Hi,

Thank you for your answers and care. You can contact me at 972-987-3928. Our business hour is 9am to 6pm central time. Email could be a better way to communicate.

Thanks,

Edward Chuang

System Architect Manager

Diodes Incorporated

Phone: 972-987-3928

Email: edward_chuang@diodes.com

mgolfieri -06/12/2013 03:11:08 AM-mgolfieri created the discussion "Manual or documen

From:

mgolfieri <communities-emailer@vmware.com>

To:

echuang <edward_chuang@diodes.com>,

Date:

06/12/2013 03:11 AM

Subject:

New message: "Manual or documentation"

No problem, and you are right about trying to stick to emails. Let's do so, let us know if you have any questions after reviewing the above answers and the documentation resources pointed out by weinstein5. Thanks!

Here I list the questions for Horizon Data function, which I can't be found in any public documentation.

A. Storage

1. What's the relationship of 9 vmdk files and zimbra file systems. From the naming suggested, it seems to be store, db, index, redolog, log, backup, and data. Which is mapped to which?

2. If I need to add more space and choose to extend existing vmdk files, which one I should I extend? Is it supported? The manual mentions adding more vmdk files to data VM, but how many and size? There is no guideline available. It won't be practical to add 10 or 20 10GB files and add another 20 or 50 later. Is adding more vmdk files the only way except NFS mount?

3. When adding space, which method is best practice? adding vmdk files or NFS? What's the benefit comparison?

B. Active directory

1. During initial setup through wizard, the manual says to use sAMAccountName for single-domain AD or userPrincipalName for multiple-domain AD. For most companies, it is single-domain initially or in testing environment, and multiple-domain in the long run. Can we change it afterwards? How and where? The management web interface or command-line?

2. On the manual, it says if userPrincipalName is used, the Base DN should be left blank. However, during all my testing, if I leave it blank, the Step2b won't go through and it can't add to domain. Is it documentation error or some problem in AD?

3. For using userPrincipalName and one domain users are added, how to add other domain users after the initial setup is done? How and where? The management web interface or command-line?

4. From my testing, after initial setup, the login always failed with "The user could not be authenticaed" error message. Even I use the AD user with Domain Admin privilege set it Step2b, it still failed. Finally I found that I need to add @full-domain-name for the Username field. Nowhere in the manual mentions that.

5. I may not be so good in AD nor our Windows administrator. We don't quite understand the difference fro CN or OU in AD. For the new install AD, the default location for users is in Users folder. When I tried "cn=edward,ou=Users,dc=lab,dc=local", and it didn't take it until I replaced it with cn=Users. I suggest the documentation should mention this and shouldn't assume all users know the LDAP syntax very well.

6. The users and groups information is pulled out from AD during initial setup. Any add/remove user operation happens afterwards can't be seen on Horizon Data management interface. Even the sync scheduling in Step 2f is set to hourly, it is still no update from AD side after half day. Nowhere to force sync immediately and no documentation mentions how to do so. The Step 2f also offers "Manual sync" option, but again how and where to do so?

C. Policy & Quota

1. The whole quota and policy seems to be controlled by COS. The minimum retention after file is deleted is 1 month. It would waste a lot of space if minimum is 1 month. Another other shorter option and how?

2. Where to control the number of version to keep? We can't keep infinite versions if the file is changing all the time.

3. From an administrator, how to take ownership or view terminated user data? How to reassign it to other users?

4. For litigation requirement, what is the requirement and detail steps to have a total image (5 VMs) restore to certain point in time, say 5 months ago or 2 years ago?

5. How the quota is counted? For example user A shares folder to user B and user B adds a lot of data into the folder. Will it be counted in user A or B's quota? If the user B is external, how the quota works? What about the folder is re-shared from user B to user C?

D. Entitlement

1. How does the licensed entitlement count? By users in AD or in the imported list in Horizon Data? or by the users entitled to use Data function?

2. How about the license count if the entitlement is given to a group in Horizon Data?

3. How about the license count for external users?

E. Architecture

1. In the document "VMware Horizon Workspace REFERENCE ARCHITECTURE" from public VMware site, it shows very good pictures and the suggested layout to support 2000 users. But, it requires multiple service-va, connector-va, gateway-va and data-va. Great, but how? No document mentioned how to expand the landscape of pre-install 5 VMs.

From the user experience perspective, the Horizon Data function 100% perfectly meets our needs, and acts just like most cloud storage providers. However, the setup and administration function, and even available documents really worry us and prevent deploying it global or using it for production. I followed the recommendation from weinstein5 for available documents, but none of them can give us clear answer for those questions. Actually I've gone through those documents before submitting the thread. I am looking forward to VMware to provide more and better documentation for this product.

Thanks,

Edward

mgolfieri -06/12/2013 10:05:01 AM-mgolfieri created the discussion "Manual or documen

From:

mgolfieri <communities-emailer@vmware.com>

To:

echuang <edward_chuang@diodes.com>,

Date:

06/12/2013 10:05 AM

Subject:

New message: "Manual or documentation"

A. Storage

    1. What's the relationship of 9 vmdk files and zimbra file systems. From the naming suggested, it seems to be store, db, index, redolog, log, backup, and data. Which is mapped to which?

