Re: Replicating appstack between DCs

February 20, 2018, 9:30 am

Latest and popular articles on VMWare Virtualization

≫ Next: Re: Replicating appstack between DCs

≪ Previous: Re: Datastore Clean-up Question

$

0

0

IF you want try the follow powershell

 

Get-Module –ListAvailable VM* | Import-Module

function sendMail{

       param([string]$errorMessage)

     Write-Host "Sending Email"

 

 

     #SMTP server name

     $smtpServer = ""

 

 

     #Creating a Mail object

     $msg = new-object Net.Mail.MailMessage

 

 

     #Creating SMTP server object

     $smtp = new-object Net.Mail.SmtpClient($smtpServer)

 

 

     #Email structure

     $msg.From = ""

     $msg.To.Add("")

     $msg.subject = "Error Syncing Appvolumes"

     $msg.body = $errorMessage

 

 

     #Sending email

     $smtp.Send($msg)

 

}

 

 

function Recusive2VcenterDSCopy

{

    param([string]$ItemPath,

          [string]$TargetPath)

    $datastoreitems = Get-ChildItem -path $ItemPath

    foreach ($dsItem in $datastoreitems )

    {

        if($dsItem.ItemType -eq "Folder")

        {

            $foldername=$ItemPath+"\"+$dsItem.Name

            $targetfoldername=$TargetPath+"\"+$dsItem.Name

            $localname="C:\Scripts\appvolsync\"+$dsItem.Name

            Write-Host "Looking in " $foldername " for things to copy"

            if(!(Test-Path $TargetPath))

            {

 

 

            try{

                Copy-DatastoreItem -Item $foldername -Destination $localname -ErrorAction Stop

            }catch{

        switch -wildcard ($error[0].Exception.ToString().ToLower())

        {

        "*already exists*" {Write-Output "File Already Exists"}

        default {

                        sendMail($error[0].Exception.ToString().ToLower())

 

 

                    }

        }

            }

            try{

                Copy-DatastoreItem -Item $localname -Destination $TargetPath -ErrorAction Stop

            }catch{

        switch -wildcard ($error[0].Exception.ToString().ToLower())

        {

        "*already exists*" {Write-Output "File Already Exists"}

        default {

                        sendMail($error[0].Exception.ToString().ToLower())

 

 

                    }

        }

            }

            Remove-Item $localname -recurse

            }

           

            Recusive2VcenterDSCopy -ItemPath $foldername -TargetPath $targetfoldername

        }else{

            $foldername=$ItemPath+"\"+$dsItem.Name

            $targetfoldername=$TargetPath+"\"+$dsItem.Name

            $localname="C:\Scripts\appvolsync\"+$dsItem.Name

            $remoteFile=$TargetPath+"\"+$dsItem.Name

            if(!(Test-Path $remoteFile))

            {

            Write-Host $remoteFile "Does not Exist"

            try{

            Copy-DatastoreItem -Item $foldername -Destination C:\Scripts\appvolsync\ -ErrorAction Stop

            }catch{

        switch -wildcard ($error[0].Exception.ToString().ToLower())

        {

        "*already exists*" {Write-Output "File Already Exists"}

        default {

                        sendMail($error[0].Exception.ToString().ToLower())

 

 

                    }

        }

            }

            try{

            Copy-DatastoreItem -Item $localname -Destination $TargetPath -ErrorAction Stop

            }catch{

        switch -wildcard ($error[0].Exception.ToString().ToLower())

        {

        "*already exists*" {Write-Output "File Already Exists"}

        default {

                        sendMail($error[0].Exception.ToString().ToLower())

 

 

                    }

        }

            }

                        Remove-Item $localname -recurse

            }

 

 

        }

       

    }

 

 

}

 

 

$productionVCenter=Connect-VIServer -Server sourcevcenter

$recoveryVCenter=Connect-VIServer -Server destvcenter

 

 

Import-Csv "C:\scripts\appvolsync\appvolsynccfg.csv" -UseCulture | %{

 

 

    $productionDatastore=Get-Datastore -Server $productionVCenter -Name $_."PDC"

    $recoveryDatastore=Get-Datastore -Server $recoverVCenter -Name $_."SDC"

    if(!(Test-Path pds:\))

    {

        New-PSDrive -Location $productionDatastore -Name pds -PSProvider VimDatastore -Root "\"

    }

    if(!(Test-Path rds:\))

    {

        New-PSDrive -Location $recoveryDatastore -Name rds -PSProvider VimDatastore -Root "\"

    }

    Recusive2VcenterDSCopy -ItemPath "pds:\cloudvolumes" -TargetPath "rds:\cloudvolumes"

 

 

 

 

    remove-psdrive -name pds

    remove-psdrive -name rds

}

 

 

    sendMail("Completed Appvolumes Sync")

Disconnect-VIServer -Server $productionVCenter

Disconnect-VIServer -Server $recoveryVCenter

 

 

and then create a csv with the first column being the source datastore and the second one being the destination datastore. This will copy everything and not need the nfs datastores which we decided not to use. Its the only reliable way I could think of to replicate the VMs without using the storage groups like other people mentioned.

---

Re: Replicating appstack between DCs

February 20, 2018, 9:35 am

Latest and popular articles on VMWare Virtualization

≫ Next: Re: Troubleshooting Blast through UAG

≪ Previous: Re: Replicating appstack between DCs

$

0

0

To clarify a bit more basically it just downloads one file at a time and then uploads it in the target datastore in the destination datacenter. The only downfall is the appstacks become thin provisioned.

Re: Troubleshooting Blast through UAG

February 20, 2018, 9:40 am

Latest and popular articles on VMWare Virtualization

≫ Next: Using Windows Folder Redirection with View Persona

≪ Previous: Re: Replicating appstack between DCs

$

0

0

IS there a way to confirm your internal connections aren't being blocked. I remember seeing this when port 22443 was blocked, it needs to work bother from the uag to the virtual machine, and from the virtual machine to the uag.

Using Windows Folder Redirection with View Persona

February 21, 2018, 2:40 pm

Latest and popular articles on VMWare Virtualization

≫ Next: Location based Printing based on AD group instead of IP

≪ Previous: Re: Troubleshooting Blast through UAG

$

0

0

Customer has an interesting design goal:

 

* keep view desktop profiles on one share, to manage things like outlook, user experience, etc.

* have their major folders point to the same location they use when the log into a normal desktop/laptop via the Home Drive feature in AD. Apparently they use both.

**** for example: Documents, Desktop, Favorites

 

Since the View Persona folder redirection GPO only works by using a UNC path they cannot use this without a TON of GPOs because there are probably 50 different home drive paths in place at the large customer. the View persona setting doesn't have a table to map users to different paths. however in windows AD folder redirection you can point it to the home drive letter is my understanding.

 

The idea is they log into any floating desktop (non-persistent) and they get the same desktop experience on all View Desktops and when they open Documents for example they see all the files they normally see from their laptop. These of course are just pointed to a network path, of which there are over 50 across all users.

 

Most people get the same drive letter (H:) but they all point to many places.

 

Can you exclude those folders from redirection in view persona GPO and then turn on folder redirection in windows setting instead? hopefully this makes sense.

 

what settings specifically would I enable for this?

 

this is latest version of horizon view

Location based Printing based on AD group instead of IP

February 21, 2018, 2:46 pm

Latest and popular articles on VMWare Virtualization

≫ Next: Re: Replicating appstack between DCs

≪ Previous: Using Windows Folder Redirection with View Persona

$

0

0

Is it possible to manage what printers users see automatically in their view desktops where the following is true:

 

* floating desktops, all on same DHCP scope. cannot be organized into pools based on location on campus.

* 400+ printers are all over the place, multiple buildings, floors, wings.

* printer IPs are not organized by location

* printers would be have an AD object that is a mapped to a security group

* users who are a member of said security group would see that one, along with any others in their printer list upon logging into a random floating desktop. the idea is that users are typically in certain areas

* will printer default settings a user sets up be retained somehow? in persona profile share?

 

latest version of view.

 

thanks! trying to understand the location based printing document.

Re: Replicating appstack between DCs

February 21, 2018, 2:42 pm

Latest and popular articles on VMWare Virtualization

≫ Next: "The External URL must not be load balanced." - What does it mean ?

≪ Previous: Location based Printing based on AD group instead of IP

$

0

0

After all we will probably go with array level replicated LUN. Scripted solutions are fine for a one time job or to do it from time to time, but we would need to move quite a lot of appstacks.

