vCloud Automation Center 6.0’s “XaaS” feature will allow our customers to utilize any prepackaged, new, or existing vCenter Orchestrator workflow and deliver it as a Self-Serviced, Entitled, Governed, and Lifecycle-managed service. VMware will be shipping a more integrated View/vCAC DaaS integration in Q1’2014.  Until then we have to improvise to come up with a “DaaS-like” solution that will help fill in the gap until the products are natively integrated.

vCAC’s Advanced Service Designer (ASD) provides a quick-fix for this needed capability using rather unsophisticated means.  This use case guide will walk you on building a Desktop Request service using the ASD and vCenter Orchestrator’s Active Directory Plug-in.

DaaS Use Case Objectives:

  • Allow cloud users to request a Horizon View Desktop machine from vCAC’s Service Catalog and add Self-Service, Governance, and Entitlement to existing View Environments
  • Use vCAC’s Advanced Service Designer to create a Custom Service to deliver DaaS
  • Configure a Governance (Approval) policy for VDI Desktop Requests
  • Utilize vCO’s built-in Active Directory plug-in and a simple workflow to do the magic

DaaS Solution Summary:

  • Horizon View is configured with 2 Desktop Pools: 
    • Floating Desktop Pool: DaaS-Engineering
    • Dedicated Desktop Pool: DaaS-Operations 
  • Both pools are configured to pre-provision 20 (e.g.) desktops and always have 5 desktops available (unused) in the pool
  • Each pool is entitled to an existing Active Directory Security Group 
    • DaaS-Engineering -> “DaaS-Eng” 
    • DaaS-Development-> “DaaS-Ops”
  • A “Desktop Services” catalog item is created using the Advanced Service Designer, which utilizes an existing vCO Active Directory [plug-in] workflow “add a user to a group
  • When invoked, the user selects an AD User and one of 2 available Groups
  • Once submitted, vCO adds the selected user to the selected group, which entitles the user that that group (and associated View Pool)

 XaaS Lab Logical Architecture

  

 
Assumptions

This guide
assumes you have good working knowledge of vCloud Automation Center 6.0
and Horizon View 5.x, as well as familiarity with vCAC’s UI and
operational concepts.
vCAC’s XaaS functionality leverages
vCenter Orchestrator workflows – you should have a basic understanding
of configuring and using vCO for this use case (and any XaaS use case
for that matter).

Configuration Prerequisites

vCloud Automation Center 6.0:

  • At least 1 Tenant configured (this use case uses “Ops” and “Eng” tenants) 
  • Verify vCenter Orchestrator Interoperability (I’m using the built-in vCO instance)  

 Horizon View 5.3:

  • Configure at least 2 Desktop Pools that are entitled to a corresponding Active Directory group
  • Desktop Pool “DaaS-Operations” entitled to AD group “DaaS-Ops”
  • Desktop Pool “DaaS-Engineering” entitled to AD group “DaaS-Eng” 
  • Use Floating Pools with Automatic assignment configured 
  • Linked Clones Optional (used in my lab)

 vCenter Orchestrator 5.5:

  • vCAC vCO integration functional
  • vCO Active Directory Plug-In properly configured and tested
  • vCO AD Plug-In configured to use account with appropriate AD permissions (read/write)

Active Directory:

  • AD Groups DaaS-Ops & DaaS-Eng created per the guide

Download the Step-by-Step Guide (PDF)

http://bit.ly/1jjM3cu

Click on the image or HERE to download the full guide

++++
@virtualjad

3 Comments

  1. Hi Jad, it looks like the vCAC-vCO integration for AD:User and AD:Group only provide a maximum of 100 objects (or there's some other in-built limitation of the product). As such, this solution only works in environments that are of limited size (<100 users per OU)

    This was probably to prevent long lookup times, but when we can't find all users in the directory, it's a problem.

  2. Hi, nice solution!
    Do you know if it is possible to use vCAC (6.0) and vCO (5.5) appliances to build a POC environment based on the solution you describe here ? and just to add IMHO the only 3 missing items in the solution are: How the user will be notified once the Desktop is ready ( email) . How the user will access the new assigned Desktop ( A link from the portal ) and last item is about utilization and charge back ( show back), but I don't know if that is possible, or which products we can use to provide that feature to the solution.

Comments are closed.