Cloud Pod Architecture

Hello

We are running Horizon view 6.0.1 on both sites using cloud Pod Architecture (CPS), which means a Horizon view Pod with two connection to the server per site. We use desktop full Clone with dedicated missions and now we have identified the need to assign a specific office for a specific user. This can easily be done using the Pod via the office made rights a right click and select assign to users.

We are only using the global rights to enjoy the meaning of CPA, we cannot right click on the desktop and select Assign User user since the user doesn't have a local right Pod.

Is it possible to assign the user to a specific office in the overall use of rights?

Thank you.

I have not tried to confirm it would definitely work, but I don't see why it wouldn't work if you are comfortable using the command line.  On one of the brokers on the pod where the Office was created, use the command (with names appropriate for pool, machine, and user):

vdmadmin-L dtpool1 d m u CORP\Jo computer2

The documentation of Administration for Horizon view provides more details on this.

Tags: VMware

Similar Questions

  • See Security servers in a cloud Pod Architecture

    Hi all

    Maybe someone can help me clarifing a gray area in a Pod Architecture cloud.

    I know that if I have POD - A SITE - a and B - POD in SITE B, with overall right I can negotiate an internal user, connecting from SITE-a to a virtual office in the SITE-B.

    Is the same thing applies when users connect from the internet? I have a security for A SITE server and one for the SITE-B, can I assume that a user who connects to the internet via the SITE-can be integrated in a virtual office in the SITE-B? In other words, is Security Server in the SITE-A capable of digging for connections to virtual desktops from SITE-B?

    Thank you for your help.

    Yes, that's correct. the SS are paried with a CS, but once you have connected to the broker, it can B the WEBSITE Office of channel on the rear channel and present it to the external client site has.

  • Cloud of Pod Architecture and load - single entry Point balancing

    Hello

    I'm looking at our DR put in place for our view environment and Cloud Pod Architecture seems to be the way to go. A question that has popped up and I couldn't get a definitive answer about whether it is possible to use the load balancing of certain aromas to maintain a single point of entry into the environment seen. I would be able to have a connection to the server discovers in A Pod and a login server in View Pod B and then stick a load balancer at the front so that users always connect through load balancing and view.domain.com, they will hit either login server? Would it not possible to use a Windows NLB for that?

    What I want to achieve is to build a second Pod from view in a different geographical location to complete our game existing upward at our headquarters. This new Pod will be alive and actively used instead of a traditional DR implemented whereby all will sit dormant until the sh * t hits the fan. We maintain a single point of entry into the environment and the user gets negotiated at their office floating Linked Clone correct, be it in A Pod or B. Pod

    I hope that makes sense.

    Of the questions let me know.

    Yes, it is definitely possible.

    We currently have a configuration of global namespace for internal and external access.  It appeared linked to a VIP we have on our load balancing programs (Radware currently).  This VIP points to our real servers on both sides.

    Then, we focus on Cloud Pod Architecture configuration dedicated or floating pools.  People can connect and hit one side or both.

    If you leverage GTM or Global Traffic Manager (Smart DNS Round Robin), she may ask the weight or restrictions so when people only struck one side of your data centers until he is not available and then it hits the other side.

    Do not forget that the Volumes of App and RDS Apps are not supported, just virtual offices.

    We currently have two pods between two sites, take advantage of cloud pod and built infrastructure in duplicate for each site to be isolated and independent.

    We focus also on DFS - R on Windows File Services to ensure that the data are replicated and synchronized between the two locations.  Then with the use of DFS Namespace we weight each side sort users to the Site a success files on file to the Site Services and vice versa.

    F5 also has an edition of Big - IP virtual that will work great and deploy GTM, LTM (Load Balancing) and MPA (Access Policy Manager) to work on both internal and external access for you.

