Vembu BDR 3.9.1 Update 1 Supports vSphere 6.7

Vembu has release an update for BDR version 3.9.1 which supports VMware latest version vSphere 6.7 .When Vembu released BDR 3.9.1 with their started version for SMB customers it was not included support for vSphere 6.7 and it was one of the big missing part.

Vembu really understand what customer required so they are able to release an update so quickly to overcome this missing support feature and now Vembu BDR Suite 3.9.1 Update 1 supports vSphere 6.7 and is generally available (GA) and ready for download.

In my previous posts of Vembu, I have shared features available with Vembu BDR Suite, so in this post I am not going explain about them again and here I am sharing my validation of vSphere 6.7 support in Vembu BDR 3.9.1 Update 1. Moreover, this is only a maintenance release so they there is no new features announced with this update.

Environment Details

Below are the ESXi Server details in my vSphere 6.7 Lab.

Host Name

IP Address ESXi Version vCenter Version

TEST-ESX1.VMARENA.COM

192.168.1.21

6.7

6.7

TEST-ESX2.VMARENA.COM

192.168.1.22

6.7

TEST-ESX3.VMARENA.COM

192.168.1.23

6.7

TEST-ESX4.VMARENA.COM 192.168.1.24

6.7

 I have configured vSAN data store on this setup to deploy virtual machines and backup repository is vSAN iSCSI Target storage with size of 50 GB. Vembu BDR 3.9.1. Update1 installed on Windows 2012 R2 Operating System.

vSphere Version

Login to ESXi host or vCenter and Navigate to Summary and verify the vSphere version

Configure vSphere 6.7 Host on Vembu BDR server

Verify Vembu BDR Version

Login to the Vembu BDR server Console using “https://FQDN:6060” or “https://ipaddress:6060“ from any machine you can access the Vembu BDR Server.

Navigate to Help -> About US

Note: - You may access the console from BDR server also, this image has taken on that scenario.

Add vSphere 6.7 to Vembu Server

From Main Tab Select VM Replication -> VMware vSphere option

Click on Add VMware vSphere Server -> Enter ESXi host IP and Credential and Click Save

Server will be add and you may see a popup message as “server added successfully”.

And from List VMware Server Option you can view added vSphere servers

 

Configure the Backup and Test

In one of the ESXi server added to Vembu BDR server contains a Windows 7 64-bit Machine, which is stored on vSAN data store, here I will configure the image backup of this machine and run the backup to verify the vSphere 6.7 support on Vembu BDR 3.9.1 Update 1

Vembu BDR provides efficient Deduplication to backup data, which will help to save the cost on bandwidth and storage space.

Select the Backup option from the added VMware Servers and Select the virtual machine need to configure the back up and click Next

Click Next to Continue with all default values

Note: - If you have any application like exchange available on the server you have select the Application Aware Process

Select the Schedule for the backup and click Next

Configure the required retention for this backup and click next

Enter a Backup Job name and select the checkbox of Run this Job Immediately after saving

Review that all steps are verified Vembu Server by a tick on the left side of each option.

Click on the Save the backup Option and there will be pop-up message, Click OK to continue by confirming that backup Schedule has completed.

You can View the Configured backup Job from backup -> List all Jobs Option

 

Click on Status Up Arrow under status tab and you can review the progress of the backup .

You can check the backup report from Reports -> Backup Status Report Option

 

Start your 30 day free trial now

More Links


Horizon View Security Server

VMware Horizon View Security Server is another component of the Horizon View which provides and additional layer security between  Internet and the internal network you have deployed Horizon View infrastructure. In this post I will be sharing the information about Horizon View Security Server ,  installation and integration with Connection Server .

Why Security Server ?

Security Server is one of the important  component of Horizon View when it is publishing to external network . Security server main role is to secure the VMware Horizon environment by minimizes the attack surface on the internal network in  View Connection Server  and the ports opened to the outside world .

As a best practice Security Server should be on demilitarized zone (DMZ) network and from DMZ  security server will allow  the connection to  for the internal Horizon View Connection Server.

Supported Operating System

Operating System Version Edition
Windows Server 2008 R2 SP1 64-bit Standard , Enterprise , Datacenter
Windows Server 2012 R2 64-bit Standard , Datacenter
Windows Server 2016 64-bit Standard , Datacenter

Note:-If you prefer a Linux appliance, you may use  VMware Unified Access Gateway  (UAG) . Also you may install one or more security servers to be connected to a View Connection Server instance ( Not covered on this Post )

Minimum and Recommended Hardware Configuration

Hardware Component Minium Requirement Recommended
Processor 1.4 GHz or faster processor with 2 CPUs 2GHz or faster and 4 CPUs
Networking One or more 10/100Mbps NICs 1Gbps NICs
Memory 4GB RAM or higher 10 GB RAM or Higher
Disk space 40GB 60GB

Firewall Ports Details

You have to refer the VMware KB  article to under stand the port requirements for Connection Server instances and security servers.

Important Points to be checked before installation

  • Generate a Pairing Password from Connection Server  for establishing connection with the security server .
  • Security server software shouldn't be install with any other Horizon 7 software component, including replica server, Connection Server, View Composer, Horizon Agent, or Horizon Client.
  • Terminal Services role should not be enabled / installed on the Security Server
  • Static IP address for Security server
  • Fully Updated Windows Operation System
  • Fully qualified domain name (FQDN) reachable from a clients
  • Windows Firewall with Advanced Security is set to on in the active profiles.
  • TLS certificate with Friendly name " vdm" should be installed on Server or replace self signed one. 
  • Certain ports must be opened on the firewall for Connection Server instances and security servers , Reference
  • If Security server on DMZ network allow required communication from connection server ,refer firewall port details

Pairing Password

Login to  View Administrator and Navigate to View Configuration -> Servers  -> Connection Servers

Select the  Connection Server to which the Security Server will be paired and click More Commands, and click Specify Security Server Pairing Password option

  • Enter a pairing  password ,  password timeout value  and click OK.

Security Server Installation

  • Download the  View Connection Server installer file from the VMware download which includes View Connection Server component .

  • Login to the Server you are planning to configure as security server and run the VMware-viewconnectionserver-x86_64-7.5.o.XXX.exe

  • From the Horizon 7 Connection Server Installation Wizard Click Next to Continue

  • Accept the end-user license agreement (EULA) and Click Next

  • Choose the destination folder for the binaries or continue with defaults by  Clicking next

  • Select the  Horizon 7 Security Server option from Installation Options page  and desired IP protocol version you  want to use in the installation of the Security Server.

  • Enter the FQDN of Horizon Connection Server that will be paired with Security Server from Paired Horizon 7 Connection Server page  and  Click Next.

Hostname   - Fully Qualified Domain Name of Connectyion Server

IP Address  - IP address of the Connection server which is resolving by FQDN

  • You have to enter the pairing password you have created from the Horizon view Administrator window and click Next.

