You have VMware Horizon View deployed along with Duo Multi-Factor Authentication (2FA, MFA), and you’re you having user experience issues with 10ZiG Zero Clients and multiple login dialog boxes and planning on how to deal with the MFA logins.
I spent some time experimenting with numerous different settings trying to find the cleanest workaround that wouldn’t bother the user or mess up the user experience. I’m going to share with you what I came up with below.
If you’re interesting in 10ZiG products and looking to buy, don’t hesitate to reach out to me for information and/or a quote! We can configure and sell 10ZiG Zero Clients (and thin clients), help with solution design and deployment, and provide consulting services! We sell and ship to Canada and the USA!
The Issue
When you have DUO MFA deployed on VMware Horizon, you may experience login issues when using a 10ZiG Zero Client to access the View Connection Server. This is because the authentication string (username, password, and domain) aren’t passed along correctly from the 10ZiG Login Dialog Box to the VMware Horizon View Client application.
Additionally, when DUO is enabled on VMware View (as a RADIUS authentication), there is no domain passed along inside of the DUO login prompt on the view client.
This issue is due to limitations in the VMware Horizon View Linux Client. This issue will and can occur on any system, thin-client, or Zero Client that uses a command string to initialize a VMware View session where DUO is configured on the View Connection Server.
Kevin Greenway, the CTO at 10ZiG, reached out to say that they have previously brought this up with VMware as a feature request (to support the required functionality), and are hopeful it gets committed.
At this point in time, we’d like to recommend everyone to reach out to VMware and ask for this functionality as a feature request. Numerous simultaneous requests will help gain attention and hopefully escalate it on VMware’s priority list.
The Workaround
After troubleshooting this, and realizing that the 10ZiG VMware login details are completely ignored and not passed along to the VMware View client, I started playing with different settings to test the best way to provide the best user experience for logging in.
At first I attempted to use the Kiosk mode, but had issues with some settings not being passed from the 10ZiG Client to the View Client.
Ultimately I found the perfect tweaking of settings that created a seamless login experience for users.
The Settings
On the 10ZiG Zero Client, we view the “Login” details of the “VMware Horizon Settings” dialog box.
10ZiG Zero Client VMware Horizon Settings Login Settings
Login Mode: Default
Username: PRESS LOGIN
Password: 1234
Domain: YourDomain
Please Note: In the above, because DUO MFA is enabled, the “Username”, “Password” and “Domain” values aren’t actually passed along to the VMware View application on the Zero Client.
We then navigate to the “Advanced” tab, and enable the “Connect once” option. This will force a server disconnection (and require re-authentication) on a desktop pool logoff or disconnection.
10ZiG Zero Client VMware Horizon Settings Advanced Settings
Please Note: This option is required so that when a user logs off, disconnects, or get’s cut off by the server, the Zero Client fully disconnects from the View Connection Server which causes re-authentication (a new password prompt) to occur.
The Login User Experience
So now that we’ve made the modifications to the Zero Client, I want to outline what the user experience will look like from Boot, to connection, to disconnection, to re-authentication.
Turning on the 10ZiG Zero Client, you are presented with the DUO Login Prompt on the View Connection Server.
You then must pass 2FA/MFA authentication.
You are then presented with the desktop pools available to the user.
Upon logging off, disconnecting, or getting kicked off the server, the session is closed and you are presented to the 10ZiG VDI Login Window.
To re-establish a connection, click “Login” as instruction by the “Username” field.
You are presented with the DUO Login Window.
And the process repeats.
As you can see it’s a simple loop that requires almost no training on the end user side. You must only inform the users to click “Login” where the prompt advises to do so.
Once you configure this, you can add it to a configuration template (or generate a configuration template), and then deploy it to a large number of 10ZiG Zero Clients using 10ZiG Manager.
Let me know if this helps, and/or if you find a better way to handle the DUO integration!
In this post, we’ll be going over how to deploy an existing configuration template that is stored inside of your 10ZiG Manager management software.
This allows you to push out configs on the fly to either a single device, or 10,000 devices at once. This is a MUST for managing small, medium, and large sized 10ZiG deployments.
If you’re interesting in 10ZiG products and looking to buy, don’t hesitate to reach out to me for information and/or a quote! We can configure and sell 10ZiG Zero Clients (and thin clients), help with solution design and deployment, and provide consulting services! We sell and ship to Canada and the USA!
This post is part three of a three part 10ZiG Manager Tutorial series:
Choose the 10ZiG Zero Client(s) that you’d like to deploy the configuration to. You can “CTRL + Click” or “SHIFT + Click” to select more than one 10ZiG Zero Client.
In the menu, expand “Configuration” -> and select “Apply Template”.
