Thank you for providing such detail answers for my questions. Please see my comment and below.
A. Storage
1. What's the relationship of 9 vmdk files and zimbra file systems. From the naming suggested, it seems to be store, db, index, redolog, log, backup, and data. Which is mapped to which?
As the VMDK names are not known to the guest OS and viceversa, the devices found in /etc/fstab can be matched against the pvdisplay, lvdisplay outputs. The exact VMDK file name is a bit trickier, as it involves inspecting the VM entity, which can be done by using the https://vcenterFQDN/mob facility. Automation of such can be done via Perl or PowerCLI. Let me get back at you about this, for the moment the disk sizes are usable to match what's with what, and the output of lvdisplay (by default, every pv is owning a lv only so it's easy).
Edward: Thank you for those commands. It gives me better idea about the mapping. If we add more vmdk files and run through the provided script, will they be all for data only?
2. If I need to add more space and choose to extend existing vmdk files, which one I should I extend? Is it supported? The manual mentions adding more vmdk files to data VM, but how many and size? There is no guideline available. It won't be practical to add 10 or 20 10GB files and add another 20 or 50 later. Is adding more vmdk files the only way except NFS mount?
NFS is the recommended way for a wealth of reasons. The VMDK increase amount should be done according to usage expectations and projections based on the current comsumption ratio. Furthermore, we are finalizing docs on sizing that will suit you regarding scaling/sizing. About the manual not telling how to extend the space, it actually should be there, but it's only for the store/ mountpoint, as we expect growth to be happening there only, since sizing of the other mount points was done conservatively and therefore if you get close to filling those mountpoints, it's already due time to add another data-va and spread users, since e.g. db/ and index/ in particular are directly proportioned to overall VM load.
Edward: Will it be the correct assumption that the allocated db, index, redolog, log file systems have been optimized and fixed size, and only data store will be added? If db, index, log file systems is close to full, does it mean to be the right time to set up another data VM?
3. When adding space, which method is best practice? adding vmdk files or NFS? What's the benefit comparison?
See 2.), NFS should be preferred. Backing up would be easier, you can rely on SAN snapshot for the files there, it's more agile than having a whole bundle of VMDKs with the VM, etc etc.
Edward: Thank you for the important hint. Since last Friday, we started testing the NFS method and got the following problem below.
4. (New) When adding NFS space, I got "Error occurred: directory does not exist or is not writable: /opt/zimbra/storeXX zmvolume failed at ./mount-nfs-store.pl line49." I did test that the NFS can be mounted by root user and read/write without problem. I also reinstalled the lab environment more than 3 times and still got the same error. Is it a known bug or I should open a SR for it?
B. Active directory
1. During initial setup through wizard, the manual says to use sAMAccountName for single-domain AD or userPrincipalName for multiple-domain AD. For most companies, it is single-domain initially or in testing environment, and multiple-domain in the long run. Can we change it afterwards? How and where? The management web interface or command-line?
Please file an SR, as this might require a repro setup and time invested. Also SR will guarantee proper prioritization for opening an RFE/bug in case. Thanks!
Edward: Thank you for the comment.
2. On the manual, it says if userPrincipalName is used, the Base DN should be left blank. However, during all my testing, if I leave it blank, the Step2b won't go through and it can't add to domain. Is it documentation error or some problem in AD?
IIRC this is a bug we fixed later on, thanks for pointing this out.
Edward: Thank you.
3. For using userPrincipalName and one domain users are added, how to add other domain users after the initial setup is done? How and where? The management web interface or command-line?
You should go to the connector admin console at https://yourconnectorhostname.domain.com (will redirect to :8443/hc/admin then). There you can find the directory sync section. See the docs for this.
Edward: I tested it many times and got the same answer from other thread. I've even reinstalled the lab environment several times and it's still not working. Finally I found the root cause. The https://CONNECTOR/hc/admin or https://CONNECTOR:8443/hc/admin does NOT work on WindowsXP/IE8. However, it works on Windows7/IE8, Windows7/IE9 or WindowsXP/FireFox. We still have more than 60% desktops or laptops on WindowsXP. Unfortunately my 3 machines are WindowsXP with IE8 only. That's why I can't get in. The interesting thing is WindowsXP/IE8 works fine with configurator, workspace user, workspace admin web interfaces. I don't think it is mentioned in VMware document.
4. From my testing, after initial setup, the login always failed with "The user could not be authenticaed" error message. Even I use the AD user with Domain Admin privilege set it Step2b, it still failed. Finally I found that I need to add @full-domain-name for the Username field. Nowhere in the manual mentions that.
And that shouldn't be necessary indeed. Please open an SR with us and we'll further look into this, thanks in advance.
Edward: Through my testing, if sAMAccountName search method is chosen, you don't have to put @full-domain-name for the username. If userPrincipalName is being used, @full-domain-name must be added to distinguish which domain user is logging in. It seems to make sense now.
5. I may not be so good in AD nor our Windows administrator. We don't quite understand the difference fro CN or OU in AD. For the new install AD, the default location for users is in Users folder. When I tried "cn=edward,ou=Users,dc=lab,dc=local", and it didn't take it until I replaced it with cn=Users. I suggest the documentation should mention this and shouldn't assume all users know the LDAP syntax very well.
Unfortunately that has to be an assumption we can't avoid. The AD/LDAP topic is very very wide, and together with the tutorials and good free documentation online, we can't prioritize such -interesting I admit- insight. I'll make sure to let engineering be aware of such request, and we'll see what we can do though, thanks for pointing this out.
Edward: I understand AD/LDAP topic is very wide. My expectation is that it should be something similar to when you add a Windows server to domain, only domain name and a username with domain admin privilege are required. We don't need know the full LDAP path of the specific user. If you can talk to the developer, please forward the request.
6. The users and groups information is pulled out from AD during initial setup. Any add/remove user operation happens afterwards can't be seen on Horizon Data management interface. Even the sync scheduling in Step 2f is set to hourly, it is still no update from AD side after half day. Nowhere to force sync immediately and no documentation mentions how to do so. The Step 2f also offers "Manual sync" option, but again how and where to do so?
If you go to the connector as said in 3, if you go to directory sync->edit rules->next ... next will do. And yes, it's true we don't have it documented, I'll open a bug on this to make it clearer, thanks.
Edward: Thanks. After I use Windows7/IE8 or IE9, I can see the setting and sync successfully. Yes, please add the topic into the manual.
C. Policy & Quota
1. The whole quota and policy seems to be controlled by COS. The minimum retention after file is deleted is 1 month. It would waste a lot of space if minimum is 1 month. Another other shorter option and how?
"Trashed File Lifetime Value" in the CoS should do? It should be in the docs, but let me know if not and I'll open a bug against docs.
Edward: The only available choices are 1 month, 3 months, 6 months and 12 months. Because it is a pull-down menu, nowhere to specify any time shorter or other option. It doesn't seem to be a documentation issue. Would you please let developer know about this?
2. Where to control the number of version to keep? We can't keep infinite versions if the file is changing all the time.
Generally speaking, the most useful settings can be changed via admin GUI, some others not or not yet. In this case the only way would be to rely on the CLI. So for example to change the setting for the whole COS:
connect via ssh to any data-va, then:
su - zimbra
zmprov mc ' # to change the value
zmprov fc -a all # to flush all caches on every data-node to avoid waiting the 15m delay (worst case) for this to happen.
I already have a feature request open to get this exposed in the GUI, thanks.
Edward: Thank you. So the command will change all existing files bound to the CoS, right? I think it is the same important factor as "Trashed file lifetime value". Please consider to add it to admin GUI.
3. From an administrator, how to take ownership or view terminated user data? How to reassign it to other users?
It can't be done at the moment from the admin console. What would be the use cases here? Please open an SR with some more details, we might open another feature request for this.