Note :- You may see warnings like below if Windows Firewall was not enabled for the active profile  , IPsec is not going to be configured for communication between the Security Server and the Connection Server . You have to Click OK Continue

  • After the successful  pairing between the Security Server and Connection Server you can see the External URLs  for External, PCoIP, and Blast External connectivity.You may edit the URLs as appropriate which is externally accessible , also modification on this can be done later  Click Next.
External URL  -  It is the external URL of the security server for client endpoints that use the RDP or PCoIP display protocols. The URL will contain the protocol, client-resolvable security server name, and port number. Tunnel clients that run outside of your network use this URL to connect to the security server.

For example: https://view.example.com:443

PCoIP External URL -  It is the external URL of the security server for client endpoints that use the PCoIP display protocol. In an IPv4 environment, specify the PCoIP external URL as an IP address with the port number 4172. In an IPv6 environment, you can specify an IP address or a fully qualified domain name, and the port number 4172. In either case, do not include a protocol name.

For example, in an IPv4 environment: 10.20.30.40:4172 ,  Clients must be able to use the URL to reach the security server.

Blast External URL -  It is the external URL of the security server for users who use HTML Access to connect to remote desktops. The URL must contain the HTTPS protocol, client-resolvable host name, and port number.By default, the URL includes the FQDN of the secure tunnel external URL and the default port number, 8443. The URL must contain the FQDN and port number that a client system can use to reach this security server.

For example: https://myserver.example.com:8443

  • Next is Firewall configuration and as a recommended  approach allow the installation to configure the Windows Firewall automatically for incoming TCP ports connectivity by Click Next to continue
Option Action
Configure Windows Firewall automatically Let the installer configure Windows Firewall to allow the required network connections.
Do not configure Windows Firewall Configure the Windows firewall rules manually.Select this option only if your organization uses its own predefined rules for configuring Windows Firewall.
  • Click the Install option to begin the Horizon View Security Server installation
  • Once installation completed  click the Finish button , you may select either to display or not display release notes.
Access the Horizon View Client 
Open a Web browser and use the FQDN or IP address of your Security server and you will get horizon view page
Publishing to External Network 
Next you have to NAT on  your firewall   Public IP to Security Server IP with required ports and refer the VMware KB  for Firewall Ports Details  . After completing the step you can access the Horizon Client using Published URL . Note that you have configure published IP and URL on the public DNS , else you will not able to reach to URL .
Enable PCoIP Secure Gateway
  • From View Administrator navigate to Configuration -> Servers -> Connection Server
  • Select the Connection Server that is paired with the Security Server, and click Edit.
  • From General tab select the check the box  " Use PCoIP Secure Gateway for PCoIP connections to machine " , if it is enabled no need to do any changes .

And you can see  HTTP(S) Secure Tunnel and Blast Secure Gateway are enabled don't change that  and  if it is not enabled you have to enable that .

Note: you will not able  to configure this directly on the Horizon Security Server .

Modify Edit Security/Connection External URL

Once all the ports are opened and completed NAT you can configure the external settings on both Security and Connection Servers.

  • From View Administrator navigate to Configuration -> Servers -> Security Server and click on Security server name  select Edit option
  • Modify the fields to your external DNS name and external IP address with  ports and  Click Ok .

Note :- You have use the same external IP and URLs on Connection Server also , Follwo the same steps on the Enable PCoIP Secure Gateway  and add the details.

And finally you have to Configure an SSL server certificate for the security server refer Configuring SSL Certificates for View Servers  perform this .

Now you can access the Horizon view Desktop From External Network

Additional Information 

Below are the security server services are installed on the Windows Server

  • VMware Horizon View Security Server
  • VMware Horizon View Framework Component
  • VMware Horizon View Security Gateway Component
  • VMware Horizon View PCoIP Secure Gateway
  • VMware Blast Secure Gateway

For information about these services, see the Horizon View documentation

The VMware Horizon View Connection Server (Blast-In) rule is enabled in the Windows Firewall on the security server. This firewall rule allows Web browsers on client devices to use HTML Access to connect to the security server on TCP port 8443.

Below are some information from VMware website  which will help to understand what actions hs to taken while reinstallation of security server  or any error occurred while deployment .

Installation is cancelled or aborted

You might have to remove IPsec rules for the security server before you can begin the installation again. Take this step even if you already removed IPsec rules prior to reinstalling or upgrading security server. For instructions on removing IPsec rules, Refer Remove IPsec Rules for the Security Server.

You might have to configure client connection settings for the security server, and you can tune Windows Server settings to support a large deployment. See Configuring Horizon Client Connections and Sizing Windows Server Settings to Support Your Deployment.

Reinstallation security server

If you are reinstalling the security server and you have a data collector set configured to monitor performance data, stop the data collector set and start it again.

Refer  Horizon 7 Deployment Guide for More Details

Suggested Posts

What’s New with VMware Horizon View 7.5

Horizon View Connection Server

Horizon View Composer Server


Horizon View Composer Server

VMware View Composer is a component of VMware Horizon View, which provides rapid deployment, linked clones. With help of composer, you can create linked clones which provides 50% to 90% reduction in storage requirements for virtual desktops.My previous post was bout Horizon View Connection Server 7.5  and In this post I will be explaining about view composer and its installation procedure  . Both are correlated you need Connection Server to use the composer and composer required for provision linked clones from connection server .

Also you can manage desktop pools by creating golden image, which is master OS that share a common virtual disk. All cloned desktops linked to the master image and can be patched or updated through simply updating the master image. Moreover, any actions like patching or modification of cloned desktops will not affect users’ settings, data, or applications.

Working Scenario of Composer

As I mentioned above from the golden image or parent virtual machine, you will be taking snapshot of that VM, then deploy desktops from the snapshot. Composer will create replica from the snapshot which is thin provisioned mode of the Parent VM and that will be used for desktops.Desktops created as linked clone, which implemented with a delta disk "linked" to the replica disk and all the change that happens to the desktop are stored will be on the delta disk.

Supported Operating Systems

Operating System Version Edition
Windows Server 2008 R2 SP1 64-bit Standard
Enterprise
Datacenter
Windows Server 2012 R2 64-bit Standard
Datacenter
Windows Server 2016 64-bit Standard
Datacenter

Minimum and Recommended Hardware Configuration

Hardware Component Required Recommended
Processor 1.4 GHz or faster Intel 64 or AMD 64 processor with 2 CPUs 2GHz or faster and 4 CPUs
Networking One or more 10/100Mbps network interface cards (NICs) 1Gbps NICs
Memory 4GB RAM or higher 8GB RAM or higher for deployments of 50 or more remote desktops
Disk space 40GB 60GB

Note :- Based on number VDI systems you have to provide more resources to composer server

Reference

Firewall Ports Details

You have to refer  VMware KB  article to under stand the port requirements  and note that composer will have communication to connection server and VMware infrastructure .

Important Points to be checked before installation

  • Fully Updated Windows Operating System with  4.6.1or later Installed Server
  • Each vCenter Server requires its own View Composer. There’s a one-to-one mapping.
  • View Composer cannot be installed on a Horizon 7 Connection Server.
  • Windows Server 2008 R2 with no service pack no longer supported.
  • View Composer requires an SQL database ( Composer DB) to store data.
  • Events database to record information from Horizon Connection Server about Horizon events , optional .
  • Each Composer instance must have its own View Composer database and this data base shouldn't be shared with Multiple View Composer servers.
  • Composer Supports Oracle 12c , 11g or SQL database , For details check Interoperability Matrix
  • Composer database must be available to View Composer server
  • Horizon view license to install and use the View Composer feature.
  • Microsoft KMS with Volume Licensing  to provide required license for linked clone VMs in Desktop  Pools
  • Active Directory Availability with a OU, Groups and required GPO for Horizon View setup , Reference
  • SSL certificate that is signed by a Certificate Authority (CA)
  • vCenter Access with Provisioning Privilege
  • DNS for name resolution and DHCP server for support linked clone network connectivity
  • Follow Best Practice for Configure VMware Infrastructure for Composer.
  • Any Horizon 7 component, including Connection Server, security server, Horizon Agent, or Horizon Client  should not be installed on the machine on which you intend to install View Composer.
  • Required a DSN which is configured from ODBC  wizard and you have to enter this information while installing  the View Composer service.
  • View Composer server should not have any applications that use Windows SSL libraries that require SSL version 2 (SSLv2) provided through the Microsoft Secure Channel (Schannel) security package. The View Composer installer disables SSLv2 on the Microsoft Schannel. Applications such as Tomcat, which uses Java SSL, or Apache, which uses OpenSSL, are not affected by this constraint.
  • Composer installation required a user with administrator privileges on the system.
  • Refer VMware Community Page

Composer Server Deployment

 View Composer is used to deploy linked-clone desktop pools  and Install this you should have a valid license.

Login to the Composer Server and Navigate the Composer  Server Software and Launch the installer

Click Next

Accept the EULA to continue and Click Next

Change the installation directory if applicable or use the default as shows below and  Click Next

Enter the DSN with credentials details used while it was creating from ODBC , Incase if DSN not created you can use ODBC DSN setup  option to create

In this post I am creating DSN from same window or you can create DSN from ODBC Option by following below steps

Navigate to  System DSN  Tab and Click Add 

Add the Data Base Name , Description and Data Base sever name or IP  and Click Next

Use the credentials ( SQL or Windows) which has access to data base and click Next

Change the default database to Composer DB from drop-down menu which you are planning to use for Horizon Composer and click Next  , then finish in text where you can test connectivity  from Composer to DB .

Select the Test Data Source option to do connectivity test and click ok to navigate to DSN Tab.

You can View the Created System DSN and click OK to Exit

Add the details you have used to create system DSN and Click Next

Composer Port Settings page will appears and default port 18443 will there and you can create or choose a valid certificate which is available on the  server by Use an existing SSL certificate and select the certificate. Click Next.

Certificate will show in next page and click OK to continue

Click Next to Install start the installation

Once Completed the installation Click finish

After the installation completed server required Reboot and  you have to Click Yes when asked to restart the computer on the pop-up .

Note :- If you are accessing the composer through remote desktop manager for the installation of the Composer session will be disconnected and if its is virtual machine you have reboot the server by login to console , and if it is physical server you have to perform this through remote management console / remote cli option .

Additional Information

You have to create proper backup schedule of the Composer Data base , incase composer server crashed  you don't have to have be panic .Only new new  provisioning  will not work and existing pool will be working fine ,  after rebuilding or recreating new composer server you can map/restore the database from backup composer server will having all details with previous configuration .

Backup of database is very important because Composer database stores information about connections and components that are used by View Composer :

  • vCenter Server connections

  • Active Directory connections

  • Linked-clone desktops that are deployed by View Composer

  • Replicas that are created by View Composer

Suggested Posts

What's New with VMware Horizon View 7.5

Horizon Manager Connection Server


vSAN 6.7 All Flash Configuration

VMware Virtual SAN (VSAN) is a hypervisor-converged storage solution for your vSphere environment.  In this post I will explain about how to perform vSAN All Flash configuration .

vSAN All Flash Architecture

In All Flash Configuration  one designated flash device is used for cache while additional flash devices are used for the capacity layer. In an all-flash configuration, 100% of the cache tier is used for the write buffer, with no read cache.

 

A standard vSAN cluster consists of a minimum of three physical nodes and can be scaled to 64 nodes.All the hosts in a standard cluster are commonly located at a single location and are well-connected on the same Layer-2 network.

We are configuration the vSAN with below and Setup is on Nested Environment .

ESXi Version Node Flash Drive Flash Drive
ESXi 6.7 TEST-ESX1 50 GB 20 GB
ESXi 6.7 TEST-ESX2 50 GB 20 GB
ESXi 6.7 TEST-ESX3 50 GB 20 GB

Enable vSAN on the Cluster

In my previous post I have explained about the requirement and configuration of vSAN in Hybrid mode.  And you can follow the same article to configure the prerequisites like Network , HA  . After creation of VMkeirnel for virtual SAN traffic you can enable VSAN on the cluster from web client .

Addition to my previous post you have use all flash hard drives for configuration and in my case I have configured both disks to flash mode from web client .

Navigate to ESXi Host -> Configure- > Storage Devices , then select the disk and use the option "Mark  the selected disk as flash" 

After the changes on all hosts you have to Navigate to cluster -> Configure -> General -> Configure 

You can see vSAN is Turned OFF state ,  Click on Configure option on the right side

Select the check box Deduplication and Compression and this feature is available only on vSAN All Flash Configuration and Click Next

More detail about Deduplication and Compression can found on Blog post 

Note :- We are not using and KMS and Fault Domain  so no encryption and FD are  selected .

Next Network validation will happen , it will show all vSAN VMkernals where vSAN traffic enabled , if any host it is not enabled will give you error and you can modify and retry

Next page is to claim available disks on the ESXi hosts , as we using all flash configuration you can see all disks will be flash.

It will easy for you understand the hard drive details by selecting " Group by Host "  and Claim the disk and Click Next  to continue

Review the Configuration and click Finish , it will take some time to finish and you can start using vSAN

Verify the vSAN Status 

Navigate to Cluster -> Configure -> General

Verify the vSAN Configured devices 

Navigate to Cluster -> Configure -> Disk Management  ,  you can see all the disks configured with vSAN

Next you can see there will  vSAN data store will be available on the Cluster .

Navigate to Cluster -> Configure -> Datastores  , and you can verify that  vsan Datastore available on console.

You can find More vSAN Posts  Here


Horizon View Connection Server 

Connection Server is the Core component of Horizon View and this is the first role you have to install .From the same server you will be able to access the Horizon View Administrator Console and manage all the activities. You can configure a group of two or more View Connection Server instances to balance the load or high availability purpose. Connection server is the component which is connecting your VMware Infrastructure and Composer server managing the View Administration.

In this post I will be discussing about Horizon Manger 7.5 Connection Server , Installation and Components .And this one of the post of my Horizon 7.5 Installation Configuration Series .

Connection server is the key component acts as a broker for all client connections .Connections are authenticates through Windows Active Directory and directs the request to the appropriate virtual machine, physical or Windows Terminal Services server.

Below are the management capabilities of Connection Server

  • Authenticating users
  • Entitling users to specific desktops and pools
  • Assigning applications packaged with VMware ThinApp to specific desktops and pools
  • Managing local and remote desktop sessions
  • Establishing secure connections between users and desktops
  • Enabling single sign-on
  • Setting and applying policies

Working Scenario of Connection Server

Configuring the View connection server can be done two scenarios based on requirement one is inside network, which allows only for you internal traffic and another access from internet, which is external network.

Internal Network

You can install and configure multiple View Connection Server instances inside firewall network, which only allows traffic internally only. All the  Configuration data is stored in an embedded LDAP directory and is replicated among members of the group.

External network

To access from external you have to install and configure View Connection Server as a security server or you may deploy UAG in DMZ network for this requirement. Security server or UAG in the DMZ communicate with View Connection Servers inside your firewall. Security servers and UAG appliances ensure that the only remote desktop and application traffic that can enter the corporate data center is traffic on behalf of a strongly authenticated user.

Security servers offer a subset of functionality and are not required to be in an Active Directory domain and you can install View Connection Server in a Windows Server 2008 or 2012 VM.

Horizon Connection Server has specific hardware, operating system, installation, and supporting software requirements.

Supported Operating Systems

Operating System Version Edition
Windows Server 2008 R2 SP1 64-bit Standard
Enterprise
Datacenter
Windows Server 2012 R2 64-bit Standard
Datacenter
Windows Server 2016 64-bit Standard
Datacenter

Minimum and Recommended Hardware Configuration

Operating System Memory Processor Network Adapter Recommended
Windows Server 2008 R2 64-bit 4GB or higher Pentium IV 2.0GHz Processor or higher 100 Mbps 4 CPUs , 1 Gbps NIC
Windows Server 2012 R2 64-bit 4GB or higher At least 10GB RAM for deployments of 50 or more remote desktops
Windows Server 2016 4GB or higher

Reference

Important Points to be checked before installation

Do not Change Horizon Connection Server IPv4 address, configure a static IP address.

IPv6 environment, machines automatically get IP addresses that do not change.

Windows Server 2008 R2 with no service pack no longer supported.

For replicated Horizon Connection Server instances configure the instances in the same physical location and connect them over a high-performance LAN to avoid the latency issues. If latency is there View LDAP configurations on Horizon Connection Server instances will become inconsistent.

Use the Cloud Pod Architecture feature where you need Horizon deployment to be in span datacenters. You can link together 25 pods to provide a single large desktop brokering and management environment for five geographically distant sites and provide desktops and applications for up to 50,000 sessions.

More Details Refer Cloud Pod Architecture Overview

You must install Adobe Flash Player 10.1 or later to access View Administrator Console from supported Web Browsers

  • Supported Web browsers are IE10, IE11, Firefox & Chrome Latest Version , Microsoft Edge (Windows 10), Safari 6 and later releases

The computer on which you launch Horizon Administrator must trust the root and intermediate certificates of the server that hosts Connection Server, Reference 

Maximum Connections for Connection Server

Remote Desktop Connections provides information about the tested limits regarding the number of simultaneous connections that a Horizon 7 deployment can accommodate.

Connection Servers per Deployment Connection Type Maximum Simultaneous Connections
1 Connection Server Direct connection, RDP, Blast Extreme, or PCoIP 4,000 (tested configuration)
1 Connection Server Tunneled connection, RDP 2,000 (default configuration)
4,000 (tested configuration)
1 Connection Server PCoIP Secure Gateway connection 2,000 (default configuration)
4,000 (tested configuration)
1 Connection Server Blast Secure Gateway connection 2,000 (default configuration)
4,000 (tested configuration)
1 Connection Server Unified Access to physical PCs 2,000 (tested configuration)
1 Connection Server Unified Access to RDS hosts 2,000 (tested configuration)
7 Connection Servers Direct connection, RDP, Blast Extreme, or PCoIP 20,000 (tested configuration)

Reference

Firewall Rules for Horizon Connection Server

Certain ports must be opened on the firewall for Connection Server instances and security servers.

When you install Connection Server, the installation program can optionally configure the required Windows Firewall rules for you. These rules open the ports that are used by default. If you change the default ports after installation, you must manually configure Windows Firewall to allow Horizon Client devices to connect to Horizon 7 through the updated ports.

The following table lists the default ports that can be opened automatically during installation. Ports are incoming unless otherwise noted.

Protocol Ports Horizon Connection Server Instance Type
JMS TCP 4001 Standard and replica
JMS TCP 4002 Standard and replica
JMSIR TCP 4100 Standard and replica
JMSIR TCP 4101 Standard and replica
AJP13 TCP 8009 Standard and replica
HTTP TCP 80 Standard, replica, and security server
HTTPS TCP 443 Standard, replica, and security server
PCoIP TCP 4172 in; Standard, replica, and security server
UDP 4172 both directions
HTTPS TCP 8443 Standard, replica, and security server.
UDP 8443 After the initial connection to Horizon 7 is made, the Web browser or client device connects to the Blast Secure Gateway on TCP port 8443. The Blast Secure Gateway must be enabled on a security server or View Connection Server instance to allow this second connection to take place.
HTTPS TCP 8472 Standard and replica
For the Cloud Pod Architecture feature: used for interpod communication.
HTTP TCP 22389 Standard and replica
For the Cloud Pod Architecture feature: used for global LDAP replication.
HTTPS TCP 22636 Standard and replica
For the Cloud Pod Architecture feature: used for secure global LDAP replication.

Reference

Connection Server Deployment

The first View component to be installed is the Connection Server , before installing just understand what will be changes happening after installation of the Connection server .

Login to the server and Navigate to Control Panel - > Programs and Features  and check available applications over there

Navigate the Connection Server Software and Launch the Connection Server installer

Click Next

Accept the EULA to continue and Click Next

Change the installation directory if applicable or use the default as shows below and  Click Next

Select the Horizon 7 Standard Server and select the check the box labeled Install HTML Access select your network protocol (IPv4) then click Next

HTML Access - It  uses the Blast Protocol to enable access to your View resources from a compatible web browser

Note: Follow above steps and choose Replica server option if you want to install an additional Connection Server .

Enter a recovery password which protect the data backup of connection server and you need this for recovery time and  Click Next

password reminder - You can mention the hint of the password used there

Next screen will show you required firewall ports details which I have already mentioned on the firewall rule tables

Click Next  to continue 

Note - If these ports are not opened , please check with firewall team and allow these ports and try

To authorize use an Active Directory user  and  Click Next , if it is not configured please create a view admin user .

Use the Check the box if you wish to participate in the User Experience Improvement Program and  Click Next

Click Install to start the installation

Once complete click Finish 

If you want to see the release notes you can select the check box else uncheck

Access the VMware Horizon Administrator Console

You can access the console form the Horizon icon created on the desktop or from a compatible web browser use the FQDN or

IP of Connection Server .

     or    https://FQDN of Connection Server or IP/admin

Administrator Console will be look like below  and next you can configure the License from same window

Before starting the installation of Connection server I have mentioned about checking the components will be  installed

on server , Now check the Programs ad Features to verify which are components are installed  .

You can notify hat there is 3 components installed

  • AD LDS Instance VMwareVDMDS
  • VMware Horizon 7 Connection Server
  • VMware Horizon 7 HTML Access

Already I have mentioned about connection server and HTML Access above  ,  but you may think about component "AD LDS Instance VMwareVDMDS " , Let find  what is the purpose of this .

AD LDS

VMware View uses AD-LDS to store virtual desktop infrastructure configuration information .On View Connection Servers, AD-LDS is an embedded LDAP directory that is provided as part of the installation

AD LDS is a Lightweight Directory Access Protocol (LDAP) directory service that provides flexible support for directory-enabled applications .AD LDS provides much of the same functionality as Active Directory  Domain Services and it does not require the deployment of domains or domain controllers.

AD DS provides directory services for both the Microsoft Windows Server server operating system and for directory-enabled applications. For the server operating system, AD DS stores critical information about the network infrastructure, users and groups, network services, and so on. AD LDS does not require or rely on Active Directory domains or forests . But with existing AD DS environments  AD LDS will support the use AD DS authentication .

AD LDS Support on Applications

AD-LDS store for View configuration  The AD-LDS service database stored in Active Directory contains configuration data and events/logs. By default, this database resides on View Connection Server.

AD LDS can store “private” directory data, which is relevant only to the application, in a local directory service on connection server . Stored data which is relevant only to the application and which does not have to be widely replicated, is stored solely in the AD LDS directory that is associated with the application. This will reduces replication traffic on the network between domain controllers that serve the server operating system directory.

Suggested Posts

Horizon Manager Composer Server


Remote Desktop Manager ( RDM )

Remote Desktop Manager (RDM) centralizes all remote connections on a single platform that is securely shared between users and across the entire team­– its Suite contains many features that every organization needs to manage their complete infrastructure. This tool is very useful for any IT professional who works in administration, monitoring and implementation, etc., for their day-to-day operations and to manage multiple customers. In this review, I will be sharing Remote Desktop Manager’s available features and their many uses.

Remote Desktop Manager (RDM) can centrally manage all your remote connections, passwords and credentials. RDM is available in two versions: Free and Enterprise Edition. The Free Edition is obviously free, while Enterprise Edition is a more robust paid version. RDM has seven key components, and each component has its own features. Here’s a quick comparison between the two:

A detailed comparison of each supported feature can found on the Devolutions website.

What RDM Offers

RDM is available for both Windows and Mac, as well on Android and iOS mobile devices.

Start using by Downloading from below

RDM supports a wide range of connections and technologies, including computers, switches, VPNs or printers. Below is a list of supported tools:

Apple Remote Desktop Microsoft Remote Desktop (RDP) HP Remote Graphics Receiver
BeyondTrust Password Safe Console PC Anywhere Intel® AMT (KVM)
Chrome Remote Desktop PowerShell LogMeIn
Citrix (Web) PuTTY (Telnet, SSH, RAW, rLogin) X Window
Citrix ICA/HDX Radmin Telnet
ControlUp Remote Assistance VNC
DameWare Mini Remote Control Remote Desktop Commander VPN
Dell iDrac ScreenConnect Wayk
DeskRoll SecureCRT Web Browser (HTTP/HTTPS)
FTP Serial Port Host
Gateway SSH Tunnel HP Integrated Lights Out (iLO)
TeamViewer

RDM has the capability to connect remotely to virtualization and Cloud platforms, as well as other applications. You can access multiple virtual platform consoles like VMware and Hyper-V from RDM, or you can browse and access the data inside Cloud platforms. Additionally, you can remotely access and centrally manage different applications like Active Directory, SQL, and more. Below is a list of supported tools:

Virtualization Platform Cloud Platform Active Directory Console
AWS Console Amazon S3 Explorer Command Line
Azure Console Azure Storage Explorer Data Report
Hyper-V Azure Table Storage Explorer Data Source Shortcut
Oracle VirtualBox Dropbox Database
Virtual Server OneDrive Explorer File Explorer
Virtual PC Inventory Report
VMware (Player, Workstation, vSphere) Play List
VMware Console PowerShell
VMware Remote Console SNMP Report
Windows Virtual PC Spiceworks
XenServer Console Splunk
SQL Server Management Studio
TeamViewer Console
Terminal Server Console

VPN Support

RDM supports multiple native VPNs and other VPNs as add-ons, which you can install on RDM and access at your office or through a specific network. VPN connections can be configured in the VPN section of the session properties, and the connection can be established automatically, manually or configured to a specific condition.

Native VPN Support Add-Ons
Apple VPN Avaya (Nortel)
Cisco VPN Barracuda NG Network
Custom Bitvise Tunnelier
Microsoft VPN Check Point Endpoint Security
SonicWall VPN Check Point VPN-1 SecureClient
SSH VPN Cisco AnyConnect
TheGreenBow F5 Firepass SSL
FEC Secure IPSec
FortiClient
Generic VPN
Juniper Junos Pulse
Juniper Network Connect
Juniper WSAM
Juniper-Netscreen
NCP Secure Entry Client
OpenVPN
SecureCRT
Shrew Soft
SonicWall NetExtender
WatchGuard Mobile
WatchGuard SSL

Document Storing

You can store different types of documents in the data source instead of keeping them in the same location. This allows you to access all data from a single console with enhanced security. Below are the supported document types:

Certificate
Data source configuration (.rdd)
Default
Email
HTML
Image
Microsoft Office (Word, Excel, PowerPoint, Visio and OneNote)
PDF
Phonebook
Rich Text Editor
Spreadsheet Editor
Text
Video

Credential Management

RDM has the ability to store multiple types of credentials, including both native and external applications. The table below lists the different application types. RDM also supports credential redirection, dynamic credential linking and Windows Credential Manger. With the help of this feature, you will be able to manage your session, browsing history, and more with a single click.

1Password Password List
AuthAnvil Password Server Password Manager Pro
Connection String Password Safe
Custom Password Vault Manager
CyberArk AIM PasswordBox [Deprecated]
Dashlane Passwordstate
Firefox Password Manager Pleasant Password Server
Google Chrome Passwords Private Key
KeePass Secret Server
LastPass Sticky Password
One Time Password (OTP) TeamPass (TBD)
PassPortal Username/Password
Zoho Vault Windows Credential Manager

RDM reduces the complexity of accessing multiple devices and sessions by integrating the existing password managers and automatically logging in everywhere with the help of stored passwords.

Information, Contacts and Folders 

RDM includes storage tools for important sensitive information like your wallet, bank account, and email. You can also create and save contacts, and send e-mails to Skype.

Another option for storing information and contacts is Folders, which enables you to create multiple folders to manage your devices, grouping them based on location, devices, etc. You can also move the added devices or sessions to appropriate groups.

Below are the different information, folder, and contact types that can be used:

Information Type Folder Type Contact Type
Alarm Codes Company Company
Bank Information Customer Customer
Credit Card Database Default
Email Account Device (router, switch, firewall) Employee
Login (Account) Domain Family
Login (Web) Folder Supplier
Note/Secure Note Identity Support
Other Printer
Passport Server
Safety Deposit Site
Software/Serial Software
Wallet Workstation

Enhanced Security Support

RDM supports a role-based security system in which roles allows for creating a granular protection system that is quite flexible.

Roles

Here are the main key points of the role-based security system:

  • Security is inherited: child items and folders are covered by a parent folder’s security.
  • Permissions can be overridden: a permission set on a sub folder will override the parent item’s permission.
  • Permissions are granular: Multiple permissions can be set on entries at once.

Automation Support

RDM now supports Windows PowerShell, a powerful scripting tool that enables automation. This is provided in a PowerShell module. For any information regarding the RDM PowerShell module, please refer to the online documentation page, which can be found here.

Additional Information

Remote Desktop Manger provides customers with best practices, tips and tricks to make their environment healthy and secure with enhanced features. All technical information, like installation fixes, new features and updates are available from the Devolutions Blog, YouTube channel and tech forums.

How to Get RDM Updates

You can stay up-to-date on all things Devolutions by subscribing to their monthly newsletter for the most recent information about their products, case studies, new releases, software tutorials, and much more. They are also highly committed to customer support – helping users solve issues, enhance features, provide fixes, and offer feedback.

You can follow Devolutions on below

                

 


Snapshot Integration for Pure Storage with Veeam Backup & Replication

As we all know Veeam is one of the industry leading backup and replication product , and in 2017 last  they released the Universal Storage API with Veeam Availability Suite 9.5 update 3. This framework offers built-in integrations with storage systems to help decrease impact on the production environment and significantly improve RPOs.

Now Veeam announces Pure Storage to their list for new integration framework . This integration provide businesses with the ability to leverage storage snapshots for significantly improved RPO and reduce the impacts of snapshot backups .

How new Framework helps to reduce the Impact of Performance 

The new framework has the capability to  reduce the impact of performance on the primary storage  . When Veeam creating VMware snapshots, framework help to offload the process to the storage array to then taking the backup from the storage.

Granular recovery support on storage snapshot

Storage has the capability to do Recovery from snapshot by restoring the entire datastore. Now with integration support of Veeam  you can achieve the capability do restore from storage . Veeam Explorer has the visibility in to historic Storage Snapshots and still give the ability to perform granular recovery tasks against snapshots not even created by Veeam on the storage array.

Application consistent storage snapshot orchestration

Recovery point objective has the ability to drive application consistent snapshots on the storage array to provide an option for really fast recovery of data, down to the application item level.

Automated restore verification and on-demand labs: “Put your data to work”

How to ensure that your data is secure , only way do restore and verify otherwise you cannot be sure that your data is  protected. Here we  have option apart from common restore method as with storage integration it’s possible to test using storage snapshots more efficient way.

You will have the ability to create copies of your production environment in minutes without affecting performance and uptime of the production workloads.

In addition this integration also follows the Pure Storage FlashArray into the converged infrastructure, offering the ability to combine compute, networking, storage and virtualization.

You can Refer post for more details

Download the Pure Storage Plug-in

 


Why You Should Attend VMworld

VMworld 2018, VMware’s premier digital infrastructure event where you can only find what you need to launch the digital transformation that relies on you. No matter which domain you are working, you discover the technology, learn the trends, and meet the people that are shaping the future of digital business and taking IT to the next level.

VMworld offers incredible opportunities for education, training, and insights into current and future trends related to digital infrastructure technology and transformation.

You will have the opportunity to network with your old colleagues and make new connections, get direct experience and training with hands-on labs, and discover new product breakthroughs. VMware executives and experts will also be there to meet with attendees, lead workshops, and give keynotes and answer to your queries.

In this post, I want to share you some ideas why you have to attend VMworld especially if you are attending VMworld first time.

  • Learn from top VMware and industry experts about growing today’s technology in IT and what’s coming next.
  • Build and expand your skills and expertise to solve tomorrow’s challenges VMware certifications.
  • Relax and let loose with games, recreation events, sponsored get-togethers and VMworld Fest

Register for VMworld 2018 Here

You will have great option to register with Early-bird rates  , effect until June 15 , don't miss this opportunity .

Your registration fee for a full conference pass at VMworld US entitles you to the following

  • Welcome reception
  • General sessions
  • VMware Hands-on Labs
  • VMworld Fest, the official conference party
  • Solutions Exchange
  • Breakfast, lunch, and refreshments
  • Breakout sessions (Note: Some sessions are restricted to VMware partners or other select groups of attendees)

Labs and Training

The VMware Hands-on Labs demonstrate the real value of VMware solutions in real time. As a VMworld attendee, you will gain special access to the latest VMware technologies without being required to purchase equipment, software or licenses. You will have the option to attend Self-Paced Labs, Expert-Led Workshops and Hands-on Labs Tours

  • Be the first to try new lab content before it is available online.
  • Ask your tough technical questions and test the answers in a live lab environment.
  • Gain rapid product learning without the hassles of licensing and installation.

Training & Certification

VMworld training and certification program enables you to realize the full value from your VMware investments by helping you build the skills and experience to design, deploy and operate your VMware platform , evolving your organization and your career.  You have the option to Sign up during registration for special training and certification offers at VMworld, including discount.

Gatherings , Meetup's & Parties

Not only the Sessions and networking you will have great fun on VMworld with many cool gatherings and events, which ones are not to be missed.

From VMworld Fest—our fabulous event party—to sponsored get-togethers to unofficial meetups and outings organized by the VMworld community, you’ll find plenty of options for spending time with friends or making new ones.

Social Media

During VMworld use below social channel links for your posts

 Hashtags to use on Twitter and Instagram:

  • #vmworld - VMworld conference
  • #vmworldHOL - VMware Hands-On Labs at VMworld
  • #vmworld3word - 3-word creative tweets
  • #vmworldselfie - selfie or group photos

Social and Community resources:

Attendee Information

VMworld 2018 US returns to Las Vegas with five days packed with excitement, learning, and innovation.

Venue

VMworld 2018 US will be held at Mandalay Bay, located on the south side of the Las Vegas Strip and offering an unparalleled conference experience. In addition to its world-class event facilities, Mandalay Bay offers fine dining, shopping, and the world-famous Mandalay Bay Beach aquatic playground.

Address:

3950 S Las Vegas Blvd.

Las Vegas, NV 89119

Here is the venue map

First Time to VMworld 

If you're a first-timer to VMworld don't worry  VMware has great arrangements for you to make things simple Let's see what VMware arranged for you .

NewV Welcome Session 

VMware will connect you with other new attendees, give you details to help you plan and navigate your way through VMworld, and teach you tips and tricks to make your visit more successful. We'll also throw in some fun and games. It's a great way to kick off your VMworld experience

In Addition VM ware povides you tips about travel , stay and how to  get more details easily

Hotel Information

VMworld offers exclusive discounts at several hotels conveniently located at or near Mandalay Bay. VMware made it very simple by booking the hotel at the time of online registration with discounts.

Please vmwold hotel page for more information

Travel

Getting to VMworld 2018 US is easy. Las Vegas is served by McCarran International Airport, which hosts 28 domestic and international airlines and is open 24/7.  It’s a quick 15-minute ride from your terminal to Mandalay Bay by taxi, limo, or ride share such as Lyft and Uber.

How to get More information about Events

The free VMworld 2018 iOS and Android mobile app option , which gives you fingertip access to event and personal information. You will be able to create and view personalized breakout session schedules; add sponsors, exhibitors, and speakers to your favorites list.You can  find your way with the interactive and searchable map and much more form this app and it will be released Soon.

More Details Can be found on VMworld

Here is the Agenda for VMworld 2018

 


What’s New with VMware Horizon View 7.5

VMware has released their vSphere and vSAN new versions recently and now they announced release of EUC product VMware Horizon version 7.5 . Also with this VMware released new versions of its components, in this post I am sharing the details of new enhancement and new updated version details.

First, I would like to share the support of exciting integration with the VMware Horizon Cloud on AWS and complete Microsoft Azure support.

Additionally VMware released Components of Horizon Release

  • User Environment Manager (UEM) 9.4.0
  • App Volumes 2.14.0.

Find the below components has the new features and enhancements of Horizon 7.5

  • Horizon Connection Server
  • Horizon Agent for Linux
  • Horizon Agent
  • Horizon GPO Bundle
  • Horizon Client
  • Horizon JMP Server
  • Horizon 7 Security

Horizon Connection Server and Features

  • Horizon Console  

This is the new feature and latest version of the Web interface, where you can create and manage virtual desktops, publish desktops and applications. Horizon Console has the ability to integrate VMware Horizon Just-in-Time Management Platform (JMP) Integrated Workflow features for managing workspaces.

  • VMware Cloud Support on AWS 

With this release, you will be able to create desktop pools that contain full virtual machines on VMware Cloud on AWS and you can scale Horizon 7 desktops and applications on an elastic cloud platform.

  • Virtual Desktops

Now You can create a virtual machine in vSphere to use Virtualization-based security (VBS) , VBS is a features released with vSphere 6.7 .By support of VBS you will achieve better protection from vulnerabilities and  malicious exploits to the operating system.  You can add a vTPM device for enhanced security support with Virtual machine has VBS enabled , this is available with automated desktop pool option .

  • Instant Clones

Horizon 7.5 supports instant-clone API in vSphere 6.7. and you can configure Multiple vGPU profiles for instant clones . Horizon 7.5 supports PCoIP or VMware Blast (non h264 hardware encode) as a display protocol with NVIDIA GRID vGPU for an instant-clone desktop pool. Also you have the option to change the 3D vSGA or 3D software settings for instant-clone pools.

  • Cloud Pod Architecture

Great enhancement to the maximum session and total site support, session limit increased to 200,000 and total site limit increased to 10.  Desktop shortcuts features is available and you and configured it for global entitlements. ·         Horizon Help Desk Tool   Horizon Help Desk Tool is integrated into Horizon Console and now you can troubleshoot Linux and Windows desktop sessions, Disk IOPS data, applications like skype for business etc using Horizon Help Desk Tool in Horizon Console.

Horizon Agent for Linux

Control of USB Redirection, Clipboard Redirection, and Client Drive Redirection features are available  with Horizon Agent for Linux .With help of UEM you can define policies to control these features . Now Blast can dynamically chooses to use either UDP or TCP to provide the best user experience to transmit the data using VMware Blast Network Intelligence.

Horizon Agent

  • Microsoft Edge browser supported with the HTML5 Multimedia Redirection feature.
  • URL Content Redirection now supports subdirectories.
  • The SDO sensor redirection can sense changes in the screen orientation of a client device and accordingly display a different view on the device.
  • VMware Logon Monitor monitors Windows user logons and reports performance metrics can used for troubleshooting the issues like slow logon performance. And it is very helpful for system administrators, support admins etc.
  • VMware Horizon Performance Tracker monitors the performance of the display protocol and system resource usage in a remote desktop. Also you use this Performance Tracker for a published application inside application pool.

Horizon GPO Bundle

Horizon GPO bundle includes new Performance Tracker ADMX template file (perf_tracker.admx) which can be added to GPO to apply the setting related this.

Horizon Client

Horizon Client 4.8 is release with Horizon version 7.5 including HTML Access, More Information can found on Horizon Clients Documentation page.

Horizon JMP Server

JMP means Just-in-Time Management Platform, new JMP have the capability to integrate the Workflow features in Horizon Console. This will allow you to easily define and manage desktop workspaces that consist of a desktop operating system, applications, and settings. JMP is the collection of Instant Clones technology for the rapid provisioning of images, VMware App Volumes for just-in-time app delivery, and User Environment Manager for user personalization, profile management, and policies.

You can combine these capabilities together and will achieve the ability to create personalized and truly stateless desktops in seconds.  With Horizon 7.5 JMP has the collection of these technologies together and integrate them into a single common workflow.  With support of this capability, VDI admins can easily create VDI workspaces consisting of a desktop OS, applications, and settings in a proper workflow. For more information, check Getting Started with JMP Integrated Workflow for Administrating and deployment

New Subscription Licensing Model

With Horizon 7.5 VMware announce new universal subscription license model that allows you to deploy Horizon Cloud or Horizon 7 for one low price. This will help to deploy Horizon 7 on VMware Cloud on AWS and you will have the choice to enable this as part of a larger Workspace ONE deployment.

New Horizon Universal subscription license starting as low as $8.25/user/month for apps and $16.50/user/month for desktops and apps , For More Details Refer - VMware 

Horizon 7 Security

Horizon 7 supports TLS 1.2

Extended Service Branch (ESB) Support

With new Version VMware offers a new Extended Service Branch (ESB) for VMware Horizon 7 Enterprise deployments, which will include the core Horizon 7 platform, VMware App Volumes, and VMware User Environment Manager

For More Refer – VMware KB

Start Downloading the New version and Enjoy the new features


WSFC Configuration with vSAN 6.7 iSCSI Target

In my previous post, I have discussed about iSCSI Target Configuration in vSAN 6.7 and mentioned about new feature Windows Server Failover Clusters (WSFC) using the vSAN iSCSI target service. In this post, you can find the configuration of Windows Server Failover Cluster with iSCSI target feature in Windows 2012 Virtual Machine .This Feature is supported with Physical Window Servers also .

vSAN 6.7 fully support transparent failover of LUNs with the iSCSI service for vSAN when used in conjunction with WSFC. With support of this feature, now customers no need to buy a storage array and it save lot of money.

Steps Involved in this Procedure

  • Enable iSCSI Initiator
  • Create iSCSI Initiator Group
  • Create iSCSI Target and LUN
  • Configure the iSCSI  Target on Servers
  • Windows Server Failover  Cluster Creation
  • Fail over Testing

Prerequisites

Number of Servers  2 ( Based Licensee You can use more Hosts)
Network Card Each Node with 3
DNS Resolution Required
IP Each Server required  2 Public IP and 2 Heart Beat IP and 1 iSCSI IP
Cluster Name with FQDN Required
Windows Update Fully Updated -  Two nodes
Quorum  With Min 2 GB iSCSI disk
iSCSI Enabled on Both Servers
MPIO Feature Feature to be enabled with policy set to “Fail Over Only”

 

Windows Server Failover Clusters (WSFC)

A Windows Server Failover Cluster (WSFC) is a group of independent servers that work together to increase the availability of applications and services.

Components you must know in WSFC

Node – Node is referred as server that that is participating in a WSFC.

Cluster Resource -   It is a physical or logical entity that can be owned by a node, which you can perform actions as brought online, offline, move between nodes and managed as a cluster object. Cluster resource can be owned by a single node at any point of time.

Role  -  Role is a collection of cluster resources managed as a single cluster object to provide specific functionality. A role contains all the cluster resources that are required for a n Availability Group (AG) or Always On Failover Cluster Instance (FCI) and Failover and failback always act in context of roles. A role will contain an IP address resource, a network name resource, and resources for the role.

Network Name Resource  -  A logical server name that is managed as a cluster resource. A network name resource must be used with an IP address resource. These entries may require objects in Active Directory Domain Services and/or DNS.

Quorum  -   The quorum configuration in a failover cluster that determines the number of node failures that the cluster can sustain.

Enable iSCSI Initiator

Navigate t oServer Manager -> Tools -> Select iSCSI Initiator

It will enable iSCSI Initiator on the server

From the Configuration Tab Collect the Initiator Name , it is required while configuration access

Create iSCSI Initiator Group 

Navigate to Cluster ->Configure -> vSAN-> iSCSI Initiator Group

Provide a Name for Group and add the Initiator Name you have collected from servers to the members list .

Now you can see the available members in the group , this will help you to restrict the access to the lUN to these members only .

Create iSCSI Target and LUN

Cluster ->Configure -> vSAN-> iSCSI Targets -> Click  " +"  Add button and fill the required details click ok

Add the Alias , Selec the iSCSI VMK network , Storage Policy also from same window you have option to create a LUN

Here I am creating Quorum disk with LUN ID 5 and 3 Gb size

Click on Allowed Initiators Tab and add the Initiator Group

Configure the iSCSI  Target on Servers 

First Verify the iSCSI Network from Hosts Navigate to -> ESXi Host -> Configure -> Networking -> VMkernal Adapters

Open the iSCSI Initiator -> Discovery Tab  -> Click on Discover Portal and the iSCSI VMkernal IP

After adding move to Targets Tab and you can see the targets are available  with inactive state

Select each Target and click on Connect Option  , Select Enable multipath option and click OK

Go to Disk Managent and you can see the iSCSI LU is available , Now you can bring that disk online and create partition

Enable Fail Over Cluster Feature 

You have to enable this feature on all nodes which need to be part of WSFC

Navigate to Server Manager -> Manage -> Select Add Roles and Features 

Follow  the Screen Options as default and in Features Select  the Failover Clustering  -> Add features 

and on screen options , It will take while to finish the installation .

Windows Server Failover  Cluster Creation

After Enabling the Feature you have to create a Windows Cluster from Primary Server .

You have two option ,Validate Configuration and Create Cluster

Validate Configuration - Validating the Cluster Prerequisites are met , any Waring or error  on servers , any issue there you have to fix before proceeding and it is recommended to follow . Also after validating it will give option to create Cluster .

Create Cluster  - Starting the Cluster Creation with out Validating the server configuration and after creation of Cluster you can validate the configuration.

Proceed to Create Cluster with Screen Options

You have add both servers and Windows Custer IP and Name in required steps

Note - should not Select the Add eligible disk to Cluster Option 

After Finishing the Fail Over Cluster wizard  you can the see the New Cluster with added Node details .

Next You Can add the Configured iSCSI storage to the Cluster and configured required Roles

Navigate to Failover Cluster -> Storage ->Disks  and Select the Add disk Option

It will list the disk associated with with server and you can select the desired form there , and you can see the added disk on Disks

Configure a Quorum for the Cluster with added 3 GB Disk

Navigate to Cluster -> Right Click -> More Actions ->Select Configure Cluster Quorum Settings

Follow the Screen options and you can see the  available disk to add as Quorum , select the desired disk and continue to finish this .

 

You can see the details on Tab Assigned To , as Disk Witness Quorum

Select the Disk and you can test fail over with  the Move the storage options Best Possible Node or Select Node

Best Possible Node - Automatically Select the node and storage will be moved

Select Node -  it will pop up with available Cluster resource you can move

Also you can shutdown the active node and verify the fail over status by login to other node.

Now you can Create Required Rolw after adding required Disk ,example for Data base , File Server etc

Reference vSAN 6.7

Reference for SQL - Microsoft SQL Server 2014 on VMware VSAN 6 Hybrid

Refer Microsoft Site for more details on Fail Over Cluster