1 vCenter Server
1 ESXi host server with:
A minimum of 8 cores
14 GB RAM
412 GB of local disk or SAN attached storage
The installation and configuration of vCenter and ESXi is beyond the scope of this book and therefore we assume that you already will have this in place.
Using VMware Workstation or VMware Fusion natively does not work since the vApp requires a vCenter to be able to deploy. As an alternative, you could use something known as nested hypervisors. This means that you can use VMware Workstation or Fusion and create a virtual vCenter and virtual instance of ESXi. Be aware though that this will cause considerable overhead and require a powerful CPU, plenty of memory, and a fast disk system.
1 vCenter-server, redundant
2 ESXi-hosts (3 ESXi hosts are recommended)
500 GB of SAN storage
Network Load balancer
NFS-storage for Horizon Files
Horizon Workspace supports a number of VMware vSphere versions listed as follows:
vCenter: 5.0 U2, 5.1, and 5.5
ESXi: 5.0 U2, 5.1, and 5.5
When setting up your ESXi hosts, ensure that you configure them to use the Network Time Protocol (NTP). Correct time synchronization is critical for a successful installation since the SAML-based authentication is based on short-lived assertions of 60 seconds. If there is a time difference, logins will fail.
The initial deployment of Horizon Workspace will require 5 IP addresses. If you need redundancy and external access, you will need additional IP addresses. Each of the IP's need a static DNS host record as well as reverse pointer-records (PTR record).
For this book, we have used Windows Server 2008 R2 Active Directory and DNS; however, Horizon Workspace supports Windows 2003 Active Directory or later. Using Bind DNS will work just as well as using Microsoft DNS.
As we go through the setup of the Active Directory (AD) infrastructure to support our installation, it's worth making a note of some of the key information that you will be prompted for during the actual configuration process. Make a note of the following information:
Name of the Active Directory controller
Fully qualified domain name (FQDN) of the Active Directory controller
Base DN— the container from where to start searching for users; in our example, this would be something like
The Bind DN username and password
Administrator account or an account with rights to add computers to the domain
The Bind DN username is an account that will be used to communicate with Active Directory to read user information and their attributes. The Bind DN will become the first administrator in your Horizon Workspace installation. In our examples, we have set up a Horizon Administrator account to do this. You need to enter the details in the following format:
Before installing the vApp, you need to configure an IP pool for the Horizon Workspace vApp that contains the correct IP address range along with details of your DNS server (you can only specify one DNS server). You also need the name of the domain into which you will deploy your VMs.
For users to log on to their Workspace, you will need to make sure certain network ports are open. For external access, you will need to ensure that the TCP port 443 is open for the connector-va appliance to communicate. For a production environment with a demilitarized zone (DMZ)—a term for a network between internal and external networks—and connection to external services such as Active Directory and RSA SecureID, additional ports may need to be opened. If you are also integrating with Horizon View, you will need to make sure that those ports are also open.
For a production environment, you will need publicly signed certificates from a trusted certificate provider. For a test environment, you can use a self-signed certificate. The certificate must have the FQDN of your Horizon Workspace installation as the Subject Alternative Name (SAN) of the certificate or you can use a Wildcard certificate.