How do I determine bandwidth requirements for DaaS?
Determine the type of users you have. Then perform the calculation below which will factor in 80% bandwidth utilization.
User types
- Task User – 50-100Kbps.
- Standard User – 100-150Kbps
- Power User – 400-600Kbps
- Video User – 2Mbps per user running 480p video
Calculation
Worst case:
Bandwidth in Kbps*.8/User type high value
(The .8 is factoring 80% utilization of total bandwidth)
Example:
User type = Standard User high value 150Kbps
Bandwidth = T1 = 1.5Mbps = 1500Kbps
1500*.8/150 = 8 concurrent users on a T1
Please see this link for more details.
How do I attach a USB drive to my desktop?
It is recommended to use the Horizon Client and PCOIP for the best USB redirection experience. On the Horizon Client connection bar, you will see a USB. It is through this menu you can control the behavior when a USB device is connected. You can set to auto connect any USB device at startup or set it to auto connect any USB device when connected locally. These are not recommended as they can use more bandwidth unnecessarily.
It is recommended to manually connect the USB device. First connect a USB device locally, then open the USB menu, you will see the local device listed as an available device to redirect to the desktop. Select the device from the list and it will become available in your desktop.
How do I install printers with dynamic desktops?
RDP and the Horizon client will both attempt to install locally installed printers (USB and/or network) upon connecting to the desktop.
You may also choose to install printers as part of the pattern.
You can deploy printers to the dynamic desktops via group policy.
How to determine if a connection is using the Access Point?
Log into the desktop portal and click the button to connect to the desktop using RDP. This will download a file named ‘RichClient.rdp’. Locate this file on your computer and open it with a text editor such as notepad.
Search the file for the line beginning with ‘full address’. If the port number listed is between 8001-8099 you are using the Access Point. If it is any other port, you are not using the Access Point for the connection.
Can I Run a Report on User Activity?
Yes. User activity is available for download in a CSV format from the DaaS admin portal. On the dashboard page locate the link to ‘Download User Activity Log’. Enter the date range you wish to view the activity from.
This report is also useful when troubleshooting. It can provide useful information such as the source connection device, connection time and connection protocol.
How can I brand the Desktop Portal?
The desktop portal can be branded using Cascading Style Sheets (CSS). Log into the admin portal and select ‘General’ from the ‘Configuration’ tab. Look for the field named ‘External style sheet URL’ in the section named ‘User Portal Configuration’. Enter the URL to the CSS style sheet.
For more information, see the following link from VMWare.
Can I use my own SSL Certificate?
Yes. You can provide your own SSL certificate to be used with your DaaS tenant. The process will involve Green Cloud. Please contact Green Cloud at support@gogreencloud.com to open a support ticket. You will need to provide Green Cloud with the following:
- CA Certificate: The public certificate from a certificate authority that was used to sign the tenant certificate. This file will have a .pem, .cer, or .crt extension.
- SSL Certificate: The public certificate, which was signed by the CA. This file has a .crt or .cer extension, which indicates that it is a certificate file.
- SSL Key: The private key used to decrypt the tenant’s SSL certificate. This is needed in order to be able to respond to certificate requests. This file has a .key file extension.
Please see the following article for more information on generating your own SSL sertificate: https://kb.vmware.com/s/article/2068666
Does DaaS Support Two-Factor Authentication?
Yes, two-factor authentication is provided through the Horizon open standard extension interface. This allows third-party solutions to integrate advanced authentication extensions. For more information on this see DaaS Two-Factor Authentication.
How do I see the Status of Tasks such as a Pool Refresh?
The status of any task you run from the DaaS admin portal can be viewed under ‘Tasks and Events’ located under ‘Pool Management’. This will show the status of any currently running tasks as well as recent tasks. You can use the arrow to the left of the task to expand for more task details. You can also filter the list by pool or task status using the drop down menus.
How do I backup my Gold Pattern?
In the admin portal on patterns you may notice an option to ‘backup’ the pattern. It says 0 used out of 0. This is on purpose. This feature has been disabled by Green Cloud. If you need a backup of your pattern, contact Green Cloud support at support@gogreencloud.com.
How do I Gather Log Files for support?
In the event your issues require advanced troubleshooting, you will need to gather logs from the impacted desktop. This will require admin privileges. Perform the following commands from an elevated command prompt.
