About Me

My photo
This blog has been created to share technical information, interesting innovations that I notice on daily basis and Architectural/Consulting overview of various technologies. My areas of interest, on which I would be blogging, are VMware, Microsoft and Citrix Technologies. I hope you will enjoy this blog and share your experience with me.

Poor man’s Samsung DEX HUB and VMware Horizon Advantage

I had been intrigued by the Samsung DeX mode post its launch but didn’t have the courage to buy the 125$ (Rs. 10,000/- INR) Samsung DeX Station. I was on a look-out for an alternate Hub which could do the DeX mode on my Galaxy S8+ for a lot less. After searching @ AliExpress I finally managed to find a hub called EASYA Thunderbolt 3 USB C to HDMI Adapter DeX Mode for Samsung Galaxy S8/S9 which had some good positive reviews and for 33$

The moment of truth was to plug-in the Galaxy S8+ and try the DeX mode. Attempt-1: Managed to plug the phone to the hub and HDMI monitor as the output. Next thing I noticed was the screen mirror got enabled and DeX Mode pop-up wouldn’t come or get detected.

Attempt-2: Additional to the above I plugged in the Power in the USB-C 3.1 PD Port and magically the pop-up appeared on the phone “Start DeX Mode

If you don’t have the wireless mouse plugged in the entire Galaxy S8+ screen acts like a mouse trackpad which can come-in handy.

EASYA Thunderbolt 3 USB Type-C Hub To HDMI Adapter Dex Mode


Productivity with VMware Horizon:

The Horizon Client available on the Android Store has integration with DeX mode that enables you to use the Virtual Desktop in Full screen mode. I launch my Windows 10 Desktop and use it for an entire day. I was easily able to work on the following applications without any issues

  • Microsoft Outlook Client
  • Chrome and Firefox browser
  • Skype for Business (Audio/Chat Only) – Video was having issues
  • VMware Performance Tracker was showing the CPU and Network Bandwidth Usage graphs in real-time
  • There was no lag or any sign of slowness in any form
  • CPU Usage on the phone at an average of 4-6%

Known Observations:

  • The phone didn’t heat all day during its usage
  • The HUB was reasonably warm during the entire day usage
  • The limited DeX compatible Application works good in full-screen

More Picture on the Usage

DeX Mode and Horizon Client Launch
Horizon Client

DeX Mode and Full Screen – Windows 10 + Dell 24 inch Monitor
Full Screen - Windows 10 VDI

Hardware Setup – Logitech M140 Bluetooth Keyboard + Mouse
Hardware-Setup

More Documentation on Samsung DeX + VMware Horizon

Using Horizon Client with Samsung DeX
Enable the DeX Mode Auto Launch Feature

I hope you find this HUB review and DeX mode usage with Horizon useful and will be able to use it as a daily driver. Let me know if you would like to know more in the comments section

Thanks,
Aresh

vRealize Operations Manager - Monitor Management Packs for Availability and Notification

If you are using multiple vRealize Operations Manager (vROPS) – Management Packs like Horizon, VSAN, NSX and vCenter and want to monitor their availability of the adapter/POD in terms of whether they are “Collecting Data” and get notified via email when the collection of data stops due to unknown reasons. Then go ahead and read further.

If you don’t setup the monitoring one doesn't get notified until someone logins to the vROPS Manager and see the adapter status physically.

Adapter Status:
vROPS VMware Horizon Management Pack

Collection State/Status:
vROPS - Hoirzon Adapter

To achieve the above its a 3 steps process. You will have to create the following:

  • Custom Symptom Definition
  • Custom Alert Definition
  • Custom Notification

Symptom Definitions

We will create four custom Symptom Definition (SD) for Horizon Adapter, Horizon POD as it collects data, vCenter instances and VSAN Adapter. Following are the SD combined:

Custom Symptom Definitions

  • Horizon Adapter Instance
    • Open the vROPS Manager and navigate to Alerts – Symptom Definitions
    • Click on the +
    • Under the Base Object Type Select – View Adapter Instance
    • Under Metrics Select vRealize Operations Generated – Availability
    • Enter a Symptom Definition Name – SD_Horizon_Adapter_Avail
    • is – Critical
    • metric – is less than
    • Numeric Value – 1
    • Under Advance
      • Wait Cycle - 3
      • Cancel Cycle - 3
      • Recommended - The wait/cancel cycle of 3 means that in case of any failure user will be notified after 15 minutes (3 cycles x default 5 minutes data collection interval)

Symptom - View Adapter Instance

  • vCenter Adapter – vCenter
      • Open the vROPS Manager and navigate to Alerts – Symptom Definitions
      • Click on the +
      • Under the Base Object Type Select – vCenter Server
      • Under Metrics Select vRealize Operations Generated – Availability
      • Enter a Symptom Definition Name – SD_vCenter_Adapter_Avail
      • is – Critical
      • metric – is less than
      • Numeric Value – 1
      • Under Advance
        • Wait Cycle - 3
        • Cancel Cycle - 3
        • Recommended - The wait/cancel cycle of 3 means that in case of any failure user will be notified after 15 minutes (3 cycles x default 5 minutes data collection interval)

Symptom - vCenter Adapter Instance

  • View POD
      • Open the vROPS Manager and navigate to Alerts – Symptom Definitions
      • Click on the +
      • Under the Base Object Type Select – View POD
      • Under Metrics Select vRealize Operations Generated – Availability
      • Enter a Symptom Definition Name – SD_View_POD_Avail
      • is – Critical
      • metric – is less than
      • Numeric Value – 1
      • Under Advance
        • Wait Cycle - 3
        • Cancel Cycle - 3
        • Recommended - The wait/cancel cycle of 3 means that in case of any failure user will be notified after 15 minutes (3 cycles x default 5 minutes data collection interval)

Symptom - View POD

  • VSAN Adapter Instance
    • Open the vROPS Manager and navigate to Alerts – Symptom Definitions
    • Click on the +
    • Under the Base Object Type Select – VSAN Adapter Instance
    • Under Metrics Select vRealize Operations Generated – Availability
    • Enter a Symptom Definition Name – SD_VSAN_Adapter_Avail
    • is – Critical
    • metric – is less than
    • Numeric Value – 1
    • Under Advance
      • Wait Cycle - 3
      • Cancel Cycle - 3
      • Recommended - The wait/cancel cycle of 3 means that in case of any failure user will be notified after 15 minutes (3 cycles x default 5 minutes data collection interval)

Symptom - VSAN Adapter Instance

Alert Definitions

We will create four custom Alert Definition (AD) for Horizon Adapter, Horizon POD as it collects data, vCenter instances and VSAN Adapter. Following are the AD combined:

Custom Alert Definitions

  • Horizon Adapter Instance
    • Open the vROPS Manager and navigate to Alerts – Alert Definitions
    • Click on the +
    • Enter a Name – AD_Horizon_Adapter
    • Under the Base Object Type Select – View Adapter Instance
    • Under the Alert Impact
      • Impact – Health
      • Criticality – Symptom Based
      • Alert Type and Subtype – Virtualization/Hypervisor: Availability
      • Wait Cycle – 1
      • Cancel Cycle - 1
    • Under Add Symptom Definitions
      • Defined on – Self
      • Symptom Definition Type – Metric /Property
      • In the search box enter the previously created Symptom Definition – SD_Horizon_Adapter_Avail
    • Under Add Recommendations – Search and Select “Check if the resources are available. If it isn’t restart it. If it is available check the network connectivity between the remote checks and the resource

Alert - Horizon Adapter

  • vCenter Adapter Instance
    • Open the vROPS Manager and navigate to Alerts – Alert Definitions
    • Click on the +
    • Enter a Name – AD_vCenter_Adapter
    • Under the Base Object Type Select –  vCenter Server
    • Under the Alert Impact
      • Impact – Health
      • Criticality – Symptom Based
      • Alert Type and Subtype – Virtualization/Hypervisor: Availability
      • Wait Cycle – 1
      • Cancel Cycle - 1
    • Under Add Symptom Definitions
      • Defined on – Self
      • Symptom Definition Type – Metric /Property
      • In the search box enter the previously created Symptom Definition – SD_vCenter_Adapter_Avail
    • Under Add Recommendations – Search and Select “Check if the resources are available. If it isn’t restart it. If it is available check the network connectivity between the remote checks and the resource

