Category: Uncategorized

Posted on

The Management Pack for Horizon 2.6.1 is now available!

As of August 8th, 2023, the Management Pack for Horizon 2.6.1 is now available. While this is considered a minor release in terms of net new features from 2.6.0, there have been a number of enhancements to the adapter to improve Horizon supportability for new versions of the Horizon platform as well as new features that allow for scripted actions to be performed on connected Horizon sessions.

Top Feature Enhancements

  • Horizon VDI Session In-guest Scripted Actions
  • Horizon 2303 and 2306 support
  • Federal Information Processing Standards (FIPS) 140-2 enhanced security mode.
  • Support for the latest Horizon SDK version 28.

Link to Download: https://marketplace.cloud.vmware.com/services/details/vmware-aria-operations-management-pack-for-vmware-horizon-2-6-1-1?slug=true

In-guest Scripted Actions

Since scripted actions have been a long-standing customer ask, lets take a look at what actions are now supported when troubleshooting a Horizon User’s VDI session and how to use them.

To get started, first we need to find a Horizon User’s VDI Session that we want to troubleshoot. This can be done multiple ways, but the easiest way is to use the search bar and search for the users AD Logon Name. You will see a couple of Horizon object types to select from, one is the User object and the other is the VDI session object(s). The User object is typically the best object to start with if you’re not sure which Session object the User is connected to. If there is only one session object, clicking it directly is the quickest path, but for the sake of this blog I will choose the Horizon User Object.

From the User Object Summary Page we will select the VDI session that we want to troubleshoot. **Note: It’s recommended to perform this action on sessions that have Connected Sessions. If the session is in a Disconnected state and the relationship to the desktop no longer exists, then the action will not be able to be performed.

From the User Session Object Summary Page you will notice a new Actions menu option. Click Actions to see the list of available scripted actions that can be performed on the Horizon VDI session.

Get Top Processes

The first available action is “Get Top Processes”, which is meant to provide additional insight as to which processes are consuming the most CPU, Memory, and I/O. This is helpful in scenarios where you see the desktop CPU Usage is > 95% or Available Memory is low < 512MB, and you need to know which process(es) are consuming most of the resources.

Selecting “Get Top Processes” will open a prompt where you will need to provide AD credentials that has admin level access to the Guest OS that can run the desired script.

After clicking “Begin Action”, another prompt will appear that lets you know the Task has been created. Clicking on the Task ID will take you a new page that will allow you to watch it’s progress till completion.

Once the task is completed, click the browser back button to return the Horizon Session Summary Page. Scroll down until you see the “VM scripted Actions” widget. Click the “Results:” down arrow and select “Get Top Processes…” from the list.

This is will display the results of the Get Top Processes script if the proper credentials were provided. Otherwise, you may see an error stating the action did not have the appropriate credentials.

Kill Specific Process

After reviewing the results of the “Get Top Processes” widget, you may decide that you need to terminate a process that is causing performance issues for the user. This is the purpose of the “Kill Specific Process” scripted action.

Just like “Get Top Processes” workflow, select the “Kill Specific Process” action from the “Action” menu. A prompt will appear asking you for the Process ID that you want to terminate and admin credentials that have Guest OS level rights to run the script.

Clicking “Begin Action” will provide you a prompt with the Task ID and link to review the progress of the script execution. Once the action shows “completed”, click the back arrow to return to the VDI Session summary page. Scroll to the “VM Scripted Actions” widget, click the “Results:” down arrow and select the “Kill Specific Process” result to see the action was successful.

Since the workflow to execute and monitor the actions are basically the same, I will just focus on the purpose and expected outcome of the remaining two actions.

Login Time Analysis

From the beginning of the Management Pack for Horizon we have supported the ability to show and display excessive login times by session, by user, and by which VDI pools have the longest login times.

However, to get a full breakdown of every step of the logon process and what factors/events are contributing to the login process requires in-guest scripting to evaluate the timing of all of the logon events. While a portion of the logon process is Horizon brokering, most of the login sequence is purely based on Windows events and services such as Group Policy processing, User Profile loading, Appx file associations and packages, Logon Tasks, App Volumes, and Dynamic Environment Manager (DEM).

With MP4H 2.6.1, we now provide a detailed Logon Time Analysis scripted action to perform the necessary event analysis and provide a detailed report that shows the breakdown of the logon events and their processing time.

To execute the script properly, you will need to provide the domain\username of the logged in user who you are running the analysis for, as well as the admin credentials that are required to execute the script within the guest OS.

