.LDF



9. If this is your only Connection Server, you've successfully completed the database restore and View should be fully operational. If you have any replicas in the environment, these servers will need to be re-installed as replicas. Follow the same uninstall process from steps 1 - 4 and ensure you choose Replica during install.

For more information, check out VMware's KB for performing an end-to-end backup.

Read More

Automating with the Horizon vCO plugin for VMware Horizon Part 1 - Installation

Using the Horizon vCenter Orchestrator (vCO) plugin allows you to automate provisioning tasks, allow end user self-service tasks, configure entitlements and more in VMware Horizon 6 thereby reducing the need for internal email correspondence and exception handling. For a full list of functionality, you'll want to see the Administrator's Guide. The official guide is certainly a good read and can be found here.

This post assumes you already have vCenter Orchestrator installed.

Installing the plugin

1. Download the VMware vCenter Orchestrator plug-in for Horizon 1.1 from here


2. Launch the vCenter Orchestrator Configuration page, usually https://localhost:8283


3. Click Plug-ins on the left and choose Install new plug-in


4. Browse and select the .vmoapp you downloaded in Step 1


5. Once uploaded, it will initiate the plugin installation - accept the EULA
   


6. When it completes, you should see it listed in the Enabled plug-ins installation status with a note "Will perform installation at next server startup."
   


7. Now we need to restart first the Orchestrator service, and second the Configuration service
   


8. Re-launch the Configuration page and you should now see the Enabled status as "Installation OK"
   


9. To verify the plugin data, login to the Orchestrator Client Application and verify you see the Horizon Library with the provided default Workflows
   

This is Part 1 in a series on using vCO with Horizon so please subscribe or check back often to stay up to date!

Read More

Why an Apple User chose the Pebble Time over the Apple Watch

Hello. My name is Ryan, and I'm an Apple user.. with a Pebble

[caption id="attachment_322" align="aligncenter" width="660"] Photo courtesy of Forbes[/caption]

Now that we've gotten that out of the way.. I wanted to share my thoughts on why I chose the Pebble Time as my smart watch instead of the Apple Watch. They're both great options but with some pretty stark differences. Hopefully this post can help with your decision if you're currently comparing the two excellent options.

The thing I enjoy the most about Pebble is their philosophy on a smart watch is delivered beautifully in their devices - it's a tool to accompany your smart phone (not replace it) and make your day more convenient. Admittedly, I owned the original Pebble. It's the first smart-watch I've owned. A co-worker was selling it used for $40 and I figured a smart watch for $40? Heck yes I'll try that out! My verdict on the smart little device has been exactly how Pebble designed it to be - convenient.

The ability to discretely dismiss a notification as low priority from my wrist is pretty darn handy. On the other hand, (wrist?) the ability to quickly act on an important text or call after just a quick glance at my watch has proven extremely useful. When my 20 month old daughter hides my phone in-between the couch cushions and I haven't seen it for 3 hours, I'm not worried about missing my notifications because the bluetooth works really, REALLY well.

All that to say, smart watches are handy. Absolutely not necessary, but the added convenience to people actively dependent on their mobile technology for work and personal life is something worth considering.

Since most of my daily tech is Apple (Macbook Pro, iPhone, iPad) it seemed natural that if I wanted a smartwatch I should get the Apple Watch. After all what smart watch would have better integration into iOS.. However there are some things that really bug me about the Apple Watch. It's certainly a beautiful looking device and most people seem to really enjoy them. But coming from Pebble, I don't know if I'm as easily impressed.

Here are the things I really like about Pebble Time:

• Always on - even at slightly obscure angles, I can read what time it is without having to shake my wrist like an angry old man


• Battery life - you shouldn't have to charge a watch every day. The Pebble consistently lasts around a week and I don't have to worry about it dying during a run or extended use. The best part about this is being able to wear it to bed for not only sleep tracking, but silent alarms that don't wake my wife.


• Timeline - the OS is all about quick, convenient access to your schedule and notifications. There's not a lot of extra fluff for fluff's sake.


• Waterproof - you can swim without worrying about ruining your $200+ investment


• Buttons - I actually really like maneuvering the OS by using the physical buttons of the watch. It makes it feel more like a watch and less like a smartphone


• Weight - the watch is light!


• Price - At $200, the Pebble Time is around $150 cheaper than the cheapest Apple Watch

The main concerns I have about the Apple Watch:

• Battery Life - this is the biggest beef I have. I don't want to have to worry about it dying during a run or bike ride. I also want to be able to regularly wear it to sleep for silent alarms. I'm used to 6+ days on a charge - this would be a huge step backwards


• Shake of the wrist - I really don't like the idea of having to shake my wrist to check the time. It feels unnatural and looks straight up silly.


• Sluggish - Reports of the OS being slow are popping up. Likely due to poorly optimized third party applications, but when you're expecting the performance of a high powered smartphone on the low powered watch, you're going to be disappointed. This possibly could be fixed with software updates, but my own opinion is that the watch is slightly underpowered for the OS. If it's slow today, how slow will it be in 2 years?


• Price - $350 for the cheapest Apple Watch is steep. Even $200 for the Pebble Time is more than I'd like to pay for a watch, but these are the big players in the market, we play by their rules.

Perhaps the 2nd or 3rd gen Apple Watch will address these things. By then it will be exciting to see what other players have jumped into the market for some healthy competition! But for now, I'm extremely happy with my Pebble Time!

EDIT Aug 18th
Turns out I'm not the only VMware fanatic/iPhone User who chose the Pebble Time vs the Apple Watch.. Check out my colleague Duncan Epping's post over at YellowBricks

Read More