Configure ControlUp for VMware Horizon Instant Clone VDI monitoring

In this guide, we will analyze how to configure ControlUP COP (ControlUP on-Premise) to monitor a VMware Horizon 2309 infrastructure with Instant Clone Desktop Pools (we will not cover the installation part of the product)

The following steps are required:

  • Control UP COP Server Component Installation (Optionally use an external SQL instance or SQL EXPRESS present in the Server component installation)
  • Installing the Control UP Console (Can also be installed on the same server)
  • Installing Agent Control Up on the GoldImage
  • Horizon Infrastructure Inventory
  • VirtualMachine Inventory (For this step we can also implement an automatism)

Requirements for the server part:


COP Server
COP Server Console Machine
Machine Windows Server Windows Server orWindows
Operating System Windows Server supported versions:2022,2019,2016 Windows Server supported versions:2022,2019,2016
OR Windows 11, 10
CPU* 2 CPUs 2 CPUs
Memory* 8 GB RAM 8 GB RAM
Disk Space* 10 GB 10 GB
Required Software & Permissions
  • .NET Framework 4.8 or later
  • PowerShell 5.x or later
.NET Framework 4.5 or later

Requirements for Part DB:

MSSQL Versions (Standard, Enterprise, or Express) Maximum Database Size Collation
2022,2019,2017,2016,2014 10 GB SQL_Latin1_General_CP1_CI_AS

Requirements for the VDI part:


ControlUp Agent
ControlUp Agent
Machine No server installation necessary. Deployed onto Windows machines that are monitored by ControlUp(Linux monitored via API).
Operating system Windows Server supported versions:
202220192016 (Core or Full)ORWindows 11, 10
Required installed software .NET 4.5 or later
TCP PORT 40705

A Service Account to access the Horizon infrastructure:

The Read-Only role is sufficient for all monitoring purposes. If you want to perform built-in Horizon actions, then the service account needs the following permissions:

  • Enable Farm and Desktop Pools
  • Manage Machine
  • Manage Sessions
  • Manage Global Sessions (Cloud Pod architecture only)

So what is needed is:

Download the version of ControlUP COP from the VMware site

Log in to the customer portal and in the product area under Desktop & End-User Computing

A screenshot of a computer

Description automatically generated

Log in to OEM Addons

A screenshot of a computer

Description automatically generated

Download the on-premise version

Perform the basic installation

Once the COP version is installed and the console is installed, log in to our ControlUP installation

A screenshot of a computer

Description automatically generated

How to install the agent on the GoldImage:

  1. The agent MSI file is on the downloaded file zip from VMware Portal
  2. Open the Real-Time Console and go to Agent Settings and copy your Agents Authentication Key. The key is used to connect the Agent to your ControlUp environment.

A screenshot of a computer

Description automatically generated

  1. Run the installation of the MSI package on the machine where you want to install the Agent.
  2. During the installation, paste the authentication key that you copied from the Real-Time Console.

A screenshot of a computer

Description automatically generated

  1. Complete the installation. The Agent is installed on the machine and the machine can be monitored from the Real-Time Console.
  2. Take the snapshot
  3. Deploy the new master image on Desktop Pool

Now from the ControlUp Management console, we are able to:

  • Connect our Vmware Horizon infrastructure
  • Connect the instant clone machine

Add Horizon infrastructure:

A screenshot of a computer

Description automatically generated

Add the infrastructure info

A screenshot of a computer

Description automatically generated

Click on OK

A screen shot of a computer

Description automatically generated

Add the pod to the console

A screenshot of a computer

Description automatically generated

Now on the left panel, we have our Horizon infrastructure added.

A screenshot of a computer

Description automatically generated

To monitor correctly our instant clone (after adding the agent) we need to discover the VM like a Machine

A screenshot of a computer

Description automatically generated

Search with the partial name of the VDI machines

A screenshot of a computer

Description automatically generated

Select cancel

A screenshot of a computer error message

Description automatically generated

We are VM on the left control panel in black status

A screenshot of a computer

Description automatically generated

After a few seconds the VDI VM Goes to Green

A screenshot of a computer

Description automatically generated

Auto connect state must be enabled (this function is important when the instant clone VDI is removed and recreated).

A screenshot of a computer

Description automatically generated

Now we can monitoring the Instant-Clone VDI

Check the VDI logon duration

Now we can manage and control the infrastructure, for example, to check the logon duration

A screenshot of a computer

Description automatically generated

A screenshot of a computer

Description automatically generated

What happens when VDI instant clones are regenerated?

If a user disconnects from his VDI of the instant clone type, it is destroyed and recreated, on the ControlUp side this is put in the Red -> Yellow state until it returns to Green

When recreating

A screenshot of a computer

Description automatically generated

After recess

A screenshot of a computer

Description automatically generated

Dynamic inventory

For a dynamic inventory of VDI, we can use Synchronization with Universal Sync Script (I’ll talk about this in a future post)

EUC Synchronization with Universal Sync Script (controlup.com)

After installation, we can schedule or start manually the script to sync my ControlUP with my EUC infrastructure.