 

It would be really great if the App volume manager itself could do the replication/copying of the appstack without using datastore.

 

EDIT:

Is it possible to utilize vSphere Content Libraries to copy appstacks from one DC to another ?

"The External URL must not be load balanced." - What does it mean ?

February 21, 2018, 3:03 pm

Latest and popular articles on VMWare Virtualization

≫ Next: UAG external load balancing

≪ Previous: Re: Replicating appstack between DCs

$

0

0

Based on all documentation you clearly CAN load balance view connection servers or security servers.

So why is there warning like:

 

and same for Blast or PCoIP protocols.

 

What is the true meaning or intention of this warning ?

UAG external load balancing

February 21, 2018, 3:22 pm

Latest and popular articles on VMWare Virtualization

≫ Next: Re: Replicating appstack between DCs

≪ Previous: "The External URL must not be load balanced." - What does it mean ?

$

0

0

I'm reading this document: Load Balancing across VMware Unified Access Gateway Appliances and wondering what is practical difference between:

a) Method 3 - Multiple VIPs (from document)

 

b) Having two UAGs on different IPs with different FQDNs (A records), without any LB. Users are accessing it via CNAME so they still have single URL and a simple load balancing via round robin is performed.

 

 

Drawbacks for method B can be further eliminated by using e.g. f5 gtm or similar solution. Am I missing something here, but I really don't see use for LB (ltm like) in front of UAG.

---

Re: Replicating appstack between DCs

February 21, 2018, 8:37 pm

Latest and popular articles on VMWare Virtualization

≫ Next: Re: Using Windows Folder Redirection with View Persona

≪ Previous: UAG external load balancing

$

0

0

technically and some how  it do that within the same cluster but for a cross data centers you need away to make the App volume manager see the datastore and that why you need NFS or ISCSI in order to map data store from site to site

Re: Using Windows Folder Redirection with View Persona

February 21, 2018, 8:47 pm

Latest and popular articles on VMWare Virtualization

≫ Next: Re: Using Windows Folder Redirection with View Persona

≪ Previous: Re: Replicating appstack between DCs

$

0

0

The Persona Management ADMX template can be configured to not redirect for each folder. Such as my docs, picturs, etc. Which would result in the windows folder redirection functioning normally. I strongly advise you do not redirect the appdata folders. 

 

I also strongly advice against using Persona Management. While free, it causes more headaches than wins. There are other options out there like Liquidware Labs or Appsense.

Re: Using Windows Folder Redirection with View Persona

February 21, 2018, 8:53 pm

Latest and popular articles on VMWare Virtualization

≫ Next: Re: Using Windows Folder Redirection with View Persona

≪ Previous: Re: Using Windows Folder Redirection with View Persona

$

0

0

Thank  you for the reply, TechMassey

 

Is there an article that explains why not to redirect the appdata folders? what types of experience will the user not have consistently if we don't redirect that folder? It's a bit confusing figuring out exactly which to redirect and which not to.

 

Regarding persona, I'll need a bit more than this if I'm going to try and justify why the customer should spend on Liquidware Labs or Appsense. There's a lot of users and my guess is they charge per user. We're talking thousands of dollars is my guess.

Re: Using Windows Folder Redirection with View Persona

February 21, 2018, 9:06 pm

Latest and popular articles on VMWare Virtualization

≫ Next: Re: UAG external load balancing

≪ Previous: Re: Using Windows Folder Redirection with View Persona

$

0

0

If your unfamiliar with the issue of Appdata with folder redirection, I would at this point suggest seeking VMware professional services. Another option is VMware reccomended VAR. The reason being is appdata, the profile network drives, and the profile management are just the beginning of the challenges your going to face. This is the challenge with implementing VDI as it requires knowledge of multiple software and infrastructure platforms.

 

I'll try to help though on Appdata. The short answer is Appdata contains files that are often not friendly with UNC paths. In some cases apps crash when they see the UNC. Microsoft also does not support Outlook OSTs on UNC paths.

Re: UAG external load balancing

February 21, 2018, 9:13 pm

Latest and popular articles on VMWare Virtualization

≫ Next: Re: "The External URL must not be load balanced." - What does it mean ?