Alert - vCenter Adapter

  • View POD
    • Open the vROPS Manager and navigate to Alerts – Alert Definitions
    • Click on the +
    • Enter a Name – AD_View_PODS
    • Under the Base Object Type Select –  View Pod
    • Under the Alert Impact
      • Impact – Health
      • Criticality – Symptom Based
      • Alert Type and Subtype – Virtualization/Hypervisor: Availability
      • Wait Cycle – 1
      • Cancel Cycle - 1
    • Under Add Symptom Definitions
      • Defined on – Self
      • Symptom Definition Type – Metric /Property
      • In the search box enter the previously created Symptom Definition – SD_View_PODS_Avail
    • Under Add Recommendations – Search and Select “Check if the resources are available. If it isn’t restart it. If it is available check the network connectivity between the remote checks and the resource

Alert - View POD

  • VSAN Adapter Instance
    • Open the vROPS Manager and navigate to Alerts – Alert Definitions
    • Click on the +
    • Enter a Name – AD_VSAN_Adapter
    • Under the Base Object Type Select –  vSAN Adapter Instance
    • Under the Alert Impact
      • Impact – Health
      • Criticality – Symptom Based
      • Alert Type and Subtype – Virtualization/Hypervisor: Availability
      • Wait Cycle – 1
      • Cancel Cycle - 1
    • Under Add Symptom Definitions
      • Defined on – Self
      • Symptom Definition Type – Metric /Property
      • In the search box enter the previously created Symptom Definition – SD_VSAN_Adapter_Avail
    • Under Add Recommendations – Search and Select “Check if the resources are available. If it isn’t restart it. If it is available check the network connectivity between the remote checks and the resource

Alert - VSAN Adpater

Notifications

We will create four Notification Rules for Horizon Adapter, Horizon POD as it collects data, vCenter instances and VSAN Adapter. Following are the Rules for Email Alerts combined:

Custom Notification Rules

  • Rule - Horizon Adapter Instance is down
    • Open the vROPS Manager and navigate to Alerts – Notification Settings
    • Click on the +
    • Enter a Name – _Horizon_Adapter is down
    • Under Method Select - Standard Email Plugin
    • Instance – SMTP (previous configured)
    • Enter Recipients – Email Address
    • Notification Trigger – Alert Definition
    • Add the previously created _AD_Horizon_Adapter

Notification - Horizon Adapter

  • Rule – vCenter Adapter Instance is down
    • Open the vROPS Manager and navigate to Alerts – Notification Settings
    • Click on the +
    • Enter a Name – _vCenter_Adapter is down
    • Under Method Select - Standard Email Plugin
    • Instance – SMTP (previous configured)
    • Enter Recipients – Email Address
    • Notification Trigger – Alert Definition
    • Add the previously created _AD_vCenter_Adapter

Notification - vCenter Adapter

  • Rule – View POD is down
    • Open the vROPS Manager and navigate to Alerts – Notification Settings
    • Click on the +
    • Enter a Name – _View_POD is down
    • Under Method Select - Standard Email Plugin
    • Instance – SMTP (previous configured)
    • Enter Recipients – Email Address
    • Notification Trigger – Alert Definition
    • Add the previously created _AD_View_POD

Notification - View POD

  • Rule – VSAN Adapter is down
    • Open the vROPS Manager and navigate to Alerts – Notification Settings
    • Click on the +
    • Enter a Name – _VSAN_Adapter is down
    • Under Method Select - Standard Email Plugin
    • Instance – SMTP (previous configured)
    • Enter Recipients – Email Address
    • Notification Trigger – Alert Definition
    • Add the previously created _AD_VSAN_Adapter

Notification - VSAN Adapter

I hope you will find this post useful and will help you improvise on monitoring/alerting of your vROPS Management Packs. A big thanks to Gagik Manukyan in demonstrating the ability to configure this in our internal setup.

