Automating the installation of Horizon View Connection Servers
The procedure for installing VMware Horizon View has not changed much over the last few years, even if the features of the product itself have. Other than the removal of the Horizon View Transfer Server option, starting with Horizon View Horizon View 6, the installation process is the same as it was with Horizon View 5.
Getting ready
In this section, we will learn how to install the Connection Server software using command-line options, which enables us to perform fully automated, silent installations. These commands can be used with automation platforms such as vCloud Automation Center ( Microsoft System Center Configuration Manager (http://www.microsoft.com/en-us/server-cloud/products/system-center-2012-r2-configuration-manager/default.aspx) to automate the deployment of new Horizon View pods or even to add replica Connection Servers to an existing pod.
This installation is performed directly on the Windows server that will host the Connection Server role using the Connection Server installation executable.
How to do it...
In this section, we will demonstrate how to perform an unattended installation of Horizon View standard, replica, and security servers.
The sample command-line installation of a standard Horizon View Connection Server
The following command shows us a sample syntax for a command-line installation of a standard Connection Server, which is also known as the first Connection Server in a pod. The highlighted text should be replaced with values that apply to our environment. Of the command-line options shown, only VDM_SERVER_RECOVERY_PWD_REMINDER is optional:
VMware-viewconnectionserver-x86_64-y.y.y-xxxxxx.exe /s /v"/qn VDM_SERVER_INSTANCE_TYPE=1 VDM_INITIAL_ADMIN_SID=X-X-X-X-X-X VDM_SERVER_RECOVERY_PWD= Password VDM_SERVER_RECOVERY_PWD_REMINDER="Password reminder""
Refer to the Horizon View Connection Server command-line options section of this chapter for an explanation of each command-line option.
Note
Use the VMware-viewconnectionserver-x86_64-y.y.y-xxxxxx.exe /? command to display all of the command-line options, including ones not used or required during installation.
Note that if your Connection Server recovery password includes spaces, you will need to place the password value within quotes. In the example provided, the recovery password command-line switch will appear as follows: VDM_SERVER_RECOVERY_PWD="four word recovery password".
The following screenshot shows you this command being used to perform a silent installation of a standard Connection Server. In this example, we are granting administrative access to the AD security group whose SID we obtained in the How to obtain Active Directory object security identifiers section.
The sample command-line installation of a replica Horizon View Connection Server
The following command shows you a sample syntax for a command-line installation of a replica Connection Server. A replica server is used to provide high availability for the Connection Servers as well as support for additional Client connections. The text highlighted should be replaced with values that apply to our environment. In this example, we are using only those commands that are explicitly required to install a replica Connection Server:
VMware-viewconnectionserver-x86_64-y.y.y-xxxxxx.exe /s /v"/qn VDM_SERVER_INSTANCE_TYPE=2 ADAM_PRIMARY_NAME=ExistingViewServerFQDN"
The following screenshot shows this command being used to perform a silent installation of a replica Connection Server. In this example, we are creating a replica of the viewcs01.vjason.local Connection Server:
The sample command-line installation of a Horizon View Security Server
The following command shows us a sample syntax for a command-line installation of a Security Server. The highlighted text should be replaced with values that apply to our environment, although some values, such as ports and protocols, are shown set to their suggested values:
VMware-viewconnectionserver-x86_64-y.y.y-xxxxxx.exe /s /v"/qn VDM_SERVER_INSTANCE_TYPE=3 VDM_SERVER_NAME=IPorFQDNofPairingConnectionServer VDM_SERVER_SS_EXTURL= https://ExternalFQDNofSecurityServer:443 VDM_SERVER_SS_PCOIP_IPADDR=X.X.X.X VDM_SERVER_SS_PCOIP_TCPPORT=4172 VDM_SERVER_SS_PCOIP_UDPPORT=4172 VDM_SERVER_SS_BSG_EXTURL=https://ExternalFQDNofSecurityServer:8443 VDM_SERVER_SS_PWD=secret""
Refer to the Horizon View Security Server command-line options section of this chapter for an explanation of each command-line option.
Note
If your security server password includes spaces, you will need to place the password value within quotes. In the example provided, the security server pairing the password's command-line switch will appear as follows:
VDM_SERVER_SS_PWD="four word secret password""
Since this is the last value provided in the sample command, it would also need a second quote at the end, as shown.
The following screenshot shows this command being used to perform a silent installation of an additional Security Server. In this example, we are pairing the Security Server with the viewcs01.vjason.local Connection Server using a previously configured pairing password of 1234 and setting the PCoIP IP address and external URL as shown:
How it works...
The same Connection Server installer file is used to install both standard and replica Connection Servers as well as Security Servers. This section will focus on standard and replica Connection Servers only; Security Servers are discussed in The sample command-line installation of a Horizon View Security Server section of this chapter.
Note
When we perform a silent installation of the Connection Server software, the data recovery password is logged in the installer's vminst.log file. This logfile should be edited to remove the password, and a global data recovery password set using the procedure outlined in the How to set a global Horizon View recovery password section of this chapter.
Horizon View Connection Server's command-line options
The following table provides a detailed list of the different command-line options that can be provided when performing a command-line installation of a standard or replica Connection Server. Note that some command-line options only apply to replica Connection Servers. These include the ADAM_PRIMARY_NAME and ADAM_PRIMARY_PORT properties.
Horizon View Security Server's command-line options
While the Security Server is installed using the same installer as the standard and replica Connection Servers, only the following three command-line options apply to Security Server installations:
FWCHOICEINSTALLDIRVDM_SERVER_INSTANCE_TYPE
Refer to the Horizon View Connection Server's command-line options section of this chapter for an explanation of each of these command-line options.
The following table provides a detailed list of the different command-line options that can be provided when performing a command-line installation of a Security Server. These command-line options apply only to Security Server installations.
How to obtain Active Directory object security identifiers
When installing the Connection Server software using the command line, we have the option of specifying an Active Directory (AD) user or group that will have administrative access to the pod. This is done using the VDM_INITIAL_ADMIN_SID property and by supplying the AD SID of the user or group for which we wish to have administrative permissions. If this value is not supplied, administrative access will be granted to the local administrators group on the server where the Connection Server was installed.
While the SID can be viewed in the Active Directory Users and Computers console (ADUC), it cannot be copied, which makes creating scripts difficult, as the SID is a lengthy random string of characters that must be copied manually. Fortunately, we can use Windows PowerShell to obtain the SID, at which point, it can be copied straight from the PowerShell console.
The following two PowerShell commands can be used to display the SID of an AD user or security group. The highlighted text should be replaced with the AD user or group name of the object we wish to obtain the SID for:
$name="UserorGroupName" (New-Object System.Security.Principal.NTAccount($name)).Translate([System.Security.Principal.SecurityIdentifier]).value
The following screenshot shows this command being used to obtain the SID for both a security group (View_Admins) and an AD user account (svc-view):
Only one SID can be granted administrative access to Horizon View when the software is being installed; additional administrators can be specified in the Horizon View Manager Admin console by navigating to View Configuration | Administrators, if required.
How to set a global Horizon View recovery password
By default, when installing the Connection Server software, we are asked to provide a recovery password, which that is used in the event that we need to restore the Horizon View Active Directory Lightweight Directory Services (AD LDS) database. To ensure consistency across our entire pod, we should set a global recovery password that is recorded in the Horizon View AD LDS database and subsequently replicated to all of the Connection Servers in the pod.
Once a global recovery password has been created, any additional Connection Servers that are added to the pod will not be required to provide a recovery password during the installation process.
To create a global recovery password, use the Horizon View Manager Admin console by navigating to View Configuration | Global Settings | Change data recovery password, as highlighted in the following screenshot:
