By Charles Windom, Solutions Architect, Management Business Unit, VMware; David Wooten, vC Ops for View Product Line Manager, End-User Computing, VMware; Tim Whiffen, Staff Engineer, VMware; and Cynthia Heyer, contract technical writer, End-User Computing Technical Marketing, VMware
How many times have you been monitoring your Horizon View environment, and wished you had a dashboard that made sense? One that could immediately tell you what was wrong – not only with the Horizon View desktop and infrastructure, but with the vSphere infrastructure, too. One that could tell you before your users call your help desk complaining of access and performance issues? What if you could forestall executive staff complaints that they could not access their virtual desktops? What if you could prevent their desktop sessions from experiencing any issues in the first place?
The new release of VMware vCenter Operations Manager for Horizon View 1.5 (vC Ops for View) helps solve these problems. Here are three ways this new release gets us excited:
When we set out to monitor an environment, we want to concentrate on monitoring, and not spend a lot of time trying to get the product installed correctly. The vC Ops for View product installs in less than an hour because it is simply an extension of the enterprise version of vCenter Operations Manager (vC Ops). Right away you can start monitoring your Horizon View environment.
In a Horizon View 5.2 desktop environment, monitoring Horizon View is easy because the vC Ops for View data collector agents are automatically deployed with Horizon View agents. Security tokens are created for each virtual desktop to facilitate secure communications with the monitored Horizon View 5.2 environment.
To ensure security in monitoring a VMware View 5.0 or 5.1 desktop environment, you need a single install of the agent on the master image, a recompose of the VMware View environment, and a group policy object.
VMware vC Ops for View 1.5 can be deployed either by migrating an existing vC Ops for View 1.0.x installation to vC Ops for View 1.5 (after updating your Horizon View desktops to 5.2 if your desktops are being updated), or by freshly installing 1.5 with a new Horizon View 5.2 deployment.
See the vCenter Operations Manager for Horizon View 1.5 documentation for more information about installing vC Ops for View in your environment.
Previous versions of vC Ops for View were limited to a single environment of no more than about 3,000 desktops. To monitor more desktops, you had only two choices. You could monitor a subset (pool level generally) of the virtual desktop machines, or you could install an additional instance of vC Ops for View. This was limiting because multiple vC Ops for View monitoring environments were fragmented and did not provide a “single pane of glass” for monitoring, management, and control.
This new release of vC Ops for View supports up to 8,000 concurrent Horizon View virtual desktop users within a single instance of the vC Ops for View console. Multiple Horizon View pods can be monitored with the same vC Ops for View adapter instance, or you can install additional adapter instances on remote collector servers to collect data across different data centers. For additional scalability, multiple options for metrics collection are also now available. You can collect a partial set of metrics instead of the full set, which enhances scalability.
Licensing for vC Ops for View is by concurrent Horizon View user, just like Horizon View. This means you pay only for what you use, with the option of extending licensing in 10- or 100-user component packs.
See the vCenter Operations Manager for Horizon View 1.5 documentation for more information about scalability of vC Ops for View.
Administrators and monitoring teams spend less time troubleshooting end-user problems when they use vC Ops for View. The advanced analytics engine of vC Ops takes the metrics about the Horizon View infrastructure collected by the vC Ops for View adapter, and correlates those metrics to the effects on the end-user experience. These analytics create “dynamic thresholds,” which are used both proactively to reduce the number of alerts requiring attention, and reactively when a real problem occurs. This enables your monitoring teams to address “real” problems (rather than “false positives”), focus on their root causes, and correct problems before they impact your end users’ desktop experience.
VMware vC Ops for View uses dynamic thresholds to determine the expected range of resource behavior through learned upper and lower ranges of a metric’s value. Dynamic thresholds are superior to the static thresholds often relied upon by other monitoring solutions. Dynamic thresholds intelligently reduce the number of alerts and alarms that need to be evaluated or diagnosed. Whenever the monitored value of a resource metric exceeds a dynamic threshold (goes beyond the upper range), the behavior is considered abnormal, and the monitoring team is alerted. This pattern of behavior is also learned for future analysis of what is normal and abnormal behavior. These functions are all carried out automatically without operator intervention, reducing the complexity and overhead in monitoring large-scale virtual desktop deployments.
What about our wish for a dashboard that tells us everything? VMware vC Ops for View comes with preconfigured dashboards that can be completely customized to the customer’s requirements. Monitoring personnel can customize the dashboards to view only the components they are responsible for or must focus on. Your monitoring teams can analyze individual user sessions that might be experiencing issues. They can monitor a whole picture of the individual user’s environment to check for impending problems, or problems currently affecting the end user’s virtual desktop session.