##  As the VMDK names are not known to the guest OS and viceversa, the devices found in /etc/fstab can be matched against the pvdisplay, lvdisplay outputs. The exact VMDK file name is a bit trickier, as it involves inspecting the VM entity, which can be done by using the https://vcenterFQDN/mob facility. Automation of such can be done via Perl or PowerCLI. Let me get back at you about this, for the moment the disk sizes are usable to match what's with what, and the output of lvdisplay (by default, every pv is owning a lv only so it's easy).

UPDATE: If you "dmesg |grep '0:'|grep sd" and then you inspect the vmx file itself, you'll see the association of vmdks with disks.

e.g.

scsi0:0.present = "true"
scsi0:0.fileName = "data-va.vmdk"
scsi0:0.deviceType = "scsi-hardDisk"
scsi0:1.present = "true"
scsi0:1.fileName = "data-va_1.vmdk"
scsi0:1.deviceType = "scsi-hardDisk"
scsi0:2.present = "true"
scsi0:2.fileName = "data-va_2.vmdk"
scsi0:2.deviceType = "scsi-hardDisk"
scsi0:3.present = "true"
scsi0:3.fileName = "data-va_3.vmdk"
scsi0:3.deviceType = "scsi-hardDisk"
scsi0:4.present = "true"
scsi0:4.fileName = "data-va_4.vmdk"
scsi0:4.deviceType = "scsi-hardDisk"
scsi0:5.present = "true"
scsi0:5.fileName = "data-va_5.vmdk"
scsi0:5.deviceType = "scsi-hardDisk"
scsi0:6.present = "true"
scsi0:6.fileName = "data-va_6.vmdk"
scsi0:6.deviceType = "scsi-hardDisk"
scsi0:8.present = "true"
scsi0:8.fileName = "data-va_7.vmdk"
scsi0:8.deviceType = "scsi-hardDisk"
scsi0:9.present = "true"
scsi0:9.fileName = "data-va_8.vmdk"
scsi0:9.deviceType = "scsi-hardDisk"

e nel guest:

hdata:~ # dmesg |grep '0:'|grep 'Attached SCSI disk'

[ 16.053195] sd 0:0:0:0: [sda] Attached SCSI disk
[ 16.117846] sd 0:0:5:0: [sdf] Attached SCSI disk
[ 16.129962] sd 0:0:3:0: [sdd] Attached SCSI disk
[ 16.130701] sd 0:0:8:0: [sdh] Attached SCSI disk
[ 16.143020] sd 0:0:2:0: [sdc] Attached SCSI disk
[ 16.160574] sd 0:0:1:0: [sdb] Attached SCSI disk
[ 16.188414] sd 0:0:9:0: [sdi] Attached SCSI disk
[ 16.617377] sd 0:0:4:0: [sde] Attached SCSI disk
[ 16.931574] sd 0:0:6:0: [sdg] Attached SCSI disk

hdata:~ # pvdisplay -v|egrep 'PV Name|VG Name'
Scanning for physical volume names
PV Name /dev/sdi
VG Name data_vg
PV Name /dev/sdh
VG Name backup_vg
PV Name /dev/sdg
VG Name log_vg
PV Name /dev/sdf
VG Name redolog_vg
PV Name /dev/sde
VG Name index_vg
PV Name /dev/sdd
VG Name db_vg
PV Name /dev/sdc
VG Name store_vg
PV Name /dev/sdb
VG Name zimbra_vg

    2. If I need to add more space and choose to extend existing vmdk files, which one I should I extend? Is it supported? The manual mentions adding more vmdk files to data VM, but how many and size? There is no guideline available. It won't be practical to add 10 or 20 10GB files and add another 20 or 50 later. Is adding more vmdk files the only way except NFS mount?

## NFS is the recommended way for a wealth of reasons. The VMDK increase amount should be done according to usage expectations and projections based on the current comsumption ratio. Furthermore, we are finalizing docs on sizing that will suit you regarding scaling/sizing.  About the manual not telling how to extend the space, it actually should be there, but it's only for the store/ mountpoint, as we expect growth to be happening there only, since sizing of the other mount points was done conservatively and therefore if you get close to filling those mountpoints, it's already due time to add another data-va and spread users, since e.g. db/ and index/ in particular are directly proportioned to overall VM load.

    3. When adding space, which method is best practice? adding vmdk files or NFS? What's the benefit comparison?

##  See 2.), NFS should be preferred. Backing up would be easier, you can rely on SAN snapshot for the files there, it's more agile than having a whole bundle of VMDKs with the VM, etc etc.

B. Active directory

    1. During initial setup through wizard, the manual says to use sAMAccountName for single-domain AD or userPrincipalName for multiple-domain AD. For most companies, it is single-domain initially or in testing environment, and multiple-domain in the long run. Can we change it afterwards? How and where? The management web interface or command-line?

##  Please file an SR, as this might require a repro setup and time invested. Also SR will guarantee proper prioritization for opening an RFE/bug in case. Thanks!

    2. On the manual, it says if userPrincipalName is used, the Base DN should be left blank. However, during all my testing, if I leave it blank, the Step2b won't go through and it can't add to domain. Is it documentation error or some problem in AD?

## IIRC this is a bug we fixed later on, thanks for pointing this out.

    3. For using userPrincipalName and one domain users are added, how to add other domain users after the initial setup is done? How and where? The management web interface or command-line?

## You should go to the connector admin console at https://yourconnectorhostname.domain.com  (will redirect to :8443/hc/admin then). There you can find the directory sync section. See the docs for this.

    4. From my testing, after initial setup, the login always failed with "The user could not be authenticaed" error message. Even I use the AD user with Domain Admin privilege set it Step2b, it still failed. Finally I found that I need to add @full-domain-name for the Username field. Nowhere in the manual mentions that.

## And that shouldn't be necessary indeed. Please open an SR with us and we'll further look into this, thanks in advance.

    5. I may not be so good in AD nor our Windows administrator. We don't quite understand the difference fro CN or OU in AD. For the new install AD, the default location for users is in Users folder. When I tried "cn=edward,ou=Users,dc=lab,dc=local", and it didn't take it until I replaced it with cn=Users. I suggest the documentation should mention this and shouldn't assume all users know the LDAP syntax very well.

## Unfortunately that has to be an assumption we can't avoid. The AD/LDAP topic is very very wide, and together with the tutorials and good free documentation online, we can't prioritize such -interesting I admit- insight. I'll make sure to let engineering be aware of such request, and we'll see what we can do though, thanks for pointing this out.

    6. The users and groups information is pulled out from AD during initial setup. Any add/remove user operation happens afterwards can't be seen on Horizon Data management interface. Even the sync scheduling in Step 2f is set to hourly, it is still no update from AD side after half day. Nowhere to force sync immediately and no documentation mentions how to do so. The Step 2f also offers "Manual sync" option, but again how and where to do so?

##  If you go to the connector as said in 3, if you go to directory sync->edit rules->next ... next will do. And yes, it's true we don't have it documented, I'll open a bug on this to make it clearer, thanks.

C. Policy & Quota

    1. The whole quota and policy seems to be controlled by COS. The minimum retention after file is deleted is 1 month. It would waste a lot of space if minimum is 1 month. Another other shorter option and how?

## "Trashed File Lifetime Value" in the CoS should do? It should be in the docs, but let me know if not and I'll open a bug against docs.

    2. Where to control the number of version to keep? We can't keep infinite versions if the file is changing all the time.

##  Generally speaking, the most useful settings can be changed via admin GUI, some others not or not yet. In this case the only way would be to rely on the CLI. So for example to change the setting for the whole COS:

# connect via ssh to any data-va, then:

su - zimbra

zmprov mc '<COSNAME>' hzndataDocumentMaxRevisions <newValue> # to change the value

zmprov fc -a all # to flush all caches on every data-node to avoid waiting the 15m delay (worst case) for this to happen.

I already have a feature request open to get this exposed in the GUI, thanks.

    3. From an administrator, how to take ownership or view terminated user data? How to reassign it to other users?

## It can't be done at the moment from the admin console.   What would be the use cases here? Please open an SR with some more details, we might open another feature  request for this.

    4. For litigation requirement, what is the requirement and detail steps to have a total image (5 VMs) restore to certain point in time, say 5 months ago or 2 years ago?

## Please follow our backup doc found here: https://www.vmware.com/support/pubs/horizon-workspace-pubs.html Also note, it's a prerequirement having experience with vSphere, as you'll see. Eventually if in trouble during such process, please file an SR with us.

    5. How the quota is counted? For example user A shares folder to user B and user B adds a lot of data into the folder. Will it be counted in user A or B's quota? If the user B is external, how the quota works? What about the folder is re-shared from user B to user C?

##  At the moment, quota counted against sharer's account only. We are in the process of evaluating whether to go with a distributed quota in such cases, or not.

D. Entitlement

    1. How does the licensed entitlement count? By users in AD or in the imported list in Horizon Data? or by the users entitled to use Data function?

    2. How about the license count if the entitlement is given to a group in Horizon Data?

## Have you read our licensing KB? Please contact your sales rep if still in doubt, thanks! http://knova-prod-kcc-vip.vmware.com:8080/contactcenter/php/search.do?language=en_US&cmd=displayKC&e...

    3. How about the license count for external users?

##  External users are not counted, they can be as many as you need.

E. Architecture

    1. In the document "VMware Horizon Workspace REFERENCE ARCHITECTURE" from public VMware site, it shows very good pictures and the suggested layout to support 2000 users. But, it requires multiple service-va, connector-va, gateway-va and data-va. Great, but how? No document mentioned how to expand the landscape of pre-install 5 VMs.