Thanks,
Aresh Sarkari

VMware Horizon TrueSSO - Configuration for High Availability and Redundancy

In this post I will demonstrate the configuration that are required to deploy the VMware Enrollment Servers for High availability and redundancy. This includes two Certificate Authority CA’s and Enrollment Servers

TrueSSO Availability and Redundancy


My colleague Tarique Chowdhury has an excellent post on the TrueSSO Lab Setup. However in that deployment it talks about a single Enrollment Server and Certificate Authority Server.

This post is not a replacement of the Setting Up TrueSSO guide on VMware Pubs. However the below mentioned two sections complement during the configurations for everything else follow the setup guide/blogs:

Certificate deployment – Enrollment Agent (Computer).

Deploying the Enrollment Agent (Computer) certificate onto this server, we are authorizing this ES to act as an Enrollment Agent and generate Certificates on behalf of users.

    Both the Certificate Authority Server Enrollment Agent (Computer) certificate needs to be added. They are added one-by-one. The Personal –> Certificate store should look like below on the ES:

    Enrollment Agent (Computer)

    Configure TrueSSO on the Horizon Connection Servers:

    Step1: Adding both the Enrollment Server (ES) - Adding the ES to the environment, we are able to query the ES about the domain and relevant True SSO info.

    vdmutil --authAs username --authDomain askaresh --authPassword password --truesso --environment --add –enrollmentServer tsso1.askaresh.com,tsso2.askaresh.com

    Adding ES

    Step2 - List both the newly deployed Enrollment Server - We will get info about various components of the environment which will be useful for configuring True SSO.

    vdmutil --authAs username –authDomain askaresh --authPassword password --truesso --environment --list --enrollmentServer tsso1.askaresh.com  --domain askaresh.com

    vdmutil --authAs username –authDomain askaresh --authPassword password --truesso --environment --list --enrollmentServer tsso2.askaresh.com  --domain askaresh.com

    Listing ES

    Step3 - Adding the Connector for TrueSSO - A True SSO Connector is a configuration set where we specify details like ES(s), CA(s) and a Certificate Template to use for a certain Domain. When a Horizon CS gets a request to launch a desktop for an AD user, it will look up True SSO Connector for the domain the user belongs to and will use the components as specified to obtain a Certificate on behalf of the user.

    vdmutil --authAs username --authDomain askaresh --authPassword password --truesso --create --connector --domain askaresh.com --template TrueSSO --primaryEnrollmentServer tsso1.askaresh.com –secondaryEnrollmentServer tsso2.askaresh.com --certificateServer MSSUBCA01-CA,MSSUBCA02-CA --mode enabled

    TrueSSO Connector

    Step4 - List the SAML Authenticator available in Horizon environment - A SAML Authenticator contains the trust and metadata exchange between Horizon View and vIDM. To use True SSO, we need to identify the correct SAML Authenticator and enable True SSO.

    vdmutil --authAs username --authDomain askaresh --authPassword password --truesso --list --authenticator

    Listing SAML

    Step5 - Enable TrueSSO for the SAML Authenticator

    vdmutil --authAs username --authDomain askaresh --authPassword password --truesso --authenticator --edit --name VIDM-PROD --truessoMode ENABLED

    Enable TrueSSO

    Step6 - Check the status on the Horizon Administrator Dashboard

    TrueSSO Dashboard

    I hope you find these steps useful during the TrueSSO Availability and Redundancy configurations.

    Thanks,
    Aresh

    NSX Load Balancing for VMware Unified Access Gateway – Part2

    In this post we shall go over the remaining configuration on “Pools” and “Virtual Servers” of the NSX Load Balancing for VMware Unified Access Gateway.