Other vC Ops for View dashboards – such as the pool heat map – allow virtual desktop or help desk administrators to see exactly which virtual desktop sessions might be experiencing performance issues, as well as those virtual desktop sessions that might soon experience performance issues.
The vC Ops for View product can monitor the Horizon View infrastructure down to the host and datastore level, and alert your desktop operations team or administrators about problems in the vSphere environment as well. VMware vC Ops for View utilizes the familiar vC Ops badges, widgets, and skittles to provide a simplified picture of the whole virtualization “stack,” and provide a deep, under-the-covers view of the performance of the monitored vSphere environment.
These are just a few of the reasons we are excited about the release of VMware vCenter Operations Manager for Horizon View 1.5. We are sure this will excite you as you test-drive the product in your Horizon View environment.
See the vCenter Operations Manager for Horizon View 1.5 documentation to get up and running.
We’ve added to our collection of Certification Pros stories. Check them out to learn how VMware certification has helped these people advance their career, and what advice they have for others considering certification.
Want to join them? Share your story!
If you’re coming to VMworld in San Francisco and you’re VMware certified, we’d like you to share your story to help others become certified. We are doing short, interview-style videos for the Certification Pros website, and we’d love to include you. Don’t be camera shy! Your accomplishments are inspirational and your advice on the best way to prepare for certification is invaluable to someone thinking about getting certified! If you are interesting in being videotaped or want more details, please contact us at email@example.com.
By Erik Frieberg, Vice President, Product Marketing, End-User Computing
As you know, supporting the mobile workforce is a daunting challenge. Users are increasingly demanding to use their own mobile devices, and yet, according to IDC’s most recent mobile enterprise software survey, 43% of companies are currently experiencing compliance issues with their mobile deployments, with 53% citing a lack of appropriate IT resources today as a potential roadblock to pursuing a successful mobile strategy in the future[i].
Today, VMware is making it easier to support the mobile workforce by introducing the general availability of VMware Horizon Workspace™ 1.5, which offers a highly integrated mobile management platform. This release simplifies the experience for both the end user and the IT administrator who must support the mobile worker. Adding to the single, aggregated workspace that combines data, applications and desktops are features such as:
- A single integrated management interface to support Android devices alongside all other components of the workspace with the integration of VMware Horizon Mobile™
- Support for mobile applications to allow admins to entitle and manage applications
- Policy management engine to consolidate, model, and rationalize policies across all components
- Support for the Oracle database
- Revised iOS applications – files and applications in two separate applications
- Localization in French, German, Japanese and simplified Chinese
- Performance improvements and fixes
The variety of mobile device models, operating systems and applications brought into the enterprise by users can create a management nightmare for IT. Specifically, Android is a difficult platform to manage due to the large number of device-specific operating systems. Horizon Workspace helps IT standardize the management of Android devices using a single, integrated management platform to easily apply and enforce corporate security policies across all devices using a single solution.
New VMware Ready™ Devices In-Market
Another development in our Android strategy is the addition of new handsets that support Horizon Workspace that will help enterprises better support BYOD initiatives. The Samsung Galaxy S3, S4 and the Droid Razr HD by Motorola join the existing line-up of VMware Ready™ devices on the Verizon Wireless Network that currently includes the LG Intuition and Razr M by Motorola. All told, three out of the four top smartphone OEMs in the United States have VMware Ready devices in-market[ii]. They are also among the most recognizable brands globally. Stay tuned for even more handsets to come throughout the year.
iOS Device Strategy
Supporting today’s mobile workforce also means supporting Apple iOS devices. VMware has embarked on a new strategy for iOS that adds to the native MDM/MAM features that will be offered in iOS 7. Our strategy is to leverage iOS 7 to help IT administrators gain greater control, visibility and security. You can read more about VMware’s new iOS strategy by reading the blog post “VMware’s Strategy for iOS 7 and Industry Implications” by Srinivas Krishnamurti, Senior Director of Mobile Solutions.
As you can see, we are continuing to build upon our mobile enterprise strategy after laying the foundation with the announcement of our VMware Horizon™ Suite earlier this year. Stay tuned for more mobile announcements at VMworld next month, and if you plan on attending the conference in San Francisco or Barcelona, don’t forget to register!