  • Problem architecture Cloud POD horizon 6

    Hello

    I set up a Federation Pod in my environment on-prem and joined another POD on another site, made of global rights, added the pool inside and set rights to security groups. I tested it on internal network, everything works fine. I see the pools named as global rights and I can connect as I have it configured the scope of the right. It's simple works. But as soon as I log in from the outside, I also see my rights, but I can't connect to RDP and PCoIP desktop computers. I can connect to it when I log on the servers of security on every site, but not on my pod of Federation on premise. I don't know what's wrong. I got a VPN IPsec tunnel between the two parties without network restrictions. Any idea is welcome.

    regards david

    OK... found my own number. Security servers are located in the demilitarized zone are ofc. not included in the IPSEC tunnel between the internal networks of the two sites.

  • the initialization of the Horizon 6 Pod Cloud architecture, for the first time

    Which references to use to initialize the Federation? This should be a service account or can I use my creds?

    You must have the necessary permissions in the two pods, but you can use your own account - it is only used for the installation of the trust and the credentials are not preserved.

    Key permissions you need:

    * Full administrator on the pod from local to run the command

    * Full administrator on the pod from view remote to set up trusts and enable Federation when you perform a join

    See https://pubs.vmware.com/horizon-view-60/topic/com.vmware.ICbase/PDF/horizon-view-60-cloud-pod-architecture.pdf for more details.

  • See DR with Broker for Replica connections

    We are eager to have some DR in our environment view and thought that if I have a Connection Broker in each of our data centers, one being the "main" and the other being a replica. Whereas in cases or the other sites in descending us would point users to the other Broker pools for the connections and VDI in this DC.

    -What looks like a plausible idea to anyone? Or how everyone does not DR for different domain controllers.

    See you soon

    A.

    Front view 6 having brokers connection across different data centers would not be supported.   Now that view 6 is out you can use the architecture of pod to accomplish a DR form for the environment.

    http://blogs.VMware.com/EUC/2014/04/VMware-horizon-6-introducing-cloud-pod-architecture.html

  • flow of traffic inside and off-host vSphere

    Our security team dislikes the vShield solution, we have in place, and they want to retire-

    Now, I need to understand exactly where the packages are forced out the virtual switch until the physical switch where our security can inspect the packages with its firewall of choice.

    Here's what I know:

    (1) the packets intended for one VLAN different will leave the port of the host group------vswitch via the uplink to the switch upstream vmnic - this allows deep packet inspection

    (2) I can create ports with different VLAN ID groups that rely on the same subnet addressing

    BUT - packages of VMS in port VLAN separate groups which are essentially on the same subnet actually leave the vswitch via the uplink to the physical switch?

    or the vswitch will recognize that the package is on the same subnet, regardless of the different VLAN ID and keep it in the host vswitch?

    Also, if I had to create multiple groups of ports with the same VLAN ID, moving between these port groups automatically packages would send to the switch upstream simply because they are in groups of different ports or will stay within the host vSwitch as the VLAN ID is the same?

    Thanks for help in advance!

    Hello

    Your security team should seriously rethink their thoughts all around security of virtualization. What they offer is a situation "Hairpin", which will treble the bandwidth required to operate a virtual environment. It also does not correctly account internal segmentation of virtual hosts. They need a solution that extends from their physical firewall solution in the virtual environment. I have been asked many times and frankly by using a physical Firewall in a virtual environment is just a horrible solution. It will not work in the cloud and it work well in a virtual environment, I know.

    I have layers of virtual switches within my environment and there is absolutely no physical firewall that can match what I do without resorting to tools that are not actually of security tools. VLANs are these tools actually. Instead I suggest using internal segmentation firewall or virtual firewall. Almost every manufacturer firewall is a virtual version of their firewall and I would go in that direction.

    Please check your security team a usable Secure Hybrid Cloud reference Architecture that extends from firewalls in virtual and cloud environments: Secure Hybrid Cloud Reference Architecture

    In response to your ideas:

    In general the different VLANS can leave the uplink or go to the following top switch, etc. Same VLAN ID implies the vswitch will route between these exchanges. So no, they wouldn't let me. So why you really need to integrate virtual firewalls in your environment.

    This isn't a construction of distributed firewall but place the edges between each of your security zones. There are 3 types of firewall distributed as well.

