Horizon View iApp - Big-IP 17.5
I have a client deploying an r4650 pair. The plan is for it to handle Exchange, LDAPS & Horizon View. I’m in the process of initial setup on the pair of boxes now. It’s been a long time since I've deployed Horizon View on F5. I see that the iApp is still maintained so yay! Question: is the current 1.5.9 version of the iApp supported in Big-IP 17.5? The KB article states 17.1 but the article hasn’t been updated in a while. F5 recommends the latest version of 17.5 but I don't want to hit any snags as we deploy. Thanks in advance, Matt
Change Webtop Remote Desktop Icon
I have an access policy for VMware VDI and I can't seem to change the icons for my webtop/remote desktop links. The default icon is "terminal_service.png" located in /var/sam/www/webtop/public/images/full_wt I have changed this to an icon with the same dimensions (32px) in Access Policy>Customization>Basic>Remote Desktop and General>Branding>Remote Desktops but still the old icon is dispayed. Any ideas?
APM :: VMware View :: Blast Extreme
Anybody have any luck getting Blast Extreme configured for VMware View and APM via Horizon Client? Currently we launch the Horizon client via webtop link (vdi/rdp) and PCoIP is tunneled through the F5 via udp/4172... but our systems engineers are looking to upgrade to Blast Extreme, and I know NOTHING about how it works with the F5. Not too much on the interwebs in regards to this relationship. Is it just a matter of creating another virtual server on the BIG-IP and assigning the VDI profile? Or does the protocol work on TCP/443 and F5 just knows what to do with it on the existing virtual server? Thanks-
Remove the Select Client popup from VMware Horizon iApp
Due to security controls, we must have all users use web based HTML (BLAST) access to VDI sessions. The iApp works great, except when you launch a desktop it show a popup to requesting the user select a client (either VMware Horizon or HTML5 Client). I have gone though the iApp template () and cannot find any reference to the popup. I have looked through the APM policy, session-policy and Webtops to see if it there, but I can't seem to find it. Any ideas how to disable this popup?Customize Access Profile Logo
I have a Horizon VDI Access Policy and in the Customization:Quick Start/Basic menu I have changed the header logo from the default F5 one to our company logo. When accessing VDI via the web on a desktop PC the new logo shows and all is fine. When accessing the same page but on a mobile device the company logo isn't there and the F5 default logo is back. Is there a reason for this and any way it can be resolved?Vmware View F5 APM KCD limitations
Before I start banging around in the lab, I figured I'd post something on dev to see if anyone has tried doing authentication delegation with vmware view. I know you can tie vmware view in with active directory so I assume that you can use kerberos for authentication purposes. Now, since you can do that, can you do Kerberos Constrained Delegation? I would assume so, and if so, can you setup a Kerberos Constrained Delegation configuration with F5 APM and vmware view? Ultimately what I am trying to achieve is 2 factor auth with a smart card that is related to an active directory user. I am not a VDI expert by any means. I only know the F5 side of the house. Any knowledge on this subject and the limitations that come with it would be awesome! Thanks!Horizon View "This Page is Not Secure"
I have a connection to my VDI desktops via F5 (build using the iApp) and it essentially works i.e. I can get a virtual desktop although with a slight issue. To start with I enter the URL e.g. https://myvdi.mydomain.com Then after authenticating on the connection server and making my choice of desktop, the URL in the address bar changes to an IP in the range of the private LAN for the virtual desktops e.g. https://10.180.0.80:22443/d/DE841123-FE72-4C6D-A9F3-2E6B7072D7E1/certAccept.html?numPages=3 This results in a typical "this site is not secure" page in IE which I have to manually press on "go on to the webpage." Once I manually continue everything is fine as the URL is then https://myvdi.mydomain.com/portal/webclient/index.html/desktop and I get my authenticated, secure desktop. Does anyone know how I can stop this behaviour?Connection Server Options for Horizon View iApp