The output can vary depending on which services you are using in your environment and the number of policies and tasks that are being executed. Since the output is long I split it across two images:

**Note that the total Logon time in the output of the script will be slightly less than the time shown on the Users Session object. This is due to the script only having the rights to view what events are happening at the Windows Guest OS level. Any Horizon events such as brokering are outside of the scope of the scripted action.

In this specific output of the script, the “Duration” of the login was 78 seconds. However, the User’s VDI Session is showing a total Logon Time of 87 seconds. This is expected behavior given how the two methods of calculating the logon time are very different.

Traceroute

Lastly we have added the option to perform a “Traceroute” from the users desktop to any network target or route that you are trying to troubleshoot performance to. By default the IP Address of the Horizon Client will be populated, but this can be changed to another IP address that is more relevant for a given network troubleshooting scenario.

This action is helpful in determining if there are any network communication or performance issues along the route that requires troubleshooting.

In conclusion, while MP4H 2.6.1 is only a minor release in terms overall features added, we have added some very important functionality to improve how our customers can gain additional insight into performance issues within the Guest OS, take corrective action if needed, provide a detailed login analysis of issues impacting the user’s login experience, as well as providing the ability to do additional network troubleshooting from the User’s desktop.

For the next release, we hope to bring even more valuable features to enhance our customers ability to provide insight and analysis of their Horizon environments and Users. So stay tuned…

Posted on

MP4H 2.0 What’s New and Use Cases

As of 1.27.2022, the Management Pack for Horizon 2.0 is now released and available for on-prem or cloud customer deployments! This is an exciting release as it brings a number of groundbreaking features to further enhance our customer’s ability to successfully monitor, maintain, and optimize their Horizon deployments.

This list of enhancements include:

Primary use cases for Unified Access Gateway (UAG) monitoring include:

Primary use cases for Horizon Connection Server monitoring include:

Introducing Horizon User Capacity and Right-sizing metrics:

Introducing Horizon VDI Pool Capacity and Configuration optimization metrics:

Horizon User Experience/Performance KPI:

Ready to get started?

https://marketplace.cloud.vmware.com/services/details/vrealize-operations-management-pack-for-horizon-1-1-11111-11?slug=true

Posted on

Location analysis using vROPs for Horizon

As the number of user sites or locations increases, having good visibility into the overall quality of connectivity of those sites to your Horizon View data center(s) becomes increasingly important. Having worked with many customers on troubleshooting connectivity between such locations, it has become clear that monitoring only at the physical network layer is not sufficient to properly diagnose user connectivity issues impacting the display protocol. In fact, in most cases, it’s the configuration of the physical layer that causes the issue(s), and the device(s) in question do not have the ability to diagnose or detect their impact to the display protocol.

Alas, all hope is not lost! With vROPs for Horizon, we have the ability to monitor the key metrics related to protocol performance and can alert when those metrics have reached critical thresholds. We can also leverage a handy custom grouping feature to organize the remotely connected sessions into defined sites or locations, based on information available in the user’s session data. We can then leverage Super Metrics to calculate the overall health of the group of connected sessions from that site, and then display and alert when the health has dropped below our SLA thresholds.

Sound like something you want to take on? Then read on!

V4H 7.5 Horizon Site Analysis ContentDownload

First things first… 1️⃣

We need a strategy to capture and organize how we determine which connections are from which site. The most common approach is to leverage the known internal subnet IP range for that site, and set that as the primary filter for the custom group. However, additional metrics supplied by the user’s session data can be leveraged as well.

In this example, I will create a new Site labeled “External Users”, under the “Location” group, and filter on all users who have an internal subnet IP containing “192.”.

Navigate to Environment tab -> Location -> +
Notice that both session types Desktop and Application are added separately. While not required it will impact which sessions are captured, so make sure to add the required session types.

Note: It may take some time before the group starts to populate the sessions, and as noted in the image above, population updates are every 20 minutes.

You will also want to create at least one more additional site for comparison purposes. In the example below, I have created an “Internal Users” site that filters on 10.x networks to separate the session traffic.

Second is just after first… as long as we’re counting up! 👆

Once your group has started to populate with sessions, it’s time to create meaningful Super Metrics on the group that will give us insight into how well that site is connected.

By default, vROPs 7.5+ will create population TotalCount and Health Criticality Total Count metrics. These will be useful in leveraging out-of-box KPI based alerts that track how well users are connected to the Horizon Environment and let us know the distribution of good to bad connected sessions from that site.

Out of box Health Criticality counts on the custom group.

