VCP DTM 2018 Section 6 – Install and Configure VMware App Volumes

Objective 6.1 – Install and Configure VMware App Volumes

  • Determine hardware and software requirements for installation (Ver 3.x)

Database Requirements

App Volumes Manager supports different versions of the Microsoft SQL database.

  • SQL Server 2012 SP1, SP2, and SP3 (whenApp Volumes Manager is installed on Microsoft Server 2012 R2), Express, Standard, and Enterprise editions
  • SQL Server 2008 R2 SP2, Express, Standard, Enterprise, and Datacenter editions
  • SQL Server 2014 SP1 and SP2 (supported on App Volumes 2.12 and later)
  • SQL Server 2016 SP1

For High Availability, App Volumes supports the following database features :

  • SQL Server Clustered Instances
  • SQL Server Mirroring

Browser Requirements

Use App Volumes Manager on one of the following supported browsers:

  • Internet Explorer 9 or later
  • Mozilla Firefox 28 or later
  • Safari 7 or later
  • Google Chrome 21 or later

From <https://docs.vmware.com/en/VMware-App-Volumes/2.14/com.vmware.appvolumes.install.doc/GUID-5C1CFB43-1311-4E0D-B0E2-9E45165A5353.html>

Infrastructure and networking requirements for App Volumes include requirements for App Volumes Manager, agent, and Active Directory.

Component

Details

App Volumes Manager

    • Microsoft Windows Server 2008 R2, Standard, Enterprise, or Datacenter editions
    • Microsoft Windows Server 2012 R2 Standard and Datacenter editions
    • Microsoft Windows Server 2016
    • .NET 3.5 framework
    • 4 vCPU required
    • 4 GB RAM
    • 1 GB disk space

App Volumes Agent (client OS)

  • Windows Server 2008 R2, 2012 R2, and 2016 for Server VDI
  • Microsoft Windows 7 SP1 Professional and Enterprise editions (Microsoft Hot fix 3033929 applied)
  • Microsoft Windows 8.1 Professional and Enterprise
  • Microsoft Windows 10 Build 1607 Current Branch & LTSB
  • Microsoft Windows 10 Build 1607 Current Branch for Business
  • Microsoft Windows 10, version 1703, also known as Creators Update
  • Microsoft Windows 10, version 1709 and 1803
  • Windows 10 Anniversary edition Version 1607
  • Both 64-bit and 32-bit versions of OS are supported
  • 1 GB RAM
  • 1 vCPU
  • 5 MB disk space

Note:

Disable the GPO Control Read and Write Access to Removable Devices or Media option.

App Volumes Agent (RDSH)

    • Microsoft Windows Server 2008 R2 Standard, Enterprise, and Datacenter editions with RDSH role enabled
    • Microsoft Windows Server 2012 R2 Standard and Datacenter editions with RDSH role enabled
    • Microsoft Windows Server 2016 with 2K16
    • 1 vCPU
    • 1 GB RAM
    • 5 MB disk space

VMware software for VMDK Direct Attached Mode (Preferred)

    • VMware ESXi 5.5.x, 6.x and vCenter Server (ESXi and vCenter Server must be the same version)
    • VMware Virtual SAN 6.2
    • VMware Horizon with View 6.0.1 or later
    • Citrix XenDesktop 5.5, 5.6, and 7.x
    • Citrix XenApp 6.5 and 7.x
    • ESXi 5.5 U3b or 6.0 U1 required for vMotion support (Storage vMotion is not supported)

SMB file share if using VHD mode

    • SMB 2.0
    • SMB version 3.02 (Windows Server 2012 R2) is recommended for a better performance

Active Directory

Microsoft Active Directory domain, 2003 functional level or later. Read-only account access.

Infrastructure Requirements

Component

Purpose

Port number

App Volumes Manager

Agent and Manager communications

    • TCP 80 (HTTP)
    • TCP 443 (HTTPS)
    • TCP 5985 for PowerShell Web services

App Volumes SQL Database

Database communication

TCP 1433 (SQL)

Networking Requirements

From <https://docs.vmware.com/en/VMware-App-Volumes/2.14/com.vmware.appvolumes.install.doc/GUID-30A51CC0-4BB6-486E-9702-110DBC5BCD9C.html>

  • Perform installation of App Volumes Unified Agent (Ver 3.x)

After you have installed App Volumes Manager, install the App Volumes agent on the provisioning computer and target desktops.

