Category Archives: VMware View

VMware View Guy Admits that Citrix XenDesktop is Just As Good

So I’ll admit it, I knew nothing about Citrix.  Well I mean other than all the FUD VMware was spewing about how much “fun” I would have if I ever implemented it for a customer.  Citrix actually showed up in the office about 4 years ago to try to explain what was going on but all I remember is that they showed me something called Dazzle and I thought, “how the hell am I supposed to explain to my customers what a Dazzle is supposed to do?” and then went back to installing VMware View.

Really, I was just too busy running around deploying View to get a couple hours to deploy XenDesktop and do my own fact checking.  And really, that is all it takes, is a couple hours. 

One of my vendors insisted that I was missing out.  They introduced me to the Federal team over at Citrix, who got me into Citrix Synergy and introduced me to Bob Mensah, Systems Engineer for Citrix.  Bob is an amazing font of Citrix knowledge!  Bob was able to walk me through the installation of XenDesktop in my lab in a couple hours while I was literally sitting at Honda waiting for my wife’s van to be serviced.

If you’ve been doing View for any significant period of time it’s not that hard to pick up.  Yeah, all the services have different names, but they have the same functionality.  Here’s a chart to help you figure it out:

Horizon View Citrix XenDesktop
vCenter vCenter (but could also be XenCenter or SCVMM)
View Connection Server StoreFront
View Composer Machine Creation Services
View Administrator Citrix Studio
Horizon Workspace StoreFront
Install license key on host Licensing Server
Need 3rd party load balancer Netscaler included
ThinApp (packaged executables) XenApp (Streamed Applications)
Blast (run ThinApps, XenApps, or RDSApps) StoreFront / XenApp

Bob Mensah even pointed me toward these guides that helped me set up CAC authentication in my lab:
Citrix – Create a JITC test CAC environment for XenDesktop/XenApp
Microsoft Technet – Step by Step Guide – Single Tier PKI Hierarchy Deployment

The Citrix administrative tools are Windows only, which could be seen as a draw back, but really the vSphere Web Client and View Administrator client are written in Flash and are slow, so I think Citrix actually has better functioning tools here.

Using Citrix Receiver to connect to a Windows desktop feels a lot like using the View Client.  The one thing that I did notice using my CAC was that I had to use my PIN two times.  Once to authenticate to StoreFront and then another to authenticate to the Windows VM.  With View I only have to put in my PIN once to authenticate to the View Connection Server and that gets passed to the VM.  Citrix told me that this is to overcome a security issue with having the PIN cached on the connection broker, but really I have never had an IA person tell me that was an issue with View so I am curious to understand where that requirement came from.

One thing that the Citrix Receiver has going for it is that it works with the new Tactivo iPad CAC Reader from Precise Biometrics.  CAC Authentication for iPad is nothing new, but previously it could only be accomplished on a per app basis with specialized apps designed to interact with some kind of Bluetooth CAC reader or dongle.  Neither were very convenient.  The Bluetooth reader meant that you needed to carry around an extra peripheral, charge it, and hope nothing interrupted your bluetooth connection.  The dongle… was just cumbersome and silly.  The Tactivo is a sleek integrated case, shown below in the iPad mini model with a magnetic smart cover (not included).  It connects via the lightning adapter and has a micro USB port that supports charging only.  See my photos of the unit below.  The VMware View client does not support this unit yet and I’m suspecting that it will actually fuel a lot of interest in Citrix until they do.

photo 3 photo 2 photo 4

Using XenApp you can now wrap CAC authentication around any application and present it on the iPad, including presenting entire Windows desktops complete with paired bluetooth keyboard and mouse (explained below)!

photo 6         

The other innovative thing about the Citrix Receiver client for iPad is that they have cleverly overcome the iOS inability to pair with a bluetooth mouse!  You can use another iOS device with the Citrix Receiver client installed on it as a touchpad!  The only silly part about this was that I had to set up the storefront connection on the extra device before I could pair it.  I am assuming that it either communicates between the iDevices through wireless or bluetooth, so I think that having to set up the client before you can use it as a touchpad is unnecessary.  However it works really well.  While the screen is a little small on the iPad mini, I was able to open applications and even play a movie just like I could with the Windows client.  My opinion is that it would definitely be a better experience with a full size iPad.

The only other issue I had when I was using the Citrix Receiver client is that there are a lot of extra options in the settings (shown in the picture below) that weren’t intuitive.  Here is the documentation for the client, but if you look through it you will see that the settings in the picture below are not documented.  If you look at the documentation for the View Client for iOS you see that every little feature in the client has a blurb explaining what it does.


In all, my initial impression of Citrix XenDesktop is that it has just as much functionality as VMware View.  I just wish that some things had more effort put into documentation rather than getting the functionality ready to ship.

Nutanix CVM Autopathing Test

I have a Nutanix cluster that needs to be upgraded from 3.1.2 to (or if it is out by the time I get around to upgrading it). That got me to thinking about the upgrade process. When you perform a Nutanix Operating System (NOS) upgrade, it performs what Nutanix calls a “rolling upgrade”. This in effect only performs the upgrade on one CVM at a time. While the CVM is being upgraded, the storage on that node is directed to another CVM.

My first thought was, “How does that actually work”? Thanks to Zach Vaughn @z_n_v, Nutanix SE Extraordinaire, my eyes were opened.  When the cluster detects that a CVM is down, it SSHs to the Hypervisor (I’m referring to ESXi) and adds a route to the external IP of another CVM in the cluster. The cluster performs this check every 30 seconds, so it is possible that your VM will be without storage for 30 seconds. How disasterous could this be? (I’m told that as of NOS version this will be much faster than 30 seconds). The following video shows what happens.

This test was performed on a Nutanix 1350 block running NOS The desktop is running on Node C. I start encoding a video using handbrake which is writing to the user’s desktop on the local disk. When I shut down the CVM on Node C the desktop appears to hang for 20 seconds. However, it is possible that the PCoIP server process stops responding for those 20 seconds, as when the desktop resumes you can see that it has still received pings from the hypervisor.

I ran this test from a different machine and the View Client seemed to stay connected. The difference being that it was an iMac connected via ethernet and I recorded the video on my Macbook Pro connected via wireless. The desktop continued to receive pings, but the handbrake process stopped while the disk was unavailable for about 20 seconds and then resumed when the route to the CVM was changed on the hypervisor. If I can get that to work again I’ll try to post another video.

Export Teradici PEM cert from Windows

We deployed certs on our View Connection Servers on one of our projects and needed to put our CA’s root cert on the zero clients.  The zero clients expect the cert in PEM format.  Turns out that this format is just a Base 64 encoded X.509 cert that you can export from windows.

Open the cert in windows either through the certificates mmc or by double clicking on the cert file.  Click on the Details tab then click Copy to file…



Click Next.



Click the radio button Base-64 encoded X.509 (.CER)



Specify the path where you want to save and click next.



Click Finish.



Using your favorite method, simply change the file extension from .cer to .pem.


In the PCoIP Manager click the Profiles tab and then click Set Properties.


At the very bottom of the page you’ll find the Certificates section.  Click Add New.


Select the .pem cert file that you just renamed and click Add.


You will see that the cert has been successfully added and you can push it out in your zero client profile.


VMware View Composer: The database specified is not supported by [ProductName].

Deploying another View Pod in our infrastructure I installed View Composer.  The other Pods used SQL Server 2012 so I created the databases and ODBC connections.  After specifying the ODBC connection I received the error The database specified is not supported by [ProductName].


It appears that this error is caused by the SQL ODBC driver.  I installed the SQL Management tools from SQL Server 2008 and changed the SQL driver to the SQL Server 2008 version (SQL Server Native Drivers v10) and recreated the ODBC connection.



Yay! The install continues!


PCoIP Streaming Video Performance

The network between my desk and our lab is controlled by corporate IT.  In order to have access to lab equipment at my desk I had to set up a simple PPTP VPN running on a Windows Server 2008 R2 VM.  Needless to say, it doesn’t provide the best throughput, but it meets about 95% of my needs.

Enter View 4.6 PCoIP Secure Gateway.  Since View Secure Gateway proxies the PCoIP connection I was absolved of the need for the VPN…

However, like any good engineer, once I had some free cycles I decided to test what the maximum video performance of View could be.  I fired up Band of Brothers Episode Two and watched at an amazing 5 frames per second.  I logged onto my Wyse P20 and saw that the “Active Bandwidth Limit” was set to 7000Kb.

Nothing that I tried seemed to improve the performance until my local VMware Sales Engineer stopped by and I showed the video performance to him.  He gave me some suggestions on how to improve the performance, but mentioned that it looked like the video was being rate limited.  This set off a spark in my head and after a couple of hours googling for “VMware View rate limit” I stumbled upon the answer… provided by our friends at EVGA.

Turns out that when you enable a Secure Gateway Server you are limited to using AES-128-GCM encryption and 7000Kb… which makes sense for using View over the WAN.  When I unchecked the box “Use PCoIP Secure Gateway for PCoIP connections to the desktop” in the General tab of View Connection Server Settings I was able to obtain much better video performance… up to 24 frames per second with the zero client resolution set to 1280×1024.

When I turned up the resolution to the full 1900×1200 of my monitor I was back to 5 frames per second.  It seems that the SALSA256-Round12 encryption is limited to 20 Mb/s.  Perhaps this will get better in View 5.0?