References:

How to Deploy the Agent on Your Master Image for PVS/MCS/Linked/Instant Clones (controlup.com)

EUC Synchronization with Universal Sync Script (controlup.com)

ControlUp On-Premises

Configure ControlUp for VMware Horizon Instant Clone VDI monitoring

Steps for Upgrade Horizon 23xx to the next version

The release of new versions of VMware Horizon 8 each quarter of the year (to provide new features and resolve any security holes) entails the need to have a consolidated, conservative update procedure with the least impact on users.
Below I report the procedure that I am using successfully.

User impact:

  • Users already connected to the VDI do not encounter problems or disconnections
  • Users who need to connect during update activities may have problems (normally a maintenance window is declared)

Steps

  • Restarting the Connection Servers Operating System (One at a time is a step preparatory for committing any pending Windows updates), after each reboot check from the Horizon web console that everything is ok
  • Disable Provisioning
  • Shut down all three Connection Servers
  • Snapshot of the VMs hosting the Server connection
  • Turn on the Connection Server (One at a time), after each reboot check from the Horizon web console that everything is ok
  • Backup DB Adam (C:\Program Files\VMware\VMware View\Server\tools\bin\vdmexport.exe > vdmconfig.ldf)
  • Disable and Updating one Connection Server ( disabling the Connection Server being updated puts the connection server offline for the load balancer on the top of the connection servers and it is not used for authenticating users and assigning VDI) and after upgrade enable the Connection Server.
  • Repeat the previous step for all Connection Servers
  • If necessary, reapply the customizations
  • Check from the console that everything is ok

After the horizon upgrade, test the Desktop Pool:

  • Try a connection from internal
  • Try a connection from external
  • Delete a VDI machine
  • Publish a new Master Image

For upgrading three Connection servers all steps necessity of two hours
During the activities, the users connected to the VDI do not encounter any problems

The next step, after complete the Connection Servers upgrade, is to update the Horizon agent on the master image and delete the Connection Servers snapshot

Steps for Upgrade Horizon 23xx to the next version

421 Unknow

After upgrading Horizon to 2306 2212.1 or 2111.1 we see this message when trying to connect from UAG

In the log, I see this error:

2021-09-24T22:05:34.737-07:00 ERROR (1B08-1A58) <SimpleDeamonThread> [h] (ajp:admin:Request190) Unexpected Origin: https://newname.net

2021-09-24T22:05:34.738-07:00 DEBUG (1B08-1A58) <SimpleDeamonThread> [v] (ajp:admin:Request190) Response 404 Not Found [close]

The fast solution is to set allowUnexpectedHost to true on the locked.properties file. This is located on each connection server in     c:\program files\vmware\VMware View\Server\sslgateway\conf. and restart the horizon connection services

Cross-Origin Resource Sharing (CORS) with Horizon 8 and loadbalanced HTML5 access. (85801) (vmware.com)

Error 421 while connecting to Horizon via HTML Web Console after an upgrade to 2306,2111.1 or Later (93915) (vmware.com)

421 Unknow

Use Horizon VDI and VPN client

For us consultants, the VDI used in the Horizon environment can also be useful for having environments where we can install customers’ VPN clients.
Normally we find ourselves having, if the customer does not have Horizon infrastructure to give us access from the outside (Through UAG, MFA … all possible security), different VPN clients to support our customers, with the consequence of possible problems of compatibility between clients and degradation of your laptop.

In my case, I have a Horizon infrastructure in my Home Lab and I have created my own VDI where to install the clients’ VPN clients.
The only change to make, to prevent my Horizon session from ending when I activate a VPN connection, is to enter the following registry key
HKLM\Software\VMware, Inc.\VMware VDM\IpPrefix = n.n.n.n/m (REG_SZ)

where in n.n.n.n is the subnet and m is the number of bits in the subnet mask. Specifically, the network that must be used for the connection between the horizon agent and the various components (Horizon Client, Connection server, etc..)

es:

Use Horizon VDI and VPN client

VMware Horizon 2106

VMware a few days ago released a new Horizon Version.
The new build 2106 (8.3) brings with it some very interesting features from some relating to the security of intellectual property to those related to the Teams collaboration tool, here is a list of those that I consider the most interesting:

  • Implementation of GPO for blocking the ability to take screenshots of VDI sessions from Windows and MAC Clients
  • Possibility in the instant clone to use the Microsoft Sysprep (this function slows down the deployment of an IC by performing a series of reboots)
  • Functionality for applications of run indefinitely
  • Possibility to use TrueSSO SAML authentication for non-Trust domains
  • Horizon Agent has support for Windows Server 2022 (Currently in Preview)
  • The Horizon Client for Linux has the optimization for Teams (as in some versions the functionality for the Windows client was present)
  • Cloud Burst support to extend your on-prem workload to the Cloud in case of a high load.

More details in this video

VMware Horizon 8 (2106) What’s New – YouTube

VMware Horizon 2106