About this task

For improved security when using the App Volumes agent, disable weak ciphers in SSL and TLS to ensure that Windows-based machines running the agent do not use weak ciphers when they communicate using SSL/TLS protocol. See Disable Weak Ciphers in SSL and TLS in the Horizon 7 documentation.

Important:

Do not install the agent on the same machine where the App Volumes Manager is installed.

You can also install the agent silently using the Microsoft Windows Installer (MSI). See Install App Volumes Agent Silently for more information.

Prerequisites

  • Ensure that you have installed the App Volumes Manager and you have the host IP address and port number.
  • Verify that your environment meets the system requirements. See System Requirements.
  • Verify that your account has local administrator privileges on the target computer.
  • Install Windows Updates from January 2016 onwards on the target computer.
  • If you intend to use this virtual machine as a provisioning computer, create a clean snapshot or take a backup of this machine. Revert to this snapshot or the backup before provisioning new AppStacks.

Procedure

  1. Run the App Volumes installer.
    The same installer is used to install App Volumes Manager and the agent.
  2. Read and accept the End User License Agreement and click Next.
  3. Select Install App Volumes Agent and click Next.
  4. Enter the IP address and port number.
    The default port number for App Volumes Manager is 443. Enter 80 for the port number if you have configured App Volumes Manager to listen on an HTTP port.
  1. (Optional) Check the Disable Certificate Validation with App Volumes Manager box if you do not want the agent to validate the App Volumes Manager certificate.
    Certificate validation is enabled by default.
  1. Click Install and follow any on-screen instructions.
  2. Click Finish to exit the wizard after the installation is completed.
  3. Restart your provisioning virtual machine to complete the agent installation.

From <https://docs.vmware.com/en/VMware-App-Volumes/2.14/com.vmware.appvolumes.install.doc/GUID-EF578B4C-9E8E-4F8A-A03E-BEC35359B37E.html>

  • Configure virtual machine privileges required for App Volumes (Ver 3.x)

I think this is referring to vCenter permissions of VMs

vCenter Server Permissions

The following permissions are required if you are configuring a vCenter Server as the machine manager.

You also require these permissions if you choose the Mount on Host option when you are configuring the machine manager.

Note:

Datastore browsing needs to be enabled (this is enabled by default) for the App Volumes Manager to enumerate volumes on the datastore. Check the enableHttpDatastoreAccess parameter under C:\ProgramData\VMware\VMware VirtualCenter\vpxd.cfg in the vCenter Server. If it is set to false, change this to true and restart the vCenter Server service.

  • Datastore
    • Allocate space
    • Browse datastore
    • Low level file operations
    • Remove file
    • Update virtual machine files
  • Folder
    • Create folder
    • Delete folder
  • Global
    • Cancel task
  • Host
    • Local operations
      • Reconfigure virtual machine
  • Sessions
    • View and stop sessions
  • Tasks
    • Create task
  • Virtual machine
    • Configuration
      • Add existing disk
      • Add new disk
      • Add or remove device
      • Query unowned files
      • Change resource
      • Remove disk
      • Settings
      • Advanced
    • Inventory
      • Create new
      • Move
      • Register
      • Remove
      • Unregister
    • Provisioning
      • Promote disks
  • Set Up the Machine Manager Connection

    App Volumes operation mode is determined by configuring a machine manager. You cannot change the operation mode of App Volumes after you configure the machine manager.

From <https://docs.vmware.com/en/VMware-App-Volumes/2.14/com.vmware.appvolumes.admin.doc/GUID-A2A69441-7E11-4BB6-9F9A-563D0E1B602F.html>

Objective 6.2 – Manage VMware AppStacks and writeable Volumes

  • Capture, Provision and Assign AppStack (Ver 3.x)

Create a new AppStack.

When you create an AppStack, you only provide the name, storage, path, and description of the AppStack.

Procedure

  1. From the App Volumes Manager console, click Volumes > AppStack > Create AppStack.
  2. Enter the following information for the AppStack and click Create:

Option

Description

Name

A name that describes the type of applications contained in the AppStack.

Storage

Name of your default datastore.

Path

The path for the volume. The path to the apps_templates and writable_templates file on the datastore is created during the initial setup process. You can change the path to further sub-categorize volumes. For example: appvolumes/apps/your_folder..

Template

Select a template for the AppStack, usually in the form of a VMDK file.

Description

A short description of the AppStack, usually names of applications that the AppStack will contain.

From <https://docs.vmware.com/en/VMware-App-Volumes/2.14/com.vmware.appvolumes.admin.doc/GUID-F092E977-D441-4810-B5F1-CECBD10E3BEB.html>

After you create a new AppStack, you must provision the AppStack by attaching it to the provisioning computer and installing the applications in it.