## It's in our docs, see before. Or use the search function and look for "addvm" here: http://pubs.vmware.com/horizon-workspace-10/topic/com.vmware.hs-administrator.doc_10/GUID-1039E747-8...

From the user experience perspective, the Horizon Data function 100% perfectly meets our needs, and acts just like most cloud storage providers. However, the setup and administration function, and even available documents really worry us and prevent deploying it global or using it for production. I followed the recommendation from weinstein5 for available documents, but none of them can give us clear answer for those questions. Actually I've gone through those documents before submitting the thread. I am looking forward to VMware to provide more and better documentation for this product.

## Everything can be improved, but I believe that some questions should have been covered already by the online docs. Would you be able to specifically list all the docs (please copy/paste the direct urls) that you read? Thanks!

Thank you for providing such detail answers for my questions. Please see my comment and below.

A. Storage

1. What's the relationship of 9 vmdk files and zimbra file systems. From the naming suggested, it seems to be store, db, index, redolog, log, backup, and data. Which is mapped to which?

1. As the VMDK names are not known to the guest OS and viceversa, the devices found in /etc/fstab can be matched against the pvdisplay, lvdisplay outputs. The exact VMDK file name is a bit trickier, as it involves inspecting the VM entity, which can be done by using the https://vcenterFQDN/mob facility. Automation of such can be done via Perl or PowerCLI. Let me get back at you about this, for the moment the disk sizes are usable to match what's with what, and the output of lvdisplay (by default, every pv is owning a lv only so it's easy).

Edward: Thank you for those commands. It gives me better idea about the mapping. If we add more vmdk files and run through the provided script, will they be all for data only?

2. If I need to add more space and choose to extend existing vmdk files, which one I should I extend? Is it supported? The manual mentions adding more vmdk files to data VM, but how many and size? There is no guideline available. It won't be practical to add 10 or 20 10GB files and add another 20 or 50 later. Is adding more vmdk files the only way except NFS mount?

1. NFS is the recommended way for a wealth of reasons. The VMDK increase amount should be done according to usage expectations and projections based on the current comsumption ratio. Furthermore, we are finalizing docs on sizing that will suit you regarding scaling/sizing. About the manual not telling how to extend the space, it actually should be there, but it's only for the store/ mountpoint, as we expect growth to be happening there only, since sizing of the other mount points was done conservatively and therefore if you get close to filling those mountpoints, it's already due time to add another data-va and spread users, since e.g. db/ and index/ in particular are directly proportioned to overall VM load.

Edward: Will it be the correct assumption that the allocated db, index, redolog, log file systems have been optimized and fixed size, and only data store will be added? If db, index, log file systems is close to full, does it mean to be the right time to set up another data VM?

3. When adding space, which method is best practice? adding vmdk files or NFS? What's the benefit comparison?

1. See 2.), NFS should be preferred. Backing up would be easier, you can rely on SAN snapshot for the files there, it's more agile than having a whole bundle of VMDKs with the VM, etc etc.

Edward: Thank you for the important hint. Since last Friday, we started testing the NFS method and got the following problem below.

4. (New) When adding NFS space, I got "Error occurred: directory does not exist or is not writable: /opt/zimbra/storeXX zmvolume failed at ./mount-nfs-store.pl line49." I did test that the NFS can be mounted by root user and read/write without problem. I also reinstalled the lab environment more than 3 times and still got the same error. Is it a known bug or I should open a SR for it?

B. Active directory

1. During initial setup through wizard, the manual says to use sAMAccountName for single-domain AD or userPrincipalName for multiple-domain AD. For most companies, it is single-domain initially or in testing environment, and multiple-domain in the long run. Can we change it afterwards? How and where? The management web interface or command-line?

1. Please file an SR, as this might require a repro setup and time invested. Also SR will guarantee proper prioritization for opening an RFE/bug in case. Thanks!

Edward: Thank you for the comment.

2. On the manual, it says if userPrincipalName is used, the Base DN should be left blank. However, during all my testing, if I leave it blank, the Step2b won't go through and it can't add to domain. Is it documentation error or some problem in AD?

1. IIRC this is a bug we fixed later on, thanks for pointing this out.

Edward: Thank you.

3. For using userPrincipalName and one domain users are added, how to add other domain users after the initial setup is done? How and where? The management web interface or command-line?

1. You should go to the connector admin console at https://yourconnectorhostname.domain.com (will redirect to :8443/hc/admin then). There you can find the directory sync section. See the docs for this.

Edward: I tested it many times and got the same answer from other thread. I've even reinstalled the lab environment several times and it's still not working. Finally I found the root cause. The https://CONNECTOR/hc/admin or https://CONNECTOR:8443/hc/admin does NOT work on WindowsXP/IE8. However, it works on Windows7/IE8, Windows7/IE9 or WindowsXP/FireFox. We still have more than 60% desktops or laptops on WindowsXP. Unfortunately my 3 machines are WindowsXP with IE8 only. That's why I can't get in. The interesting thing is WindowsXP/IE8 works fine with configurator, workspace user, workspace admin web interfaces. I don't think it is mentioned in VMware document.

