I’m excited to tell you what’s new in the latest release of VMware Horizon 8 (2106). Note that the version number is based on the year and month of the planned release.
General updates include extended support and new guidance.
- Support for Horizon 7.10 and 7.13 has been extended to March 17, 2022, and October 15, 2022, respectively
- New guidance for Horizon Agent means you no longer have to reinstall Horizon Agent for a VMware Tools upgrade, as long as you adhere to the interop matrix.
Updates to the platform include more support, REST API endpoints, and swagger UI.
- Support for 20,000 sessions per Pod
- Support for migrating VMware Update Manager from NSX VDS to NSX CDS port groups
- Additional REST API endpoints, including federated access group, Event DB APIs, RBAC support for existing REST APIs, and more.
For more information, see Using the VMware Horizon Server REST API and VMware Horizon Server API.
Screen Capture Blocking
This release provides the ability to block viewers from capturing Horizon session screens, preventing or reducing intentional data theft, and mitigating malware from making periodic screen grabs.
Note: This option is supported on Clients and Windows Agents only. The option is not supported on HTML, but you can disable HTML if you want to. Also, this feature blocks screen captures from the Client endpoint only. To block in-guest screen captures, see Microsoft’s best practices.
To configure Screen Capture Blocking, use the Horizon Agent GPO. The registry key modified on the agent machine is:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Vmware, Inc.\Vmware VDM\Agent\Configuration\Screen-capture Blocking
1 = Blocking enabled
0= Blocking disabled
For more information, see Configuring Remote Desktop Features in Horizon.
This release now supports Sysprep on Instant Clones without parents. This can result in slower provisioning since it involves more reboots. But the benefits include unique SIDs and parity with Linked Clones.
The Horizon Console has its share of improvements this quarter, including improvements to Cloud Burst, the ability to run apps indefinitely, new options when creating pools, and more.
Choose vCenter Type for Cloud Burst. You can now choose vCenter Type to support your on-premises management of Cloud Burst capacity, up to about 120ms latency between Agents and the Connection Server. This gives you the advantage of separating the Horizon infrastructure from your VDI workloads, and third-party entities can manage the Connection Server as a service on your behalf. This enhancement also reduces the overhead you’d normally incur when deploying Horizon on public clouds. You can avoid the need to establish separate pods on the public cloud, and instead, extend your on-premises pod infrastructure, using the public cloud capacity as an additional block.
Allow Applications to run indefinitely. Do you have published apps that must run 24/7, such as tickers, dashboards, patient tracking boards, or the like? Horizon now supports that with Forever Application sessions. You can configure them at either the pool/farm level, or globally (but not both), and they are supported for authenticated users with both Windows and Linux Clients.
New options for 5k and 8k when creating pools. This new option is available for Full Clone and Managed Manual Desktop pools for 5k and 8k resolutions with Blast Only, and a maximum of two monitors. The maximum PCoIP is 4k, and this option is not available if you are using NVIDIA GRID as your 3D renderer.
Untrusted Domains Update. If you don’t want or need to establish trust relationships between multiple domains in your cloud deployments, you can now enjoy the following additional forms of authentication supported via Untrusted Domains:
- True Single Sign-On
- Smart card
Horizon Cloud Connector 2.0
Enhancements to the Horizon Cloud Connector include service-level fault tolerance for the license service and SNMP, as well as a change to the architecture:
- Architectural change – You can now have multiple stateless connector nodes. The Horizon Cloud Connector serves as a node for Kubernetes containers, which run critical services for Horizon.
- Service-level fault tolerance – This release now supports service-level fault tolerance for the license service.
- SNMP trap – You now have support for SNMP traps on licenses, such as sync issues, and notifications for lifecycle events such as blue-green upgrades.
This release provides enhancements and updates for both Windows and Linux Agents.
This release’s enhancements to the Horizon Windows Agent include support for Windows Server 2022, and improvements to data collection, which is used for monitoring, troubleshooting, insights, and remediation. The data collection logging is installed by default by the Agent Installer, and must be enabled by a registry key.
This release includes support for the following options:
- Linux Smartcard redirection – Support for Horizon Client-to-Agent smartcard redirection on Red Hat Enterprise Linux desktops with Security-Enhanced Linux enabled. The Security-Enhanced Linux had to be disabled for previous releases.
- Digital watermark – Supports the ability to add a digital watermark to Linux remote sessions. This ensures authenticity, content integrity, and protection for your intellectual property.
- Printer redirection – Supports the ability to print from Linux remote desktops to any available local or network printer.
- Support for:
- Red Hat Enterprise Linux (RHEL) Workstation 8.4
- Red Hat Enterprise Linux (RHEL) Server 8.4
- CentOS 8.4
This release includes newly added support for the Xbox One controller with Windows Clients only, as well as the following additional options:
- Ability to make audio sample rate changes that now persist across sessions
- Ability to dynamically add audio output devices in session (in previous releases, they were only detected at logon)
- Ability to use 6 x 4k monitors
- Ability to enable GPU encoding during session collaboration for Windows 2004 and later (if sufficient GPU resource is available for both the primary and collaboration sessions)
Session Copy/Paste. You can now use the Clipboard Redirection feature to enable and disable in-session copy-paste options:
Additional improvements. In addition to the above, the remote experience now also includes:
- Support for 48khz audio via RTAV, defaulted at 16khz
- Copy/paste improvements for slower networks
- Smartcard certificate caching emulation on non-Windows Clients
- Easier print-job monitoring because the session username is now displayed on the client-side print queue
- Support for Microsoft Edge Chromium:
- HTML5 Multimedia Redirection
- Browser Redirection
- Geolocation Redirection
- USB Redirection
Blast. Changes to the Blast remote experience include reduced encode latency on GPU, as well as improvements to the following:
- Blast Virtual Channel security
- Blast codec, including client speed and improved text compression
- Blast scalability and latency using frame scheduler
- Blast worker creation process
In addition, this release now provides support for the following:
- NVIDIA Ampere A10 and A40 GPUs
- Physical machine NVIDIA GPUs and encoders when remotely connecting via Horizon Agent
- 10-bit HDR 4:2:0 video for both Windows 10 Agent and Client, as well as NVIDIA vGPU-backed VMs
- 10-bit HDR 4:4:4 video for Windows 10 Agent and Client, NVIDIA vGPU-backed VMs, and Intel (Ice Lake+) clients
Microsoft Teams Optimization. This release includes enhancements to Microsoft Teams optimization, as well as the following options:
- Updates to the WebRTC
- Linux support for Microsoft Teams optimization
- Support for the Mac Client readback option
- Dynamic video resolution based on CPU performance for Thin Clients
- Improved screen sharing on Mac and Linux clients
- Mac support for Microsoft Teams optimization as a remote app
This release includes a variety of updates and enhancements to the Group Policies feature, including printer and redirection settings, the ability to block screen capture, and more.
The following group policy settings are supported for the Microsoft Edge (Chromium) browser:
- Enable Microsoft Edge (Chromium) Browser for VMware HTML5 Multimedia Redirection group policy setting enables the HTML5 Multimedia Redirection feature for the Microsoft Edge (Chromium) browser
- Enable VMware Browser Redirection for Microsoft Edge (Chromium) Browser group policy setting enables the Browser Redirection feature for the Microsoft Edge (Chromium) browser
- Enable VMware Browser Redirection feature for Microsoft Edge (Chromium) Browser group policy setting enables the Browser Redirection feature for the Microsoft Edge (Chromium) browser
- Enable VMware Geolocation Redirection for Microsoft Edge (Chromium) Browser group policy setting enables the Geolocation Redirection feature for the Microsoft Edge (Chromium) browser
- Enable legacy version of Microsoft Edge Browser for VMware HTML5 Multimedia Redirection group policy setting is renamed (originally it was named Enable Edge Browser for VMware HTML5 Multimedia Redirection)
The following group policy settings are supported for redirection and UPD printing:
- Enable VMware Geolocation Redirection for Chrome Browser – Enables the Geolocation Redirection feature for the Chrome browser.
- Default settings for UPD printers – Enables you to define default settings for UPD printers
The following policy settings are supported:
- Agent Configuration – Includes settings for Remote Desktop Services sessions.
- Unity Touch and Hosted Apps – Includes a new policy setting: Redirect legal notice messages as a window.
- Screen-capture Blocking – Determines whether a user can take screenshots of the VM or published application.
The following sample rate policy is supported:
- Sample Rate – Recording Audio Device – Sets the recording audio device sample rate for RDS hosts and published applications.
Enhancements to the Horizon Clients include external display enhancements, support for IPv6, and more.
Horizon Client for Windows. The Horizon Windows Client has been modernized.
In addition to modernization, the Windows Client now includes:
- Dynamic updates of redirected audio output devices
- Changes to VMware Blast, including the High-Efficiency Video Decoding (HEVC) option which is now enabled by default
- Ability to filter out VPN Mac addresses and report the local MAC address instead
- Enhancements to the input method editor (IME), enabling you to use the local IME to a remote desktop
- Support for the Forever Application as described earlier
- Support for Horizon client smart cards and readers to use the Cryptography API: Next Generation (CNG) API to authenticate
Horizon Client for Linux. The Horizon Linux Client has newly added support for Caps/Num lock on Dell thin clients, support for irregularly shaped apps, and improvements to serial ports.
- Enhancements to VMware Blast – The High-Efficiency Video Decoding (HEVC) option is now enabled by default.
- Enhanced Raspberry Pi Support – The RTAV is now supported.
- Linux client now supports Caps/Num lock led sync on Dell thin clients – The
- Support for non-rectangular-shaped apps – The Unity Filter rule list Group Policy, and eliminates previous dragging issues
- Improvements to the Serial port – The Group policy can be set to automatically connect ports, and the vmwsprrdctl.exe utility console provides detailed information about the status of the redirection.
- Support for the Forever Application – The Forever Application mentioned earlier is supported with the Linux Client.
Horizon Client for Mac. The Horizon Client for Mac now includes changes to Blast, support for HEVC, USB device path changes, Mac address filtering, and more.
- Enhancements to VMware Blast – The High-Efficiency Video Decoding (HEVC) option is now enabled by default.
- Improvements to the USB device paths – Make sure to check the device paths generated in the Horizon log because in some cases, USB device paths have changed.
- VPN Mac Addresses Filtering – The local MAC address is now reported, and the VPN Mac addresses are filtered out.
- Mac help text online – Floating arrows help clarify help text in the user interface.
- Touch bar enhancements for published applications – You can now customize the touch bar through the user interface by navigating to VMware Horizon Client > Customize Touch Bar.
Horizon Client for iOS. The iOS Client now includes external display enhancements, as well as the ability to configure mirror mode for external delays.
Horizon Client for Android. The Android Client includes external display enhancements, as well as the ability to configure mirror mode for external delays.
Horizon Client for Chrome. The Chrome Client now supports the ability to use the Chrome Client for Workspace ONE launches, as well as to copy-paste between two separate monitors.
- Support for IDP authentication with VMware Unified Access Gateway – Your end-users are now redirected with the Horizon Client for Chrome if the Connection Server is enabled for Workspace ONE mode (which previously worked only with HTML Access).
- Support for copy-paste between the Client and a remote session in multi-monitor mode – Your clipboard content is synchronized between Horizon Client for Chrome and a remote session, when using the multi-monitor feature.
- Support for DPI synchronization in multi-monitor mode – You can now enable a DPI scale on extended monitors.
HTML Access. The Horizon HTML Access now supports being used in an IPv6 environment.
For more information about the new features and enhancements, see Release Notes for VMware Horizon 2016.