So a good week all in – new role, very promising with some good people, ended the week on a good note… Then I get the notification I’m in the vExpert program! Putting alot aside, I’ve had the opportunity to do some really good work across various projects and been responsible for the architecture design, implementation and then directly involved with the end consumer. EUC is about that and I’ve learned that it’s a circular process of taking your best design for the infrastructure, building it and then seeing how the end user consumes what you can provide – you learn from them and go back to what you built and re-evaluate – keeps you honest and on your toes! There’s alot more to just producing an EUC solution these days – I’ve had to do the whole thing from top to bottom and the lines are blurring with what you need to provide that people see, and what you need to make sure is available that they don’t. Managing to do this that gives you the confidence to go forth and not declare yourself an expert, but be confident that you have a lot to offer colleagues and customers and getting a little bit of recognition can help with that.
So today was my first day at Lakeside Software in my new position as Technical Relationship Manager. Aside from being saddened that my laptop will no longer allow me to play games when staying away *sob*, stopping me from getting in trouble with the law/alcohol and so on, it was a good first day! It’s a different focus from what I’ve been doing, but as I’ve learned, I’m sure I’ll get dragged back in! 😉
Reminds me of the UAG issue where it doesn’t let you know that your password didn’t meet requirements! 😉
They missed who touched it last and what did you do, but still a good read all the same 😉
This 8-Step Problem-Solving Method Saved the Crew of Apollo 13 | @curiositydotcom
OK, if you aren’t au fait with Vmware Flings, go here:
They’re basically community built apps/tools developed and provided for free to enhance many of the features within vmware products.
Some of them you’ll never use and some of them will become invaluable.
Today, I’d like to share with you, a few of my favourites.
This is something that is really, really handy. I’ve been in situations where networking has been spotty and even physical connections via KVM haven’t been feasible, either due to being at the forefront of standing up new hardware, stood in a freezing cold DC in the middle of the night, secretly taking a bite out of a protein bar and a swig from the tesco finest diet energy drink before one of the engineers sees the Food/Drink alarm going off and comes to tackle you to the ground… Or just because everything has gone wappy and you can’t connect.
This installs something akin to the web based vSphere client, directly on the host, meaning no reliance on vcentre, or when the vSphere client is having issues, or your laptop doesn’t let you change the VLAN on your NIC etc – I just found it was another backup in case of emergency (and we all need those!)
My other favourite for Horizon View is…
It does Auditing…It does Power Policy…But most importantly…REMOTE SUPPORT AND CONSOLE ACCESS! In all fairness, the ability to power on machines at certain times etc is really useful… The remote access leverages MS remote support as well as allowing console access to shadow.
I’ve been involved with many View deployments where one of the first concerns of IT staff is “How do we remote on to users desktops?” – and this answers that question. It’s quick and easy. Just remember to actually read the instructions (I know, I know, that can be a difficult to motivate yourself to do!). One of the main problems comes when people don’t enable RDP on the desktops – just an FYI there 😉
I use a 2k monitor with a 4k laptop screen and as you can imagine, apart from the usual resolution/display scaling issues, it can be a right pain when working on multiple view sessions – especially when I forget the set the res to not full screen across my monitors, leading to a black screen and a broken connection – this little exe means you can manage all the sessions you have open and is a handy little tool!
Shameless link alert! ALERRTTTT!
This is a really, really good reference architecture paper – I think most of us within the space can setup and configure components such as workspace/Identity manager and Appvolumes, but not everyone gets the opportunity to really go to town across multiple sites with a view to building it up from the bottom – so this is where this paper comes in really handy. There’s everything you need for those situations where you’d have go hunting for the further information and also helps for getting buy in as to what exactly is needed as defined by a whitepaper. There are other configurations as solutions for multi site architecture (I know, I’ve done a few myself), but with this, you know exactly what you put in and what you’ll get out.
f5 have the marketing reputation as the de facto load balancer for Horizon View. In my own experience of using the virtual appliance with View 6.2.2 (and using it for other services) I have to say I wouldn’t want to touch one or recommend one again.
Aside from the many woes that I’ve experienced and at the expense of everyones precious time, I saw a new issue the other day that could help anyone else troubleshooting View/f5 issues.
After a host appliance went down and then everything was resolved, none of the View connections that were being brokered by the f5 would work. Traffic would flow through to Security Servers and UAGs, Connection servers were accessible internally, but any connections that were reliant on the f5 (via the view Iapp), were terminating with ‘network error’, then ‘authentication error’. TCP dumps showed traffic, everything was up and there was also the possibility of storage and/or networking issues due the host failure.
Everything else seemed fine. The quik view/ihealth of the f5 looked fine and everything else worked. After engaging f5 support, they suggested that they’d seen this before and noticed that for a few seconds, the f5 had gone from Active to Standby and back again. He simply suggested restarting VDI APM daemon.
Voila! Connections working again!
What was most annoying that nowhere said the service hadn’t started, or got stuck, it was only because f5 had seen the issue before that they pointed us towards that.
So, emergency over and I’m sharing the various services/daemons in case you encounter a similar issue.
|Daemon||Description||Impact if not running||Relevant log file|
|acctd||The RADIUS accounting daemon used by BIG-IP APM to send RADIUS accounting start and stop messages to external RADIUS servers.||RADIUS accounting messages are not sent to external RADIUS servers||/var/log/apm|
|aced||The aced process provides RSA SecurID authentication functionality for BIG-IP APM’s access policy engine.||RSA SecurID authentication fails||/var/log/apm|
|apmd||The apmd process executes access policy for a user session; this includes Authentication, Authorization, hosting Accounting, and Audit. It also provides an MPI interface, as well as support for access control protocol.||No access policy enforcement for user session or any MPI-reliant processes, such as rewrite and websso||/var/log/apm|
|antserver||The antserver process allows Secure Web Gateway (SWG) to dynamically filter web content.||No dynamic web content filtering||/var/log/apm|
|dnscached||The dnscached process provides DNS cache functionality to BIG-IP APM subsystems.||BIG-IP APM DNS performance is impaired||/var/log/apm|
|eam||The eam process provides external access management for 3rd party identity integration, such as Oracle Access Manager (OAM) single sign-on (SSO).||OAM SSO authentication fails||/var/log/apm|
|eca||The eca process provides the client-side NT Lan Manager (NTLM) authentication mechanism.||BIG-IP APM is unable to authenticate using NTLM||/var/log/apm|
|mdmsyncmgr||The mdmsyncmgr process fetch MDM-managed endpoint list from MDM servers and stores it in local MySQL database.||BIG-IP APM is unable to fetch MDM-managed endpoint list.||/var/log/apm|
|nlad||The nlad process establishes communication channels to the Domain Controller (DC) for NTLM authentication.||No NTLM communication to backend DC||/var/log/apm|
|omapd||The omapd process provides the IF-MAP server implementation for SWG and AFM user identification.||No user identification for SWG||/var/log/omapd|
|rba||The rba process provides support for client-side Kerberos authentication.||No Kerberos authentication||/var/log/apm|
|rewrite||The rewrite process rewrites links in web content for Portal Access.||Portal Access web links are not rewritten||/var/log/rewrite|
|samlidpd||The samlidpd process interacts with the mcpd process to automate SAML IdP connector creation.||SAML IdP connector creation fails||/var/log/saml_automation.log|
|urldb||The urldb process categorizes incoming URLs for SWG.||No SWG URL categorization||/var/log/apm, /var/log/urldb-trace.log|
|urldbmgrd||The urldbmgrd process downloads and indexes the URL categorization database for use by the urldb process.||URL categorization for SWG is impaired||/var/log/apm, /var/log/urldbmgr-trace.log|
|vdi||The vdi process handles communication for XML-based clients and back-end systems such as Citrix and VMware View.||Citrix integration and RDP access fails||/var/log/apm|
|websso||The websso process provides Single Sign-On (SSO) functionality for the BIG-IP APM system.||SSO fails||/var/log/apm|
You can manage the services by using the TMSH utility – get putty’ed in (or similar) and follow this through:
- Log in to the tmsh utility by typing the following command:tmsh
- To stop, start, or restart a BIG-IP APM process, use the following syntax:<action> /sys service <process>
In this command syntax, note the following:
- <action> is the action to be performed, such as stop, start, or restart
- <process> is the name of the BIG-IP APM process
For example, to restart the eam process, type the following command:
restart /sys service eam