[i] “The State of Mobile Enterprise Software in 2013: An IDC Survey of Applications, Platforms, Decisions and Deployments”IDC#241690 – June 2013
Apple announced iOS 7 last month at WWDC and we think this release will have a profound impact in the enterprise market with categories collapsing and vendors disappearing off the map. But getting more specific, as a result of this announcement, VMware is embarking on a new iOS strategy and I’d like to share more details on this shift in strategy as well as my perspective on how this release will impact the industry.
Quick review of relevant iOS 7 features:
At a high level, Apple extended its Mobile Device Management (MDM) APIs to also manage applications so in addition to turning knobs to control device characteristics, IT can now control application capabilities as well. The most relevant iOS 7 features that will impact the enterprise market are:
- Control of Open In: With iOS 7, Apple will introduce a new API that lets IT administrators control which applications (called managed apps) they will allow users to use to open attachments. Prior to iOS 7, users could open an attachment within an email using any document application (i.e. native viewers, Dropbox, Evernote, QuickOffice, etc.), which was a security hole since it increased the risk of data leakage especially through consumer cloud services.
- Per-application VPN: Prior to iOS 7, VPN connections were implemented at the device level, which meant that once you enabled VPN on a device, every application on the device would have access to the intranet. With iOS 7, Apple allowed a set of managed applications to use a VPN tunnel using any of the supported VPN vendors (Cisco, Juniper, F5, etc) which offers greater control and security for IT.
- Single Sign-on: In iOS 7, Apple implemented Kerberos SSO at an application level. So if your in-house native iOS application uses Kerberos style authentication, you could SSO to authenticate users to the application.
- Configure application settings: In addition to pushing and deleting applications on the device, iOS 7 will allow IT administrators to configure application settings as well.
Future of Application Wrapping and Containers:
Container technologies allowed IT administrators to isolate personal content from corporate content and protect the corporate content by not allowing data to leak out of the container. Broadly speaking, this was Mobile Application Management (MAM). Many of the MAM vendors also provided their own email and browser apps in the container and with app wrapping or an SDK, others apps could participate in the container.
Because email/PIM was in the container, the MAM vendors could prevent email attachments from being opened by applications not present in the container so, corporate data did not leak out. MAM vendors also implemented application tunnels that were app-specific “VPN” tunnels so applications had access to intranet resources without enabling the device VPN. This technology was tied to the browser in the container so that users could seamlessly access intranet and other web apps deployed behind the firewall.
While containers offered better security, the user experience was far from ideal. No single usability limitation was catastrophic on its own but together the collection of them felt like a thousand little compromises. For example, in order to prevent data leakage through emails, MAM vendors provided their own email applications. Since this enterprise email app was different than the standard Apple-provided one, users had to learn a new app and it lacked some users’ favorite features.
Many of the capabilities that our Android solution offered – the ability to seamlessly push to or delete applications from the container, the ability to configure apps before provisioning them, the ability to run any third-party application as-is in the container, etc. – were simply not possible to implement on iOS 6.
The need for containers and application wrapping is vastly diminished with iOS 7. With the managed application feature, IT can prevent data leakage from the native email client so this negates the need for a separate email/PIM application for corporate use. And with the per-app VPN, IT can now enable individual applications to have their own intranet access so this negates the need for application tunnels and a “secure” corporate browser. While there are a few other cases where app wrapping helps – for example, protecting cut/copy/paste across personal and corporate boundaries – it is fair to conclude that IT administrators can achieve their goals without leveraging app wrapping or containers and even offer a much better user experience. Further, IT administrators no longer have to plead with their ISVs to wrap or recompile the app with their chosen container technology.
VMware’s iOS Strategy
VMware has been an early and loud proponent of managing only the corporate content on a device rather than managing the entire device (ala MDM). Although, we developed application wrapping and container technology as part of our iOS mobile device strategy, once iOS 7 was announced, we evaluated its new capabilities against customer requirements we gathered over many quarters and concluded that leveraging Apple’s application management APIs would address our customers’ needs and provide the best possible user experience.
As Apple has provided a path to achieve MAM support using native iOS 7 capabilities, we refocused the team to build upon that platform and deliver the application management and data leakage controls that customers require. This means that Workspace 1.5 (which GAd today!) will no longer include our iOS application wrapping capabilities. However, we will add iOS support in a future release by leveraging iOS 7 APIs.
It is critically important to note that Android does not offer similar application management capabilities – and given its fragmentation, we believe Horizon Mobile (virtualization) is the right solution to make Android enterprise ready.
In all, we feel this shift in our strategy will benefit our customers given the capabilities that exist in iOS7 – and I welcome your comments on our move as well as your thoughts on the impact iOS7 will have on the mobile space.