    The Ark of ref is a little dated, but the concepts have not changed. It is updated even as I write this.

    Let me know if you have any other questions.

    Best regards
    Edward L. Haletky
    VMware communities user moderator, VMware vExpert 2009-2015

    Author of the books ' VMWare ESX and ESXi in the business: Planning Server Virtualization Deployment, Copyright 2011 Pearson Education. ' Of VMware VSphere and Virtual Infrastructure Security: securing the virtual environment ', Copyright 2009 Pearson Education.

    Virtualization and Cloud Security Analyst: The Practice of virtualization, LLC - vSphere Upgrade Saga - virtualization security Table round Podcast

  • vCenter connections - Idle sessions hang out

    Hello

    We use the VI SDK 2.5 to Windows XP SP3 to connect to vCenter to QueryPerf to get data from the perf.

    A specific user account to connect to the vCenter.

    In some cases, we note that there are a few sessions 'dormant' left hanging out.  I see them listed in the console of Administration/Management/Sessions of the vCenter.  I think that these "idle sessions" when the application is connected to vCenter using the API and attempts a "logout" and disconnection fails for some reason any.  It is also possible, I think that, when the application terminates abnormally.  I noticed a case when there is an end to the session "inactive" after 30 minutes of inactivity.

    Is there anyway to make the API using the same session or inform not to create a new session, if it already exists for the user?  Something similar to a SQL Server how "connection pooling"?

    I appreciate any input in this case.

    Concerning

    I hope my blog can help you understand the session management:

    http://www.doublecloud.org/2010/02/the-mythical-sessions-in-vSphere-and-VI/

    http://www.doublecloud.org/2010/01/tips-on-session-management-for-scaling-your-server-applications-to-vSphere/

    Steve JIN

    Author of VMware VI and vSphere SDK (Prentice Hall)

    Open source (VI) vSphere Java APIcreator (tutorial, testimonials, download, samples, Forum)

    Blog: DoubleCloud.ORG ( Top 10 best practices[object model: http://www.doublecloud.org/2010/02/Object-Model-of-VMware-vSphere-API-a-Big-Picture-in-2-minutes/,] [common errors |]) http://www.doublecloud.org/2010/01/31/common-mistakes-using-vmware-vi-and-vsphere-sdk/], Tiny REST API, Cloud Application Architecture)

    Twitter: @sjin2008

  • Don't I already iniciar sesion para poder instalar creative cloud

    Hola! Esta long compre el pack of fotografia y me as soon as I have that descargar el creative cloud, cuando empiezo a hacer the descarga me States that sell a cartel: "Creative Cloud installer never realize cambios. Enter su contrasena para esta Operación please' acto siguiente, pongo mi contrasena Adobe ID is not me her toma, the cambie, reset the (Macbook pro) computadora y no results. That hago?
    Gracias!

    During installation, you must enter your password computer

  • Try to read the flow front of cloud in the share pod

    I am developing a Flash project to be loaded in a sharing module in Acrobat Connect Pro to play the live stream via Amazon Cloudfront in AC. I have a project developed in Flash Builder using the sdk Flex 4.1 4.6 and OSMF.swc 1.5, tagetting Flash Player 10.1. The best I could do is to read the flow locally in Flash Player, but not when the SWF is loaded into Acrobat Connect Pro. I also played with success a f4m stream hosted by Adobe when the player IS loaded into Acrobat Connect Pro. This flow is, in my view, a video on demand, and not a live stream (the url is http://mediapm.edgesuite.net/osmf/content/test/manifest-files/dynamic_Streaming.f4m).

    Any suggestions are welcome.