I have used the iApp to build a VDI solution with the following basic configuration: Yes, deploy APM Yes, support HTML 5 clientless connections SSL bridging One IP defined for untrusted clients A different IP defined for local clients Of course I've also defined the SSL certificate, pool members, FQDN, etc Reading the deployment guide for the View Connection servers (we're not using security servers) under the heading "Modifying your Connection Servers to support HTML 5 clients" it states: Modify the Connection Servers to remove the Use Secure Tunnel connection to desktop and use Blast Secure Gateway for HTML. a. From the View Configuration tab, select Servers, and then click Connection Servers. b. Highlight one of the Connections servers and then click Edit. c. Modify the HTTP External URL and BLAST External URL to match the URL of your SSL certificates. d. Clear the check from Use Blast Secure Gateway for HTML access to desktop. Important: If using a BIG-IP version prior to 12.1 only: Clear the check from Use Secure Tunnel connection to desktop after modifying the External URLs. If using a BIG-IP version 12.1 and later only: If using v12.1 or later, you can leave this box checked if necessary (for example, this box must be checked if using USB redirection). If anyone can help my questions are as follows: 1) Why does it tell you populate the blast gateway and external URL fields only to then clear the checkboxes for thier use? 2) When testing from my internal network why can I only get a successful VDI desktop when the blast gateway field is ticked - going against what the deployment guide states?Asymmetric Hardware Requiring Asymmetric View Pool Entitlements
Hi Guys! Need some thoughts on a View farm design. Givens: Horizon 7 Advanced Licensing F5 BigIP x2 - Full alphabet soup license NVIDIA GRID Profiles on page 4 of vGPU User Guide Pod A 5x Cisco UCS B200 2.0Ghz, 2 sockets, 28 cores, 56 threads 512GB RAM NetApp SAS backed 1x NVIDIA GRID M6 in vSGA Mode Pod B 5x Cisco UCS C240 2.6Ghz, 2 sockets, 24 cores, 48 threads 512GB RAM Micron PCIe Backed 2x NVIDIA GRID M10 in vGPU Mode 1GB per VM Pod C 5x Cisco UCS C240 2.1Ghz, 2 sockets, 36 cores, 72 threads 512GB RAM Micron PCIe Backed 2x NVIDIA GRID M10 in vGPU Mode 1GB per VM Pod D 5x Cisco UCS C240 2.1Ghz, 2 sockets, 36 cores, 72 threads 512GB RAM Micron PCIe Backed 2x NVIDIA GRID M10 in vGPU Mode 1GB per VM Pod X 1x Cisco UCS B200 2.0Ghz, 2 sockets, 28 cores, 56 threads 512GB RAM NetApp SAS backed 1x NVIDIA GRID M6 in vSGA Mode 1x Cisco UCS C240 1Ghz, 2 sockets, 36 cores, 72 threads 512GB RAM Micron PCIe Backed 2x NVIDIA GRID M10 in vGPU Mode 1GB per VM Use Scenario: We have 3 types of users. General Purpose Students and Staff Need some GPU to make Win10 experience better Windows 10 Creator vGPU Backed @ 512MB Power User Students and Staff Using apps that require GPU - Adobe Apps, Games, Autocad, Etc. Windows 10 Creator vGPU Backed @ 1GB Generic Accounts These accounts are used for: Kinder -> Second Grade Library Search Kiosks Academic Testing Kiosks (for SBA and MAP computer based testing) School Board Meeting Kiosks Probably fine using vSGA mode graphics Problem: We have a bottleneck with vSphere and View Composer where it takes an inordinate amount of time to prep pools during login/logout storms or events that cause the environment to go sideways. Our thought is to break up into pods to mitigate having all 4 pods go down due to view component parts at the same time. This would also provide the side benefit of only impacting 25% of the environment at a time when going to do upgrades and even make it possible depending on the calendar to do the maintenance of the environment during the production day. Snag: Pod A is composed of vastly asymmetric hardware than what Pod’s B, C and D are composed of. Pod X is set aside so that we have a test bed for image development, upgrade testing and firmware testing with UCS. Hosts from Pod X could be added to Pod A or B if needed to help with increasing capacity. The idea would be to put users that have less need for GPU onto Pod A and run the NVIDIA M6 GRID Cards in vSGA mode to make Windows 10 more bearable due to the limitation of 16 VMs with a 512MB frame buffer if in vGPU mode. Then users who need vGPU would be routed to the C240 pods (Pod B, C and D) and could have a mixture of 512MB and 1GB profiles on the same host provided that like profiles map to the same card giving a theoretical max load of 64x 512MB VMs and 32x 1GB VMs per host and around 5GB RAM per VM if evenly distributed also understanding that in a running configuration that doesn’t allow for enough CPU threads per desktop. So at the end of this is what is the best method to use for having a user login to an entitled pool that doesn’t exist on all 5 pods that are deployed. Do you solve this with a Big-IP config, Cloud Pod Architecture or something else less complex (ie. Load balance Pod B, C and D. Have a separate DNS for Pods A and X.)?
