کد:
http://www.virtualizationadmin.com/articles-tutorials/terminal-services/general/install-configure-provision-networks-virtual-access-suite-part3.html
PART-3
Virtual Access Suite, Desktop Services can connect RDP clients to desktops whether they are standard PCs (XP Pro or Vista), PC Blades, or hosted on a Virtual Infrastructure like VMware, Virtual Iron, SWsoft Virtuozzo, Microsoft Virtual Server, Citrix XenServer.... When used in combination with a system with a centralized management console (Managed Virtual Infrastructure) like VMware Virtual Center or Virtual Iron, Virtual Access Suite uses the Virtual Infrastructure Vendor's SDK to automate and tasks that could otherwise be accomplished only via the vendor's management server. Use of an SDK also adds functionality that does not exist in the vendor’s native management console.
PNTools
A component called PNTools is installed on each RDP Host, whether virtual or physical, to provide features like Seamless Windows, Universal Printer Driver, USB Handheld Sync and management of the group membership of the Remote Desktop User’s Group. This component installs two services:
- Provision Networks Data Collector. This service communicates (tcp port 5203) with the Provision Networks Connection Broker (tcp port 5201) and manages the user assignment to the Remote Desktop Users Group.
- Provision Networks Print-IT. This service enables Universal Printing, so users can print, with full functionality, to any printer defined on their Windows Client. This does NOT require installation of any Native Windows Printer Drivers on each Virtual Desktop to support client printing.
If one manually installs PNTools on Windows XP Pro SP2, the installer will automatically configure the Windows Firewall to allow communication on the appropriate ports. If the installation is pushed from the Provision Management Console, the firewall must be manually configured.
Configuring integration with a managed Virtual Infrastructure Server
Ensure that VMware and Virtual Iron Integration was selected during the Virtual Access Suite Connection Broker installation. This can be verified via add/remove programs, select Modify on the Virtual Access Suite installation, expand Connection Broker.
Install .Net Framework 2.0 and Sun Java Runtime 5.0 update 9, 10, or 11 on the Connection Broker. Virtual Access Suite does NOT currently work with Sun Java Runtime Environment 6, but if it is already installed, JRE 5 update 9, 10, or 11 can be installed without uninstalling JRE 6.
Acquiring the SSL Server Certificate from Virtual Center
Logon to a Provision Networks Connection Broker and launch the VDI Preinstall Configurator. This .hta file has the capability to download and install prerequisites like .Net Framework 2.0 and Sun Java Runtime Environment 5 update 9 (updates 10 and 11 also supported). It can also download and install the SSL Server Certificate from the Virtual Center Server and save it to the Java Keystore.
Enter the information required to connect to Virtual Center. The credentials entered need to be able to map a network drive to the Virtual Center Server to download and install the SSL Server Certificate. The user name should be in the format Domain\User. The default password for the VMWare.keystore file is “changeit”
If an account is not available that has such permissions, the SSL Certificate can be downloaded and manually configured. Instructions for this manual configuration are in the referenced Provision Networks Virtual Access Suite Troubleshooting FAQ. When the configurator is complete, the certificate files are written to c:\VMware-Certs.
Verify that files exist, and that the directory name is exactly as listed, as the communication between the Connection Broker and Virtual Center is done via Java, which is case sensitive.
If more than one connection broker is in operation, copy the contents of the “c:\VMware-Certs” directory to each of the servers, or run the configurator on each server. Restart the Provision Networks Connection Broker Service, or restart the server.
Defining Virtual Management Servers in the Provision Management Console
Launch the Provision Management Console and browse to the Desktop Services Node. Right-click and select "Virtual Management Servers".
Enter the name of the Virtual Center Server and select the Server Type as VMware.
Enter the Server URL to the Virtual Center Server, i.e.
https://VirtualCenter/sdk
Enter the credentials for a local or domain account with administrative permissions in Virtual Center. A custom role can be created in Virtual Center with more granular permissions, but that is beyond the scope of this document.
The correct value connection timeout depends on how many objects are defined in Virtual Center. The larger the environment, the longer import operations can take, and the larger the timeout value should be.
The other settings options for each Virtual Management Server define the number of concurrent operations can be sent to the Virtual Management Server by the Provision Networks Connection Broker. The clone operation is the most resource intensive operation, as it requires creating new virtual disk files and spinning up the new virtual machines. These settings can be tailored to one’s environment, i.e. 2 clone operations for an environment with one Virtual Infrastructure Host and connected SAN LUN. If many Virtual Infrastructure Hosts exist in the environment, and the SAN that hosts the virtual disk files is robust, the number of clone operations can be increased accordingly as the load can be simultaneously spread across multiple resource pools, Virtual Infrastructure Hosts and SAN LUNS.
Importing Datacenters into the Provision Management Console
To import one or many Datacenters from Virtual Center to the Provision Management Console, right click on Desktop Services and select Data Centers. At least one datacenter MUST by imported to interact with the Virtual Management Server.
Select the Datacenter Type as VMware.
Select the Virtual Management Server from which the Datacenters should be imported.
Select the Datacenters to be imported. In an enterprise deployment, dedicated datacenters may be defined for VDI, for use for the desktop support engineers.