Leveraging Super Metrics, it’s time to create additional site tracking metrics that include, but are not limited to, average site Latency, Packet Loss, Jitter, Frame Rate, and Transmitted Bytes.

Super Metric name is “Total Site VDI Avg Packet Loss”.
Use the Avg function on the VDI Session Blast Packet Loss Uplink metric.
Assign the Super Metric to the “Location” object.
Select the active policy that will allow the Super Metric to collect.
Verify that the “Location” Object Type has been assigned to the Super Metric.
Verify that the active policy is associated with the Super Metric.

Thirdly Rinse and Repeat… ♻️

Continue to create the Super Metrics for the additional session metrics that you want to collect. As in our example below, you will need to do this for both the VDI and Application Sessions individually to capture the metrics from both types of sessions.

Completed Super Metrics list.

Now… what to do with all this stuff? 🤔

Now that we have meaningful Super Metrics on our custom group, it’s time to display that data in a way that it makes it easier to diagnose specific site connectivity issues, and compare that site against other sites that are connecting to our Horizon environment.

To do so, I’ve created a custom example Dashboard that allows you to select from the list of defined sites, and then display the relevant Alerts and Super Metrics that we defined on those sites. While you can choose to display the data in any manner you see fit, I’ve chosen to use a combination of Scoreboard, Distribution, and Heatmap widgets.

I’ve also chosen to label the widgets using an ordered numbering system with directions so that other users leveraging the dashboard will know how it’s meant to be consumed.

1) Select the site. 2a) Review the site alerts. 2b) Review the break down of criticality of alerts. 3a) Review Super Metrics that were created to analyze the site connectivity.
3b) and 3c) Notice that clicking on a Distribution View will show you which session(s) fall under the defined performance “buckets”.
4a) Select a problem session. 4b) Review scoreboard of relevant KPIs impacting that session. KPI’s are colored to show level of impact to the user’s session. 4c) Review session related objects looking for other impacted objects with alerts.

Continue your analysis of the Application Sessions if relevant for your site. The workflow will be the same as the above VDI Session analysis.

5a) Review the App Session Super Metrics for anomalies.
5b) and 5c) Clicking the Distributions will show you the session(s) the fall into each performance “bucket”.
6a) Select the session you want to review. 6b) Review the Scoreboard metrics for offending KPIs. 6c) Review the session relationship chart and look for additional objects with Alerts that may be impacting the user session.

Next steps… Download and enjoy! 🏁

Now that we’ve discussed how to create the content and the high-level strategy for performing the site connectivity analysis, it’s time to download and import the content . The zip file provided in this blog contains all of the content that is required to create the custom dashboard, except for the step on creating the custom group locations. That step will still be required for you to define what “Sites” you want to monitor for connectivity performance.

Contents of the zip include a Dashboard_Horizon Site Location Analysis.zip, Views_Horizon Site Location Analysis.zip, and Supermetric_Horizon Site Analysis.json. All of which need to be imported and at least one Location group defined before the Dashboard will function properly.

Enjoy! Please provide thoughts or feedback on how to make the dashboard and content better.

V4H 7.5 Horizon Site Analysis ContentDownload
Posted on

vROPs for Horizon Horizon Help Desk Dashboard Overview

This video is a quick demonstration of how to leverage the latest vROPs for Horizon Help Desk dashboard to quickly find and troubleshoot user session performance issues within a Horizon View environment.

Please leave feedback or comments for any additional training videos that you would like to see posted in upcoming blogs.

 

Posted on

How to deliver a persistent desktop experience with mandatory profiles and UEM

Disclaimer:

This document is not intended to show the complete process of how to setup and install UEM, or highlight all of the possible AD policies that can be leveraged for customer deployments.  It is intended to show a simplified process of turning a Default Windows profile into a Mandatory profile, recommend GPO polices to simplify management and clean up of profiles, and redirect key folders to keep user data after logoff.  UEM will be used to deliver as well as capture user application settings.

App Volumes Notice:  If leveraging this methodology for an App Volumes deployment, make sure that the agents are installed in the correct order.  The order of installation is View Agent, UEM agent, and App Volumes respectively.

** As new versions of UEM are released, some steps maybe simplified over time.

Creating the Mandatory Profile:

Step 1: From a Windows 7 Desktop, navigate to C:\users\.

If the Default profile folder is not visible, change your default folder view options. Choose Show hidden files, folders, and drives, and uncheck Hide protected operating system files (Recommended).

Step 2:  Copy the Windows 7 Default folder to your Mandatory profile network share. 

Make sure the share is set for Everyone to have a minimum of Read access.