DaaS Agent
From the virtual desktop having issues locate the log file. Make a copy and send it to Green Cloud along with other logs.
-
C:\Program Files (x86)\VMware\VMware DaaS Agent\service\logs
View Agent
From the virtual desktop having issues run the following command:
-
C:\Program Files\VMware\VMware View\Agent\DCT\support.bat
The log file should be output to the users’ desktop in a folder named vdm-sdct. If not present on the desktop, run a search on the computer for the folder.
View Client
Windows View Client
-
32-bit: C:\Program Files\VMware\VMware Horizon View Client\DCT\support.bat
-
64-bit: C:\Program Files (x86)\VMware\VMware Horizon View Client\DCT\support.bat
The log file should be output to the users’ desktop in a folder named vdm-sdct.
Mac View Client
Mac clients do not have a script to collect logs. You must manually collect these files for diagnostic and troubleshooting purposes:
-
~/Library/Logs/VMware View Client.log
-
~/Library/Logs/VMware/VMware View Client/vmware-*.log
-
~/Library/Preferences/ByHost/com.microsoft.rdc.*.plist
-
~/Library/Preferences/com.microsoft.rdc.plist
-
~/Library/Preferences/com.microsoft.rdc.plist
-
~/Library/Logs/VMware View Client/teradici-username/
-
/Library/Logs/VMware View Client Services.log
-
/Library/Logs/VMware/VMware-usbarb*.log
-
/Library/Logs/VMware/VMware View Client/*.log
Where ~ indicates the name of the user logged into the Mac client. These log files can be large.
Can I run my own Antivirus on my desktops?
On static desktops, yes. With dynamic desktops, please check with your AV vendor for support and deployment on dynamic desktops with a non-unique SID.
Below are some recommendations for optimizing AV in your DaaS environment.
- Check with your AV vendor for compatibility in a virtual desktop environment.
- Make sure to use the correct version for your OS (Windows Server)
- Install only the core virus scanner.
- Do not install any additional options such as firewall or content filters.
- Scan on write / incoming only. Do not scan on read.
- Disable Heuristic scanning
- Pre-scan the gold pattern
- Exclude the following:
-
C:\Program Files (x86)\VMware
-
C:\Program Files\VMware
- Mapped network drives
- USB Drives
-
- Do not use scheduled scans. Use real-time scanning.
- If you must use schedule scans, make sure to stagger them and perform them off hours.
- Disable startup scanning.
How can a user change their password?
Users can change their passwords once logged into their virtual desktops. If your environment has password expirations, it is recommended the users change their passwords before they expire. If the password expires, the AD administrator will need to reset the password for the user.
Please see the following KB article for more information: https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2100036
How can I increase the timeout settings for users?
Occasionally, users will need the time out settings increased from the default settings. There are two places these settings are managed: in the pool, and under Configuration -> General Settings. While users may desire longer timeout values, it is recommended you keep the value lower rather than higher.
Pool Settings
- In the enterprise admin portal, locate the pool you wish to increase the timeout settings on and choose ‘Edit’.
- Go to the ‘Pool Configuration’ section and adjust the session timeout.
- This setting controls the idle timeout on the desktop.
General Settings
The information below is summarized from the help menu in the enterprise admin portal.
- In the enterprise admin portal, locate the ‘General Settings’ page under the ‘Configuration’ menu.
- On this page there are two sections with timeout settings: Desktop Portal and Enterprise Admin Portal and View Client Session timeout.
- Desktop / Admin Portal Settings
- This controls the idle times for sessions to the portals via a web browser.
- View Client Session
- These settings affect the sessions when using the View Client.
- Heartbeat
- The heartbeat reports the amount of idle time that has passed where there is no interaction with the end point device. This is different than the session time settings managed on the Pool which apply to the desktop.
- Desktop / Admin Portal Settings
- User Idle
- This controls the idle time for a user while connected to the tenant connection server. When reached the View client will disconnect requiring the user to re-authenticate with the connection server.
- This value should be at least double the value of the heartbeat.
- Broker Session
- This setting controls the amount of time the View Client can be connected to the tenant connection server before authentication expires. After the timeout, users will NOT be disconnected from their desktops unless the user performs an action within the View client that requires communication to the connection server such as changing settings in the View client.
- This value should be at least equal to the sum of the heartbeat and user idle settings.