Prerequisites
The first thing we are going to cover are the prerequisites in more details. We will start with the test environment first.
Infrastructure requirements for an initial test setup
You will need the following hardware and virtual infrastructure components:
1 vCenter Server
1 ESXi host server with:
A minimum of 8 cores
14 GB RAM
412 GB of local disk or SAN attached storage
The installation and configuration of vCenter and ESXi is beyond the scope of this book and therefore we assume that you already will have this in place.
Note
Using VMware Workstation or VMware Fusion natively does not work since the vApp requires a vCenter to be able to deploy. As an alternative, you could use something known as nested hypervisors. This means that you can use VMware Workstation or Fusion and create a virtual vCenter and virtual instance of ESXi. Be aware though that this will cause considerable overhead and require a powerful CPU, plenty of memory, and a fast disk system.
Infrastructure requirements for production deployment
For production environments, you will need the following minimum hardware and virtual infrastructure components:
1 vCenter-server, redundant
2 ESXi-hosts (3 ESXi hosts are recommended)
500 GB of SAN storage
Network Load balancer
NFS-storage for Horizon Files
Horizon Workspace supports a number of VMware vSphere versions listed as follows:
vCenter: 5.0 U2, 5.1, and 5.5
ESXi: 5.0 U2, 5.1, and 5.5
When setting up your ESXi hosts, ensure that you configure them to use the Network Time Protocol (NTP). Correct time synchronization is critical for a successful installation since the SAML-based authentication is based on short-lived assertions of 60 seconds. If there is a time difference, logins will fail.
Network, DNS, and Active Directory requirements
The initial deployment of Horizon Workspace will require 5 IP addresses. If you need redundancy and external access, you will need additional IP addresses. Each of the IP's need a static DNS host record as well as reverse pointer-records (PTR record).
DNS name resolution needs to be fully implemented for both forward and reverse lookups. Horizon Workspace will not function without reverse lookups configured.
For this book, we have used Windows Server 2008 R2 Active Directory and DNS; however, Horizon Workspace supports Windows 2003 Active Directory or later. Using Bind DNS will work just as well as using Microsoft DNS.
As we go through the setup of the Active Directory (AD) infrastructure to support our installation, it's worth making a note of some of the key information that you will be prompted for during the actual configuration process. Make a note of the following information:
Name of the Active Directory controller
Fully qualified domain name (FQDN) of the Active Directory controller
Base DN— the container from where to start searching for users; in our example, this would be something like
ou=horizon
,dc=domain_name
, ordc=local
The Bind DN username and password
Administrator account or an account with rights to add computers to the domain
Note
The Bind DN username is an account that will be used to communicate with Active Directory to read user information and their attributes. The Bind DN will become the first administrator in your Horizon Workspace installation. In our examples, we have set up a Horizon Administrator account to do this. You need to enter the details in the following format:
cn=horizonadmin,ou=horizon,dc=domain_name,dc=local
vCenter Server requirements
Before installing the vApp, you need to configure an IP pool for the Horizon Workspace vApp that contains the correct IP address range along with details of your DNS server (you can only specify one DNS server). You also need the name of the domain into which you will deploy your VMs.
Note
IP pools are used by vCenter to provide a network identity to vApps. The IP pool itself is a network configuration that you assign to a network used by the vApp. Once set up, the vApp can use vCenter to provide the IP configuration to the virtual machines it contains.
External access
For users to log on to their Workspace, you will need to make sure certain network ports are open. For external access, you will need to ensure that the TCP port 443 is open for the connector-va appliance to communicate. For a production environment with a demilitarized zone (DMZ)—a term for a network between internal and external networks—and connection to external services such as Active Directory and RSA SecureID, additional ports may need to be opened. If you are also integrating with Horizon View, you will need to make sure that those ports are also open.
Certificates
For a production environment, you will need publicly signed certificates from a trusted certificate provider. For a test environment, you can use a self-signed certificate. The certificate must have the FQDN of your Horizon Workspace installation as the Subject Alternative Name (SAN) of the certificate or you can use a Wildcard certificate.