Horizon Cloud Pod Architecture Tools
Horizon cloud pod architecture (CPA) has lmvutil commands to manage the global database entitlements data using command line interface. A lmvtools command line wrapper is now available to enhance the command execution of lmvutil commands to input the password only once and leave the command execution to continue. It has capability to export all the site, site-pod mapping, global entitlements, user global assignments, local pool assignments, home site overrides, backup global entitlements in lmvutil commands format to file. The command builder has in-built mechanism to comment the stale user global assignments and stale home site assignments.
- Has CSV report generation option for showing all the pod pool and its associated global entitlements data, global entitlements and its user assignment, home site configuration in a CSV generated file.
- Lmvtools command executor has advantage of automating the lmvutil commands from the input file without repeating the password to be given as input on each command execution.For the customers who are in Horizon versions 7.0.x to 7.9 there is no way to export and import the global AD LDS instance data.
This utility would be helping the customers for:
- Taking backup and import of global entitlements related data in any Horizon 7.x released versions
- The data exported is cross pod compatible and can be imported from current Horizon version to any of the higher version of Horizon.
- Exporting all global entitlements alone to another new pod in another data center is possible.
- Has more flexibility in terms of exporting chunks of data. Importing the same global entitlements and its user or group data to any other new Horizon 7 environment is also supported.
- Provides a single CSV format report for global entitlements and its associated pool information.
- In Global Entitlements Pool Assignment CSV file headers are: "GE Display Name", "Global Entitlement Information", "Cluster Name", "Local Pool Display Name", "Local Pool Information"
- In global entitlements, user and home site assignments headers are:
"GE Display Name", "Global Entitlement Information", "User/Group Display Name", "FSP Assignment Information", "Home Site Name", "Home Site Information
- Using the above reports the customer can get complete global entitlements data, cluster name and its pool association in a single CSV file.
Global entitlements commands template can be created using the standard lmvutil commands. It helps in importing the data back in any other horizon environment. Note, there is no prefix required which takes username, domain and password as with the lmvtools commands executor it is replaced on the fly from the lmvtools.properties or with a one time user input in command prompt window.
Automatic clean up of the stale user entries in import operation. If the user is not found in the AD, then it fails to get imported with reason. So, it ensures that missing users in AD are not imported back again.
Export local/global AD LDS LDIF file. (Horizon support save collection has it. But, it requires a complete log bundle generation for fetching this file alone.)
How it works:
Environments where Global entitlements, user and groups assignments are in thousands, it takes time proportionately based on the entries as it will execute commands one by one for importing the data back. Foreign Security Principal needs to have at least one sync successful ( It happens all the time, else it will fail to add user or group entitlements to global entitlements)
NOTE: Horizon 7.10 on wards daily global data backup is available. This is not a replacement to that functionality. Horizon global data recovery using vdmadmin can be used to recover the data if no conflicts are identified in it. Command executor is helpful for older 7.x horizon environments in faster CPA recovery. Even in newer environments it helps in automation of the lmvutil execution as part of CPA build operations.
Horizon ADLDS Analyzer
A second utility is to analyze horizon global data and fix the stale user entries which are deleted or having an incomplete information because of replication issues. For example, Home site assignment page stops listing data if the user is no longer having an Active Directory account.
On the local database instance, two small utilities are added now.
- Checks the application icons integrity. As in some rare occasions the custom icon mapping gets lost and it blocks the local inventory to get loaded. This utility will export all orphaned icons to file. All such entries can be removed from ADLDS instance manually.
- Exports all the VDI servers which are available in the local database to a CSV file.
Identifies the stale user entries mapped to global assignments and highlights that it needs to be deleted though it is not hindering in the day to day horizon administration activities.
There are some rare occasions, where the global entitlements gets deleted and global assignments still have the deleted reference of it. In such cases the GUI management operations are not possible. To identify such broken entries and fix it this utility provides option for it.
Note: SID History is not supported in Horizon product and so is the analyzer. It cannot detect the missing users in active directory with the old SID mapped to it. It would be an enhancement if this tool gets enough support from customers like you to add more feature to it.
Regarding the tools heap memory usage:
Depending on the size of the environment the JVM heap memory can be adjusted in adlds-analyzer.cmd, lmvtools.cmd. As a default option, up to 2 GB of heap will be used by this tool.
For more details on how to use, Go to instructions tab and download the instructions.pdf.
A Horizon Cloud Pod Architecture enabled environment with horizon connection server version 7.x
Please download the instructions.pdf here