    The code for this project is:

    package

    {

    Import flash.display.Sprite;

    Import org.osmf.media.MediaPlayerSprite;

    Import org.osmf.media.URLResource;

    [SWF(width ='680', height ='382', backgroundColor =' #000000 ', frameRate ="30"")]

    public class OSMF extends Sprite

    {

    private var mps:MediaPlayerSprite;

    private track from the var : Sprite;

    private var classes: Sprite;

    public function OSMF()

    {

    init();

    }

    private Function init():void

    {

    MPS = new MediaPlayerSprite();

    addChild (mps);

    / / data flows before cloud that plays locally in flash player, but not when loaded in AC:

    MPS.resource = new URLResource ([URL of feed cloudfront]);

    / / no cloud before the VOD stream that plays when you load in AC:

    //mps.resource = new URLResource ("http://mediapm.edgesuite.net/osmf/content/test/manifest-files/dynamic_Streaming.f4m");

    }

    }

    }

    Acrobat Connect Pro is based on the Flex 3 SDK kit. 5b. Some of the features in your code are more recent than connect. So, when you load your SWF for the module sharing, Flash player is unable to read some features because they are more recent than the SDK to load Swf (3. 5 b to Connect). However when you run it locally run you as a standalone application in Flex 4.

  • App Store, Architecture of Plugin, legal, etc.

    Hello

    We have two or three question about what is allowed by the policies of Apple.

    We intend to build application 'customer base' which will target devices mobile apple. This customer base should contain all the logic basis for access to specific material on the devices, communication skills, features common etc... and it will be published in your App Store. Basic customer contain no business logic.

    This customer base should take advantage of the plugin architecture in order to have a business running logic. This business logic will be very very light, because all the real logic is on our cloud services and/or site.

    The idea is therefore to build the customer base is solid, which should be used by our customers and the function or the project, customer base must download appropriate to our server plugin.

    IMPORTANT: These plugins will contain ONLY LIGHT BUSINESS LOGIC, AND user interface that requires NO physical resources and features, other than permitted by basic client app.

    The idea behind it is to shorten our efforts to develop, fix, put our demand of our customers.

    This type of architecture is allowed by the policies of Apple?

    Kind regards

    Hello Rony8620,

    You only asked a question--nd the answer is a firm no.

  • CRM 2011 in the cloud to develop

    I've used CRM 4 on customer servers but you now have a customer who wants 2011 CRM in the cloud.

    I need to access a 2011 CRM in the cloud so that I can start the customization for the client.  I also need to experience what I can learn the updates of CRM 4 2011.

    A download called "sale and make demonstrations of the Microsoft Dynamics CRM 2011 Architecture" seems to send me the wrong way.  All I need is some instructions how to enter in CRM 2011 in the cloud, so that I can start customizing.

    Any help would be appreciated.

    Robbie Scott

    Hi Robbie,

    Your question is more complex than what is generally answered in the Microsoft Answers forums. It is better suited for the IT Pro TechNet public. Please ask your question in the following forum.

    http://social.technet.Microsoft.com/forums/en-us/categories/

    I hope this helps.

  • Architecture of CMS with SFB online (Office 365)

    Session BRKCOL-2611 to 2016 to Cisco Live in Las Vegas, the attached architecture has been listed as possible with CMS and Office 365. I don't see that the current Configuration Guides explain this configuration. I see SFB mentioned in terms of presentation of the Solution, but it is not clear, moreover, what configuration must take place in the O3655 or CMS.

    Can someone shed light on additional documentation which clarifies this configuration?

    I just reviewed Cisco's Live recording for this presentation and they said, it is possible to configure CMS with Office 365 cloud, but it is not a feature that is entirely taken in charge yet, so why there is no document at this time.  If I remember correctly, one would need to work with Microsoft on the creation of the connection between CMS and Office 365, and they are hesitant to do that.

  • Double-Cloud DMVPN spoke Router Configuration

    I have a decided to adopt an architecture dual-cloud DMVPN (1 head of network in the main office, 1 head of bed instead of DR) with the option later to go to double / hub in each of my network places.

    I tried to configure each of the clouds to have its own key.

    Cloud Hub 1 1:

    ISAKMP crypto key KEY123 address 0.0.0.0 0.0.0.0 no.-xauth

    1 2 hub cloud:

    ISAKMP crypto key KEY456 address 0.0.0.0 0.0.0.0 no.-xauth

    Of course, the rays I want to connect to the two clouds not would allow me to use the same simple crypto isakmp key command twice.