Step 3:  Open the Default folder copied to your network share.  Rename ntuser.dat to ntuser.man.  It is also recommended to delete the following files:

  • DAT Text Document
  • DAT.LOG1 LOG1 File
  • DAT.LOG2 LOG2 File

Step 4:  Rename the Default folder to Default.V2 for Windows 7+ OS users.

Optionally you can create a copy of the folder and leave the Default name without the .V2 for XP users.

Create Mandatory Profile Summary:

At this point you should have clean mandatory profile that was generated from the Default profile available in Windows 7.  That profile was copied to a network share, and we verified that the Everyone group has the Read permissions on that share.  The ntuser.dat file was renamed to ntuser.man, and the extra files were deleted.  The folder was renamed to Default.V2 for Windows 7 + OS users.

By leveraging the Default profile, we have removed a lot of steps typically involved in the creation of a mandatory profile.  This will also help to speed up user logins, as well remove additional variability from the desktop environment.

Enabling Active Directory group policies to leverage the Mandatory profile and folder redirection.

Step 1: Set the OU Computer Configuration policy to “Always wait for the network at computer startup and logon” to Enabled.

 In the group policy editor, navigate to Computer Configuration-> Policies -> Administrative Templates-> System-> Logon, and change the policy setting to Enabled.

Step 2:  Edit the Computer User Profiles policy, “Set roaming profile path for all users logging onto this computer” to Enabled, and specify the network share path. 

In our example the share path is\\adserver\ManProfile$\Default.  **Do not include the .V2 in the folder path.

Step 3:  Edit the Computer User Profiles policy to configure the user’s home directory path. 

In our example the path is \\adserver\HOME$\%username%.  You will need to make sure to set the proper sharing and security settings, so that the users can properly access their home folder.  This process is not covered in this document, but can be found through various resources.  Domain Users should have Full Control access to the share as shown in the pictures below.

Step 4:  Optionally you can set the Computer policy “Delete cached copies of roaming profiles” to Enabled

This feature will make sure the users profile folder is automatically deleted on logoff.  If you are implementing a non-persistent virtual desktop environment and the refresh on logoff feature is enabled, this feature may be considered redundant, as the refresh process will automatically get rid of the user’s profile folder.

 

Step 5: Now we must set the User Configuration policy to redirect the users Desktop and Documents.

In the GPO Management Editor, navigate to User Configuration->Policies-> Windows Settings-> Folder Redirection-> Desktop.  Right-click and select properties.  Under Setting: select Basic – Redirect everyone’s folder to the same location.  Under Target folder location, make sure that Create a folder for each user under the root path is selected.  Set the Root Path to the users Home$ directory share.  In our case the share is \\adserver\HOME$

Step 6:  Perform the exact same procedure as above for the Documents setting.

Enabling AD GPO policies Summary: 

At this point we have enabled multiple Computer policies for Network Logon, as well as User Profiles.  The policies tell our computer to wait for the network at logon, and when a user logs in, force them to use the mandatory profile we created in part one.

We also specified that we want to redirect the user Desktop and My Documents to a user network HOME$ share.  This will allow changes made to the Desktop, and files added to My Documents to follow them between desktops, whether they are physical or virtual.

Now we are ready to leverage UEM to deliver and maintain personalized app settings for the users.

Working with UEM to deliver a persistent experience:

This portion of the document assumes you already have UEM deployed in your environment.  For guidance on installing UEM, see the UEM Install Guide in the Reference section.

Why Horizon UEM:

VMware UEM is able to deliver default or customized application settings directly to the user’s desktop session without leveraging a local or roaming profile.  It also has the ability of capturing the user’s application settings changes, storing them directly to a file share without the need of a complicated database infrastructure, which allows it to have unlimited scalability. This capability dramatically simplifies the overall management of physical of virtual desktop environments, by removing the need to store and maintain user profiles to deliver application settings, as well as eliminating user profile corruption issues.

By storing the application settings outside of the user’s profile, this allows for seamless transitions between OS versions, as the profile compatibility variable is removed.

Application Personalization:

UEM leverages a whitelist approach to delivering and capturing user application settings.  There is a built-in application list, that can easily be added to using the Application Profiler.  Simply run the Application Profiler on a system that has the application installed, launch the application, and it will generate the necessary config files to import directly into UEM.

The config files will include registry entries and AppData folders where UEM will capture and push data to.  If a user determines that his application settings are not being stored between sessions, you can run the Application Profiler, create the necessary configs, add them to the UEMConfig\general\Application folder, and their settings will then be captured.

Mandatory Profile Demonstration:

In our example, we will demonstrate leveraging a mandatory profile created from a Windows Default profile, for a user who has never used MS Office 2013.

User logon:

Once the user has logged in, even though they are forced to use a Default Mandatory profile, UEM has dynamically provided them shortcuts to desktop.

Even though the user has never used Word, nor is there a profile to capture or store settings, launching word from the Start Menu reveals that the user name and AD account information is automatically populated into the application, even on first launch.

Unchecking the default options under General and logging off the machine, results in those options being stored into the User’s application settings share folder.  On next logon, the unchecked General options remain for the user.

References:

User Environment Manager Administrator’s Guide:  https://www.vmware.com/pdf/uem-870-admin-guide.pdf

Application Profiler Administrator’s Guide:

https://www.vmware.com/pdf/uem-870-app-profiler-admin-guide.pdf

Posted on

vROPs for Horizon Custom Content v8.3

**This content is now included out-of-box in the vROPs for Horizon Adapter installation .pak file and dashboards download file available at:  downloads.vmware.com

The latest vROPs for Horizon custom content includes an updated End User Experience and Help Desk dashboard, with Blast Session Metrics and Alerts, Horizon Client External IP address, as well as new Navigate to “Horizon Root Cause Analysis Dashboard” functionality.

End User Experience Dashboard:

To use the root cause analysis dashboard, select any object from a heat map or relationship chart on the End User Experience dashboard, then select the Navigate to “Horizon Root Cause Analysis” option to begin troubleshooting.

EUV New Blast Session Metrics
New Blast Session Metrics and Root Cause functionality.

Horizon Root Cause Analysis:

The Horizon Root Cause Analysis Dashboard allows you to quickly switch between correlated environmental objects, and see the best practice metrics and alerts on the selected item.  Colors will change to indicate any problem metric, or simply provide visibility into metrics of “interest”.

Select the object you want additional information on, and the best practice metrics will be viewed in the Scoreboard below, as well as any alerts on the selected object.  You can also click a Scoreboard metric to add it to the Selected Metric Chart widget, as well as switch objects, and continue to build out the metric chart with various environmental objects to put together a cross-environment “picture” for analysis.

New Root Cause Analysis Dashboard
New Root Cause Analysis Dashboard

Horizon Help Desk Dashboard:

The latest Help Desk Dashboard includes Blast Session metrics and alerts, as well as an updated Horizon Client Details widget to include the External/Internal IP of the users client connecting to the environment.  The navigate to “Horizon Root Cause Analysis” Dashboard functionality is available on the user session and related objects widgets.

Updated Metric Config to drive the latest Scoreboard content:  

To leverage the latest Scoreboard content to see Blast Session metrics, a new metric config labeled “Session_Desktop_stats_v2.xml” is included in the latest content pack.  All three dashboards included in the content pack leverage this metric config file to highlight and display key offending metrics for ease of troubleshooting.  To add the new metric config, navigate to Content -> Manage Metric Config, click add new and use the exact name of “Session_Desktop_stats_v2.xml”. Then copy and paste the content of the included metric config, and click Save.

If the dashboard fails to load the content correctly, click the edit icon on the Scoreboard widgets and make sure they are pointing to the correct file name created above.

New Help Desk Blast and IP
New Help Desk Dashboard with Blast Metrics and External/Internal IP visibility.

To reduce the number of clicks required for administration and add additional visibility to end-user environmental issues, a new Host Metrics scoreboard has also been added to the Help Desk dashboard.  The scoreboard will show best practice metrics in green, and any metrics of concern or interest will change color (yellow, orange, red) depending on the latest reported value.

New Help Desk Host Metrics
See correlated best practice host metrics without additional navigation.

New Session Alert:

In addition to the new dashboard content, Blast and PCoIP session metrics have been added to a new single alert named “Session Protocol Performance Degraded”.  This replaces the existing PCoIP Performance Degraded degraded alert.  This will need to be imported under the Content -> Alerts menu.

New How To Widgets available on each dashboard:

Each dashboard now contains a “How to use…” widget that provides a brief description how to quickly operationalize the dashboards.  The widgets leverage a URL link back to this website to display the latest instructions on how to use each dashboard.  If the widget doesn’t display the text correctly, make sure that the URL referenced in the edit widget screen is resolvable.

**Note that most of this content will be available out-of-box in the vROPs for Horizon 6.4 release due Dec 2016.  Additional custom content will only be available from this website.

Click to Download latest vROPs for Horizon Content 8.3    **download removed