Prerequisites

Ensure that the AppStack you want to provision is not already provisioned. You can check the status of an AppStack on the AppStacks page under Volumes > AppStacks.

You cannot provision an AppStack on a computer that has a Writable Volume attached to it.

Procedure

  1. From the App Volumes Manager console, click Volumes > AppStacks.
    A list of available AppStacks is displayed.
  2. Select the AppStack you want to provision, and click Provision.
    Note:
    Check the Status column to ensure that
    The 
    Provision AppStack:<AppStackName> window is displayed.
  3. Search for and select the provisioning computer by entering a full or partial name of the computer.
  4. Click Provision to attach the AppStack to the virtual machine.
    Note:
    For VHD In-Guest mounting, the provisioning computer must be powered off.
  5. Log in to the provisioned computer and install the applications into AppStack to complete the provisioning process.

From <https://docs.vmware.com/en/VMware-App-Volumes/2.14/com.vmware.appvolumes.admin.doc/GUID-34ADA771-0FBB-4701-9187-A170C833955D.html>

After you create and provision an AppStack, you can assign the AppStack to a user.

You can have an AppStack assigned to a user and computer at the same time. See Assign an AppStack to a Computer.

Procedure

  1. From the App Volumes Manager, go to VOLUMES > AppStacks.
    The 
    Managed Users page with a list of users is displayed.
  2. Select the AppStack you want to assign.
  3. Click Assign..
  4. Search the Active Directory for the user to whom you want to attach the AppStack.
    1. (Optional) Check the Search all domains in the Active Directory Forest to search all domains.
  5. Select the user or users and click Assign.
    You can assign an AppStack to multiple users at the same time.
  6. Select one of the following methods of assignment:

Option

Description

Attach AppStack on next login or reboot

The AppStack is attached when the user logs in or reboots the machine.

Attach AppStack immediately

The volume is attached instantly to all computers on which the selected users are logged in. If you are assigning the AppStack to a group or organizational unit, all users or computers in that group get the attachments immediately.

After the AppStack is assigned to the selected entity, the entity becomes known to the App Volumes Manager.

Results

The list of users that AppStacks are attached to is displayed on the Managed Users page under DIRECTORY > Users.

From <https://docs.vmware.com/en/VMware-App-Volumes/2.14/com.vmware.appvolumes.admin.doc/GUID-65D43D08-755C-4BB2-8752-B7D4AD77AC14.html>

After you create and provision an AppStack, you can assign the AppStack to a computer.

Procedure

  1. From the App Volumes Manager, go to Directory > Computers.
    The 
    Managed Computers page with a list of computers is displayed.
  2. Select the computer for which you want to assign the AppStack.
    Ensure that the status of the computer is set to Enabled.
  3. Click Assign AppStack.
  4. Select an available AppStack from the list.
  1. (Optional) Select the Detach on shutdown if you want the assigned AppStack to be detached when the user logs off from the assigned computer.
  1. Select one of the following methods of assignment:

Option

Description

Attach AppStack on next login or reboot

The AppStack is attached when the user logs in or reboots the machine.

Attach AppStack immediately

The volume is attached instantly to all computers on which the selected users are logged in. If you are assigning the AppStack to a group or organizational unit, all users or computers in that group get the attachments immediately.

After the AppStack is assigned to the selected entity, the entity becomes known to the App Volumes Manager.

From <https://docs.vmware.com/en/VMware-App-Volumes/2.14/com.vmware.appvolumes.admin.doc/GUID-B501E092-93DD-4191-BD23-43592EEA1929.html>

  • Update AppStacks (Ver 3.x)

You can update an AppStack to add, delete, and update applications that are installed in it.

When you update an AppStack, App Volumes creates a clone of this AppStack and the updated AppStack is in an unprovisioned state.

Procedure

  1. From the App Volumes Manager console, click Volumes > AppStacks.
  2. Select the AppStack that you want to update.
    To select the AppStack, you can simply click on the AppStack, or select the checkbox next to it.
  3. Click Update.
  4. Enter the information you want to update and click Create.

Field

Description

Name

The name of the AppStack.

Storage

The location where you want the AppStack to be stored.

Path

Path to the datastore.

Description

A description of the applications in this AppStack.

The AppStack is updated and is unprovisioned.

