VCP6-DTM Study Guide continue with today's post VCP6-DTM Objective 2.1 – Configure Horizon (with View) Composer. Horizon View composer is an essential piece of the artchitecture allowing to use linked-clones. The big advantage of linked-clones is storage savings that it allows, because linked-clone desktops share a base system-disk image, they use less storage than full virtual machines. Check all exam objectives on the VCP6-DTM Study Page here.
To create a linked-clone desktop pool, View Composer generates linked-clone virtual machines from a snapshot of a parent virtual machine. View Manager dynamically provisions the linked-clone desktops based on settings that you apply to the pool.
But let's get started today's objective with the following chapters and knowledge:
- Describe default port settings for View Composer
- Determine domain accounts used for QuickPrep
- Determine the vCenter™ Server host system
- Identify necessary account domain permissions and domain trust relationships
- Enable View Composer from View Administrator and add domain account(s)
Quick overview of View Composer functionnality (img. courtesy of VMware).
Documentation Tools
- Horizon View Installation Guide
- Horizon View Administration Guide
- Horizon View Architecture Planning Guide
- Horizon View Administrator
Describe default port settings for View Composer
The default port to allow View Composer to communicate with vCenter is 18443. You may need to open port 18443 in the system firewall.
- TCP 902 on ESXi must be opened
- 80
- 443
From the documentation:
The SSL certificate that is used by the View Composer service is bound to a certain port by default. You can replace the default port by using the SviConfig ChangeCertificateBindingPort utility.When you specify a new port with the SviConfig ChangeCertificateBindingPort utility, the utility unbinds the View Composer certificate from the current port and binds it to the new port.
During installation, View Composer configures the Windows firewall to open the required default port. If you change the port, you must manually reconfigure your Windows firewall to open the updated port and ensure connectivity to the View Composer service.
Stop the View Composer service > Open a command prompt on the Windows Server host where View Composer is installed > Type the SviConfig ChangeCertificateBindingPort command.
For example:
sviconfig -operation=ChangeCertificateBindingPort -Port=port number
where -port=port number is the new port to which View Composer binds the certificate.
The -port=port number parameter is required.
Restart the View Composer service to make your changes take effect.
Also you should review VMware KB Article 1027217 Network connectivity requirements for VMware View Manager 4.5 and later
Determine domain accounts used for QuickPrep
The quickprep component (it's VMware view utility) is used to do the customization of the horizon view linked-cloned desktops. It uses the same account that Horizon View composer guest agent server service is configured to use to. Usually it's the Default System account. To ensure security, create a separate user account to use with View Composer. You can give the account the minimum privileges that it needs to create and remove computer objects in a specified Active Directory container. The View Composer account does not require domain administrator privileges, but shall have at least:
- List Contents
- Read All Properties
- Write All Properties
- Read Permissions
- Create Computer Objects
- Delete Computer Objects
Check this KB with video: Creating a QuickPrep user account for VMware View Composer operations.
Quickprep or sysprep, What's the difference? Here is the answer: Differences between VMware QuickPrep and Microsoft Sysprep
Determine the vCenter™ Server host system
The goal is to add vCenter server, within the view administrator's UI… Let's first login into the Horizon View Administrator.
Then through the configuration menu, through View configuration click the
Identify necessary account domain permissions and domain trust relationships
You should check the VCP6-DTM Objective 1.5 – Prepare Environment for Horizon (with View) where we discussed the details. Without the proper setting of your AD groups, AD organizational units (OU), vCenter users (and priviledges) the environment will not meet the requirements and some components might not work correctly or users will get too many priviledges and perhaps put your company at risks.
Enable View Composer from View Administrator and add domain account(s)
Here we will be using the AD account which we created in Objective 1.5. Login to the View administrator and then go to the View Configuration > Servers > vCenter server TAB > Select vCenter Server > Edit > click the second button from the top > Edit
Here we can specify the service account used for composer to interact with vCenter. [note that this depends on how you have installed composer, if on the same server as vcenter or on separate server]. Check VCP6-DTM Objective 1.5 – Prepare Environment for Horizon (with View) for more details.
Then after validating we have the default certificate error. In production environment you should use commercial SSL certificate, but here we can just click View Certificate to Accept this default certificate, as is.
And then click OK to validate.
You should end up with a screen like this.
Check all exam objectives on the VCP6-DTM Study Page here.