    Several of my sites will have 2 internet connections.  Given that I source a tunnel each of these Internet connections, I came up with the following solution:

    talk 1:

    door-key crypto X-RING

    address Gig0/1 (internet connection interface 1)

    preshared key address 0.0.0.0 0.0.0.0 touches 0 KEY123

    door-key crypto Y-RING

    address Gig0/2 (internet connection interface 2)

    preshared key address 0.0.0.0 0.0.0.0 touch 0 KEY456

    Crypto isakmp DMVPN_ISAKMP_X profile

    X-RING keychain

    function identity address 0.0.0.0

    address Gig0/1

    Crypto isakmp DMVPN_ISAKMP_Y profile

    Y-RING keychain

    function identity address 0.0.0.0

    address Gig0/2

    OK... to the question... the first site I tried to connect the two clouds DMVPN has only 1 internet connection!

    Without changing both my DMVPN clouds to the same key (almost all of the examples have this) - how can I make sure that tunnels speaks - has spoken-star work?

    Is there anything else I can match? or create on each configs speaks and hub?

    I tried:

    - identity group match, but couldn't figure out how to set a group name on each of the rays - or the hub also.  Also, no.-xauth wouldn't prevent it being considered?

    -matching fqdn does not seem to work either.

    -vrf is not an option - not applicable
    -telesignalisations behind the ip address do not appear to be an option and seems to complicate the issue too.

    Thank you very much in advance!

    There is something special with ICP when seen DMVPN. PKI or preshared keys is just how isakmp authenticates the session, and there is no difference between DMVPN or Site to Site.

    Basically, you'd have to do these things:

    -create a CA. The basic can be created on some of your routers.

    -create the Trustpoint on each DMVPN hub and spokes.

    -change the type of authentication in isakmp profile of pre-shared key to rsa - SIG.

    You can certainly more trustpoint then one, one for each cloud, but I highly doubt that it is necessary for the public key infrastructure.

    Maybe this doc will be of little help, even if it has too much info:

    http://www.Cisco.com/en/us/docs/solutions/enterprise/security/DCertPKI.html

    If you need, I can bring up some full example site to site with PKI auth.

  • AppAssure and cloud

    How can I save our AppAssure data in the cloud?

    Hey there! To bring back the AppAssure until a cloud, probably the best architecture is to replicate the servers protected with a characteristic cloud on a core that has been installed in the cloud. Check out this tech brief describes how it works.

    We have several partners and service providers who take care of the details for you if it works.

    Let me know if this can help - or if you have any other questions!

Maybe you are looking for

  • My wifi/internet is very slow since the IPhone Update 9.3.4.

    I have an IPhone 6 and since the update (3 days ago) my wifi/Internet is very slow. Minutes of need for pages to load, and the App Store and the ITunes App not to load any. Photos and videos need a time very Long if they work at all. The wireless rou

  • Qosmio F60 - 11F - drivers for Windows 7 32 bit

    Hello. I have a Qosmio F60 - 11F and I install windows 7 ultimate 32 bit, and I am facing a problem with all the drivers.I am looking for in the section of the driver support in the Toshiba site, but I found only bluetooth, also I need for Windows 7

  • RAM in satellite S1410-304

    I just want to know what kind of RAM your computer. I would like to buy more ram, but I don't know what kind... Thanks for the helpMatteo

  • Removal of the HARD drive

    I'm pretty saavy with material and I create systems and have recently started to fix some laptops, but my DV9700t HP are a bit difficult (well, come to think, it's probably just me; you know, the 40-watt bulb in the box of 100 watt).  Anyway, here's

  • disabled the account of ADM - Message indicates that the account is disabled and that the system administrator

    Hello, I have xp sp3, I tried using ctrl-alt-del at logon when the window pops up, it says the account is disabled see sys admin I also tried enabling in safe mode user accounts is missing in(S/M) Please help