A “Configuration Template Note” is displayed. Please read and understand this, then click “Ok”.
In the “Configuration Templates” window, select and highlight the configuration template you’d like to deploy, and then click “Ok”. In my example, I’m choosing “DA-MainTemplate”.
The “Configuration Cloning Target” dialog box is displayed. Here you can change the target hostname, and choose to immediately push the configuration. Select “Ok”.
And now the “Reboot” dialog box is displayed. Here you can choose how you’d like the reboot to be handled once the configuration is pushed to the device(s). Select your preference, or leave as default and select “Ok”.
You’ll be brought back to the 10ZiG Manager interface. Here you’ll see a new task in the tasks list at the bottom of the window.
Once completed, you have successfully deployed the configuration.
You’re done! You have successfully pushed the configuration template to your 10ZiG Zero Client(s).
You can maintain, edit, and use multiple templates for different users, organizational units, or geographical units.
Let’s say you manage numerous 10ZiG Zero clients and your users all have similar USB hardware that needs to be redirected to the VDI session. In most cases the hardware will be redirected without any configuration necesary, but what about when that doesn’t happen. You need to push a configuration template with the device information to your 10ZiG Zero Clients.
In my case, I use a YubiKey Security Key. I regularly use this for logins in Chrome and noticed that it wasn’t being directed via USB redirection.
If you’re interesting in 10ZiG products and looking to buy, don’t hesitate to reach out to me for information and/or a quote! We can configure and sell 10ZiG Zero Clients (and thin clients), help with solution design and deployment, and provide consulting services! We sell and ship to Canada and the USA!
This post is part two of a three part 10ZiG Manager Tutorial series:
On the 10ZiG Zero Client, go to settings, USB redirection, and change the preference from “Default” to “Include”. This must manually be done on every Zero Client inside of your infrastructure (time consuming).
Add the USB hardware ID to your configuration template inside of the 10ZiG Manager and then push this to all your 10ZiG Zero Clients that you manage (super fast, can be deployed to thousands of devices in seconds).
In this post we’re going to cover the later, and show you how to add this to a config template. In my example, we’ll be adding the YubiKey security key with a hardware identifier (USB Product ID/PID) of 1050/0120 (Vendor ID: 1050, Product ID: 0120). We’ll be manually adding the hardware ID/PID to the config template in this tutorial.
Please Note: You can also add the settings on a 10ZiG Zero Client, and generate a template by pulling the config from that client. You can then push this to others as well.
To find out the Hardware ID/PID, you can either use the “Device Manager” on Windows, or plug in the device in to a 10ZiG Zero Client, go to settings, USB Redirection, and you should see the device name, along with the HID/PID info.
Instructions
Open the 10ZiG Manager.
Randomly choose a 10ZiG Zero Client from the list, right-click on it to open the menu. Expand “Configuration” -> Select “Manage templates”.
In the “Configuration Templates” window, right-click on your existing template (or create a new one), and select “Edit”.
In the “Template Configuration – Template Name” window, double-click on “USB Device Redirection”.
In the “USB Device Redirection” window, click on “Add”.
Enter in a friendly name, and enter your Vendor ID and Product ID in to the fields. For a YubiKey Security key, I did the following.
Click OK on all the fields, save the template. The configuration has been saved to the configuration template.
You’re done! You can now deploy this template to a single 10ZiG Zero Client, or deploy it as a batch to many 10ZiG Zero Clients.
So you’ve purchase some 10ZiG Zero Clients, configured the 10ZiG Manager, and want to create a configuration template to deploy to all your devices.
In this post, we’ll be going over how to create a configuration template from a manually configured 10ZiG Zero Client, so that you can edit it, and then deploy it to other 10ZiG Zero Clients (whether it’s a single unit, or 10,000).
Once you have a configuration template, you can add certificates, modify the VDI configuration, configure keyboard/mouse input, USB Redirection, and more! Doing all this with a configuration template allows you to manage and maintain a large amount of 10ZiG Zero Clients with ease.
If you’re interesting in 10ZiG products and looking to buy, don’t hesitate to reach out to me for information and/or a quote! We can configure and sell 10ZiG Zero Clients (and thin clients), help with solution design and deployment, and provide consulting services! We sell and ship to Canada and the USA!
This post is part one of a three part 10ZiG Manager Tutorial series:
Please Note: We are going to assume that you have manually configured at least one of your 10ZiG Zero Clients as a base configuration that you want to generate a template from. If not, make sure you do this before generating a template. We are also assuming that you have configured the 10ZiG Management software so that the Zero Clients can connect to it.
Instructions
Open the 10ZiG Manager.
Choose the 10ZiG Zero Client that you have already configured in the list and right-click on the unit.
In the menu, expand “Configuration” -> and Select “Generate Template”.
A warning explaining how the configuration is merged is presented, please read and understand this.
In the “Configuration Templates” window, type in a template name in to the “Template Name” field, and then select “Ok”. I’m calling mine “DA-MainTemplate”.
A warning explaining changes is presented, please read and understand this.
You will be brought back to the 10ZiG Manager, and will see the “Generate configuration template” task in the tasks list at the bottom of the window. It should eventually complete and be marked as successful.
The configuration template has been created.
You have now created a configuration template inside of 10ZiG Manager! You can edit this, and eventually deploy it to other 10ZiG Zero Clients on your network.
I can’t tell you how excited I am that after many years, I’ve finally gotten my hands on and purchased an Nvidia Quadro K1 GPU. This card will be used in my homelab to learn, and demo Nvidia GRID accelerated graphics on VMware Horizon View. In this post I’ll outline the details, installation, configuration, and thoughts. And of course I’ll have plenty of pictures below!
The focus will be to use this card both with vGPU, as well as 3D accelerated vSGA inside in an HPE server running ESXi 6.5 and VMware Horizon View 7.8.
Please Note: Some, most, or all of what I’m doing is not officially supported by Nvidia, HPE, and/or VMware. I am simply doing this to learn and demo, and there was a real possibility that it may not have worked since I’m not following the vendor HCL (Hardware Compatibility lists). If you attempt to do this, or something similar, you do so at your own risk.
For some time I’ve been trying to source either an Nvidia GRID K1/K2 or an AMD FirePro S7150 to get started with a simple homelab/demo environment. One of the reasons for the time it took was I didn’t want to spend too much on it, especially with the chances it may not even work.
Essentially, I have 3 Servers:
HPE DL360p Gen8 (Dual Proc, 128GB RAM)
HPE DL360p Gen8 (Dual Proc, 128GB RAM)
HPE ML310e Gen8 v2 (Single Proc, 32GB RAM)
For the DL360p servers, while the servers are beefy enough, have enough power (dual redundant power supplies), and resources, unfortunately the PCIe slots are half-height. In order for me to use a dual-height card, I’d need to rig something up to have an eGPU (external GPU) outside of the server.
As for the ML310e, it’s an entry level tower server. While it does support dual-height (dual slot) PCIe cards, it only has a single 350W power supply, misses some fancy server technologies (I’ve had issues with VT-d, etc), and only a single processor. I should be able to install the card, however I’m worried about powering it (it has no 6pin PCIe power connector), and having ESXi be able to use it.
Finally, I was worried about cooling. The GRID K1 and GRID K2 are typically passively cooled and meant to be installed in to rack servers with fans running at jet engine speeds. If I used the DL360p with an external setup, this would cause issues. If I used the ML310e internally, I had significant doubts that cooling would be enough. The ML310e did have the plastic air baffles, but only had one fan for the expansion cards area, and of course not all the air would pass through the GRID K1 card.
The Purchase
Because of a limited budget, and the possibility I may not even be able to get it working, I didn’t want to spend too much. I found an eBay user local in my city who had a couple Grid K1 and Grid K2 cards, as well as a bunch of other cool stuff.
We spoke and he decided to give me a wicked deal on the Grid K1 card. I thought this was a fantastic idea as the power requirements were significantly less (more likely to work on the ML310e) on the K1 card at 130 W max power, versus the K2 card at 225 W max power.
We set a time and a place to meet. Preemptively I ran out to a local supply store to purchase an LP4 power adapter splitter, as well as a LP4 to 6pin PCIe power adapter. There were no available power connectors inside of the ML310e server so this was needed. I still thought the chances of this working were slim…
I also decided to go ahead and download the Nvidia GRID Software Package. This includes the release notes, user guide, ESXi vib driver (includes vSGA, vGPU), as well as guest drivers for vGPU and pass through. The package also includes the GRID vGPU Manager. The driver I used was from: https://www.nvidia.com/Download/driverResults.aspx/144909/en-us
To install, I copied over the vib file “NVIDIA-vGPU-kepler-VMware_ESXi_6.5_Host_Driver_367.130-1OEM.650.0.0.4598673.vib” to a datastore, enabled SSH, and then ran the following command to install:
The command completed successfully and I shut down the host. Now I waited to meet.
We finally met and the transaction went smooth in a parking lot (people were staring at us as I handed him cash, and he handed me a big brick of something folded inside of grey static wrap). The card looked like it was in beautiful shape, and we had a good but brief chat. I’ll definitely be purchasing some more hardware from him.
Hardware Installation
Installing the card in the ML310e was difficult and took some time with care. First I had to remove the plastic air baffle. Then I had issues getting it inside of the case as the back bracket was 1cm too long to be able to put the card in. I had to finesse and slide in on and angle but finally got it installed. The back bracket (front side of case) on the other side slid in to the blue plastic case bracket. This was nice as the ML310e was designed for extremely long PCIe expansion cards and has a bracket on the front side of the case to help support and hold the card up as well.
For power I disconnected the DVD-ROM (who uses those anyways, right?), and connected the LP5 splitter and the LP5 to 6pin power adapter. I finally hooked it up to the card.
I laid the cables out nicely and then re-installed the air baffle. Everything was snug and tight.
Please see below for pictures of the Nvidia GRID K1 installed in the ML310e Gen8 V2.
ML310e with GRID K1 Side Shot
ML310e with GRID K1 Side Shot (with Flash)
ML310e w/ Air Baffle and cabling
ML310e LP4 Splitter for GRID K1
Nvidia GRID K1 in ML310e w/ Air Baffle
Nvidia GRID K1 Installed and Running
Nvidia GRID K1 in ML310e w/o Air Baffle
Host Configuration
Powering on the server was a tense moment for me. A few things could have happened:
Server won’t power on
Server would power on but hang & report health alert
Nvidia GRID card could overheat
Nvidia GRID card could overheat and become damaged
Nvidia GRID card could overheat and catch fire
Server would boot but not recognize the card
Server would boot, recognize the card, but not work
Server would boot, recognize the card, and work
With great suspense, the server powered on as per normal. No errors or health alerts were presented.
I logged in to iLo on the server, and watched the server perform a BIOS POST, and start it’s boot to ESXi. Everything was looking well and normal.
After ESXi booted, and the server came online in vCenter. I went to the server and confirmed the GRID K1 was detected. I went ahead and configured 2 GPUs for vGPU, and 2 GPUs for 3D vSGA.
ESXi Host Graphics Devices Settings
VM Configuration
I restarted the X.org service (required when changing the options above), and proceeded to add a vGPU to a virtual machine I already had configured and was using for VDI. You do this by adding a “Shared PCI Device”, selecting “NVIDIA GRID vGPU”, and I chose to use the highest profile available on the K1 card called “grid_k180q”.
VM Settings to add NVIDIA GRID vGPU
After adding and selecting ok, you should see a warning telling you that must allocate and reserve all resources for the virtual machine, click “ok” and continue.
Power On and Testing
I went ahead and powered on the VM. I used the vSphere VM console to install the Nvidia GRID driver package (included in the driver ZIP file downloaded earlier) on the guest. I then restarted the guest.
After restarting, I logged in via Horizon, and could instantly tell it was working. Next step was to disable the VMware vSGA Display Adapter in the “Device Manager” and restart the host again.
Upon restarting again, to see if I had full 3D acceleration, I opened DirectX diagnostics by clicking on “Start” -> “Run” -> “dxdiag”.
dxdiag on GRID K1 using k180q profile
It worked! Now it was time to check the temperature of the card to make sure nothing was overheating. I enabled SSH on the ESXi host, logged in, and ran the “nvidia-smi” command.
“nvidia-smi” command on ESXi Host
According to this, the different GPUs ranged from 33C to 50C which was PERFECT! Further testing under stress, and I haven’t gotten a core to go above 56. The ML310e still has an option in the BIOS to increase fan speed, which I may test in the future if the temps get higher.
With “nvidia-smi” you can see the 4 GPUs, power usage, temperatures, memory usage, GPU utilization, and processes. This is the main GPU manager for the card. There are some other flags you can use for relevant information.
“nvidia-smi vgpu” for vGPU Information“nvidia-smi vgpu -q” to Query more vGPU Information
Final Thoughts
Overall I’m very impressed, and it’s working great. While I haven’t tested any games, it’s working perfect for videos, music, YouTube, and multi-monitor support on my 10ZiG 5948qv. I’m using 2 displays with both running at 1920×1080 for resolution.
I’m looking forward to doing some tests with this VM while continuing to use vGPU. I will also be doing some testing utilizing 3D Accelerated vSGA.
The two coolest parts of this project are:
3D Acceleration and Hardware h.264 Encoding on VMware Horizon
Getting a GRID K1 working on an HPE ML310e Gen8 v2
Highly recommend getting a setup like this for your own homelab!
Uses and Projects
Well, I’m writing this “Uses and Projects” section after I wrote the original article (it’s now March 8th, 2020). I have to say I couldn’t be impressed more with this setup, using it as my daily driver.
Since I’ve set this up, I’ve used it remotely while on airplanes, working while travelling, even for video editing.
Some of the projects (and posts) I’ve done, can be found here:
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish.
Do you accept the use of cookies and accept our privacy policy? AcceptRejectCookie and Privacy Policy
Privacy & Cookies Policy
Privacy Overview
This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