4. From my testing, after initial setup, the login always failed with "The user could not be authenticaed" error message. Even I use the AD user with Domain Admin privilege set it Step2b, it still failed. Finally I found that I need to add @full-domain-name for the Username field. Nowhere in the manual mentions that.

1. And that shouldn't be necessary indeed. Please open an SR with us and we'll further look into this, thanks in advance.

Edward: Through my testing, if sAMAccountName search method is chosen, you don't have to put @full-domain-name for the username. If userPrincipalName is being used, @full-domain-name must be added to distinguish which domain user is logging in. It seems to make sense now.

5. I may not be so good in AD nor our Windows administrator. We don't quite understand the difference fro CN or OU in AD. For the new install AD, the default location for users is in Users folder. When I tried "cn=edward,ou=Users,dc=lab,dc=local", and it didn't take it until I replaced it with cn=Users. I suggest the documentation should mention this and shouldn't assume all users know the LDAP syntax very well.

1. Unfortunately that has to be an assumption we can't avoid. The AD/LDAP topic is very very wide, and together with the tutorials and good free documentation online, we can't prioritize such -interesting I admit- insight. I'll make sure to let engineering be aware of such request, and we'll see what we can do though, thanks for pointing this out.

Edward: I understand AD/LDAP topic is very wide. My expectation is that it should be something similar to when you add a Windows server to domain, only domain name and a username with domain admin privilege are required. We don't need know the full LDAP path of the specific user. If you can talk to the developer, please forward the request.

6. The users and groups information is pulled out from AD during initial setup. Any add/remove user operation happens afterwards can't be seen on Horizon Data management interface. Even the sync scheduling in Step 2f is set to hourly, it is still no update from AD side after half day. Nowhere to force sync immediately and no documentation mentions how to do so. The Step 2f also offers "Manual sync" option, but again how and where to do so?

1. If you go to the connector as said in 3, if you go to directory sync->edit rules->next ... next will do. And yes, it's true we don't have it documented, I'll open a bug on this to make it clearer, thanks.

Edward: Thanks. After I use Windows7/IE8 or IE9, I can see the setting and sync successfully. Yes, please add the topic into the manual.

C. Policy & Quota

1. The whole quota and policy seems to be controlled by COS. The minimum retention after file is deleted is 1 month. It would waste a lot of space if minimum is 1 month. Another other shorter option and how?

1. "Trashed File Lifetime Value" in the CoS should do? It should be in the docs, but let me know if not and I'll open a bug against docs.

Edward: The only available choices are 1 month, 3 months, 6 months and 12 months. Because it is a pull-down menu, nowhere to specify any time shorter or other option. It doesn't seem to be a documentation issue. Would you please let developer know about this?

2. Where to control the number of version to keep? We can't keep infinite versions if the file is changing all the time.

1. Generally speaking, the most useful settings can be changed via admin GUI, some others not or not yet. In this case the only way would be to rely on the CLI. So for example to change the setting for the whole COS:

1. connect via ssh to any data-va, then:

su - zimbra

zmprov mc ' # to change the value

zmprov fc -a all # to flush all caches on every data-node to avoid waiting the 15m delay (worst case) for this to happen.

I already have a feature request open to get this exposed in the GUI, thanks.

Edward: Thank you. So the command will change all existing files bound to the CoS, right? I think it is the same important factor as "Trashed file lifetime value". Please consider to add it to admin GUI.

3. From an administrator, how to take ownership or view terminated user data? How to reassign it to other users?

1. It can't be done at the moment from the admin console. What would be the use cases here? Please open an SR with some more details, we might open another feature request for this.

Edward: If the idea of Horizon Data works, I believe a lot of companies will consider to use it for file server function or at least user's home directory. If it is the case, we need to consider the existing data for terminated employee. The direct manager needs to have access to that user's data. IT person needs to have a way to reassign the owner & quota for the existing data. Currently I believe resetting user's AD password and share data with manager or teammate. Is any other better way to handle it?

4. For litigation requirement, what is the requirement and detail steps to have a total image (5 VMs) restore to certain point in time, say 5 months ago or 2 years ago?

1. Please follow our backup doc found here: https://www.vmware.com/support/pubs/horizon-workspace-pubs.html Also note, it's a prerequirement having experience with vSphere, as you'll see. Eventually if in trouble during such process, please file an SR with us.

Edward: I went through the manual "Horizon Workspace Backup Data Best Practices" from the link above. It seems to be very high level of steps for backup & restore and it also mentioned "Postgres database". Since the vApp is a product from VMware, there should be a tool or utility to handle all required components. I suggest to have a more detail step-by-step procedure for customer to follow.

5. How the quota is counted? For example user A shares folder to user B and user B adds a lot of data into the folder. Will it be counted in user A or B's quota? If the user B is external, how the quota works? What about the folder is re-shared from user B to user C?