From <https://docs.vmware.com/en/VMware-App-Volumes/2.14/com.vmware.appvolumes.admin.doc/GUID-366F43C3-F1BB-4E3D-AABC-A2F309A0E8D5.html>

  • Merge AppStacks (Ver 3.x)

You can merge two or more AppStacks from the command line by using AppMerge.

Use AppMerge to merge two or more existing AppStacks into one file. AppMerge takes as its input VHD files associated with an AppStack.

Note:

The input AppStack files must all be of type VHD. You can create a merged output AppStack of a different type with the /vhd and /vmdk options.

AppMerge has this syntax:

AppMerge.exe /o outputAppStack /s “inputAppStack1file”,”inputAppStack2file”, “inputAppStack3file”,…

Creating a Merged AppStack

In this example, you create an AppStack file called MergedAppstack.vhd from three existing AppStack files, Office.vhd, Notepad++.vhd, and Firefox.vhd:

AppMerge.exe /o C:\MergedAppstack.vhd /s “Office.vhd”,”Notepad++.vhd”,”Firefox.vhd”

You can specify input file paths, output file paths, and file names. In this case, the three input AppStacks are presumed to be in the default AppStack location. The output AppStack goes in the C: drive.

Besides the /o and /s parameters, AppMerge accepts the following options:

  • /df. Deletes a specific application bundle. Takes a full path of a file that contains a single GUID in each line as its arguments.
  • /dl. Deletes a specific application bundle. Takes comma-separated GUIDs as arguments.
  • /list. Lists the content of the newly created AppStack file.
  • /meta. Creates a JSON file from the output AppStack file.
  • /vhd Creates a VHD output AppStack file from VMDK AppStack input files.
  • /vmdk. Creates a VMDK output AppStack file from VHD AppStack input files.

From <https://docs.vmware.com/en/VMware-Horizon-Cloud-Service/services/com.vmware.hchosted.appcapture/GUID-8F989B49-417B-4680-BD01-6CA17631C294.html>

  • Capture Isolated AppStacks (Ver 3.x)

The capture of isolated appliations would probably be done with ThinApp then delivered with App Volumes

https://www.ageroskam.nl/app-volumes/vmware-app-volumes-capture-an-application/

The Setup Capture wizard begins the capture process by scanning the system to assess the environment and create a baseline system image.

Prerequisites

Close any applications, such as virus scans, that might change the file system during the capture process.

Procedure

  1. Download the application to capture and copy it to the clean computer on which you are going to run the capture process.
    For example, download Firefox Setup 2.0.0.3.exe and copy it to the clean computer.
  2. From the desktop, select Start > Programs > VMware > ThinApp Setup Capture.
    The ThinApp Setup Capture wizard appears.
  3. Click Next.
    The 
    Ready to Prescan window appears.
  1. (Optional) Click Advanced Scan Locations to select the drives and registry hives to scan.
    You might want to scan a location other than the C:\ drive if you install applications to a different drive.
  1. Click Prescan to establish a baseline system image of the hard drive and registry files.

What to do next

Install the application to virtualize and rescan the system.

From <https://docs.vmware.com/en/VMware-ThinApp/5.2.4/com.vmware.thinapp.user/GUID-BE37ACCB-F9B9-4553-A791-49F209BD193D.html>

  • Create and assign writeable volumes (Ver 3.x)

You can create Writable Volumes for computers and users to store user-specific data such as application settings, user profiles, configuration settings, and licensing information.

Prerequisites

  • Your account must have read access to the domains that you use with App Volumes, and the domains must be configured with two-way trust. See the User Accounts and Credentials section in the VMware App Volumes Installation guide for more information.
  • Important:
    If you are creating a Writable Volume for a group or OU, sync the users in the group or OU so that any changes to group or OU membership for the user are reflected in the App Volumes database. Go to DIRECTORY > Users and click Sync to see the updated list of users.

Procedure

  1. From the App Volumes Manager console, select Volumes > Writables > Create Writable.
  2. From the Domain drop-down menu, select a domain that is configured with App Volumes.
  3. Enter a search string in the Search Active Directory text box domain to locate the entity to which you want to assign the Writable Volume.
    You can search for individual users, computers, groups, or OUs. User Principal Name string searches (
    [email protected]) and Down-Level Logon Name string searches (domain\search_string) are supported. You can filter your search query by Contains, Begins, Ends, or Equals.

