Assigning users and groups to Horizon View sites

Previously in this chapter, we then about using Horizon View sites to control desktop assignments within a global entitlement. Using sites, Horizon View can restrict or prioritize the desktop assignment as follows:

• When the global entitlement has the --requireHomeSite option enabled, users are required to have a home site specified before they can be assigned a desktop
• When the global entitlement has the --fromHome option enabled, Horizon View will attempt to assign a desktop from their specified home site before assigning desktops located in other sites.
• Depending on the configuration of the global entitlement --scope setting, based on which pod they are connected to, they might be restricted to desktops in a specific site or even pod within a site (for sites that have more than one pod)

Getting ready

In the Configuring a VMware Horizon View Federated Pod section, we assigned our pods to sites named RTP and Santa-Clara. In this section, we will walk through assigning both AD security groups as well as individual users to a Horizon View site.

To assign AD users or groups to Horizon View Federated Pod sites, the command-line access to one of the Connection Servers in the federated pod is required.

How to do it...

In this section, we will walk through the steps required to assign both an AD user and security group. For this exercise, we will use the following resources:

• RTP and Santa-Clara: These are previously created Horizon View sites
• Global-Finance: This is a Horizon View global user entitlement
• ELehnsherr: This is an AD user account
• Santa-Clara-Finance: This is the AD security group

Note

If the --fromHome flag was not set when creating the global entitlement, Horizon View will ignore the AD user or group site assignments when assigning desktops to users. Refer to the Modifying a Horizon View global entitlement section of this chapter for instructions on updating the global entitlement settings after it has been created.

For each command shown in this section, we will see both the command syntax as well as a demonstration of the command being executed in our own Horizon View environment. Refer to the following steps:

1. To assign an AD user account to a site, we use the following command, which can be run on any Connection Server in the federated pod:
   • lmvutil.cmd --authAs user --authDomain domain --authPassword password --createUserHomeSite --userName "domain\userName" --siteName "site" --entitlementName "name"
   
2. To assign an AD security group to a site, we use the following command, which can be run on any Connection Server in the federated pod:
   • lmvutil.cmd --authAs user --authDomain domain --authPassword password --createGroupHomeSite --groupName "domain\groupName" --siteName "site" --entitlementName "name"

   Note

   As referenced earlier, prior to running this command, you would need to add the Santa-Clara-Finance AD security group to the global entitlement before assigning it to the Santa-Clara Horizon View site. If this is not done, an error will be displayed and the assignment will not be completed. Refer to step 4 in the previous section for instructions on how to add additional AD security groups to the global entitlement.

   

Since the AD user Horizon View site-assignment process must be performed using the command line one user at a time, it is much simpler to assign sites to the AD security groups instead and place the users in the appropriate security group based on their location or other requirements.

How it works...

The lmvutil.cmd command-line utility assigns AD users and groups to Horizon View home sites. The following table outlines additional command-line switches that are used as part of the site assignment. As previously noted, these switches are case-sensitive and each is preceded by two dashes.

There's more…

Since a Horizon View home site can be set at both the AD user and security group level, it is important to understand what the effective home site is. Using the lmvutil --resolveUserHomeSite command-line switch, we can determine the effective home site. The full syntax for the command is as follows:

• lmvutil.cmd --authAs user --authDomain domain --authPassword password --resolveUserHomeSite --entitlementName "name" --userName "domain\userName"

In the following screenshot, we see the effective home site for a user whose AD account was set to the RTP home site, while the AD security group they are a member of is set to Santa-Clara as the home site. Based on the configuration, Horizon View has determined that the effective home site is RTP.