1. At the moment, quota counted against sharer's account only. We are in the process of evaluating whether to go with a distributed quota in such cases, or not.

Edward: Thank you for the information.

D. Entitlement

1. How does the licensed entitlement count? By users in AD or in the imported list in Horizon Data? or by the users entitled to use Data function?

2. How about the license count if the entitlement is given to a group in Horizon Data?

1. Have you read our licensing KB? Please contact your sales rep if still in doubt, thanks! http://knova-prod-kcc-vip.vmware.com:8080/contactcenter/php/search.do?language=en_US&cmd=displayKC&e...

Edward: The link you provided seems to be in VMware internal website. The external link is http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=204297... . Yes, I read through. My question is the "Named user". Does it mean all observed users through AD sync? or entitled to use Data function? I will meet the sales rep this week to find out more too.

3. How about the license count for external users?

1. External users are not counted, they can be as many as you need.

Edward: Thank you for the information.

E. Architecture

1. In the document "VMware Horizon Workspace REFERENCE ARCHITECTURE" from public VMware site, it shows very good pictures and the suggested layout to support 2000 users. But, it requires multiple service-va, connector-va, gateway-va and data-va. Great, but how? No document mentioned how to expand the landscape of pre-install 5 VMs.

1. It's in our docs, see before. Or use the search function and look for "addvm" here: http://pubs.vmware.com/horizon-workspace-10/topic/com.vmware.hs-administrator.doc_10/GUID-1039E747-8...

Edward: My apology. I overlooked the topic in the manual. Yes, you are right. It is in the "Advanced Configuration for Horizon Workspace Virtual Machines" section of installation guide.

From the user experience perspective, the Horizon Data function 100% perfectly meets our needs, and acts just like most cloud storage providers. However, the setup and administration function, and even available documents really worry us and prevent deploying it global or using it for production. I followed the recommendation from weinstein5 for available documents, but none of them can give us clear answer for those questions. Actually I've gone through those documents before submitting the thread. I am looking forward to VMware to provide more and better documentation for this product.

1. Everything can be improved, but I believe that some questions should have been covered already by the online docs. Would you be able to specifically list all the docs (please copy/paste the direct urls) that you read? Thanks!

Edward: You've answered most of my questions. Thank you very much for your help. The document I went through is the same as you listed above https://www.vmware.com/support/pubs/horizon-workspace-pubs.html . I expect to see more frequent-used topics added into the documentation.

mgolfieri -06/14/2013 07:57:34 AM-mgolfieri created the discussion "Manual or documen

From:

mgolfieri <communities-emailer@vmware.com>

To:

echuang <edward_chuang@diodes.com>,

Date:

06/14/2013 07:57 AM

Subject:

New message: "Manual or documentation"

Hey Edward, no problem, it's good to get feedbacks, and it's great  at the same time to see the development team to be so proactive in trying to commit into code the community's feature requests and bugs found, they are doing an incredible job! So keep them coming 🙂

A. Storage

    1. Edward: Thank you for those commands. It gives me better idea about the mapping. If we add more vmdk files and run through the provided script, will they be all for data only?

    Marcello: yes

    2. Edward: Will it be the correct assumption that the allocated db, index, redolog, log file systems have been optimized and fixed size, and only data store will be added? If db, index, log file systems is close to full, does it mean to be the right time to set up another data VM?

    Marcello: yes, and eventually moving accounts to another one too if overallocation was done initially and new data-va creation got delayed enough.

    3. Edward: Thank you for the important hint. Since last Friday, we started testing the NFS method and got the following problem below. When adding NFS space, I got "Error occurred: directory does not exist or is not writable: /opt/zimbra/storeXX zmvolume failed at ./mount-nfs-store.pl line49." I did test that the NFS can be mounted by root user and read/write without problem. I also reinstalled the lab environment more than 3 times and still got the same error. Is it a known bug or I should open a SR for it?

    Marcello: I saw this issue before, it's always due to NFS server permission settings. This error might be misleading. I'll update engineering on prettifying this error, thanks Edward.

B. Active directory

    3.Edward: I tested it many times and got the same answer from other thread. I've even reinstalled the lab environment several times and it's still not working. Finally I found the root cause. The https://CONNECTOR/hc/admin or https://CONNECTOR:8443/hc/admin does NOT work on WindowsXP/IE8. However, it works on Windows7/IE8, Windows7/IE9 or WindowsXP/FireFox. We still have more than 60% desktops or laptops on WindowsXP. Unfortunately my 3 machines are WindowsXP with IE8 only. That's why I can't get in. The interesting thing is WindowsXP/IE8 works fine with configurator, workspace user, workspace admin web interfaces. I don't think it is mentioned in VMware document.

     Marcello: is it XP SP3? If not that might be it. We support IE 8 and XP sp3, so if confirmed I'll open a bug.

    4. Edward: Through my testing, if sAMAccountName search method is chosen, you don't have to put @full-domain-name for the username. If userPrincipalName is being used, @full-domain-name must be added to distinguish which domain user is logging in. It seems to make sense now.

    5. Edward: I understand AD/LDAP topic is very wide. My expectation is that it should be something similar to when you add a Windows server to domain, only domain name and a username with domain admin privilege are required. We don't need know the full LDAP path of the specific user. If you can talk to the developer, please forward the request.

    Marcello: I'll see what I can do here, thanks for the feedback Edward.

    6. Edward: Thanks. After I use Windows7/IE8 or IE9, I can see the setting and sync successfully. Yes, please add the topic into the manual.

    Marcello: I already filed a Feature request, to get manual sync with one-click.

C. Policy & Quota

    1. Edward: The only available choices are 1 month, 3 months, 6 months and 12 months. Because it is a pull-down menu, nowhere to specify any time shorter or other option. It doesn't seem to be a documentation issue. Would you please let developer know about this?

    Marcello: Good one Edward, opened a feature request.

    2. Edward: Thank you. So the command will change all existing files bound to the CoS, right? I think it is the same important factor as "Trashed file lifetime value". Please consider to add it to admin GUI.

    Marcello: Exactly. And as said having it in the GUI is already filed as feature request.

    3. Edward: If the idea of Horizon Data works, I believe a lot of companies will consider to use it for file server function or at least user's home directory. If it is the case, we need to consider the existing data for terminated employee. The direct manager needs to have access to that user's data. IT person needs to have a way to reassign the owner & quota for the existing data. Currently I believe resetting user's AD password and share data with manager or teammate. Is any other better way to handle it?

    Marcello: I agree, opened a feature request for this one too. We had something filed already, but I coulnd't find it right away. And yes, for the moment that's the only option, at least until now. Future releases are addressing this in some other manner, stay tuned as I cannot disclose more.

    4. Edward: I went through the manual "Horizon Workspace Backup Data Best Practices" from the link above. It seems to be very high level of steps for backup & restore and it also mentioned "Postgres database". Since the vApp is a product from VMware, there should be a tool or utility to handle all required components. I suggest to have a more detail step-by-step procedure for customer to follow.

    Marcello: The in-app tool for backing up is something we are actually delegating to the vsphere environment, as Horizon is a vApp for this very reason. Delegating the task to tools customers already use for the rest of their environment. What I'll do though is indeed asking to improve with further details our current backup/restore document.

D. Entitlement

    1. How does the licensed entitlement count? By users in AD or in the imported list in Horizon Data? or by the users entitled to use Data function?

    2. Edward: The link you provided seems to be in VMware internal website. The external link is http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=204297... . Yes, I read through. My question is the "Named user". Does it mean all observed users through AD sync? or entitled to use Data function? I will meet the sales rep this week to find out more too.

    Marcello: Let me inquiry internally on this. At the same time, should you get some better info from the sales rep, please report back here as well, thanks tons Edward!

Marcello, thank you. Most questions are answered. Here are some left.

A. Storage

3. Edward: Thank you for the important hint. Since last Friday, we started testing the NFS method and got the following problem below. When adding NFS space, I got "Error occurred: directory does not exist or is not writable: /opt/zimbra/storeXX zmvolume failed at ./mount-nfs-store.pl line49." I did test that the NFS can be mounted by root user and read/write without problem. I also reinstalled the lab environment more than 3 times and still got the same error. Is it a known bug or I should open a SR for it?

Marcello: I saw this issue before, it's always due to NFS server permission settings. This error might be misleading. I'll update engineering on prettifying this error, thanks Edward.

Edward: Could you explain more about the NFS server permission setting? I tried several NFS attributes on NFS server and still not working. I saw someone posted exact same problem as I have http://communities.vmware.com/thread/438397?tstart=0 . It shows the question has been answered, but actually it's not. Someone suggests to change ownership of the mount point / folder to zimbra. However, every time you run the mount-nfs-store.pl script, it creates a new storeXX mount point. You can't change or prepare the mount point before running it. And also, if I tried to change ownership to zimbra after the failure, the zmvolume still won't recognize the new file system. I didn't find any other good hint. Should I open a SR for it?

B. Active directory

3.Edward: I tested it many times and got the same answer from other thread. I've even reinstalled the lab environment several times and it's still not working. Finally I found the root cause. The https://CONNECTOR/hc/admin or https://CONNECTOR:8443/hc/admin does NOT work on WindowsXP/IE8. However, it works on Windows7/IE8, Windows7/IE9 or WindowsXP/FireFox. We still have more than 60% desktops or laptops on WindowsXP. Unfortunately my 3 machines are WindowsXP with IE8 only. That's why I can't get in. The interesting thing is WindowsXP/IE8 works fine with configurator, workspace user, workspace admin web interfaces. I don't think it is mentioned in VMware document.

Marcello: is it XP SP3? If not that might be it. We support IE 8 and XP sp3, so if confirmed I'll open a bug.

Edward: Yes, it is XP SP3. The strange thing is the FireFox works on the same machine, but not the IE8. I guess it shouldn't be related to SP3.

