Book Image

VMware Horizon Workspace Essentials

By : Joel Lindberg, Peter Bjork, Peter von Oven
Book Image

VMware Horizon Workspace Essentials

By: Joel Lindberg, Peter Bjork, Peter von Oven

Overview of this book

Table of Contents (16 chapters)
VMware Horizon Workspace Essentials
About the Authors
About the Reviewers


The first thing we are going to cover are the prerequisites in more details. We will start with the test environment first.

Infrastructure requirements for an initial test setup

You will need the following hardware and virtual infrastructure components:

  • 1 vCenter Server

  • 1 ESXi host server with:

    • A minimum of 8 cores

    • 14 GB RAM

    • 412 GB of local disk or SAN attached storage

The installation and configuration of vCenter and ESXi is beyond the scope of this book and therefore we assume that you already will have this in place.


Using VMware Workstation or VMware Fusion natively does not work since the vApp requires a vCenter to be able to deploy. As an alternative, you could use something known as nested hypervisors. This means that you can use VMware Workstation or Fusion and create a virtual vCenter and virtual instance of ESXi. Be aware though that this will cause considerable overhead and require a powerful CPU, plenty of memory, and a fast disk system.

Infrastructure requirements for production deployment

For production environments, you will need the following minimum hardware and virtual infrastructure components:

  • 1 vCenter-server, redundant

  • 2 ESXi-hosts (3 ESXi hosts are recommended)

  • 500 GB of SAN storage

  • Network Load balancer

  • NFS-storage for Horizon Files

Horizon Workspace supports a number of VMware vSphere versions listed as follows:

  • vCenter: 5.0 U2, 5.1, and 5.5

  • ESXi: 5.0 U2, 5.1, and 5.5

When setting up your ESXi hosts, ensure that you configure them to use the Network Time Protocol (NTP). Correct time synchronization is critical for a successful installation since the SAML-based authentication is based on short-lived assertions of 60 seconds. If there is a time difference, logins will fail.

Network, DNS, and Active Directory requirements

The initial deployment of Horizon Workspace will require 5 IP addresses. If you need redundancy and external access, you will need additional IP addresses. Each of the IP's need a static DNS host record as well as reverse pointer-records (PTR record).

DNS name resolution needs to be fully implemented for both forward and reverse lookups. Horizon Workspace will not function without reverse lookups configured.

For this book, we have used Windows Server 2008 R2 Active Directory and DNS; however, Horizon Workspace supports Windows 2003 Active Directory or later. Using Bind DNS will work just as well as using Microsoft DNS.

As we go through the setup of the Active Directory (AD) infrastructure to support our installation, it's worth making a note of some of the key information that you will be prompted for during the actual configuration process. Make a note of the following information:

  • Name of the Active Directory controller

  • Fully qualified domain name (FQDN) of the Active Directory controller

  • Base DN— the container from where to start searching for users; in our example, this would be something like ou=horizon, dc=domain_name, or dc=local

  • The Bind DN username and password

  • Administrator account or an account with rights to add computers to the domain


The Bind DN username is an account that will be used to communicate with Active Directory to read user information and their attributes. The Bind DN will become the first administrator in your Horizon Workspace installation. In our examples, we have set up a Horizon Administrator account to do this. You need to enter the details in the following format:


vCenter Server requirements

Before installing the vApp, you need to configure an IP pool for the Horizon Workspace vApp that contains the correct IP address range along with details of your DNS server (you can only specify one DNS server). You also need the name of the domain into which you will deploy your VMs.


IP pools are used by vCenter to provide a network identity to vApps. The IP pool itself is a network configuration that you assign to a network used by the vApp. Once set up, the vApp can use vCenter to provide the IP configuration to the virtual machines it contains.

External access

For users to log on to their Workspace, you will need to make sure certain network ports are open. For external access, you will need to ensure that the TCP port 443 is open for the connector-va appliance to communicate. For a production environment with a demilitarized zone (DMZ)—a term for a network between internal and external networks—and connection to external services such as Active Directory and RSA SecureID, additional ports may need to be opened. If you are also integrating with Horizon View, you will need to make sure that those ports are also open.


For a production environment, you will need publicly signed certificates from a trusted certificate provider. For a test environment, you can use a self-signed certificate. The certificate must have the FQDN of your Horizon Workspace installation as the Subject Alternative Name (SAN) of the certificate or you can use a Wildcard certificate.