≪ Previous: Re: Using Windows Folder Redirection with View Persona

$

0

0

The LB in front of the UAG when you have multiple UAG's will provide a single point of access. You will have one IP address/name that you point to the horizon client. LTM or whatever LB you use, will manage the distribution of clients between the UAG's. In addition, monitors can be use to check available of the UAG and if it is down clients will not be sent to it.

 

With your option B you won't have active monitoring or even distribution of clients. Round robin is simple and will just forward to one or the other without a session count.

 

The reason for multiple VIP portion is do that you can bypass the load balancer and you don't need to create pools for all the different ports.

Re: "The External URL must not be load balanced." - What does it mean ?

February 21, 2018, 9:22 pm

Latest and popular articles on VMWare Virtualization

≫ Next: Re: "The External URL must not be load balanced." - What does it mean ?

≪ Previous: Re: UAG external load balancing

$

0

0

My understanding is that when you create a tunnel, you need to make sure you route to the external URL security server as there is a 1 to 1 relation between security servers and connection servers. If you route to another security server, there will be no tunnel as auth was completed on the other set of servers.

 

When using a UAG, these settings are not needed.

Re: "The External URL must not be load balanced." - What does it mean ?

February 21, 2018, 11:48 pm

Latest and popular articles on VMWare Virtualization

≫ Next: Re: UAG external load balancing

≪ Previous: Re: "The External URL must not be load balanced." - What does it mean ?

$

0

0

That would make sense, because you need to have 1:1 mapping of security server to connection server. But it does not apply to UAG or load balancing per see.

 

Thanks for clarification

---

Re: UAG external load balancing

February 22, 2018, 1:31 am

Latest and popular articles on VMWare Virtualization

≫ Next: Re: "The External URL must not be load balanced." - What does it mean ?

≪ Previous: Re: "The External URL must not be load balanced." - What does it mean ?

$

0

0

I am thinking about scenario when you have two ISPs and you want to load balance across them.

 

With option A you need to have provider independent address space as far as I understand and which is not always available. 

Re: "The External URL must not be load balanced." - What does it mean ?

February 22, 2018, 5:07 am

Latest and popular articles on VMWare Virtualization

≫ Next: 2-way forest trust - domain status error detected

≪ Previous: Re: UAG external load balancing

$

0

0

UAG doesn't have a 1 to 1. So you actually don't need to specify this setting.

2-way forest trust - domain status error detected

February 22, 2018, 5:25 am

Latest and popular articles on VMWare Virtualization

≫ Next: Re: UAG external load balancing

≪ Previous: Re: "The External URL must not be load balanced." - What does it mean ?

$

0

0

I have established 2-way forest trust between existing forest containing view servers and everything and a second forest which hold some of the users.

However it seems to not be working.

 

 

In the logs I see the following error:

<WSWinAuthDomainTimerThread> [ws_winauth] OpenObject could not bind to LDAP://<my domain>/rootDSE (0x000000008007203B (A local error has occurred.))

 

 

The trust itself seems to work fine since I can login into Windows servers in either forest using credentials from another forest.

Re: UAG external load balancing

February 22, 2018, 5:27 am

Latest and popular articles on VMWare Virtualization

≫ Next: Re: 2-way forest trust - domain status error detected

≪ Previous: 2-way forest trust - domain status error detected

$

0

0

If you are trying to load balance between two public IPs and use one DNS namespace then yes you have to do dns round robin. You can still load balance those two public IPs with the F5 to get the benefit of HA/monitoring but it wouldn't be required as you are already doing it at the DNS level.

AskF5 | Manual Chapter: Configuring ISP Load Balancing

Re: 2-way forest trust - domain status error detected

February 22, 2018, 6:09 am

Latest and popular articles on VMWare Virtualization

≫ Next: Re: 2-way forest trust - domain status error detected

≪ Previous: Re: UAG external load balancing

$

0

0

Hi,

 

as of my understanding, your two-way forest trust is partially configured or working. Please, try two things

 

1. Using Active Directory Domains and Trusts snap-in Test the connection in between the forests, if it is successful then its good and if its not the remove the trust and re-establish it.

 

OR

 

Even if trust connectivity is good but sometimes we need to remove the trust and re-establish it using credentials those are the member of Enterprise Domain Admins and or Global security groups. Then recheck your rest of the object access and communication. because this is the base-line.

 

Regards!