Re: Single desktop pool / OU - different pcoip tun...

NSITPS · ‎04-10-2013

Single desktop pool / OU spanning many sites which require different pcoip tuning parameters through group policy.

How are people dealing with this without having to have separate pools / OUs for the different sites?

Can pcoip computer policy be looped back onto the desktops if the policy is applied to an OU which contains the users from the different sites?

dvhorvath · ‎04-10-2013

No idea whether this would actually work in the real world or not, but it might be worth looking into. I've read that with Horizon View 5.2, changes to the PCoIP tuning settings don't require a logoff and logon like they used to. And all of those settings are stored in the registry. So, it might be possible to use a login script on the View desktops to check the Volatile Environment section of the HKCU hive, and modify the PCoIP settings in the registry based on the client information gleaned from the Volatile Environment stuff. That would allow you to customize the PCoIP tuning settings based on the location of the client computer, but it would be done via login script rather than through GPO settings applied to the View desktops. If nothing else seems promising, it might at least be worth trying.

ericblc2 · ‎04-10-2013

I'm very interested in this conversation.

We have 200 branches with 3mb ADSL links and corporate building with GIG links. I can assign the branch users to a pool that has a GPO that limits bandwidth and corpo users to another pool without limits and still cannot make sure that corpo user will not login from a branch and use all bandwidth.

In real life it's sites that have bandwidth limits... not pools or users ....so it seems like View is missing some features that would make sense for this problem.

We tried to create a solution with the teradici console applying configuration (and bandwidth limits) to zero clients based on ip subnets but the Teradici controls only allow control of the outgoing traffic (from the zero client perspective) so it was no go. We opened a case with Teradici and they confirmed that there was now perfect solution for the problem I wanted to solve.

I too will look into 5.2 capabilities to change parameters "on the fly" but I have read that currently only a few parameters are actually implemented that way . Bandwidth limit is not one of them. Max frame rate is.

As for your loopback policy question. What you are describing sounds like a user GPO that is looped back on a computer... which is the opposite of what loopback processing does (when using loopback processing it is the computer policy that is looped back on the user ).

NSITPS · ‎04-11-2013

Thanks for the input guys.

Has any had any success with this? -- http://vkilt.wordpress.com/2012/03/12/tuning-pcoip-by-group-membership/

dvhorvath · ‎04-11-2013

That's definitely an interesting situation. I wonder if you could make use of server and pool tags in this situation. If all of the branch offices are connecting through security servers, and the corporate users are connecting directly through connection servers, you may be able to get away with tagging the connection servers linked to security servers as Branch, and the internal-only connection servers at the corporate office as Corporate. Then, you could have different pools for the branch and corporate users, and be sure that the corporate users couldn't visit a branch office and consume all the bandwidth. Obviously, they'd need to be entitled to both pools, and you'd want to use something like Persona Management to make it look seamless. Just throwing out ideas here, since I don't really know your environment. But I'd be interested to hear if this might help the situation.

dvhorvath · ‎04-11-2013

That's a really interesting idea, but I wonder if you need to even go that far with it. Might it be possible to have multiple GPOs attached to the OU with your View computers in it, and use security filtering to only allow certain groups to apply them? You might have to experiment with loopback processing and whether the GPO would have to be applied to the user or computer OU, but it might be possible to use security filtering to limit the settings to a select user group that way. That setting is on the Scope tab for the GPO.

ericblc2 · ‎04-11-2013

dvhorvath wrote:
. If all of the branch offices are connecting through security servers, and the corporate users are connecting directly through connection servers, you may be able to get away with tagging the connection servers linked to security servers as Branch, and the internal-only connection servers at the corporate office as Corporate.

You just planted the seed for a solution to my problem . Using different connection servers (pods) for client from different sites would indeed allow us to reconfigure the pools with different bandwidth limits. The Corpo pod woud present the branch and corpo pools without limits. The Branch pod would present the branch and corpo pools with limits. The F5 would assign clients to pods according to source ip. Bingo.

The problem I am describing is theorical though. Although it is true that a person with unlimited bandwidth could use all the branch bandwidth our testing has demonstrated that normal use of 10 zero clients over one of ou 3mb adsl link did not cause any real issue. Everythng was fluid (while using office, IE, and line of business applications... no extreme videos or 3D in our use case). We even pushed our luck with a couple of youtube sessions and it did no affect performance for others (mainly because non-video work uses so little bandwidth anyways).

Thanks.

NSITPS · ‎04-12-2013

So in this scenario you still have separate OUs for the branch / corp desktops.. IE.. To have different pocip settings for branch or corp….

All

Single desktop pool / OU - different pcoip tuning parameters?