    4. Configure the Load Balancing – Pools

    • Overall we will be creating four Pools as follows:
      Pools
    • Click on the green plus sign to add a new pool
      • In the Name field, type: XXX-UAG-POOL-8443
      • Leave the Description blank
      • For Algorithm, pick IP-HASH
      • Leave Algorithm Parameters blank
      • For Monitors, pick default_tcp_monitor
        Pools_8443
    • Click on the green plus sign to add a new pool
      • In the Name field, type: XXX-UAG-POOL-4172TCP
      • Leave the Description blank
      • For Algorithm, pick IP-HASH
      • Leave Algorithm Parameters blank
      • For Monitors, pick default_tcp_monitor
        Pools_4172_TCP
    • Click on the green plus sign to add a new pool
      • In the Name field, type: XXX-UAG-POOL-4172UDP
      • Leave the Description blank
      • For Algorithm, pick IP-HASH
      • Leave Algorithm Parameters blank
      • For Monitors, pick default_tcp_monitor
        Pools_4172_UDP
    • Click on the green plus sign to add a new pool
      • In the Name field, type: XXX-UAG-POOL-443
      • Leave the Description blank
      • For Algorithm, pick IP-HASH
      • Leave Algorithm Parameters blank
      • For Monitors, pick default_https_monitor
        Pools_443

    5. Configure the Load Balancer – Virtual Servers

    • Overall we will be creating six virtual servers as follows:
      Virtual_Server
    • Click on the green plus sign to add a new Virtual Server
      • Click on Enable Virtual Server
      • Click on Enable Acceleration
      • Set the Application Profile to XX-External-UDP
      • In the Name field, type: XXX-UAG-8443UDP
      • Leave the Description blank
      • For IP Address, select IP address by click on the link
      • For Protocol select UDP
      • In Port/Port Range type 8443
      • Set Default Pool select XXX-UAG-Pool-8443
      • Everything else should be default
        UDP_Virtual_Server
    • Click on the green plus sign to add a new Virtual Server
      • Click on Enable Virtual Server
      • Click on Enable Acceleration
      • Set the Application Profile to XX-External-UDP
      • In the Name field, type: XXX-UAG-4172UDP
      • Leave the Description blank
      • For IP Address, select IP address by click on the link
      • For Protocol select UDP
      • In Port/Port Range type 4172
      • Set Default Pool select XXX-UAG-Pool-4172UDP
      • Everything else should be default
        UDP_Virtual_Server
    • Click on the green plus sign to add a new Virtual Server
      • Click on Enable Virtual Server
      • Click on Enable Acceleration
      • Set the Application Profile to XX-External-TCP
      • In the Name field, type: XXX-UAG-8443TCP
      • Leave the Description blank
      • For IP Address, select IP address by click on the link
      • For Protocol select TCP
      • In Port/Port Range type 8443
      • Set Default Pool select XXX-UAG-Pool-8443
      • Everything else should be default
        TCP_Virtual_Server
    • Click on the green plus sign to add a new Virtual Server
      • Click on Enable Virtual Server
      • Click on Enable Acceleration
      • Set the Application Profile to XX_external_ssl_offload
      • In the Name field, type: XXX-UAG-443HTTPS
      • Leave the Description blank
      • For IP Address, select IP address by click on the link
      • For Protocol select TCP
      • In Port/Port Range type 443
      • Set Default Pool select XXX-UAG-Pool-443
      • Everything else should be default
        HTTPS_Virtual_Server
    • Click on the green plus sign to add a new Virtual Server
      • Click on Enable Virtual Server
      • Click on Enable Acceleration
      • Set the Application Profile to XX_external_tcp
      • In the Name field, type: XXX-UAG-4172TCP
      • Leave the Description blank
      • For IP Address, select IP address by click on the link
      • For Protocol select TCP
      • In Port/Port Range type 4172
      • Set Default Pool select XXX-UAG-Pool-4172TCP
      • Everything else should be default
        TCP_Virtual_Server

    Previous configuration around the “Global Configuration”, “Application Profiles” and “Service Monitoring” the NSX Load Balancing for VMware Unified Access Gateway – Part1

    We haven’t configured any “Application Rules”. I hope you find these steps useful and don’t have to invent the wheel when it comes to NSX LB for VMware UAG.

    Thanks,
    Aresh

    NSX Load Balancing for VMware Unified Access Gateway – Part1

    This blog post will be a two part series showing you step by step on how to load balance VMware Unified Access Gateway (UAG) using the VMware NSX. There are quite a few options such as F5, KEMP etc. available to do the load balancing of the UAG appliance but in this post we shall deep dive into NSX Load balancing. The objective in a production deployment is to load balance multiple UAG appliances deployed in the DMZ.

    UAG Load BalancingLoad Balancing of multiple VMware UAG Appliances

    There are plenty of guidance available on how to create the NSX Edge to do the load balancing. I am not going to cover those steps in this blog. Instead I will fast forward to the Load Balancing configurations required to do Unified Access Gateway.

    Pre-Installation Checklist

    This list should include everything that needs to be available BEFORE we start to install the UAG Load Balancer.

    • A pair of UAG Appliances should be deployed
    • The admin page of both the UAG appliances should be accessible
    • Create a X-Large NSX Edge and make sure its deployed using HA (Active/Passive)
    • Enable Syslog on the NSX Edge
    • Reserve the VIP IP address used by NSX

    Step-by-Step guide (Part1 – We shall cover Global Configuration, Application Profiles and Service Monitoring)

    1. Configure the Load Balancing – Global Configuration

    • Log into the Edge GW you need to configure and go to the Manage tab then the Load Balancer tab.
    • Click on Global Configuration
      • Check the Enable Load Balancer checkbox
      • Check the Enable Acceleration checkbox
      • Check the Logging checkbox
      • Change the Log Level dropdown to Warning
      • Leave the rest as the default
      • Click Ok
        Global Configuration

    2. Configure the Load Balancer - Application Profiles

    • Overall we will be creating three Profiles - HTTPS, TCP and UDP as follows:
      Application Profiles
    • Click on the green plus sign to add the HTTPS profile
      • Set the Name to XX_External-SSL_Offload
      • Set the Type to HTTPS
      • Set Enable SSL Passthrough
      • Persistent to Source IP
      • Expires in (seconds): 28800 (Preferably match it from Horizon Administrator - Global Configuration Settings)
      • Everything else should be blank, grayed out, or None
      • Click Ok
        SSL_Offload
    • Click on the green plus sign to add the TCP profile
      • Set the Name to XX_External-TCP
      • Set the Type to TCP
      • Persistent to Source IP
      • Everything else should be blank, grayed out, or None
      • Click Ok
        TCP_Profile
    • Click on the green plus sign to add the UDP profile
      • Set the Name to External-UDP
      • Set the Type to UDP
      • Persistent to Source IP
      • Everything else should be blank, grayed out, or None
      • Click Ok
        UDP_Profile

    3. Configure the Load Balancer - Service Monitoring

    • Overall we will be creating three Service Monitors - HTTPS, TCP and UDP as follows:
      Service_Monitoring
    • Click on the green plus sign to add the Access Point TCP Monitor.  This one monitor will be used for all APs.
      • Set the Name to default_tcp_monitor
      • Set the Interval to 5
      • Set the Timeout to 15
      • Set the Max Retries to 3
      • Set the Type to TCP
      • Click Ok
        TCP_Monitor
      • Click on the green plus sign to add the Access Point HTTP Monitor.  This one monitor will be used for all APs.
        • Set the Name to default_http_monitor
        • Set the Interval to 5
        • Set the Timeout to 15
        • Set the Max Retries to 3
        • Set the Type to HTTP
        • Set the Method to GET
        • Click Ok
          HTTP_Monitor
        • Click on the green plus sign to add the Access Point HTTPS Monitor.  This one monitor will be used for all APs.
          • Set the Name to default_https_moinitor
          • Set the Interval to 5
          • Set the Timeout to 15
          • Set the Max Retries to 3
          • Set the Type to HTTPS
          • In the Expected field, type:  HTTP/1.1 200 (note there is a space between the 1.1 and 200)
          • Set the Method to GET
          • In the URL field, type /favicon.ico
          • Click Ok
            HTTPS_Monitor

    Remaining configuration around the “Pools” and “Virtual Servers” to be continued in the NSX Load Balancing for VMware Unified Access Gateway – Part2

    I hope you find these steps useful and don’t have to invent the wheel when it comes to NSX LB for VMware UAG.

    Thanks,
    Aresh

    My Blog List