Creating managed Desktop Groups
A Desktop Group is a set of desktops that contains new desktops that are created from a virtual machine template, or that are imported from the defined datacenter. Typically Desktop Groups are created to organize desktops by Business Unit, i.e. machines that had the same system image on deployment of physical PCs.
Right click on Desktop Services and select New Managed Desktop Group.
Enter a descriptive Group Name, i.e. “
Accounting Dept XP Pro Desktops”.
Enter the name of a Desktop Administrative Account (Service/Role Account) that will be used to perform the management functions (installation/upgrade of PNTools, Shutdown, Restart, Logoff, Reset…) from the Provision Management Console. This account MUST be a member of the local administrators group on the desktops. This account could be the local administrator account, or a service account that is created specifically for these management tasks and is added to the local administrators group via Group Policy.
Enter the number of desktops to create (from a virtual machine template that was created in Virtual Center). One could also import existing desktops from Virtual Center. The number of desktops to be created is only limited by the capacity of the Virtual Infrastructure. The recommended maximum number of desktops that can be managed by a single instance of VMware Virtual Center is 1500.
This list is empty the first time this wizard is run, so click “
Import” to import the list of available virtual machine templates from Virtual Center. Select the Virtual Machine Template that will be cloned to create the new desktops. This template is created in Virtual Center.
This list is empty the first time this wizard is run, so click “
Import” to import the folder structure from Virtual Center. Select the folder in which the new virtual machines should be organized.
This list is empty the first time this wizard is run, so click “
Import” to import the list of available Resource Pools/Datastores from Virtual Center.
One can spread the virtual machines across multiple resource pools and datastores. Define how the wizard should distribute the machines across the datastores.
In the example shown, the five desktops being built are spread equally across five different datastores.
Provide a naming convention for the new desktops, or provide a list of names via a text file. In the example above the base name is “XPACCT?”. This will generate the new desktops with names XPACCT1, XPACCT2, XPACCT3, XPACCT4, and XPACCT5. If ten or more desktops were being created, two question marks would be in the base name.
With sysprep customizations, the administrator can apply a new sysprep.inf file to the desktops being built. Click the “New” button to create a new Sysprep Template.
For the sysprep customizations to be applied when the virtual machines boot, the sysprep files MUST exist on the Virtual Center Server in “
%SystemRoot%\Documents and Settings\All Users\Application Data\VMware\VMware Virtual Center\sysprep\xp\”. If one is not familiar with Sysprep, these file can be downloaded from Microsoft’s website. When installed they are written to %WinDir%\system32\deploy.cab. Extract the files shown in the picture from the deploy.cab file to the specified directory on the Virtual Center Server.
Assign a meaningful name to the new Sysprep Customizations, i.e. the name of the Managed Desktop Group.
If one already has a completed sysprep.inf file, it can be imported from a file.
Select the Operating System of the new desktops that are being built. The OS selected must match the version of the Sysprep files on Virtual Center.
Enter the registration information for the new desktops.
Enter the Time Zone that will be set.
Enter the Windows Volume License Product Key, or provide a list of Product Keys from a file.
Enter the new local Administrator Password for the desktops.
Specify the Domain or Workgroup. If specifying that the desktops should join a Domain, specify the account that will be used create the computer accounts in Active Directory.
Browse to the Active Directory OU where the new computer accounts should be created. If nothing is specified, the accounts will be created in the default “Computers” OU. Specifying the correct OU allows the machines to receive the correct Group Policy on the first boot after the machine joins the domain.
Use the default regional settings, or select one from the list.
If necessary, select language groups in addition to or other than the default.
One can specify additional commands that should be executed, and which order they should execute.
An Identification String can be inserted into the registry so one can tell which sysprep customizations were used to build the desktop.
Custom Sysprep Entries are any other entries that are supported by sysprep that are not exposed in this GUI.
A Summary is displayed so one may review all of the settings that were entered. Click Finish to save the new sysprep customizations.
Select the newly created Sysprep Customizations and click next.
Back to the Managed Desktop Group Wizard, the Options allow one to start the creation of the virtual machines “immediately”, or one may schedule the operations to be started at a specified date and time, i.e. during a period when the build of the desktops would not adversely affect production.
Review the names of the desktops that will be created, and on which Datastores they will be created. Click finish to submit the jobs into the task list. The jobs are sent to Virtual Center at the scheduled time that was specified.
When the Managed Desktop Group is selected, on the bottom of the console the tasks are listed along with the progress of each and their current status.
When the Managed Desktop Group is selected, from the Desktops Tab, the administrator can right click on a desktop and perform options like Update Power Status (if the console isn’t set to automatically refresh), install/update PNTools, Power On/Off the VM, Reset the VM, Resume a suspended VM, Suspend a running VM, Shut Down the OS, Restart the OS, Logoff the current user, Reset the current user’s session (non-graceful logoff), Cancel the current running task, Remote the VM from the Desktop Group, Delete the VM, View/Edit the policy applied to the Desktop and view the Properties of the Desktop.
By right clicking on a Desktop Group, one of the options is “
Group Policy”. This is unrelated to Active Directory Group Policies, but rather are policy settings that are applied to the Desktop Group