C. Policy & Quota

4. Edward: I went through the manual "Horizon Workspace Backup Data Best Practices" from the link above. It seems to be very high level of steps for backup & restore and it also mentioned "Postgres database". Since the vApp is a product from VMware, there should be a tool or utility to handle all required components. I suggest to have a more detail step-by-step procedure for customer to follow.

Marcello: The in-app tool for backing up is something we are actually delegating to the vsphere environment, as Horizon is a vApp for this very reason. Delegating the task to tools customers already use for the rest of their environment. What I'll do though is indeed asking to improve with further details our current backup/restore document.

Edward: For the Postgres database, is it the one being used in data-va? If yes, I'm not sure what other component of vSphere is using it. Because it is a database, there should be something or steps to quiesce database activity before taking a snapshot on VM to guarantee data integrity. I'm looking forward to a document for the detail steps.

5. (New) How is the I/O behavior for Horizon Workspace utility, a.k.a. the tool integrated into Windows Explorer for easier file transfer? How the file is counted as one version? The reason I am asking is that if the user sets the Outlook pst file or Notes nsf file to the Horizon folder, the file is open and keeps updating. Will it become numerous versions or only one when the file is closed?

D. Entitlement

1. How does the licensed entitlement count? By users in AD or in the imported list in Horizon Data? or by the users entitled to use Data function?

2. Edward: The link you provided seems to be in VMware internal website. The external link is http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=204297... . Yes, I read through. My question is the "Named user". Does it mean all observed users through AD sync? or entitled to use Data function? I will meet the sales rep this week to find out more too.

Marcello: Let me inquiry internally on this. At the same time, should you get some better info from the sales rep, please report back here as well, thanks tons Edward!

Edward: I will. Thank you.

mgolfieri -06/19/2013 05:51:13 AM-mgolfieri created the discussion "Manual or documen

From:

mgolfieri <communities-emailer@vmware.com>

To:

echuang <edward_chuang@diodes.com>,

Date:

06/19/2013 05:51 AM

Subject:

New message: "Manual or documentation"

Hey Edward,

apologies for the delay, I'm on vacation time now, but at times I try to catch up for a few hours.  So:

A3.  I had the same error, the issue was fixed by chmod ding the server-side folder perms. Same thing happened to a customer of hours, he said his NFS win2008 export had server-side issues with permissions, but he never followed up explaining which in detail. Anyhow, re: nfs on linux, here's how I created one for my lab, just FYI:

root@zcs7-multi-ldap:~# aptitude install nfs-kernel-server nfs-common portmap
root@zcs7-multi-ldap:~# mkdir /var/nfs
root@zcs7-multi-ldap:~# chown nobody:nogroup /var/nfs

root@zcs7-multi-ldap:~# mkdir /var/nfs/hdata /var/nfs/hdata2 /var/nfs/hdata-1

root@zcs7-multi-ldap:~# chmod a+w -R /var/nfs
root@zcs7-multi-ldap:~# chown -R nobody:nogroup /var/nfs
root@zcs7-multi-ldap:~# vi /etc/exports
root@zcs7-multi-ldap:~# grep -v '^#' /etc/exports
/var/nfs/hdata 192.168.254.104(rw,sync,no_subtree_check)
/var/nfs/hdata2 192.168.254.106(rw,sync,no_subtree_check)
/var/nfs/hdata-1 192.168.254.106(rw,sync,no_subtree_check)
root@zcs7-multi-ldap:~# exportfs -a

B3. Just got word, engineering spotted the issue, and it'll be fixed in our next release, thanks for the heads up Edward.

C4.  The data-va uses mysql for metadatas.  In any case both databases are on VMs having vmware tools installed, and any vsphere backup solution from third parties command the quiescing via the tools when backing up for consistency.  About the better docs, as mentioned the detailed steps are to be found in the 3rd party backup software docs and support, since backing up Horizon is actually like backing up a normal vapp, and the extra steps is just to take a point in time backup of the NFS data-va volumes (if any) and the external postgresql (again, if not internal) at the same time the vapp is being saved.  Still, we are collecting user experiences on this according to the tools our customers use to backup, and we'll potentially think on writing more detailed docs with certain vendors when we'll see users requests are sufficiently high. Thanks for the feedback on this Edward.

C5.  Applications never install constantly fed files on directories outside the usuals Windows reserves for such (appdata, %TEMP%, etc). But at worst, in case anybody would manually do that, the setting re: limiting the versions on file would prevent such situation. And yes, for the moment there is a new copy every version made. Generally speaking it's however absolutely recommended that administrators enforce that files in horizon folder to be static (and we never had a single feedback so far were users would have by the way).

Back to vacation Edward, I'll talk to you soon! Ciao and thanks!

Marcello

Hi, Marcello,

I am taking vacation for 2 weeks now. I will follow your suggestion to do more testing, and get back to you in the week of 7/15.

Thanks,

Edward

mgolfieri -06/25/2013 08:45:54 AM-mgolfieri created the discussion "Manual or documen

sure thing, luck you by the way... 🙂