Book Image

Implementing VMware Horizon 7.7 - Third Edition

By : Jason Ventresco
Book Image

Implementing VMware Horizon 7.7 - Third Edition

By: Jason Ventresco

Overview of this book

This third edition of Implementing VMware Horizon 7.7 has been updated to get you up to speed with VMware Horizon 7.7 by showing you how to use its key features and deploying an end-user computing infrastructure for your own organization. The book begins by guiding you on how to deploy all the core requirements for a VMware Horizon infrastructure. It then moves on to show you how to provision and administer end-user computing resources using VMware Horizon. You’ll not only be able to deploy the core VMware Horizon features, but you’ll also be able to implement new features, such as the Just-in-Time Management Platform (JMP) and the Horizon Console. You’ll also focus on the latest features and components of the Horizon platform and learn when and how they are used. By the end of the book, you will have developed a solid understanding of how your organization can benefit from the capabilities VMware Horizon offers and how each of its components is implemented.

Related Content you might be interested in

Current Title:

Small book image
Implementing VMware Horizon 7.7 - Third Edition
Jason Ventresco
Jan, 2019 | 520 pages
Small book image
Mastering VMware Horizon 7.8
Peter von Oven | Barry Coombs
Mar, 2019 | 772 pages
Table of Contents (17 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
Free Chapter
1
VMware Horizon Infrastructure Overview
VMware Horizon Infrastructure Overview
VMware Horizon components
VMware Horizon licensing
VMware Horizon core infrastructure requirements
VMware Horizon design overview
Summary
Questions
Further reading
2
Implementing Horizon Connection Server
Implementing Horizon Connection Server
Overview of VMware Horizon Connection Server
Horizon Connection Server requirements
Horizon installation prerequisites
Deploying the first Horizon Connection Server
Configuring the Horizon Instant Clone Engine
Deploying a Horizon Replica Connection Server
Upgrading an existing Horizon Connection Server
Backing up a Horizon Connection Server
Horizon Connection Server recovery
Summary
Questions
Further reading
3
Implementing Horizon Composer
Implementing Horizon Composer
Overview of VMware Horizon Composer
Horizon Composer requirements
Limits of Horizon Composer
Horizon Composer installation prerequisites
Deploying Horizon Composer
Configuring Horizon Composer
Backing up Horizon Composer
Horizon Composer recovery
Summary
Questions
Further reading
4
Implementing Horizon Security Server
Implementing Horizon Security Server
Horizon Security Server overview
Horizon Security Server limits
Horizon Security Server additional considerations
Security Server network requirements
Installing and configuring Horizon Security Server
Deploying a Horizon Security Server
Updating the Horizon Security Server settings
Horizon Security Server backup
Horizon Security Server recovery or upgrade
Summary
Questions
Further reading
5
Implementing Horizon Unified Access Gateway
Implementing Horizon Unified Access Gateway
Horizon Unified Access Gateway overview
Horizon Unified Access Gateway limits
Horizon Unified Access Gateway additional considerations
Horizon Unified Access Gateway network requirements
Preparing the infrastructure for a Horizon Unified Access Gateway
Deploying a Horizon Unified Access Gateway
Troubleshooting a Horizon Unified Access Gateway deployment
Updating the Horizon Unified Access Gateway configuration
Summary
Questions
Further reading
6
Implementing a Horizon Cloud Pod
Implementing a Horizon Cloud Pod
Horizon Cloud Pod overview
Configuring a Horizon Cloud Pod
Creating Cloud Pod Global Entitlements
Removing a Horizon pod from a Cloud Pod
Updating the settings of a Global Entitlement
Determining the effective home site of a user or security group
Monitoring Global Entitlement Horizon client sessions
Summary
Questions
Further reading
7
Creating Horizon Desktop Pools
Creating Horizon Desktop Pools
Horizon desktop pool overview
Desktop pool common terms
Horizon desktop pool options
QuickPrep versus Sysprep
Advantages of Linked or Instant Clone desktops
Considerations for Linked and Instant Clone desktops
Creating a Horizon desktop pool
Monitoring the desktop creation process
Common provisioning problems
Managing Horizon Desktop pool entitlements
Summary
Questions
Further reading
8
Implementing the Microsoft Remote Desktop Services Application and Desktop Pools
Implementing the Microsoft Remote Desktop Services Application and Desktop Pools
Configuring a Microsoft RDSH server for use with Horizon
Creating a Microsoft RDS farm in Horizon
Creating a Horizon application pool
Creating an RDS desktop pool
Using the Horizon Client to access application pools
Monitoring the status of Horizon application pool clients and RDS servers
Modifying or deleting a Horizon application pool
Managing a Horizon RDS farm or server
Summary
Questions
Further reading
9
Performing Horizon Pool Maintenance
Performing Horizon Pool Maintenance
An overview of instant and linked clone maintenance
Managing Horizon maintenance tasks
Global settings for Horizon maintenance
Performing linked clone desktop maintenance
Performing instant clone desktop maintenance
Managing Horizon Composer persistent disks
Summary
Questions
Further reading
10
Creating a Master Virtual Desktop Image
Creating a Master Virtual Desktop Image
The importance of desktop optimization
Optimization results – Horizon desktop IOPS
Optimization results – CPU utilization
Customizing the Windows desktop OS cluster size
Permanently removing Windows Store applications
Windows OS pre-deployment tasks
Removing an unwanted application – native update features
Windows OS optimizations
Summary
Questions
Further reading
11
Implementing App Volumes
Implementing App Volumes
App Volumes overview
App Volumes prerequisites
Installing App Volumes Manager server
Configuring App Volumes Manager
Deploying additional App Volumes Manager servers
Installing the App Volumes Agent
Creating an AppStack
Assigning AppStacks
Deleting AppStacks assignments
Enabling Writable Volumes
Deleting Writable Volumes
App Volumes backup and recovery
Summary
Questions
Further reading
12
Implementing User Environment Manager
Implementing User Environment Manager
UEM overview
UEM pre-installation tasks
Installing the UEM Agent
Configuring UEM
Advanced UEM configuration examples
Summary
Questions
Further reading
13
Implementing the Just-in-Time Management Platform (JMP)
Implementing the Just-in-Time Management Platform (JMP)
An Overview of the Horizon Just-in-Time Management Platform
Just-in-Time Management Server requirements
Deploying the JMP Server
Managing JMP Assignments
Summary
Questions
Further reading
14
Using Horizon PowerCLI
Using Horizon PowerCLI
Enabling remote management in Windows
Establishing a remote Horizon PowerCLI session
Viewing all the PowerCLI commands and their options
Configuring the Horizon infrastructure
Administering Horizon desktop pools
Managing Horizon client entitlements and sessions
Retrieving information about the Horizon infrastructure
Summary
Questions
Further reading
15
Assessments
Assessments
Chapter 1, VMware Horizon Infrastructure Overview
Chapter 2, Implementing Horizon Connection Server
Chapter 3, Implementing Horizon Composer
Chapter 4, Implementing Horizon Security Server
Chapter 5, Implementing Horizon Unified Access Gateway
Chapter 6, Implementing a Horizon Cloud Pod
Chapter 7, Creating Horizon Desktop Pools
Chapter 8, Implementing Microsoft Remote Desktop Services Application and Desktop Pools
Chapter 9, Performing Horizon Pool Maintenance
Chapter 10, Creating a Master Virtual Desktop Image
Chapter 11, Implementing App Volumes
Chapter 12, Implementing User Environment Manager
Chapter 13, Implementing the Just-in-Time Management Platform (JMP)
Chapter 14, Using Horizon PowerCLI
Chapter 15, Implementing Horizon Group Policies
Chapter 16, Managing Horizon SSL Certificates
16
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

VMware Horizon components

VMware Horizon is a family of desktop and application virtualization solutions designed to deliver end user computing services, from both on-premises data centers and from cloud providers such as Amazon Web Services (AWS). The following section will provide a high-level overview of the components in the Horizon family of products that we will cover in this book, which includes the following:

  • VMware Horizon Connection Server, Security Server, and Unified Access Gateway
  • VMware Horizon Help Desk Tool
  • VMware Horizon Just-in-Time Management Platform (JMP)
  • VMware Horizon Composer
  • VMware Horizon Agent
  • VMware Horizon Client
  • VMware vSphere, including vCenter Server
  • VMware App Volumes
  • VMware User Environment Manager
  • VMware Horizon PowerCLI
Refer to the VMware Horizon product page for a list of all of the products that are part of the Horizon family (https://www.vmware.com/products/horizon.html).

The following diagram shows where each component of a typical Horizon installation resides within the data center. The only components that are not shown but are discussed in this book are the VMware App Volumes servers and the Windows-based files servers used for hosting VMware User Environment Manager data. If they were to be shown, both of these components would be located on the internal network, along with the Horizon Connection Server, vCenter Server, virtual desktops, and Microsoft Windows Remote Desktop Session (RDS) servers.

While this book focuses on deploying an on-premises installation of VMware Horizon and other components, VMware has partnered with Amazon Web Services (AWS) to make it possible to do so in the cloud as well. Consult the VMware document Deploying Horizon 7 on VMware Cloud on AWS (https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/vmw-deploy-horizon-seven-on-vmware-cloud-on-aws.pdf) for examples of how to deploy a vSphere-based Software Defined Datacenter (SDDC) on AWS, which you would use to host your Horizon infrastructure. Note that VMware does not intend for this to be your only Horizon Pod, but rather one used to expand your existing Horizon infrastructure, meet disaster recovery or business continuity requirements, or for data locality purposes (place applications closer to the resources they rely on). Since you are leveraging vSphere within AWS, the Horizon deployment process is no different.

Horizon Connection Server

VMware Horizon Connection Server is a software service that performs as the broker for Horizon client connections. In this role, it authenticates user connection requests, verifies the desktops or Microsoft Windows RDS Servers that the user is entitled to access, and then directs the connection to the appropriate resource. Horizon Connection Server is installed on a dedicated server that is required to be a member of an Active Directory (AD) domain that is trusted by all Horizon clients. Horizon Connection Server also hosts the Horizon Administrator console, an Adobe Flex-based web application that is used to manage the Horizon environment and perform tasks including the following:

  • Deploying virtual desktops
  • Creating desktop or Microsoft Windows RDS-based pools
  • Controlling access to desktop pools
  • Creating and managing Horizon Cloud Pods
  • Examining Horizon system events

The Horizon Connection Server is one component that is required in every Horizon environment. Chapter 2, Implementing Horizon Connection Server, provides the information needed to install and configure a VMware Horizon Connection Server. Chapter 6, Implementing a Horizon Cloud Pod, provides information regarding the configuration of the Cloud Pod feature that is used to provide Horizon clients with access to desktops across multiple Horizon Pods, with each Pod representing a standalone installation of VMware Horizon. The following chapters provide information about the deployment of Horizon desktops and the management of desktop pools:

  • Chapter 7, Creating Horizon Desktop Pools
  • Chapter 8, Implementing Microsoft Remote Desktop Services Application and Desktop Pools
  • Chapter 9, Performing Horizon Pool Maintenance

Horizon Security Server

VMware Horizon Security Server is a custom instance of the Horizon Connection Server that is designed to be installed in a datacenter Demilitarized Zone (DMZ), in order to provide strong levels of authentication and secure access for Horizon clients connecting from outside the organization's private network. Multiple Security Servers may be installed to provide load balancing and high availability to these external clients.

The following diagram shows the placement of a Horizon Security Server or Unified Access Gateway (discussed next) within a DMZ:

Horizon Security Server is installed on top of a supported version of Microsoft Windows' Server using the same installation package used for Horizon Connection Servers. Horizon Security Server is only required if providing access to Horizon clients residing outside of the company network. Chapter 4, Implementing Horizon Security Server, provides the information needed to install and configure a VMware Horizon Security Server.

Horizon Unified Access Gateway

VMware Horizon Unified Access Gateway, previously known as Horizon Access Point and first introduced in VMware Horizon 6.2, is designed to provide strong authentication, and secure access, for Horizon clients connecting from outside the organization's private network. The diagram in the previous section shows the placement of a Horizon Unified Access Gateway within a DMZ environment, as is typical since it performs similar functions to Horizon Security Server.

Unified Access Gateway is packaged in Open Virtualization Format (OVF) and is deployed on vSphere as a hardened, pre-configured Linux-based virtual appliance. Horizon Unified Access Gateway is provided as an option to Horizon Security Server and, like Security Server, it is only required if providing access for external clients. it is designed to be installed in a DMZ, and multiple appliances may be installed to ensure high availability and load balancing. Chapter 5, Implementing Horizon Unified Access Gateway, provides the information needed to install and configure a VMware Horizon Unified Access Gateway.

VMware recommends that customers using Security Server today may continue to do so, but they have also indicated that Unified Access Gateway is their primary focus moving forward. New deployments may wish to future-proof their Horizon installation by selecting Unified Access Gateway, as VMware has indicated that Security Server will be deprecated or possibly even phased out in a future Horizon release. Additionally, Unified Access Gateway supports all of the latest Blast Extreme client protocol features, can be deployed (or redeployed) very quickly and with minimal effort, requires fewer ports to be opened between the DMZ and the internal network, and does not require tunneling or secure gateway to be configured on the internal Connection Servers.

Horizon Enrollment Server

The VMware Horizon Enrollment Server was first introduced in version 7, is installed as a standalone service, and integrates with the VMware Workspace ONE Identity Manager to enable true Single Sign-On (SSO) for Horizon clients that are using non-AD-based authentication methods such as RSA SecureID. SSO means that, when using non-AD-based authentication methods, users will only need to log into Horizon once to reach their desktop or streamed application. The VMware blog post Introducing True SSO (Single Sign-On) in VMware Horizon 7 (http://blogs.vmware.com/euc/2016/03/true-sso-single-sign-on-view-identity-manager-authenticate.html) provides an overview of this new Horizon feature.

This feature is only used when Horizon clients use non-AD-based methods for authentication. Implementing solutions, such as SecureID and the VMware Workspace ONE Identity Manager, is outside of our scope. Therefore, the Enrollment Server will not be covered here, so consult the Horizon documentation (https://docs.vmware.com/en/VMware-Horizon-7/index.html) for additional information about the deployment and configuration of the Horizon Enrollment Server.

VMware vSphere

VMware vSphere, also referred to as ESXi or even ESX for earlier versions, is a Type 1 hypervisor that is the virtualization platform used for the vSphere suite of products. Type 1 hypervisors are designed to run directly on the host hardware, whereas Type 2 hypervisors run within a conventional OS environment.

ESXi is the only hypervisor that is fully supported by VMware for hosting Horizon virtual desktops, as it fully integrates with Horizon for full desktop life cycle management. All of the primary desktop provisioning and maintenance tasks are performed using the Horizon Administrator console; the vSphere Client is not used. Horizon supports multiple versions of vSphere, but vSphere 6.0 Update 1 and newer are required to leverage many of the latest features of the platform. vSphere 6.0 Update 2 or newer is required to use the latest version of Virtual SAN (vSAN). Refer to the VMware vCenter Server requirements section for examples of some Horizon features that require a specific version of both vSphere and vCenter Server.

VMware vSphere also includes the vSAN feature that uses local ESXi server storage to build a highly resilient virtual Storage Area Network (SAN) to provide storage for virtual machines. The deployment and configuration of vSAN are outside of our scope, so consult the Horizon documentation (https://docs.vmware.com/en/VMware-Horizon-7/index.html) if you require information about using vSAN with Horizon.

VMware vCenter Server

VMware vCenter Server is a software service that provides a central administration point for VMware ESXi servers, as well as other components of the vSphere suite. vCenter Server performs the actual creation and management of virtual desktops, based on instructions received from the Horizon Connection Server and the Horizon Composer Server.

This book includes some information that applies only to the Windows-based version of VMware vCenter, but rest assured that it possible to use the Linux-based vCenter Server Appliance (vCSA) for your VMware Horizon deployment if needed, which is the only vCenter Server version provided with vSphere 6.5 and later. The vCSA supports up to 10,000 desktops, which is more than enough for most Horizon implementations and represents the maximum recommended number of active sessions per Horizon Pod (a Pod can support up to 20,000 desktops, but VMware recommends no more than half that number). The most significant difference you will encounter (aside from the fact that you will not need to create a separate database for vCenter) is that when you use the vCSA, you will be required to deploy a standalone Horizon Composer server. This will be demonstrated in Chapter 3, Implementing Horizon Composer.

Horizon Composer

VMware Horizon Composer is a software service that works alongside the VMware vCenter and Horizon Connection Servers to deploy and manage linked clone desktops. Horizon Composer can be installed directly on the vCenter Server, or on a dedicated server.

Horizon Composer is only required if linked clone desktops will be deployed. Chapter 3, Implementing Horizon Composer, provides the information required to install and configure Horizon Composer.

Horizon Composer is not required when using Instant Clone desktops; it is only required if you are using linked clone desktops. The operation methods of Linked Clone and Instant Clone desktops are similar once they have been deployed, but the deployment process of these two desktops itself is quite different.

Horizon Agent

VMware Horizon Agent is a software service that is installed on the systems that will be managed by Horizon. This includes not only a virtual desktop image that will be deployed using Horizon, but also any physical desktops or Microsoft RDS Servers.

The Horizon agent provides services including, but not limited to, support for connecting the virtual desktop to Horizon's client-attached USB devices, client connection monitoring, virtual printing, and single sign-on.

Horizon Client

VMware Horizon Client is a software application that is used to communicate with a Horizon Connection Server, and initiate connections to desktops and Microsoft Windows RDS servers.

The Horizon Client is available for multiple software platforms, including Microsoft Windows, Apple OSX and IOS, Android, and Linux. In addition, there are a number of Thin and Zero clients that come preloaded with Horizon-compatible clients.

VMware App Volumes

VMware App Volumes is an optional component of VMware Horizon that provides multiple capabilities, particularly in environments where floating assignment desktops are used, or changes to a virtual desktop are discarded after every session (also known as non-persistent desktops). The deployment and configuration of VMware App Volumes are discussed in detail in Chapter 11, Implementing App Volumes.

The primary features of VMware App Volumes include the following:

  • The ability for applications to be delivered to Horizon desktops or Microsoft Windows RDS servers, immediately and dynamically, in a manner that is transparent to the end user. This feature works both with Horizon desktops and Microsoft Windows RDS servers, and is called an App Volumes AppStack.
  • The ability to roam user-installed applications across Horizon client sessions, even if a different desktop virtual machine is assigned during the next login. This feature is designed for use with Horizon desktops only, and is called Writable Volumes.

The following diagram shows the logical layering of multiple AppStack and a Writeable Volume on top of the host OS. Each of the items is attached to the host virtual machine individually when a user logs in, can be removed individually if changes are required, and will follow a user from one login to the next:

App Volumes AppStacks are packaged as a Virtual Machine Disk (VMDK) file and attached to one or more virtual machines as needed. The App Volumes agent seamlessly integrates this VMDK into the virtual machine's OS so no actual installation is performed. AppVolumes can even capture an application packaged using VMware ThinApp, which provides organizations who rely on ThinApp with an additional method for distributing its virtualized application packages.

App Volumes creates a unique Writeable Volume for each user, using a VMDK that is also seamlessly integrated into their current virtual machine. The Writable Volumes is attached to the Horizon desktop when the user logs in, and detached when the user logs off.

The combination of VMware App Volumes and VMware User Environment Manager (discussed next), provides organizations with a way to leverage the efficiencies of floating assignment non-persistent desktops (described in Chapter 7, Creating Horizon Desktop Pools), while still providing users with a highly personalized desktop experience.

VMware User Environment Manager

VMware User Environment Manager (UEM) is an optional component of VMware Horizon that provides the ability to roam end user Windows profile and persona configuration data, including application settings, across different Windows Operating System (OS) versions, or even between physical desktops and virtual desktops or Windows RDS Servers.

VMware UEM works with all three Microsoft Windows profile types, including mandatory, roaming, or local. UEM is not a replacement for any of these profile types as it does not roam user data across sessions or devices, only across the profile and persona configuration. User data should be saved using techniques such as roaming profiles, or even folder redirection.

Highlights of the benefits of UEM include the following:

  • A consistent and personalized end user experience, regardless of where a user logs in or which Windows OS they are using
  • Implementation of various settings that previously required AD group policies, such as Windows user profile redirection, and some Horizon agent settings
  • Customization of user settings, such as printers, based on logon location
  • Elimination of the need to perform user profile migrations when moving to a newer version of Windows that has a new profile type (such as from Windows 8.1 to Windows 10)
  • Robust design that scales to support over a hundred thousand end users
  • Simple design that requires no scripting knowledge, can be implemented rapidly, and requires minimal infrastructure to begin using

Chapter 12, Implementing User Environment Manager, provides information regarding the implementation and administration of UEM.

VMware ThinApp

VMware ThinApp is an application virtualization platform that integrates with Horizon to provide users with rapid access to new or upgraded applications without having to perform any changes to the virtual desktops. Applications that have been packaged with ThinApp are delivered as a single executable file that runs in complete isolation to both of the other ThinApp packaged applications, as well as applications that are installed on the desktop itself.

ThinApp provides Horizon customers with a number of powerful capabilities. Two popular scenarios where ThinApp can benefit an organization are as follows:

  • It eliminates application conflicts that can occur when specific programs are installed together within the desktop image
  • It virtualizes legacy applications to ensure that they will continue to function regardless of the underlying Windows OS

This book does not have a dedicated chapter concerning VMware ThinApp, so consult the VMware ThinApp documentation page for more details about how it is used (https://www.vmware.com/support/pubs/thinapp_pubs.html).

In Chapter 11, Implementing App Volumes, an overview of how you can use ThinApp virtualization within an AppStack will be provided.
Previous Section
End of Section 2
Next Section