    1. (Optional) Select the Search all domains in the Active Directory forest check box to search the entire Active Directory forest.
  4. Click Search.
    Searching all domains in the forest might result in slow performance.
    If you are unable to locate the entity that you want, it your account might not have read access to the domains you are searching, or the domains are not configured with two-way trust.
  5. Select the entity for which you want to create the Writable Volume.
    If you select a group or OU, individual Writable Volumes are created for each member of that group or OU. Group membership is discovered by using recursion, meaning that users and computers in subgroups also receive volumes. However, when creating Writable Volumes for OUs, groups are not recursed.
  6. Enter the following information:

Option

Description

Destination Storage

Select either the default datastore or a different datastore. The default datastore is the one that you configured for storing the Writable Volumes. If you select a different datastore, verify that you have the Writable Volumes templates on that datastore in the cloudvolumes/writable_templates folder.

Destination Path

The default path is <varname>/cloudvolumes/writable.

Source Template

Select a source template from the drop-down menu for the new Writable Volume:

  • UIA only – Captures all user-installed applications but does not capture any data that is written to the user profile. You can use this template with a third-party profile solution or VMware User Environment Manager.
  • UIA+profile – Includes all user-installed applications and user profile data. The user profile data is only a local profile and is not a roaming profile or other managed user profiles. The profile is delivered early in the boot process and considered only a local profile delivery. Additional profile tools like roaming profiles and VMware User Environment Manager still apply and work as expected. Use this template if a profile solution is not in place.
  1. (Optional) Select the appropriate box to configure additional settings for the Writable Volume.

Option

Description

Prevent user login if the writable is in use on another computer

Select this option to ensure that the user does not log in to a computer to which their Writable Volume is not present. Using a desktop without an attached Writable Volume might result in the user working on a machine where the data is not saved to the Writable Volume.

Limit the attachment of users writables to specific computers

Use this setting for users who do not need to access their Writable Volume on all computers that they use. Also, some users might need separate Writable Volumes that are only attached to specific computers.

For example, a user has two Writable Volumes assigned, one limited to Win7-Dev and another limited to Win7-Test. When the user logs in to the computer named Win7-Dev-021, the user gets the first volume. When the user logs in to Win7-Testing, the user gets the second volume. If the user logs in to Win2012R2, no Writable Volume is attached.

Delay writable creation for group/OU members until they log in

Delay the creation of Writable Volumes for group and OU members until their next login. This option only affects groups and OUs. Users and computer entities that were directly selected have their volumes created immediately.

Use this option when you select a group or an OU. Often these containers can have hundreds or thousands of members. This can be problematic because creating many volumes at the same time might take a long time. Some members might not need a Writable Volume.

  1. Click Create.
  2. On the Confirm Create Writable Volumes window, select when you want to create the selected volume:
    • Create volume in the background – App Volumes Manager dispatches a background job to create the volume and the display goes back to the manager console immediately.
    • Create volume immediately – App Volumes Manager waits for the volume to be created and the console is not responsive until either the process is complete or 10 minutes have elapsed.

What to do next

Confirm that the Writable Volume has been created for the user. From the App Volumes Manager console, select Volumes > Writables and verify that the volume you just created has the status set to Enabled.

From <https://docs.vmware.com/en/VMware-App-Volumes/2.14/com.vmware.appvolumes.admin.doc/GUID-BF446318-00B8-4D3A-A7DE-AF21604FE3DB.html>

You can assign Writable Volumes to a user, group, computer, or organizational unit (OU).

Note the following considerations and limitations when you assign and attach Writable Volumes:

  • When a Writable Volume is created for a user, it is assigned to the user immediately. When the volume is assigned to a group, it is created when a user belonging to the assigned group logs in to the machine.
  • A user can have more than one Writable Volume attached at the same time if the volume is OS-specific, or created for a computer with a specific prefix. For example, suppose that you create a Writable Volume for each of the following:
    • A Windows 7 machine
    • A Windows 10 machine
    • A computer with Win2012-dev prefix to its name
    • A computer with Win2012-test prefix to its name
      Then, when the user logs in to these different machines at the same time, each Writable Volume that is assigned to the specific machine is attached to the user at the same time.
  • A machine can have only one Writable Volume attached to it at a given point in time.
  • A Writable Volume must be enabled before it can be attached. See Enable a Writable Volume.
  • Automatic Windows updates must be disabled.
  • Detach the volume before performing any update to the OS.
  • Detach all Writable Volumes when performing any revert, recompose, or refresh of the virtual machines.

From <https://docs.vmware.com/en/VMware-App-Volumes/2.14/com.vmware.appvolumes.admin.doc/GUID-B527414C-C0DC-4096-89E8-D4E192C4131D.html>

%d bloggers like this: