VMware View advanced networking
The last few months I have been busy designing, building and testing a new VMware View solution for our own Support Center. In this Support Center we do support and system administration for some of our biggest clients. One of the challenges is the use of desktop hardware and the limited space of a call agent’s or administrator’s desk. Many of my colleagues support multiple client sites and need different PCs for each client. So in 2008 one of my respected colleagues thought of a great solution and advised to implement a VMware VDI solution.
The idea was to create a pool of virtual desktops for each client site and supply the call agents and system administrators with a standard physical desktop with which they can access one or more virtual desktops and do the standard office work (Word, Outlook, etc) at the same time. Saving space needed for all those desktops and minimizing heat, power, etc and improving the working conditions in the process.
We bought four DELL PowerEdge 2950 II’s with two quad core CPUs and 64GB of memory each and a DELL EqualLogic 5000E iSCSI SAN to build this all virtual VDI solution.
One of the biggest challenges was to separate all client networks, so we assigned VLANs to all of them. But this raised a new challenge as I discovered during the implementation. Because we assigned all client their own VLAN and there was no routing between them, how can we connect to the virtual desktops.
As you can see in the schema below or on page 32 of the VMware View Manager 3 Administrator guide the connection to the virtual desktop is initiated by the View Connection Server together with the VMware View agent. After selecting an available desktop a RDP connection is established directly between the VMware View client and the virtual desktop. In our situation, with separate VLANs this is impossible so I took a deep dive into the entrails of VMware View.
I quickly discovered that it is possible to disable the Direct desktop connection which forces the RDP connection to go through the VMware View Connection server. This way I could use the VMware View Connection server as a ‘firewall/proxy’ to the client VLANs when I connect the VMware View Connection server to all port groups/client VLANs. It took me some time to get this working because I had to establish communication between the VMware View Connection server and the VMware View agents which were in other VLANs. After some calls to a few colleagues and our VMware Field SE I found out that name resolution was the cause of my problems and after creating a host file (no DNS available) on all virtual (test) desktops it worked like a charm.
So thinking I was in the clear I confidently finished the configuration, quickly meeting my next challenge. As you can see in the schema above I created this with only three client VLANs in mind. Bummer! The VMware View Connection server is a virtual machine and I currently have six client VLANs (and counting) and as we all know a virtual machine is limited to four network interfaces.
Another call to one of my most talented 😉 colleagues helped me out again. He suggested to create a port group with VLAN ID 4095, this port group would then pass through traffic from all VLANs and leave the VLAN tag intact, and connect a single network interface on the virtual machine side and use Virtual Machine Guest Tagging (VGT mode). To get this working you need an Intel e1000 network interface in your virtual machine so I had to change the Operating system setting in the virtual machine options to Windows Server 2003 x64. Now that the Intel e1000 was available I added it to the virtual machine but no VLAN settings of any kind where available. After a few VMware KB articles and a lot of Google I found that I needed to install the proper Intel PRO /1000MT driver instead of the driver provided by the VMware Tools. By installing this driver you get a lot of advanced options including VLAN settings needed for Virtual Machine Guest Tagging.
After creating virtual network adapters for all client VLANs and assigning the correct IP addresses on it I got it working. YEAH! Victory at last.
It sounds a bit silly, creating virtual adapters on a virtual network interface in a virtual machine but in my opinion it can never get virtual enough ;-). Virtualization to the MAX!
Today I have a meeting with our VMware Field SE and I will ask him if this is a supported setup. Check back here and I will keep you posted.