Edward: If the idea of Horizon Data works, I believe a lot of companies will consider to use it for file server function or at least user's home directory. If it is the case, we need to consider the existing data for terminated employee. The direct manager needs to have access to that user's data. IT person needs to have a way to reassign the owner & quota for the existing data. Currently I believe resetting user's AD password and share data with manager or teammate. Is any other better way to handle it?
4. For litigation requirement, what is the requirement and detail steps to have a total image (5 VMs) restore to certain point in time, say 5 months ago or 2 years ago?
Please follow our backup doc found here: https://www.vmware.com/support/pubs/horizon-workspace-pubs.html Also note, it's a prerequirement having experience with vSphere, as you'll see. Eventually if in trouble during such process, please file an SR with us.
Edward: I went through the manual "Horizon Workspace Backup Data Best Practices" from the link above. It seems to be very high level of steps for backup & restore and it also mentioned "Postgres database". Since the vApp is a product from VMware, there should be a tool or utility to handle all required components. I suggest to have a more detail step-by-step procedure for customer to follow.
5. How the quota is counted? For example user A shares folder to user B and user B adds a lot of data into the folder. Will it be counted in user A or B's quota? If the user B is external, how the quota works? What about the folder is re-shared from user B to user C?
At the moment, quota counted against sharer's account only. We are in the process of evaluating whether to go with a distributed quota in such cases, or not.
Edward: Thank you for the information.
D. Entitlement
1. How does the licensed entitlement count? By users in AD or in the imported list in Horizon Data? or by the users entitled to use Data function?
2. How about the license count if the entitlement is given to a group in Horizon Data?
Have you read our licensing KB? Please contact your sales rep if still in doubt, thanks! http://knova-prod-kcc-vip.vmware.com:8080/contactcenter/php/search.do?language=en_US&cmd=displayKC&externalId=2042975
Edward: The link you provided seems to be in VMware internal website. The external link is http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2042975 . Yes, I read through. My question is the "Named user". Does it mean all observed users through AD sync? or entitled to use Data function? I will meet the sales rep this week to find out more too.
3. How about the license count for external users?
External users are not counted, they can be as many as you need.
Edward: Thank you for the information.
E. Architecture
1. In the document "VMware Horizon Workspace REFERENCE ARCHITECTURE" from public VMware site, it shows very good pictures and the suggested layout to support 2000 users. But, it requires multiple service-va, connector-va, gateway-va and data-va. Great, but how? No document mentioned how to expand the landscape of pre-install 5 VMs.
It's in our docs, see before. Or use the search function and look for "addvm" here: http://pubs.vmware.com/horizon-workspace-10/topic/com.vmware.hs-administrator.doc_10/GUID-1039E747-8C25-42BC-BD7A-7471EDF762C0.html
Edward: My apology. I overlooked the topic in the manual. Yes, you are right. It is in the "Advanced Configuration for Horizon Workspace Virtual Machines" section of installation guide.
From the user experience perspective, the Horizon Data function 100% perfectly meets our needs, and acts just like most cloud storage providers. However, the setup and administration function, and even available documents really worry us and prevent deploying it global or using it for production. I followed the recommendation from weinstein5 for available documents, but none of them can give us clear answer for those questions. Actually I've gone through those documents before submitting the thread. I am looking forward to VMware to provide more and better documentation for this product.
Everything can be improved, but I believe that some questions should have been covered already by the online docs. Would you be able to specifically list all the docs (please copy/paste the direct urls) that you read? Thanks!
Edward: You've answered most of my questions. Thank you very much for your help. The document I went through is the same as you listed above https://www.vmware.com/support/pubs/horizon-workspace-pubs.html . I expect to see more frequent-used topics added into the documentation.
cid:3__=09BBF11DDF1136548f9e8a93df938@diodes.commgolfieri -06/14/2013 07:57:34 AM-mgolfieri mgolfieri created the discussion "Manual or documen
From:
mgolfieri <communities-emailer@vmware.com>
To:
echuang <edward_chuang@diodes.com>,
Date:
06/14/2013 07:57 AM
Subject: