Quick-Start Tutorial for VMware Horizon 7

VMware Horizon 7 version 7.5 and later

Technical Introduction and Features

Overview

The Quick-Start Tutorial for View in VMware Horizon 7 provides a technical overview of the View component of VMware Horizon® 7. The View component offers a virtual desktop infrastructure (VDI) and published applications through Remote Desktop Session Host (RDSH). This is done through a single platform, which simplifies desktop administration and operations, and enhances user experience. In comparison to physical desktops, delivering Horizon 7 virtual desktops from centralized VMware vSphere® servers enhances the security of applications and data and improves IT responsiveness, while at the same time reducing costs. The user enjoys a consistent and responsive experience across devices and locations, while maintaining IT-approved levels of customization.

JMP - Next-Generation Desktop and Application Delivery Platform

JMP (pronounced jump), which stands for Just-in-Time Management Platform, represents capabilities in VMware Horizon 7 Enterprise Edition that deliver Just-in-Time Desktops and Apps in a flexible, fast, and personalized manner. JMP is composed of the following VMware technologies:

JMP allows components of a desktop or RDSH server to be decoupled and managed independently in a centralized manner, yet reconstituted on demand to deliver a personalized user workspace when needed. JMP is supported with both on-premises and cloud-based Horizon 7 deployments, providing a unified and consistent management platform regardless of your deployment topology. The JMP approach provides several key benefits, including simplified desktop and RDSH image management, faster delivery and maintenance of applications, and elimination of the need to manage “full persistent” desktops.

Purpose

This tutorial is provided to help you evaluate Horizon 7. The first chapter provides an overview of View in Horizon 7 key features. Subsequent chapters contain exercises to guide you through the basic installation and initial configuration processes, and to explore key features and benefits.

Note: This tutorial is designed for evaluation purposes only. It uses the minimum required resources for a basic deployment and does not explore every feature. Do not use this evaluation environment as a template for a production environment. For information beyond the considerations of this tutorial, see VMware Horizon 7 Documentation.

Audience

This tutorial is intended for IT administrators, architects, engineers, and product evaluators who want to install Horizon 7 and deploy a VDI environment. Both current and new users can benefit from using this tutorial. You should be familiar with VMware vSphere and VMware vCenter Server®. Familiarity with other technologies is also helpful, including networking and storage in a virtual environment, Active Directory, identity management, directory services, and RSA SecurID.

Advantages of Horizon 7

VMware Horizon 7 is a centralized desktop virtualization solution that enables organizations to deliver virtualized desktop services and applications to end users from centralized VMware vSphere servers. The VMware Horizon 7 solution includes a number of components, of which View is the main one.

Horizon 7 has advantages for both end users and IT administrators. End users are no longer restricted to one specific machine, and can access their system and files across supported devices and locations. As an IT administrator, you can use Horizon 7 to simplify and automate the management of desktops and applications, and you can securely deliver desktops as a service to users from a central location. You can quickly create virtual desktops on demand based on location and profile.

A single administration console provides detailed levels of control, allowing you to customize the end-user experience, access, and personalization to support corporate policy. End users get a familiar, personalized environment that they can access from any number of devices anywhere throughout the enterprise or from remote locations. And as an administrator, you have centralized control, efficiency, and security by storing desktop data in the data center.

Packaging and Licensing

Horizon 7 is available in three editions—Standard, Advanced, and Enterprise—plus a Linux option. Each edition builds successively on the ones before, extending the capabilities with additional components and products. You can use the VMware Horizon 7 Edition Selector tool to help determine which edition is best for your enterprise.

VMware Horizon 7 Enterprise Edition is required for Just-in-Time Desktops and Apps. This edition includes User Environment Manager, for managing applications and Windows environment settings. User Environment Manager can manage applications installed in the base image of a virtual desktop machine or RDSH server, and it can manage applications provided by VMware App Volumes.

App Volumes delivers applications that are not in the master VM image. Application containers, called AppStacks, are assigned to a user, group, OU, or machine and mounted each time the user logs in to a desktop. With this strategy, user changes can persist between sessions.

App Volumes can also provide user-writable volumes, which allow users to install their own applications and have those applications follow the user as they connect to different virtual desktops.

For more information, see VMware Workspace ONE and VMware Horizon Packaging and Licensing and Comparison Table for Horizon 7 Editions.

Features

The features of Horizon 7 include:

  • Skype for Business solution: Skype for Business is a unified communications platform that provides multiple forms of communication, such as instant messaging, VoIP (voice over IP), file transfer, web conferencing, voice mail, and email. You can provide an optimized Skype for Business solution to virtual desktops in your production environment to improve the user experience, secure collaboration, simplify management, and reduce costs. For more information, see Horizon Virtualization Pack for Skype for Business.
  • Horizon Help Desk Tool: The Horizon Help Desk Tool enables you to troubleshoot issues without specialists, including Linux desktop sessions. You can use this tool to search for users, find their sessions, initiate Microsoft Remote Assistance, and send user messages. If the issue requires it, you can use this tool to disconnect from a session, log out, and reset desktops to resolve the issue. The Horizon Help Desk Tool is available in the Horizon Console, and displays metrics for Skype for Business pairing status, application and desktop session states, and disk IOPS data. For more information, see Using Horizon Help Desk Tool in Horizon Console.
  • Instant Clone Technology: Instant Clone Technology, a key component of JMP (Just-in-Time Management Platform), provides the ability to rapidly create and provision virtual desktops based on a snapshot of a master image. You can create nonpersistent desktops that maintain user customization, user-installed applications, and more, from session to session. The desktop itself exists only until the user logs out, and then it is destroyed. New desktops are recreated from the latest master image. This eliminates many routine maintenance tasks, such as patching, and this in turn simplifies management. Instant clones are ideal for deploying pools of floating desktops. You can also use Instant Clone Technology in combination with VMware User Environment Manager and VMware App Volumes to rapidly create desktops that appear to be persistent. You can create pools where desktops are provisioned proactively, or create and provision desktops on demand for users to log in to. For more information, see VMware Horizon 7 Instant-Clone Desktops.
  • Cloud Pod Architecture: Cloud Pod Architecture (CPA) works with Horizon 7 to provide cross-data-center administration, flexible user-to-desktop mapping, high-availability desktops, and disaster recovery capabilities. For more information, see Administering Cloud Pod Architecture in Horizon 7.
  • Blast Extreme: Blast Extreme is a remote display protocol option, in addition to PCoIP and Microsoft RDP. Blast Extreme enables your users to connect to virtual desktops or RDSH applications through HTML Access or through VMware Horizon Client. Blast Extreme is based on the H.264 codec that supports the broadest range of client devices and can be set as the default for pools, farms, and entitlements. Blast Extreme automatically chooses UDP/TCP based on bandwidth, packet loss, delay, and jitter, which you can override with Blast GPO settings if need be. For more information, see Blast Extreme Display Protocol in Horizon 7.
  • Linux virtual desktop capabilities: VMware Horizon 7 for Linux includes key features such as USB redirection, Clipboard redirection, client-drive redirection (CDR), and HTML access with audio capabilities. Horizon 7 continues to support Linux-based virtual desktops, including Red Hat Enterprise Linux (RHEL), CentOS 64-bit operating systems, Ubuntu, SUSE, and NeoKylin, as well as additional capabilities such as copying and pasting text between Linux virtual desktops and the client machine. You can access the Horizon Help Desk Tool to troubleshoot Linux desktop sessions, available from the Horizon Console. For more information, see Setting Up VMware Horizon 7 for Linux Desktops.
  • Horizon 7 Published Applications: Both Horizon 7 and VMware Horizon Apps, can deliver virtualized Windows applications and shared desktop sessions from Windows Server instances using Microsoft Remote Desktop Services (RDS). You can publish business-critical Windows apps alongside SaaS and mobile apps in a single digital workspace, easily accessed with single sign-on from any authenticated device or OS.
  • Security capabilities: Horizon 7 security features enable you to:
    • Use two-factor authentication, such as RSA SecurID, RADIUS, or smart cards to log in
    • Use Active Directory accounts when provisioning remote desktops and applications in environments that have read-only access policies for Active Directory
    • Use SSL tunneling to ensure that all connections are encrypted
    • Use VMware vSphere High Availability to ensure automatic failover in case of system failure
    • Prevent the server connection URL and Active Directory domains from being revealed in Horizon Client interfaces.
    • Use vSphere with Horizon 7 to encrypt full-clone virtual machines and manage the encryption using policies, independent of the guest OS of the virtual machines. For more information, see VMware vSphere.
  • True single sign-on: True SSO separates the process of authentication from that of access to desktops and applications. True SSO enables you to authenticate to VMware Identity Manager or VMware Workspace ONE®, and still access Horizon 7 desktops and applications without having to authenticate to Active Directory (AD). Users can also log in to VMware Identity Manager using non-AD methods, including biometrics, RSA SecurID, and RADIUS.
    • True SSO simplifies the login process to Windows desktops and published applications, especially when authenticating against third-party systems using non-AD methods. This results in a seamless process when accessing multiple desktops and published applications, which can make a significant difference to end users.
    • You can enable True SSO on a global level or on a pool level in Horizon 7.
  • Ease of management: Horizon 7 provides centralized virtual desktop management, which enables you to:
    • Use Active Directory to manage policies and access to remote desktops and applications
    • Use the Horizon Administrator console to manage remote desktops and applications
    • Use master images to quickly create and provision pools of desktops
    • Send updates and patches to virtual desktops without affecting user settings, data, or preferences
    • Specify which types of USB devices end users can connect to
    • Split a composite device that provides multiple functions, such as both video input and storage, and allow one function but not the other (such as allowing video input, but not storage)
    • Integrate with VMware Identity Manager so that end users can access remote desktops through the VMware Identity Manager user portal on the Internet
  • Familiar desktop experience: Horizon 7 continues to provide a familiar desktop experience for end users, including the ability to:
    • Print from a virtual desktop to any local or network printer that is defined on the client device, which solves compatibility issues without requiring additional print drivers on the virtual machine
    • Use location-based printing on most client devices to map to printers that are physically near the client system (which do require print drivers in the virtual machine)
    • Use multiple monitors, and adjust the display resolution and rotation separately for each monitor, with the PCoIP or Blast Extreme remoting protocols
    • Access USB devices and other peripherals connected to the local device that displays your virtual desktop
    • Work with rich 3D graphics

Components and Architecture

Introduction

Horizon 7 contains key components and integrated products that work together.

Figure: Horizon 7 Architecture Overview

This figure shows how Horizon components—such as Connection Server, User Environment Manager, App Volumes, vCenter Server, and vSphere—work together to provide access to virtual desktop pools, RDSH desktop and application pools, and more.

The core Horizon 7 components—including Connection Server, Horizon Client, and Horizon Agent—are described in About Core Horizon 7 Components.

The underlying infrastructure components—including vCenter Server and vSphere—are described in About Components Underlying Horizon 7.

User Environment Manager, App Volumes, and Unified Access Gateway are described in About Components That Enhance Horizon 7.

 

About Components Underlying Horizon 7

A number of key components provide the underlying foundation for Horizon 7.

VMware vSphere Foundation for Horizon 7

VMware vSphere is a suite of virtualization products that provides a scalable platform for running virtual desktops and applications. The VMware vSphere Web Client is a browser-based application that you can use to configure the host and to operate its virtual machines.

For more information, see VMware vSphere Documentation.

VMware vCenter Server

VMware vCenter Server, included in the vSphere suite, is the central management console for your vSphere infrastructure, virtual machines, and VMware ESXi™ servers. A vCenter Server can be quickly set up and deployed, using host profiles or Linux-based virtual appliances. The vCenter Server console provides centralized control and visibility into servers that host virtual desktops, ESXi servers, virtual machines, storage, networking, and other critical elements of your virtual infrastructure. You can use vCenter Server to allocate resources for improved performance.

For more information, see VMware vSphere Documentation.

VMware ESXi

VMware ESXi is a bare-metal hypervisor that can be installed directly onto your physical server, and partitioned into multiple virtual machines. Because ESXi runs on bare metal without an operating system, the footprint is reduced, giving a very small surface for possible malware and over-the-network attacks. This also simplifies deployment and configuration by reducing the number of configuration options.

For more information, see the VMware ESXi Installation and Setup.

About Core Horizon 7 Components

With Horizon 7, IT departments can run virtual machine (VM) desktops and applications in the data center and remotely deliver virtual desktops and applications to employees as a managed service. One advantage of Horizon 7 is that remote desktops and applications follow the end user regardless of device or location. Users can access their personalized virtual desktops or published applications from company laptops, their home PCs, thin client devices, Macs, tablets, or smartphones. The benefits to administrators include centralized control, efficiency, and security with desktop data stored in the data center.

Horizon 7 contains a number of core components.

Horizon Administrator

Horizon Administrator is the classic web-based administrative console for managing users and Horizon 7 resources such as desktops and applications. Horizon Administrator is included when you install a Connection Server. With the use of Horizon Administrator, you can centrally manage thousands of virtual desktops from a single location.

Figure: VMware Horizon Administrator

Horizon Console

Horizon Console is the latest version of the Web interface through which you can create and manage virtual desktops and published desktops and applications. Horizon Console integrates VMware Horizon Just-in-Time Management Platform (JMP) Integrated Workflow features for managing workspaces.

Horizon Console includes a partial implementation of Horizon 7 features. You can use Horizon Administrator, the classic web interface, to access those features that are not yet available in Horizon Console.

To access Horizon Console, you log in to the Horizon Administrator, and click the Horizon Console button. You are authenticated through SSO. Horizon Console appears in a new tab, so both consoles are at your fingertips. You can also access Horizon Console from your browser: https://<connectionserver>/newadmin.

Figure: VMware Horizon Console

Horizon Console includes an easier desktop and application deployment process, just-in-time desktop delivery, and a more secure Web interface. Horizon Console also supports the following features:

  • Entitlements: User, group, desktop, and application assignments
  • Authentication: Remote access authentication and unauthenticated access for published apps
  • Virtual desktops: Virtual desktop pool creation for automated, full clones, and instant clones, including dedicated assignments
  • Published desktops: Published desktops with manual and instant-clone farms
  • Published applications: Published applications with manual and existing application pools
  • Virtual machines: VMs registered both with and without vCenter Server

For more information, see VMware Horizon 7 documentation.

Horizon Connection Server

The Horizon Connection Server brokers client connections by authenticating users and directing incoming user desktop and application requests. Users connect to a Connection Server to access their virtual desktops and native, virtual, or RDSH-based applications. The Connection Server provides the following management capabilities:

  • Authenticating users
  • Entitling users to specific desktops, applications, and pools
  • Managing local and remote desktop and application sessions
  • Establishing secure connections between users and desktops or applications
  • Enabling single sign-on
  • Setting and applying policies
  • Managing an instant-clone engine

For more information, see Horizon 7 Architecture Planning and Horizon 7 Installation.

Composer (Optional)

The optional Horizon Composer is not required for instant clones. It enables you to create and manage pools of linked-clone desktops. The Composer server works with the Connection Servers and a vCenter Server. Composer is the legacy method that enables scalable management of virtual desktops by provisioning from a single master image using linked-clone technology.

Horizon Agent

Horizon Agent communicates between Horizon Client and virtual desktops or RDSH servers. You must install Horizon Agent on all virtual machines managed by vCenter Server so that Connection Server can communicate with the virtual machines. Horizon Agent also provides features such as connection monitoring, client drive redirection, virtual printing, and access to locally connected USB devices. This process can be simplified by installing Horizon Agent on the master image used to deploy virtual machines to a group of users.

VMware Horizon Client

VMware Horizon® Client for Windows, Windows 10 UWP, macOS, iOS, Linux, or Android is installed on every endpoint. This enables your end users to access their virtual desktops and published applications from a variety of devices such as smartphones, zero clients, thin clients, PCs, laptops, and tablets.

Horizon Client enables users to do the following:

  • Connect to a Connection Server, a VMware Unified Access Gateway™ appliance, or a security server
  • Log in to their remote desktops in the data center
  • Edit the list of servers that they connect to

You can choose between multiple download processes. One option is to allow your end users to download Horizon Client directly from Download VMware Horizon Clients. Another option is to determine which Horizon Client each end user can download, and store the Horizon Client installers on a local storage device using the View user portal (the default landing page for Connection Server).

For more information, see Configure the VMware Horizon Web Portal Page for End Users.

About Components That Enhance Horizon 7

Horizon 7 contains many products and components that can interoperate to extend and enhance your implementation. Access to and availability of these components varies, based on the edition of Horizon 7 installed. For more information about the different editions, see VMware Workspace ONE and VMware Horizon Packaging and Licensing.

VMware Unified Access Gateway

VMware Unified Access Gateway (formerly called VMware Access Point) provides a secure gateway that allows users to access their desktops and applications from outside a corporate firewall. You can design a Horizon 7 deployment that uses Unified Access Gateway for secure external access to internal Horizon 7 desktops and applications. Unified Access Gateway appliances typically reside in a demilitarized zone (DMZ) and act as a proxy host for connections inside your trusted corporate network. This structure shields Horizon 7 virtual desktops, servers, applications, and Connection Servers from the public Internet, adding an extra layer of security. In addition to security, Unified Access Gateway features include:

  • Authentication in the DMZ
  • Smart-card support
  • Native RSA SecurID and RADIUS authentication
  • Blast Extreme traffic directed to port 443 by default
  • Security Assertion Markup Language (SAML) assertions

For more information, see the Unified Access Gateway: Overview and Use Cases video series.

VMware App Volumes

VMware App Volumes is a real-time Windows application-delivery and application life-cycle-management solution. App Volumes uses application containers called AppStacks, which are virtual disks that contain all of the components that are required to run an application, such as executables and registry keys. When an AppStack is deployed, it is available for use within seconds without end-user installation. Applications can be deployed once to a single central file and accessed by thousands of desktops. This simplifies application maintenance, deployment, and upgrades.

App Volumes also provides user-writable volumes for a limited number of users. Writable volumes are a mechanism to capture user-installed applications that are not, or cannot be, delivered by AppStacks. This reduces the likelihood that persistent desktops would be required for a use case. The user-installed applications follow the user as they connect to different virtual desktops.

For more information, see VMware App Volumes Documentation.

VMware User Environment Manager

VMware User Environment Manager is a scalable solution for profile and policy management for virtual, physical, and cloud-based Windows desktop environments. You can use User Environment Manager to simplify your policy management by replacing and unifying problematic, unmaintainable, or complex login scripts and profile logic. You can map environmental settings, such as networks and printers, and dynamically apply end-user security policies and customizations. User Environment Manager ensures that each end user’s settings and customizations follow them from one location to the next, regardless of the endpoint used to access their resources.

For more information, see VMware User Environment Manager Technical Overview.

VMware Identity Manager

VMware Identity Manager is a solution that provides application provisioning, a self-service catalog of applications and virtual desktops, conditional access controls, and single sign-on (SSO) for software as a service (SaaS), web, and cloud resources. VMware Identity Manager gives your IT team a central place to manage user provisioning and access policy with directory integration, identity federation, and user analytics.

For more information, see VMware Identity Manager Documentation.

Installation

Introduction to Installation

The exercises in this Installation chapter are sequential and build upon one another, so make sure to complete each exercise before moving on to the next.

Most of the exercises explain, step by step with screenshots, exactly what to do. The one exception is the exercise Create VMs for the Connection Server and Composer. The steps in that exercise point to another, companion document, which in turn includes detailed steps and screenshots. That exercise uses vSphere Web Client and involves vSphere tasks rather than showing you how to use Horizon 7. If you are already an intermediate or expert vSphere user, you can use the exercise just to note the specifications for OS and virtual hardware to be sure you have VMs you can use to host the Horizon servers.

The exercises Set Up the Composer Database and Install the Composer are required only if you want to explore creating and using linked clones. Composer is the legacy method of optimizing your use of storage space and facilitating updates. For production environments, VMware recommends using instant clones rather than Composer linked clones.

This Installation chapter guides you through installing the necessary Horizon servers and databases. Installing and setting up Windows RDSH servers is not part of this initial installation and configuration. Setting up RDSH servers for use in linked-clone and instant-clone server farms that provide RDSH-published desktops and applications is discussed in the chapter Creating RDSH-Published Desktops and Applications.

Download Horizon 7 Installers

If you have purchased Horizon 7, you can download the installers (installation files) from the Download VMware Horizon page. This exercise shows you which installers to download and how to download the installers from the VMware Product Evaluation Center, which gives you a free 60-day trial.

2. Note the License

In the Product Evaluation Center, scroll down to the License Information, and make a note of the Horizon 7 Enterprise license.

3. Download the Horizon 7 Packages

Scroll down to Download Packages, expand the VMware Horizon Enterprise Binaries section, and download the following packages, and note where you store them for reference during the installation process:

  • Horizon Connection Server (64-bit)
  • Horizon Agent (64-bit)
  • Horizon Composer

4. Download vSphere Packages

If you do not already have a vSphere environment set up, scroll down and expand the Hypervisor and Management Server Binaries section, and download the following packages:

  • VMware vSphere Hypervisor (ESXi ISO) image (Includes VMware Tools)
  • VMware vCenter Server and modules for Windows

Before you can perform the exercises in this guide, you must have a VMware vSphere 6 infrastructure that contains at least one VMware ESXi host and one vCenter Server instance. This guide does not provide instructions for installing these vSphere components. For instructions see the vSphere Product Documentation.

5. Download Horizon Client

Navigate to Download VMware Horizon Clients and download VMware Horizon Client (64-bit). Horizon Client is required for exercises in other chapters.

Infrastructure Requirements

Before you begin the installation exercises in this guide, make sure  that your environment meets the following infrastructure requirements:

  • VMware vSphere and vCenter Server – Before you can perform the exercises in this guide, you must have a  VMware vSphere 6 infrastructure that contains at least one VMware ESXi host and one VMware vCenter Server instance. This guide does not provide instructions for installing these vSphere components. For instructions see the vSphere Product Documentation.
  • Active Directory domain controller – The authentication infrastructure for your setup must include Active Directory, DNS, and DHCP is required. Horizon 7 integrates with your Microsoft Active Directory, a Windows service for authenticating and authorizing users and computers, applying and enforcing security policies, and installing and updating software. The Connection Server joins to Active Directory and sets up a lightweight directory service instance for the storage of View configuration information.
  • SSL certificate – (Optional) By default, Horizon 7 includes a self-signed certificate that can be used for testing purposes. For a production environment, we recommend that you replace the self-signed certificate with an approved certificate signed by a certificate authority, a trusted entity that issues digital certificates verifying another digital entity’s identity on the Internet.
  • SQL database server – This is the database server on which you will create the event database. For the example in this exercise, we used Microsoft SQL Server 2016. To simplify the setup for completing this tutorial in a lab setup, we recommend that you use the same SQL Server instance for the event database, the Composer database, and the JMP server database. For a list of databases that support all three of these components, see Database Requirements for JMP Server.
    Note: You can download and install Microsoft SQL Server Management Studio Express with Advanced Services to get both database and management tools, or use an existing SQL server in your environment.
  • Network – VMware recommends a network connection speed of at least 1 Gbps between all the required Horizon 7 components and desktops.

Create VMs for the Connection Server and Composer

For the exercises in this guide, you must have VMs on which to install the Connection Server, the Microsoft SQL Server database server, and, optionally, the Composer server. For this purpose, you create a VM template and clone it to create the required VMs for the server components.

Note: If you already have a vSphere environment set up and VMs with Windows Server installed, you can probably use those or clone them. If not, you can use the procedure in this exercise.

Prerequisites for Creating the Connection Server and Composer Server

To perform this exercise, you need a  VMware vSphere 6 infrastructure that contains at least one VMware ESXi host and one VMware vCenter Server instance. This guide does not provide instructions for installing these vSphere components. For instructions see the vSphere Product Documentation.

 

1. Create a VM

Step-by-step instructions for using vSphere Web Client to create a VM are beyond the scope of this tutorial, and are already provided in a companion guide. See the section Create a Virtual Machine, in the guide Creating an Optimized Windows Image for a VMware Horizon Virtual Desktop.

Use the following specifications.

Attribute Specification
OS Windows Server 2016
vCPU 4
Memory 4 GB
Hard Disk 40 GB
SCSI Controller LSI Logic SAS
Compatibility level ESXi 6.7 and later
Windows version Windows Server 2016 Standard (Desktop Experience) or
Windows Server 2016 Datacenter (Desktop Experience)
 

2. Install the Windows Server Operating System

Step-by-step instructions for installing the OS in a VM are beyond the scope of this tutorial, and are already provided in a companion guide. See the section Install Windows, in the guide Creating an Optimized Windows Image for a VMware Horizon Virtual Desktop. For the Windows Operating system, we recommend using one of the following:

  • Windows Server 2016 Standard (Desktop Experience)
  • Windows Server 2016 Datacenter (Desktop Experience)

For a list of all possible supported operating systems, see Supported Operating Systems for Horizon Connection Server.

3. Update Windows

Step-by-step instructions for updating Windows are beyond the scope of this tutorial, and are already provided in a companion guide. See the section Update Windows and Run Ngen and DISM, in the guide Creating an Optimized Windows Image for a VMware Horizon Virtual Desktop.

4. Install VMware Tools

Step-by-step instructions for installing VMware Tools are beyond the scope of this tutorial, and are already provided in a companion guide. See the section Install VMware Tools, in the guide Creating an Optimized Windows Image for a VMware Horizon Virtual Desktop.

5. Change the Network Adapter to VMXNET 3

Step-by-step instructions for changing the network adapter type from E1000 to VMXNET 3 are included in the procedure Optimize the Hardware, in the guide Creating an Optimized Windows Image for a VMware Horizon Virtual Desktop.

Important: Do not perform the exercises in Creating an Optimized Windows Image for a VMware Horizon Virtual Desktop for installing the RDSH role. For the purposes of creating Horizon Connection Server, the database server, and the Composer server, the servers should not have the RDSH role installed. That role is for servers that will be used to create RDSH server farms.

6. Clone the VM to a Template

For instructions cloning a VM to a VM template, see the vSphere product documentation topic Clone a Virtual Machine to a Template.

7. Deploy VMs from the Template

Deploy VMs as needed for the following Horizon servers:

  • Connection Server
  • Microsoft SQL Server, if you do not already have a server to use
  • Composer, if you plan to perform the exercises for creating linked clones

For instructions on deploying VMs from a VM template, see the vSphere product documentation topic Deploy a Virtual Machine from a Template.

You can edit the virtual hardware settings for the number of vCPUs and the amount of memory as you complete the Deploy Template wizard. You do not need to edit these settings, but you can if you wish. For information about minimum requirements, see the following product documentation topics:

Install Horizon Connection Server

After downloading the installation files, start the installation process by installing the Connection Server on a virtual machine.

The Connection Server acts as a broker for client connections by authenticating and directing incoming user desktop requests. When you install the Connection Server, the Horizon Administrator is installed as well. The Horizon Administrator is the web-based interface for the management, provisioning, and deployment of virtual desktops. As an administrator, you can centrally manage thousands of virtual desktops from a single Horizon Administrator.

Prerequisites for Connection Server Installation

To perform this exercise, you will need the following:

  • User account – When you log in to the OS to run the installer, the account you use must have administrative privileges.
  • Installer – If necessary, you can download the installer from the Download VMware Horizon page or the VMware Horizon 7 Product Evaluation Center. You must download and copy the installer file to the Connection Server VM, or, alternatively, you can copy it to a location accessible to the system.
  • VM that satisfies virtual hardware requirements – If you performed the exercise Create VMs for the Connection Server and Composer, you have an appropriate VM. If you did not perform that exercise, make sure that the VM you have adheres to the specifications listed in the product documentation topic Hardware Requirements for Horizon Connection Server.
  • Windows OS – The system must be running a supported Windows version. We recommend Windows Server 2016. for a complete list of supported operating systems, see Supported Operating Systems for Horizon Connection Server.
  • Static IP address – The system must have an IP address that does not change. In an IPv4 environment, configure a static IP address. In an IPv6 environment, machines automatically get IP addresses that do not change.
  • Supported browser with Adobe Flash installed – The last step of this procedure has you log in to Horizon Administrator, which requires a web browser with Adobe Flash 10.1 or later installed. The latest versions of most browsers are supported. For a complete list, see Horizon Administrator Requirements.
  •  

1. Run the Connection Server Installer

Navigate to the Connection Server installation file that you downloaded earlier, and double-click the file to start the installation wizard.

2. Permit Changes to Device

If asked whether to allow changes to your device, click Yes.

3. Click Next on the Welcome Page

On the installation wizard Welcome page, click Next.

4. Accept the License Agreement

  1. Select I accept the terms in the license agreement.
  2. Click Next.

5. Accept the Default Installation Directory

Click Next.

6. Select Installation Options

  1. Select the Horizon 7 Standard Server installation option.
  2. Select the Install HTML Access option to allow users to connect through web browsers.
  3. Accept the default IPv4 protocol option.
  4. Click Next.

7. Establish a Data Recovery Password

  1. In the Data Recovery window, enter the password.
  2. You can enter an optional reminder for future reference.
  3. Click Next.

8. Configure the Firewall Automatically

  1. Accept the default to configure the firewall automatically.
  2. Click Next.

9. Specify the User or Group Who Will Have Full Administrative Privileges

  1. Enter the domain user or domain group to authorize access to the Horizon Administrator.
  2. Click Next.

10. Choose the User Experience Option

  1. In the User Experience Improvement Program window, you can deselect the Join the VMware Customer Experience Improvement Program option to opt out of the program.
  2. Click Next.

11. Install the Components You Selected

In the Ready to Install the Program window, click Install.

12. Click Finish

Click Finish to close the wizard.

14. Log in to Horizon Administrator

Log in to Horizon Administrator using an account that belongs to the user or group account you specified in Specify the User or Group Who Will Have Full Administrative Privileges.

For more information about installation and all the options, see the Horizon 7 Installation guide.

Set Up the Composer Database

The Composer database stores information about connections and components that are used by the Composer:

  • vCenter Server connections
  • Active Directory connections
  • Linked-clone desktops that are deployed by the Composer
  • Replicas that are created by the Composer

Note: If you choose to use instant clones in your enterprise rather than linked clones, no database is required for instant clones.

Prerequisites for Setting Up the Composer Database

To perform this exercise, you need the following:

  • SQL Server instance – This is the database server on which you will create the Composer database. For the example in this exercise, we used Microsoft SQL Server 2016. To simplify the setup for completing this tutorial in a lab setup, we recommend that you use the same SQL Server instance for the Composer database, the event database, and the JMP server database. For a list of databases that support all three of these components, see the product documentation topic Database Requirements for JMP Server.
    Tip: If you performed the exercise Create VMs for the Connection Server and Composer, you can also clone a VM for your SQL Server instance.
  • Microsoft SQL Server Management Studio – For the example in this exercise, we used Microsoft SQL Server Management Studio v17.7. The instructions might differ slightly for different versions of SQL Server Management Studio.
  • SA credentials – To create the necessary logins for the Composer server database, you will log in to the SQL Server instance as the sysadmin (SA) or as a user account with SA privileges.

1. Open Microsoft SQL Server Management Studio

  1. On the VM where SQL Server and SQL Server Management Studio are installed, click the Start button.
  2. Navigate to and select Microsoft SQL Server Management Studio.

2. Log In to a SQL Management Studio Session as SA

  1. Select SQL Server instance. By default your Windows login credentials are used, but you are not required to use Windows authentication.
  2. Log in as the sysadmin (SA) or using a user account with SA privileges.
  3. Click Connect.

3. Create a Database for the Composer Server

  1. In the Object Explorer, right-click Databases.
  2. Select New Database.

4. Name the Composer Database

  1. For the database name, enter ComposerDB. You must use only ASCII characters. Use the default settings.
  2. Click OK.

The new database is added under the Databases folder in the Object Explorer pane.

5. Create a Database Login for the Composer Server

  1. Expand the Security folder, and right-click Logins.
  2. Select New Login.

6. Complete the General Settings

  1. Enter a login name, using ASCII characters only; for example, ComposerUser.
  2. Select SQL Server authentication, and create a password.
  3. De-select Enforce password policy. For the purposes of this exercise, you do not need to use password policies.
  4. Set the default database to the Composer database.
  5. Select a default language.

7. Assign the sysadmin Server Role

  1. Select the Server Roles page.
  2. Select the sysadmin check box.

8. Complete the User Mapping Settings

  1. Select the User Mapping page.
  2. Select the ComposerDB database.
  3. Select the db_owner role.
  4. Click OK.

The new login is added under the Security > Logins folder in the Object Explorer pane.

Install the Composer

Horizon 7 uses Composer, also called View Composer, to create and deploy linked-clone desktops in vCenter Server. Composer is the legacy method of optimizing your use of storage space and facilitate updates.

(Instant-clone desktops, another feature, improve and accelerate the process of cloning virtual desktops, and use even less storage and administrative effort, because the desktop is deleted when the user logs out. Both instant-clone and linked-clone desktops are explored in other chapters of this tutorial.)

Installing Composer is required only if you plan to do the exercises for creating linked-clone desktops. For production environments, VMware recommends using instant clones rather than linked clones.

Note: Do not install Composer on the same virtual or physical machine as Connection Server, Horizon Agent, Horizon Client, or other Horizon 7 software components. For this exercise, Composer is installed on a standalone machine.

Prerequisites for Composer Installation

To perform this exercise, you will need the following:

  • Database – Verify that you have performed all the steps in the exercise Set Up the Composer Database, which include creating the database for storing Composer information and a login user with the correct privileges for the Composer server to communicate with the database.
  • SQL Server Native Client 11 – If the driver for the native client is not already installed on the Composer server machine, you can download the installer, which is called sqlncli.msi and is one of the components included in the Microsoft SQL Server 2016 Feature Pack. You will select this driver when you are completing the Composer installation wizard.
  • User account for running the installer – When you log in to the OS to run the installer, the account you use must have administrative privileges.
  • Installer – If necessary, you can download the installer from the Download VMware Horizon page or the VMware Horizon 7 Product Evaluation Center. You must download and copy the installer file to the Composer server VM, or, alternatively, you can copy it to a location accessible to the system.
  • VM that satisfies virtual hardware requirements – If you performed the exercise Create VMs for the Connection Server and Composer, you have an appropriate VM. If you did not perform that exercise, make sure that the VM you have adheres to the specifications listed in the product documentation topic Hardware Requirements for Standalone View Composer.
  • Windows OS – The system must be running a supported Windows version. We recommend Windows Server 2016. for a complete list of supported operating systems, see the product documentation topic Supported Operating Systems for View Composer.

1. Run the Composer Installer

Navigate to the Composer installation file that you downloaded earlier, and double-click the file to start the installation wizard.

2. Click Next on the Welcome Page

On the installation wizard Welcome page, click Next.

3. Accept the License Agreement

  1. Select I accept the terms in the license agreement.
  2. Click Next.

4. Accept the Default Installation Directory

Click Next.

5. Set Up a New ODBC Data Source

Click ODBC DSN Setup.

6. Add a New System DSN

Click Add.

6.1. Select the SQL Server Native Client

  1. Select SQL Server Native Client 11. If you do not see a driver for the native client, you can download the installer, which is called sqlncli.msi and is one of the components included in the Microsoft SQL Server 2016 Feature Pack.
  2. Click Next.

6.2. Enter Data Required to Create a Data Source

  1. Enter a name for the data source; for example, Composer-data-source.
  2. Select the database server instance from the drop-down list.
  3. Click Finish.

6.3. Test the Data Source Connection

  1. Click Test Data Source.
  2. Click OK in the Test Results window.
  3. Click OK in the ODBC data source window.

6.4. Click OK in the Data Source Administrator

Now that the data source for the Composer database has been added, click OK to close the ODBC Data Source Administrator wizard.

6.5. Configure the Data Source

  1. Add a name; for example, enter Composer-data-source.
  2. Select the SQL Server from the drop-down list.
  3. Click Finish.

7. Enter Database Information

  1. Now that a data source is configured, enter the data source name; for example, Composer-data-source.
  2. Enter the user name and password for the login you created in the exercise Set Up the Composer Database.
  3. Click Next.
  4. Click OK. You can safely ignore this warning because the user you created uses SQL Server authentication rather than Windows authentication.

8. Accept the Default SOAP Port

Click Next.

9. Start the Installation Process

Click Install.

10. Click Finish

When installation is complete, click Finish to close the wizard.

11. Restart the System

To finalize the installation, click Yes to reboot the virtual machine.

12. Verify that the Service Is Started

On the Composer VM, open the Services applet, and verify that the VMware Horizon 7 Composer service is running.

Initial Configuration

Introduction

The exercises in this chapter are about configuring the Connection Server so that it can create pools of VDI desktops and RDSH-published desktops and applications. You use the Horizon Administrator UI to perform these Connection Server configuration tasks. In subsequent chapters, you will use the new Horizon Console UI to create and monitor desktop and application pools.

Some exercises in this chapter are mandatory, and some are optional. For example, the exercise Create a Domain User Account and OUs in AD for Clone Operations, is optional in that you are not required to create a new domain user account and new Active Directory organizational units if you just want to set up a proof-of-concept (POC) environment. When prompted in later exercises, you can specify an existing domain user and OUs if you like.

Similarly, you are not required to set up an event database. The event database allows you to monitor logging operations in the Horizon Administrator UI. If you do not complete the exercise Create an Event Database, you can instead look directly in the log files if necessary, or you can configure logs to be sent to a Syslog server.

If you do not perform these optional exercises, configuring the Connection Server involves only three tasks: entering the license key, adding a vCenter Server, and designating an instant-clone domain administrator.

Create a Domain User Account and OUs in AD for Clone Operations

In this exercise, you perform the following preliminary tasks so that instant- or linked-clone desktops can be automatically joined to a specified domain as they are created:

  • Create a user account in Active Directory that has the required permissions for creating and deleting cloned-desktops.
  • Create one organizational unit (OU) in Active Directory for instant-clone desktops, another for instant-clone RDSH servers, and another OU for linked-clone desktops.

Note: This exercise shows how you would typically create an OU in a production environment and set the minimum required Active Directory domain privileges. However, for a test environment, you can skip this exercise and deploy the instant-clone  and linked-clone virtual machines (VMs) to the Computers OU, and use a domain administrator account for the instant-clone domain administrator and the domain administrator for View Composer.

Prerequisites for Creating OUs and the Domain Admin

To perform this exercise, you must have a user account for logging in to the domain controller as an administrator and creating users and OUs in Active Directory.

1. Open Active Directory Users and Computers

On the Active Directory Domain Controller, log in as an administrator, and go to Start button > Administrative Tools > Active Directory Users and Computers.

2. Add a New User

  1. Expand the domain.
  2. Right-click Users.
  3. Select New.
  4. Select User.

2.1. Enter User Name Information

Complete the dialog box, and click Next.

2.2. Enter Password Information

  1. Enter a password.
  2. De-select User must change password at next logon. In a test environment, you can de-select this check box.
  3. Select Password never expires.  In a test environment, you can select this check box.
  4. Click Next, and click Finish in the next wizard page to close the wizard and create the user.

Now that you have a domain user account to use specifically for creating cloned VMs, you can add this user to the Active Directory OUs that will contain the VM computer accounts, as described in the steps that follow. You will also assign permissions to this user so that the user account can create and delete VMs in the OUs.

3. Create an OU for Instant-Clone Desktops and Delegate Control

  1. Right-click the domain.
  2. Select New.
  3. Select Organizational Unit.

3.1. Name the OU

  1. Enter a name; for example, Instant Clones.
  2. Click OK.

This OU is the Active Directory container in which the instant-clone computer accounts will be created. After you complete the text box, you can find the OU under the domain.

3.2. Open the Delegation of Control Wizard

Right-click the OU you created (that is, the container) and select Delegate Control.

3.3. Click Next on the Welcome Page

Click Next to start the wizard.

3.4. Add the Domain User

  1. In the Users or Groups dialog box, click Add.
  2. Enter the name of the domain user you just created; for the example in this exercise, we use Clone Domain User.
  3. Click Check Names to verify that the name can be found in Active Directory.
  4. Click OK.
  5. When you are returned to the Users or Groups page, click Next.

3.5. Create a Custom Task to Delegate

  1. Select Create a custom task to delegate.
  2. Click Next.

3.6. Delegate Control of Computer Objects

  1. Select Only the following objects in the folder.
  2. Select the following check boxes:
    • Computer objects
    • Create selected objects in this folder
    • Delete selected objects in this folder
  3. Click OK.

3.7. Select Permissions

  1. in the Permissions list, select the following items:
    • Create All Child Objects
    • Delete All Child Objects
    • Read All Properties
    • Write All Properties
    • Reset Password
  2. Click Next.

These are the required permissions for the user account, including permissions that are assigned by default.

  • List Contents
  • Read All Properties
  • Write All Properties
  • Read Permissions
  • Reset Password
  • Create Computer Objects
  • Delete Computer Objects

3.8. Click Finish

Click Finish to close the wizard.

4. Create an OU for Instant-Clone RDSH Servers and Delegate Control

If you plan to perform the exercise for creating an instant-clone farm of RDSH servers, repeat the step Create an OU for Instant-Clone Desktops and Delegate Control to create an OU for the instant-clone RDSH server computer accounts. You might name the OU RDSH Servers.

5. Create an OU for Linked Clones and Delegate Control (Optional)

If you plan to perform the exercise for using the Composer and creating a linked-clone desktop pool, repeat the step Create an OU for Instant-Clone Desktops and Delegate Control to create an OU for linked-clone desktop computer accounts. You might name the OU Linked Clones. The OUs for linked clones require the same delegation permissions as those for instant clones.

Note: In a production environment, usually the decision is made to use either linked clones or instant clones.

Add the Product License Key

The first step of initial configuration after installing the Connection Server is to add a product license key. The first time you log in to the Connection Server, the Horizon Administrator opens to the Product Licensing and Usage page.

Prerequisites for Adding a License

Before you perform this exercise, you need a valid license. You can use an evaluation license. For information about purchase options, see the VMware End-User Computing Packaging and Licensing guide.

1. Click the Edit License Button

  1. In Horizon Administrator, navigate to View Configuration, and select Product Licensing and Usage.
  2. Click Edit License.

2. Provide the License Serial Number

  1. Enter the 25-character serial number of the product license key.
  2. Click OK.

3. Verify Successful License Edit

  1. Verify that the license expiration date has not already passed.
  2. Verify that the licenses for Desktop, Application Remoting, Composer, and Instant Clone are all enabled.

Add a vCenter Server Instance

vCenter Server creates and manages the virtual machines used in Horizon 7 desktop pools. The Connection Server uses a secure channel (SSL) to connect to the vCenter Server instance.

Prerequisites for Adding vCenter Server

Before you perform this exercise you need the following:

  • Horizon 7 license – See Add the Product License Key.
  • vCenter Server user account – For more information, see Configure a vCenter Server User for Horizon 7 and View Composer. The account privileges you need depend on whether you are using the Composer (which is optional).
    Tip: In a test environment, you could use the administrator account (administrator@vsphere.local), which has all administrator privileges.
  • View Composer Server user account – (Optional) The account must be a domain user account and must be a member of the local Administrators group on the standalone View Composer machine. Complete this setting if you plan to create linked-clone desktop pools.
  • Domain user account for adding linked clones – (Optional) This is a domain administrator account with permissions to create and delete computer objects and write properties in the domain. You already created this user account if you performed the exercise Create a Domain User Account and OUs in AD for Clone Operations. You need this information only if you plan to created linked-clone desktop pools.
    Tip: In a test environment, you could use an account that is a member of the Domain Administrators group, which has all the required privileges.

1. Click Add on the vCenter Servers Tab

  1. In Horizon Administrator, navigate to View ConfigurationServers.
  2. Click Add.

2. Enter vCenter Server Settings

  1. In the vCenter Server Settings section, enter the FQDN of the vCenter Server instance, and the user name and password for the vCenter Server user account, as described in Prerequisites for Adding vCenter Server.
  2. Accept the default values for the port and other advanced settings, and click Next.

3. Enter the Composer Settings (Optional)

  1. In the View Composer Settings section, select Standalone View Composer Server, and configure the following Composer Settings:
    • Server Address: Enter the FQDN of your View Composer VM.
    • User name: Enter the user name of your vCenter Server user account; for example, domain.com\user or user@domain.com. This account is described in Prerequisites for Adding vCenter Server.
    • Password: Enter the password of your vCenter Server user account.
    • Port: Use the default.
  2. Click Next.

Important: If you do not plan to create linked-clone desktop pools, you can skip this step and its sub-steps.

3.1. View the Invalid Certificate

If an Invalid Certificate Detected prompt is displayed, click View Certificate.

3.2. Accept the Certificate

In the Certificate Information window, review the thumbprint of the default self-signed certificate that was generated during installation, and click Accept.

3.3. Add the Composer Domain

  1. On the View Composer Domains page, click Add.

3.4. Enter the Domain Data

  1. In the Add Domain window, enter the domain name, credentials for the domain user account for creating linked clones, as described in Prerequisites for Adding vCenter Server.
    This account must have permission to create computer objects, delete computer objects, and write properties in the domain or in the OUs (organizational units) that you select when creating desktops in later exercises.
  2. Click OK.

3.5. Verify the Domain Data

  1. In the View Composer Domains window, verify the information.
  2. Click Next.

4. Accept Storage Setting Defaults

In the Storage Settings section, accept the defaults, and click Next.

5. Finish the Process

  1. On the Ready to Complete page, review the vCenter Server information.
  2. Click Finish.

6. Verify That vCenter Server Is Connected

On the vCenter Servers tab, verify the vCenter Server that you just connected to your Horizon 7 environment.

Add an Instant-Clone Domain Administrator

You use Horizon Administrator to specify the user account for joining instant-clone VMs to the Active Directory domain.

Prerequisites for Adding the Instant-Clone Domain Administrator

Before you perform this exercise, you must have a domain user account that has the required Active Directory permissions so that cloned desktops can be joined to the domain. These include permissions to create and delete computer objects, and write properties in the domain or in the OUs (organizational units) that you select when creating desktops in later exercises. You have already created this user account if you performed the exercise Create a Domain User Account and OUs in AD for Clone Operations.

Tip: In a test environment, you could use an account that is a member of the Domain Administrators group, which has all the required privileges.

1. Select Instant Clone Domain Admins and Click Add

  1. In Horizon Administrator, go to View Configuration > Instant Clone Domain Admins.
  2. Click Add.

2. Enter Credentials for the Domain Admin User

  1. Select the domain from the drop-down list.
  2. Enter the user name and password of the domain user account for creating instant-clones.

Create an Event Database

In this exercise, you create an event database to log Horizon 7 events to a SQL Server instance, making the event data available to analytics software. For example, you can find the following types of events in the database:

  • Alerts that report system failures and errors
  • End-user actions, such as logging and starting desktop and application sessions
  • Administrator actions, such as adding entitlements and creating desktop and application pools
  • Statistical sampling, such as recording the maximum number of users over a 24-hour period

For details about the types of information recorded, see Integrating Horizon 7 with the Event Database. The event database is not required for every Horizon 7 environment. Alternatively, or in addition to using the event database, you can configure Connection Server to send events to a Syslog server or create a flat file of events written in Syslog format. See Configure Event Logging for Syslog Servers.

Prerequisites for Setting Up the Event Database

To perform this exercise, you need the following:

  • SQL Server instance – This is the database server on which you will create the event database. For the example in this exercise, we used Microsoft SQL Server 2016. To simplify the setup for completing this tutorial in a lab setup, we recommend that you use the same SQL Server instance for the event database, the Composer database, and the JMP server database. For a list of databases that support all three of these components, see Database Requirements for JMP Server.
  • Microsoft SQL Server Management Studio – For the example in this exercise, we used Microsoft SQL Server Management Studio v17.7. The instructions might differ slightly for different versions of SQL Server Management Studio.
  • Microsoft SQL Server Configuration Manager – For the example in this exercise, we used SQL Server 2016 Configuration Manager. The instructions might differ slightly for different versions of SQL Server Configuration Manager.
  • SA credentials – To create the necessary logins for the JMP server database, you will log in to the SQL Server instance as the sysadmin (SA) or as a user account with SA privileges.

1. Open Microsoft SQL Server Management Studio

  1. On the VM where SQL Server and SQL Server Management Studio are installed, click the Start button.
  2. Navigate to and select Microsoft SQL Server Management Studio.

2. Connect to the SQL Server Instance

  1. Select the SQL Server instance from the drop-down list.
  2. Log in as the sysadmin (SA) or using a user account with SA privileges.
  3. Click Connect.

3. Create a Database for Horizon 7 Events

  1. In the Object Explorer, right-click Databases.
  2. Select New Database.

4. Name the Database

  1. For the database name, enter Horizon7Events. Use the default settings.
  2. Click OK.

5. Create a Database Login for the Connection Server Machine

  1. To create a login so that the Connection Server can access the database to log events, expand the Security folder, and right-click Logins.
  2. Select New Login.

5.1. Complete the General Settings

  1. Enter a login name to use for the Connection Server machine, using ASCII characters only; for example, Horizon7EventsUser.
  2. Select SQL Server authentication, and create a password.
  3. De-select Enforce password policy. For the purposes of this exercise, you do not need to use password policies.
  4. Either leave master as the default database or select the Horizon7Events database as the default database.
  5. Select a default language.

5.2. Assign the sysadmin Server Role

  1. Select the Server Roles page.
  2. Select the sysadmin check box.

5.3. Map the Login to the Horizon7Events Database

  1. Select the User Mapping page.
  2. Select the Horizon7Events database.
  3. Click OK.

The new login is added under the Logins folder in the Object Explorer pane, and the user is added under the Databases > Horizon7Events > Security > Users folder.

6. Configure TCP/IP Properties for the Database Server

You must verify that the TCP/IP protocol is enabled and that the default port 1433 is used for all IP addresses.

6.1. Launch the SQL Server Configuration Manager

  1. On the VM where SQL Server and SQL Server Configuration Manager are installed, click the Start button.
  2. Navigate to and select SQL Server Configuration Manager.

6.2. Open the TCP/IP Properties Dialog Box

  1. Expand SQL Server Network Configuration, and select Protocols for <server name>.
  2. In the list of protocols, right-click TCP/IP, and select Properties.

6.3. Enable the Protocol

On the Protocol tab, set or verify that the Enabled property is set to Yes.

6.4. Verify That the Default Port 1433 Is Used

  1. On the IP Addresses tab, set or verify that the TCP port for IPAll is set to the default port 1433.
  2. Click OK.

The database server is now properly configured.

7. Configure the Event Database in Horizon Administrator

  1. In Horizon Administrator, navigate to View Configuration > Event Configuration.
  2. In the Event Configuration pane, click Edit.

8. Complete the Event Database Configuration Dialog Box

  1. In the Edit Event Database window, enter the following information:
    • Database server – Enter the DNS name or IP address.
    • Database type – Accept the default Microsoft SQL Server.
    • Port – Accept the default port number (1433) used to access the database server.
    • Database name – Enter the event database name created on the database server; for example, Horizon7Events.
    • User name and Password – Enter the credentials for the user you created for this database in Complete the General Settings. For this example, the user name is  Horizon7EventsUser.
    • Table prefix – Enter VE_ (for View Events).
  2. Click OK.

The configuration settings you entered are displayed on the Event Configuration page.

9. Verify a Successful Connection

Under Monitoring in the navigation bar on the left, select Events to verify that the connection to the event database is successful.

Creating Single-User Desktop Pools

Introduction

With single-user desktops, each virtual machine allows a single end-user connection at a time. In contrast, with session-based desktops, one RDSH server can accommodate many concurrent user connections. This chapter provides the following exercises for creating various types of pools that contain Windows-based single-user desktops:

  • Instant-clone desktop pools
  • Full-clone desktop pools
  • Linked-clone desktop pools

A shared-session, RDSH desktop pool has different characteristics than a single-user automated desktop pool. Exercises for creating an RDSH desktop pool, which is based on a session to an RDSH server, appear in the next chapter, Creating RDSH-Published Desktops and Applications.

Besides Windows-based desktops, you can create Linux-based desktops, see Setting Up VMware Horizon 7 for Linux Desktops.

Deploy an Instant-Clone Desktop Pool

A clone is a copy of a master VM with a unique identity of its own, including a MAC address, UUID, and other system information. The VMware Instant Clone Technology included Horizon 7 Enterprise Edition and Horizon Apps Advanced Edition improves and accelerates the process of creating cloned VMs over the previous View Composer linked-clone technology. In addition, instant clones require less storage and less expense to manage and update because the desktop is deleted when the user logs out, and a new desktop is created using the latest master image.

Creating an instant-clone desktop pool or RDSH server farm is a two-part process:

  • Publishing, also called priming, the master image
  • Provisioning the VMs in the pool or farm

Publishing the master image can take from 7 to 40 minutes, depending on the type of storage you are using. Provisioning the VMs takes only 1 or 2 seconds per VM. You can perform these tasks at separate times, so that the provisioning process occurs either at a scheduled time or immediately after the publishing process is complete.

The Add Desktop Pool wizard or the Add Farm wizard in the Horizon Console guides you through the process of publishing the master image. Completing the wizard for instant clones is similar to adding any type of pool or farm.

For this exercise, you will use the newest Horizon 7 management interface, the Horizon Console.

Important: If your session in the Horizon Console is idle for more than a few minutes, you might be automatically logged out, and if you were in the middle of creating a desktop pool, your changes are lost.

Prerequisites for Deploying an Instant-Clone Pool

To perform this exercise, you need the following:

1. Start the Add Pool Wizard in the Horizon Console

  1. Log in to the Horizon Console, and select Inventory > Desktops.
    The format of the URL for accessing the console is: https://<connection-server-FQDN>/newadmin
  2. Click Add.

2. Select the Automated Desktop Pool Type

  1. Select Automated Desktop Pool.
  2. Click Next.

3. Select the Instant Clone Type and the vCenter Server Instance

  1. Select Instant Clone, and, optionally, add a description of the pool.
  2. Select the vCenter Server instance.
  3. Click Next.

4. Select Floating Assignment

  1. Select Floating. Instant-clone pools can use either floating or dedicated user assignment. For this exercise, we use floating assignment.
    • Dedicated assignment – Each desktop is assigned to a specific user. A user logging in for the first time gets a desktop that is not assigned to another user. The user always gets this same desktop after logging in, and this desktop is not available to any other user.
    • Floating assignment – Users get a random desktop every time they log in. When a user logs out, the desktop is deleted. With automatic deletion, you keep only as many VMs as you need at one time.
  2. Click Next.

5. Choose Whether to Use vSAN

  1. Select Do not use VMware Virtual SAN, and select Use separate datastores for replica and OS disks.
  2. Click Next.

For this exercise, use separate datastores so that you can see the extra settings In the next window. With separate datastores, you can place the replica VM on a solid-state, disk-backed datastore. Solid-state disks have low storage capacity but high read performance, typically supporting 20,000 IOPS. Separate datastores are used in tiered-storage models.

In a production environment, you might select to use VMware Virtual SAN. VMware Virtual SAN, or VMware vSAN™, is a software-defined storage tier that virtualizes the local physical storage disks available on a cluster of vSphere hosts. You specify only one datastore when creating an automated desktop pool or an automated farm, and the various components, such as virtual machine files, replicas, user data, and operating system files, are placed on the appropriate solid-state drive (SSD) disks or direct-attached hard disks (HDDs).

6. Complete the Default Image Settings

Click the Browse button next to the first setting, which is Parent VM.

Important: This page has numerous settings, and in the next steps, we do not copy this screenshot into every step, but instead only refer to it and show a screenshot of the window that appears when you click Browse for that setting.

Note: This page refers to the default image because after the pool is created, you can edit the pool and select a different snapshot to use if you want to push a new image and generate new desktops using that other image.

Describing all the settings in detail is beyond the scope of this quick-start guide. For details about all the settings in the Add Desktop wizard, see the product documentation topic Worksheet for Creating an Instant-Clone Desktop Pool in Horizon Console.

6.1. Select a Parent VM

  1. Select the master VM that you created.
    For instructions, see the guide Creating an Optimized Windows Image for a VMware Horizon Virtual Desktop.
  2. Click Submit.

6.2. Select a Snapshot of the Master VM

  1. Click Browse next to Snapshot, and select the snapshot to use as the default image for creating the pool.
    For instructions, see the guide Creating an Optimized Windows Image for a VMware Horizon Virtual Desktop.
  2. Click Submit.

6.3. Select a VM Folder for the Instant Clones in the Pool

  1. Click Browse next to VM Folder Location, and select the folder to use.
    Note: The Instant Clones folder shown in the screenshot is just an example; you can select any available folder.
    The VM folder is described in Prerequisites for Deploying an Instant-Clone Pool.
  2. Click Submit.

6.4. Select the Resource Cluster

  1. Click Browse next to Cluster, and select a vCenter Server resource cluster.
    Note: The cluster selected in the screenshot is just an example; you can select any available cluster.
  2. Click Submit.

6.5. Select a Resource Pool

  1. Click Browse next to Resource Pool, and select a resource pool.
    Note: The resource pool selected in the screenshot is just an example; you can select any available resource pool.
  2. Click Submit.

6.6. Select a Datastore for the Clones

  1. Click Browse next to Instant-Clone Datastores, and select a datastore.
    Note: The datastore selected in the screenshot is just an example; you can select any available datastore or multiple datastores.
  2. Click Submit.

6.7. Select a Datastore for the Replica Disk

  1. Click Browse next to Replica Disk Datastores, and select a datastore.
    Note: The datastore selected in the screenshot is just an example; you can select any available datastore or multiple datastores.
  2. Click Submit.

6.8. Select a Network

  1. Click Browse next to Network, and note that by default you use the same network as the master image VM.
  2. Click Submit.

6.9. Click Next on the Default Image Page

On the page that summarizes the default image settings you selected, click Next.

7. Enter a Pool ID and Display Name

  1. Add a pool ID.
  2. (Optional) Add a display name, which users will see when they log in using Horizon Client or the HTML Access web client.
    If you do not provide a display name, the pool ID is used for the display name.
  3. (Optional) Select an access group.
    If you do not specify an access group, the pool is placed in the root access group. For more information about access groups, see the product documentation topic Manage and Review Access Groups.
  4. Click Next.

8. Specify Desktop Pool Settings

For the purposes of this exercise, use the default settings, and click Next.

9. Specify Remote Display Settings

  1. Select the HTML Access check box so that users will be able to access virtual desktops using their web browsers instead of Horizon Client.
  2. Select the Allow Session Collaboration check box.
  3. Use the defaults for the other settings, and click Next.

10. Specify Provisioning Settings

  1. Enter a naming pattern for the VMs. For example, for this exercise, you can use Win10-IC.
    This naming pattern helps you identify Windows 10 instant clones in Horizon Console.
  2. Select Provision machines on demand, and use the default minimum of 1.
  3. Set Max number of machines to 10 or fewer (for the purposes of this exercise).
    In a production environment, instant-clone pools have been tested to support up to 2,000 desktops.
  4. Set Number of spare (powered on) machines to 1.
  5. Use the defaults for the other settings, and click Next.

11. Select a Domain Administrator and Browse to the OU

  1. Select the instant-clone domain administrator, which you added in the exercise Add an Instant-Clone Domain Administrator.
  2. Click Browse in the AD Container section.

12. Select the Active Directory OU for the Desktops

  1. Select the OU that you created in the exercise Create a Domain User Account and OUs in AD for Clone Operations, or if this is a test environment, you can select the Computers OU.
  2. Click Submit.

13. Click Next on the Guest Customization Page

Use the defaults for the rest of the settings on this page, and click Next.

Note: For this exercise, you do not enter scripts. In a production environment, you can specify that a script run immediately after a clone is created. You can also run another script before the clone is powered off. These scripts can invoke any process that can be created with the Windows Create Process API, such as cmd, vbscript, exe, and batch-file processes.

14. Begin Deploying the Desktop Pool

Leave the check box at the top of the window de-selected, and click Submit. Entitling users is a separate exercise.

For more information about the available settings in this wizard, see the product documentation topic Worksheet for Creating an Instant-Clone Desktop Pool in Horizon Console.

15. Monitor the Pool Creation Process

To access details about the newly added pool, click the pool name on the Desktop Pools page.

If you do not see the pool listed, click the Refresh icon above the table.

16. Verify That One Instant-Clone Desktop Is Available

In the Machine Status area, verify that one instant-clone desktop is now available. For this exercise, you selected to provision the desktops on demand, with a minimum of one desktop available.

Important: Now that you have created an instant-clone desktop pool, you can entitle users to it, either by using the Add Entitlements wizard, as described in a later exercise, or by using the JMP Integrated Workflow to define a JMP assignment. JMP assignments include information about the App Volumes AppStacks, instant-clone desktops pools, and User Environment Manager settings for specific groups of users. For instructions, see the Quick-Start Tutorial for VMware Horizon JMP Integrated Workflow.

Push a New Image to an Instant-Clone Desktop Pool

To manage OS patches and software updates with instant clones, you use the push-image operation. The push-image operation achieves the same goal as the recompose operation for View Composer linked clones. However, the recompose operation is slower and requires you to plan for maintenance windows to perform the operation at off-peak hours. Because the provisioning of instant clones is faster than that of View Composer linked clones, it is not necessary to plan for maintenance windows.

Unlike linked clones, instant clones do not need to be recomposed, refreshed, or rebalanced. When a user logs out of the desktop, the desktop is deleted and recreated. This approach to desktop deletion and recreation staggers the patching operation across desktops, eliminates boot storms, reduces storage IOPS, and creates less of a load on the vCenter Server.

For this exercise, you will use the newest Horizon 7 management interface, the Horizon Console.

Important: If your session in the Horizon Console is idle for more than a few minutes, you might be automatically logged out, and if you were in the middle of creating a push-image operation, your changes are lost.

Prerequisites for Pushing a New Image

To perform this exercise, you need:

  • Instant-clone desktop pool – You must have completed the exercise Deploy an Instant-Clone Desktop Pool.
  • New VM snapshot – You must have a new image to push to the desktop pool. Therefore, use vSphere Web Client, select the VM that you created for deploying the instant-clone pool, and create a new VM snapshot. For details, see the vSphere documentation topic Taking a Snapshot.

1. Go to the Summary Page for the Pool

  1. Log in to the Horizon Console, and select Inventory > Desktops.
    The format of the URL for accessing the console is: https://<connection-server-FQDN>/newadmin
  2. Click the pool name on the Desktop Pools page.

2. Select to Schedule Maintenance

On the Summary tab, select Schedule from the Maintain drop-down list.

3. Select a New VM Snapshot

  1. Select the new snapshot that you created.
  2. Click Next.

For this exercise, we select a new snapshot taken of the same master VM, but you can also use this page to navigate to a different VM and select a snapshot.

4. Click Next to Start the Task After Users Log Off

Leave the start time set to the default so that the push starts after you complete the wizard, and click Next.

The default is Wait for users to log off. If, instead, you select to force users to log off, you can give users a warning and a grace period of 5 minutes, by default. To edit this setting, after you finish creating the schedule, open the Horizon Administrator (https://<connection-server-FQDN>/admin), navigate to View Configuration > Global Settings, and click Edit in the General settings section.

Note: The Stop at first error check box is available only if the Stop provisioning on error check box is not selected on the Edit Pool > Provisioning Settings tab.

5. Click Finish to Complete the Maintenance Schedule

Click Finish. You are returned to the Summary tab for the desktop pool, where the pending image for the push operation is displayed in the vCenter Server panel. The state changes from Publishing to Published.

6. Monitor Progress for Individual Desktops

Click the Machines (InstantClone Details) tab to monitor which individual desktops are using which image.

Deploy a Full-Clone Desktop Pool

A full clone is an independent copy of a VM. It shares nothing with its master VM, and it operates entirely separately from the master VM used to create it. In this exercise, you create full-clone desktops with dedicated user assignment.

Before Horizon 7 was released, full-clone dedicated desktops were created for users who needed to install their own applications. This requirement was weighed against the management overhead required to maintain each individual full clone and all the data and applications installed in the VM.

With Horizon 7 and App Volumes, you have the alternative of creating Just-in-Time Desktops. You can combine instant-clone desktops with App Volumes writable disks, which allow users to install their own applications. This strategy allows you to create disposable desktops that retain user customizations, personas, and user-installed apps from session to session, even though the cloned desktop is destroyed when the user logs out. Users experience a stateful desktop, while the enterprise realizes the economy of stateless desktops. For more information, see JMP and VMware Horizon 7 Deployment Considerations.

Prerequisites for Deploying a Full-Clone Pool

To perform this exercise, you need the following:

  • Master VM template – Before you can deploy a pool of full-clone desktops, you must create an optimized master image, which includes installing and configuring a Windows operating system in a VM, optimizing the OS, and installing the various VMware agents required for desktop pool deployment. For step-by-step instructions, see the guide Creating an Optimized Windows Image for a VMware Horizon Virtual Desktop.

    Important: Follow the instructions in the guide Creating an Optimized Windows Image for a VMware Horizon Virtual Desktop, but instead of taking a snapshot of the VM after you finish creating and optimizing it, you must clone the VM to a VM template. For instructions, see the vSphere product documentation topic Clone a Virtual Machine to a Template in the vSphere Web Client. When creating instant-clone and linked-clone desktops, you use a VM snapshot, but for full-clone desktops, you must use a VM template instead of a snapshot.
  • Microsoft Sysprep customization specification – If you do not already have a Microsoft Sysprep customization specification for the Windows 10 guest operating system, use the Guest Customization wizard in the vSphere Client to create one. See the vSphere product documentation topic Create a Customization Specification for Windows. You will select this customization specification when completing the Add Desktop Pool wizard.

    Note: VMware recommends that you test a customization specification in vSphere before you use it to create a desktop pool. When you use a Sysprep customization specification to join a Windows desktop to a domain, you must use the FQDN of the Active Directory domain. You cannot use the NetBIOS name.
  • Connection Server – For installation and setup instructions, see the exercises Install Horizon Connection Server, Add the Product License Key, and Add a vCenter Server Instance.
  • VM folder – (Optional) A VM folder in the vCenter Server inventory. Having a specific folder in the vCenter Server inventory helps you locate and manage the virtual desktops in the full-clone pool.

1. Start the Add Pool Wizard in the Horizon Console

  1. Log in to the Horizon Console, and select Inventory > Desktops.
    The format of the URL for accessing the console is: https://<connection-server-FQDN>/newadmin
  2. Click Add.

2. Select the Automated Desktop Pool Type

  1. Select Automated Desktop Pool.
  2. Click Next.

3. Select the Full Clone Type and the vCenter Server Instance

  1. Select Full Virtual Machines, and, optionally, add a description of the pool.
  2. Select the vCenter Server instance.
  3. Click Next.

4. Enable Automatic Assignment

  1. Select Allow automatic assignment.
  2. Click Next.

5. Choose Whether to Use vSAN

  1. Select Do not use VMware Virtual SAN.
  2. Click Next.

In a production environment, you might select to use VMware Virtual SAN. VMware Virtual SAN, or VMware vSAN™, is a software-defined storage tier that virtualizes the local physical storage disks available on a cluster of vSphere hosts. You specify only one datastore when creating an automated desktop pool or an automated farm, and the various components, such as virtual machine files, replicas, user data, and operating system files, are placed on the appropriate solid-state drive (SSD) disks or direct-attached hard disks (HDDs).

6. Complete the Virtual Machine Template Settings

Click the Browse button next to the first setting, which is Template.

Important: This page has numerous settings, and in the next steps, we do not copy this screenshot into every step, but instead only refer to it and show a screenshot of the window that appears when you click Browse for that setting.

Describing all the settings in detail is beyond the scope of this quick-start guide. For details about all the settings in the Add Desktop wizard, see the product documentation topic Worksheet for Creating an Automated Pool That Contains Full Virtual Machines in Horizon Console.

6.1. Select a VM Template

  1. Select the VM template that you created.
    For instructions on creating and optimizing a VM, see the guide Creating an Optimized Windows Image for a VMware Horizon Virtual Desktop. For instructions on creating a VM template, see the vSphere product documentation topic Clone a Virtual Machine to a Template in the vSphere Web Client.
  2. Click Submit.

6.2. Select a VM Folder for the Full Clones in the Pool

  1. Click Browse next to VM Folder Location, and select the folder to use.
    Note: The Win10 folder shown in the screenshot is just an example; you can select any available folder.
    The VM folder is described in Prerequisites for Deploying a Full-Clone Pool.
  2. Click Submit.

6.3. Select the Resource Cluster

  1. Click Browse next to Cluster, and select a vCenter Server resource cluster.
    Note: The cluster selected in the screenshot is just an example; you can select any available cluster.
  2. Click Submit.

6.4. Select a Resource Pool

  1. Click Browse next to Resource Pool, and select a resource pool.
    Note: The resource pool selected in the screenshot is just an example; you can select any available resource pool.
  2. Click Submit.

6.5. Select a Datastore for the Clones

  1. Click Browse next to Datastores, and select a datastore.
  2. Note: The datastore selected in the screenshot is just an example; you can select any available datastore or multiple datastores.
  3. Click Submit.

6.6. Click Next on the Virtual Machine Template Page

On the page that summarizes the default image settings you selected, click Next.

7. Enter a Pool ID and Display Name

  1. Add a pool ID.
  2. (Optional) Add a display name, which users will see when they log in using Horizon Client or the HTML Access web client.
    If you do not provide a display name, the pool ID is used for the display name.
  3. (Optional) Select an access group.
    If you do not specify an access group, the pool is placed in the root access group. For more information about access groups, see the product documentation topic Manage and Review Access Groups.
  4. Click Next.

8. Specify Desktop Pool Settings

For the purposes of this exercise, use the default settings, and click Next.

9. Specify Remote Display Settings

  1. Select the HTML Access check box so that users will be able to access virtual desktops using their web browsers in addition to Horizon Client.
  2. Select Allow Session Collaboration.
  3. Use the defaults for the other settings, and click Next.

10. Specify Provisioning Settings

  1. Enter a naming pattern for the VMs. For example, for this exercise, you can use Win10-FC.
    This naming pattern helps you identify Windows 10 full clones in Horizon Console.
  2. Select Provision machines on demand, and use the default minimum of 1.
  3. Set Max number of machines to 10 or fewer (for the purposes of this exercise).
    In a production environment, full-clone pools have been tested to support up to 2,000 desktops.
  4. Set Number of spare (powered on) machines to 1.
  5. Use the defaults for the other settings, and click Next.

11. Click Next on the Advanced Storage Options Page

Click Next.

12. Select a Sysprep Customization Specification

  1. Select Use this customization specification.
  2. Select the customization specification.
    Note: The customization specification selected in the screenshot is just an example; select the customization specification you created.
  3. Click Next.

13. Begin Deploying the Desktop Pool

Leave the check box at the top of the window de-selected, and click Submit. Entitling users is a separate exercise.

For more information about the available settings in this wizard, see the product documentation topic Worksheet for Creating an Automated Pool That Contains Full Virtual Machines in Horizon Console.

14. Monitor the Pool Creation Process

To access details about the newly added pool, click the pool name on the Desktop Pools page.

If you do not see the pool listed, click the Refresh icon above the table.

15. Check the Machine Status

Scroll down to the Machine Status area, which displays the VM state. The state changes from Provisioning to Customizing to Available.

Deploy a Linked-Clone Desktop Pool

Linked clones allow administrators to easily create and manage pools of similar desktops. Because linked-clone desktops share a base system-disk image, they use less storage than full VMs. All linked-clone desktops can be patched or updated by updating the master VM and VM snapshot.

Prerequisites for Deploying a Linked-Clone Pool

To perform this exercise, you need the following:

  • Master VM and snapshot – Before you can deploy a pool of desktops, you must create an optimized master image, which includes installing and configuring a Windows operating system in a VM, optimizing the OS, and installing the various VMware agents required for desktop pool deployment. For step-by-step instructions, see the guide Creating an Optimized Windows Image for a VMware Horizon Virtual Desktop.
  • AD OU – You must have determined which Active Directory OU to use for storing linked-clone computer accounts. In a test environment, you can use the Computers OU. In a production environment, VMware recommends that you create a specific OU and domain user, and delegate the minimum required permissions, as described in the exercise Create a Domain User Account and OUs in AD for Clone Operations.
  • Connection Server – For installation and setup instructions, see the exercises Install Horizon Connection Server and Add the Product License Key.
  • Composer server – For installation and setup instructions, see the exercises Install the Composer and Add a vCenter Server Instance.
  • VM folder – (Optional) A VM folder in the vCenter Server inventory. Having a specific folder in the vCenter Server inventory helps you locate and manage the virtual desktops in the linked-clone pool.

1. Start the Add Pool Wizard in Horizon Administrator

  1. Log in to Horizon Administrator, and navigate to Catalog > Desktop Pools.
    The format of the URL for accessing the console is: https://<connection-server-FQDN>/admin
  2. Click Add.

2. Select the Automated Desktop Pool Type

  1. Select Automated Desktop Pool.
  2. Click Next.

3. Select Floating Assignment

  1. Select Floating. Linked-clone pools can use either floating or dedicated user assignment. For this exercise, we use floating assignment.
    • Dedicated assignment: Each desktop is assigned to a specific user. A user logging in for the first time gets a desktop that is not assigned to another user. The user always gets this same desktop after logging in, and this desktop is not available to any other user.
    • Floating assignment: Users get a random desktop every time they log in. When a user logs out, the desktop is either refreshed and returned to the pool or deleted, depending on pool settings. With automatic deletion, you keep only as many VMs as you need at one time.
  2. Click Next.

4. Connect to vCenter

  1. Select View Composer linked clones.
  2. Select the vCenter Server instance.
  3. Click Next.

5. Provide a Pool ID

  1. Complete the Desktop Pool Identification window:
    • Add a pool ID.
    • (Optional) Add a display name, which users will see when they log in using Horizon Client or the HTML Access web client.
      If you do not provide a display name, the pool ID is used for the display name.
    • (Optional) Select an access group.
      If you do not specify an access group, the pool is placed in the root access group. For more information about access groups, see the product documentation topic Manage and Review Access Groups.
  2. In the lower right, click Next.

6. Configure Desktop Pool Settings

  1. In the Desktop Pool Settings window, complete the following settings:
    • Leave State set to Enabled.
    • Select VMware Blast to use Blast Extreme as the default display protocol. You can use any display protocol, but the new Blast Extreme display protocol is optimized for all types of devices.
    • Set HTML Access to Enabled.
      Because you are enabling HTML Access, you can access your desktop from a browser if you do not want to install VMware Horizon Client later.
    • For assistance with selecting the other settings, click the ? icon next to the setting, or use the default setting.
  2. Click Next.

7. Configure Provisioning Settings

  1. In the Provisioning Settings window, change the following settings.
    • Enter a naming pattern for the VMs, as described in the Naming Pattern panel of the Provisioning Settings window. For example, for this exercise, you can use Win-10-LC-. This naming pattern helps you identify Windows 10 linked clones in Horizon Administrator.
    • Set Max number of machines to 10 or fewer (for the purposes of this exercise). In a production environment, linked-clone pools have been tested to support up to 2,000 desktops.
    • Select Provision machines on demand, and set the minimum number of machines to 2.
  2. In the lower right, click Next.
  3. In the View Composer Disks window, click Next.

Disposable files consist of the paging file and the system-level Temp directory. The default is to redirect disposable files to a nonpersistent disk that will be deleted automatically when a user’s session ends.

8. Set Storage Optimization

  1. Select Select separate datastores for replica and OS disks.
  2. Click Next.

For this exercise, use separate datastores so that you can see the extra settings In the next window. With separate datastores, you can place the replica VM on a solid-state, disk-backed datastore. Solid-state disks have low storage capacity but high read performance, typically supporting 20,000 IOPS. Separate datastores are used in tiered-storage models.

In a production environment, you might select to use VMware Virtual SAN. VMware Virtual SAN, or VMware vSAN™, is a software-defined storage tier that virtualizes the local physical storage disks available on a cluster of vSphere hosts. You specify only one datastore when creating an automated desktop pool or an automated farm, and the various components, such as virtual machine files, replicas, user data, and operating system files, are placed on the appropriate solid-state drive (SSD) disks or direct-attached hard disks (HDDs).

9. Configure vCenter Settings

  1. In the vCenter Settings window, click Browse next to each text box to make your selections. When making your selections, use the following guidelines:
    • Parent VM: Select the master VM that you created for linked clones in the guide Creating an Optimized Windows Image for a VMware Horizon Virtual Desktop.
    • Snapshot: Select the snapshot of the master VM that you created.
    • VM folder location: If you do not have a folder created, select the data center, and click OK.
    • Linked clone datastores and Replica disk datastores: If you are not using a tiered-storage model, you can select the same datastore for replicas and clones.
  2. Click Next.
  3. In the Advanced Storage Options window, click Next.

For the purposes of this exercise, you can use the defaults, but make sure to read the Advanced Storage Options window and the embedded help text In the window to learn about the storage features available for linked clones.

10. Configure Guest Customization

  1. In the Guest Customization window, use the following settings.
    • Domain: Select the domain and user that were used when configuring View Composer settings.
    • AD container: Click Browse and select the OU that you created in the exercise Create a Domain User Account and OUs in AD for Clone Operations, or if this is a test environment, you can select the Computers OU.
    • Use QuickPrep: Select this option. When you create linked-clone machines, you must modify each VM so that it can function as a unique computer on the network. QuickPrep and Microsoft Sysprep provide different approaches to customization. Because QuickPrep runs faster than Sysprep, and because QuickPrep does not require you to create a customization specification, use QuickPrep for this exercise.
    • Note: For this exercise, you do not enter scripts. In a production environment, you can specify that a script run immediately after a clone is created. You can also run another script before the clone is powered off. These scripts can invoke any process that can be created with the Windows CreateProcess API, such as CMD, VBScript (VBS), EXE, and batch-file processes.
  2. Click Next.
  3. In the Ready to Complete window, click Finish.

You return to the Catalog > Desktop Pools inventory list. The new pool appears in the list.

11. Monitor Progress by Going to the Summary Tab

Double-click the desktop pool to go to the Summary tab for the pool.

12. Check the Machine Status

Scroll down to the Machine Status area, which displays the VM state. The state changes from Provisioning to Customizing to Available.

Note: To create another linked-clone pool, you can select this pool In the Desktop Pools window and click Clone to clone this pool. The pool’s settings are copied into the Add Desktop Pool wizard, allowing you to create a new pool without having to fill in each setting manually. You can clone full-clone and linked-clone desktop pools.

Creating RDSH-Published Desktops and Applications

Introduction

Horizon 7 Published  Desktops and Applications are based on sessions to RDSH servers. That is, administrators use Microsoft Remote Desktop Services (RDS) to provide users with desktop and application sessions on RDS hosts. Delivering published applications and desktops is a very simple process:

  1. Create an RDSH server farm from a master VM image, which automatically clones the number of servers you specify.
  2. Publish a desktop pool so that multiple users can access session-based shared desktops from RDSH servers.
  3. Publish one or multiple application pools with one trip through the Add Application Pool wizard.
  4. Learn how to perform image maintenance tasks for RDSH servers.

Create an Instant-Clone RDSH Server Farm

A farm can contain from 1 to 200 RDSH servers. For the exercises in this guide, you create an automated farm of RDSH servers, which is similar to creating an automated pool of instant-clone desktops. With this feature, you do not need to create and configure each RDSH server separately.

For this exercise, you will use the newest Horizon 7 management interface, the Horizon Console.

Important: If your session in the Horizon Console is idle for more than a few minutes, you might be automatically logged out, and if you were in the middle of creating a server farm, your changes are lost.

Prerequisites for Creating an Instant-Clone Server Farm

To perform this exercise, you need the following:

  • Master VM and snapshot – Before you can deploy a farm of RDSH servers, you must create an optimized master image, which includes installing and configuring a Windows operating system in a VM, optimizing the OS, and installing the various VMware agents required for server farm deployment. For step-by-step instructions, see the guide Creating an Optimized Windows Image for a VMware Horizon Virtual Desktop.
    Important: The master VM for RDSH servers must have the appropriate RDSH roles and services installed, as described in the section of that guide called Configure Windows Server Systems for VDI or RDSH.

    Note: It is also possible to enable Windows Server machines to be used as single-user desktops rather than RDSH servers, which provide session-based shared desktops. For information, see the product documentation topic Prepare Windows Server Operating Systems for Desktop Use. None of the exercises that follow involves creating single-user desktops from Windows Server machines.
  • AD OU – You must have determined which Active Directory OU to use for storing instant-clone computer accounts. In a test environment, you can use the Computers OU. In a production environment, VMware recommends that you create a specific OU and domain user, and delegate the minimum required permissions, as described in the exercise Create a Domain User Account and OUs in AD for Clone Operations.
    Note: For the server farm OU, give the OU a descriptive name such as RDSH Servers.
  • Instant-clone domain administrator – You must have added an instant-clone domain administrator, as described in the exercise Add an Instant-Clone Domain Administrator.
  • VM folder – (Optional) A VM folder in the vCenter Server inventory. Having a specific folder in the vCenter Server inventory helps you locate and manage the RDSH servers in the instant-clone farm.
  • Applications – The applications you provide to end users can be either installed directly on the RDSH server, or dynamically attached, as App Volumes AppStacks. Before you begin this exercise, install any applications that you want to have in the base image, available for all users.
    Note: To install applications directly on an RDSH server, place the host into RD-Install mode, install the desired applications, and place the host back into RD-Execute mode. For more information, see the Microsoft TechNet article Learn How To Install Applications on an RD Session Host Server. If you plan to use AppStacks, be sure to install the App Volumes Agent, as described in the guide Creating an Optimized Windows Image for a VMware Horizon Virtual Desktop.

1. Start the Add Farm Wizard in the Horizon Console

  1. Log in to the Horizon Console, and select Inventory > Farms.
    The format of the URL for accessing the console is: https://<connection-server-FQDN>/newadmin
  2. Click Add.

2. Select the Automated Farm Type

  1. Select Automated Farm.
  2. Click Next.

3. Select the vCenter Server Instance

  1. Select the vCenter Server instance.
  2. Click Next.

4. Choose Whether to Use vSAN

  1. Select Do not use VMware Virtual SAN.
  2. Click Next.

In a production environment, you might select to use VMware Virtual SAN. VMware Virtual SAN, or VMware vSAN, is a software-defined storage tier that virtualizes the local physical storage disks available on a cluster of vSphere hosts. You specify only one datastore when creating an automated desktop pool or an automated farm, and the various components, such as virtual machine files, replicas, user data, and operating system files, are placed on the appropriate solid-state drive (SSD) disks or direct-attached hard disks (HDDs).

5. Complete the Default Image Settings

Click the Browse button next to the first setting, which is Parent VM.

Important: This page has numerous settings, and in the next steps, we do not copy this screenshot into every step, but instead only refer to it and show a screenshot of the window that appears when you click Browse for that setting.

Note: This page refers to the default image because after the pool is created, you can edit the pool and select a different snapshot to use if you want to push a new image and generate new desktops using that other image.

Describing all the settings in detail is beyond the scope of this quick-start guide. For details about all the settings in the Add Desktop wizard, see the product documentation topic Worksheet for Creating an Automated Instant-Clone Farm in Horizon Console.

5.1. Select a Parent VM

  1. Select the master VM that you created.
    For instructions, see the guide Creating an Optimized Windows Image for a VMware Horizon Virtual Desktop.
  2. Click Submit.

5.2. Select a Snapshot of the Master VM

  1. Click Browse next to Snapshot, and select the snapshot to use as the default image for creating the pool.
    For instructions, see the guide Creating an Optimized Windows Image for a VMware Horizon Virtual Desktop.
  2. Click Submit.

5.3. Select a VM Folder for the Instant Clones in the Farm

  1. Click Browse next to VM Folder Location, and select the folder to use.
    Note: The RDSH folder shown in the screenshot is just an example; you can select any available folder.
    The VM folder is described in Prerequisites for Creating an Instant-Clone Server Farm.
  2. Click Submit.

5.4. Select the Resource Cluster

  1. Click Browse next to Cluster, and select a vCenter Server resource cluster.
    Note: The cluster selected in the screenshot is just an example; you can select any available cluster.
  2. Click Submit.

5.5. Select a Resource Pool

  1. Click Browse next to Resource Pool, and select a resource pool.
  2. Note: The resource pool selected in the screenshot is just an example; you can select any available resource pool.
  3. Click Submit.

5.6. Select a Datastore for the Clones

  1. Click Browse next to Instant-Clone Datastores, and select a datastore.
  2. Note: The datastore selected in the screenshot is just an example; you can select any available datastore or multiple datastores.
  3. Click Submit.

5.7. Select a Network

  1. Click Browse next to Network, and note that by default you use the same network as the master image VM.
  2. Click Submit.

5.8. Click Next on the Default Image Page

On the page that summarizes the default image settings you selected, click Next.

6. Enter a Pool ID and Select Remote Display Settings

  1. Add a pool ID; for example, enter RDSH-Farm.
  2. Scroll down and select the HTML Access check box so that users will be able to access virtual desktops using their web browsers in addition to Horizon Client.
  3. Select Allow Session Collaboration.
  4. Use the defaults for the other settings, and click Next.

7. Specify Provisioning Settings

  1. Enter a naming pattern for the VMs. For example, for this exercise, you can use RDSH-.
    This naming pattern helps you identify RDSH server instant clones in Horizon Console.
  2. For farm sizing, set Max number of machines to 10 or fewer (for the purposes of this exercise).
    In a production environment, instant-clone farms have been tested to support up to 200 servers.
  3. Set Number of ready machines to 1.
  4. Use the defaults for the other settings, and click Next.

8. Select a Domain Administrator and an OU

  1. Select the instant-clone domain administrator, which you added in the exercise Add an Instant-Clone Domain Administrator.
  2. Click Browse in the AD Container section, select the OU, and click Submit.
  3. Click Next.

9. Begin Deploying the Server Farm

Leave the check box at the top of the window de-selected, and click Submit. Entitling users is a separate exercise.

For more information about the available settings in this wizard, see the product documentation topic  Worksheet for Creating an Automated Instant-Clone Farm in Horizon Console.

You are returned to the Farms list, where you can verify that the newly created farm was added to the list.

10. Monitor the Farm Creation Process

To access details about the newly added pool, click the farm name on the Farms page.

If you do not see the farm listed, click the Refresh icon above the table.

11. Check the Publish State

On the Summary tab, scroll down to the State area. The status changes from Publishing to Published.

12. Check the List of Hosts

After the status changes to Published, scroll up and click the RDS Hosts tab to verify that the 10 RDSH servers were created.

Deploy an RDSH-Published Desktop Pool

An RDSH desktop pool has different characteristics than an instant-clone, full-clone, or linked-clone automated desktop pool. An RDSH desktop pool is based on a session to an RDSH server. Now that you have created an RDSH server farm, you can select that farm when creating your desktop pool. For this exercise, you will use the newest Horizon 7 management interface, the Horizon Console.

Important: If your session in the Horizon Console is idle for more than a few minutes, you might be automatically logged out, and if you were in the middle of creating a desktop pool, your changes are lost.

Prerequisite for Deploying a Session-Based Desktop Pool

To perform this exercise, you need to have completed the exercise Create an Instant-Clone RDSH Server Farm. Although it is possible to actually create the RDSH server farm as part of using the Add Desktop Pool wizard, the steps in this exercise direct you to select an existing server farm.

1. Start the Add Pool Wizard in the Horizon Console

  1. Log in to the Horizon Console, and select Inventory > Desktops.
    The format of the URL for accessing the console is: https://<connection-server-FQDN>/newadmin
  2. Click Add.

2. Select the RDS Desktop Pool Type

  1. Select RDS Desktop Pool.
  2. Click Next.

3. Complete the Desktop Pool Identification Page

  1. Add a pool ID; for example, RDSH-desktops.
  2. (Optional) Add a display name, such as RDSH Desktop, which users will see when they log in using Horizon Client or the HTML Access web client.
    If you do not provide a display name, the pool ID is used for the display name.
  3. Click Next.

4. Click Next on the Desktop Pool Settings Page

Click Next to accept the default settings. For more information about the settings, see the product documentation topic Desktop Pool Settings for RDS Desktop Pools.

5. Select the RDS Farm You Created

  1. Click Select an RDS farm for this desktop pool.
  2. Select the farm name in the list. This is the farm that you created in the exercise Create an Instant-Clone RDSH Server Farm.
  3. Click Next.

Note: As an alternative to creating the RDSH server farm before you complete this Add Desktop Pool wizard, you can select Create a new RDS farm. If you use this option, additional pages are added to this wizard, and you are prompted to specify farm settings and select the RDSH server or servers to add to the farm.

6. Begin Deploying the Desktop Pool

Leave the check box at the top of the window de-selected, and click Submit. Entitling users is a separate exercise.

7. Monitor the Pool Creation Process

To access details about the newly added pool, click the pool name on the Desktop Pools page.

If you do not see the pool listed, click the Refresh icon above the table.

8. Review Pool Details

Review the pool information. In addition to the information shown in the screenshot, if you scroll down, you see information about the server farm used for this pool.

Publish Applications Hosted on RDSH Servers

The Published Applications feature supports a wealth of remote-experience features, which include client-drive redirection, access to locally connected USB devices, file-type association, Windows media redirection, content redirection, printer redirection, location-based printing, 3D rendering, smart card authentication, and more.

After applications are published, end users launch Horizon Client, or the HTML Access web client, to access a catalog of published applications. Selecting an application from the catalog opens a window for that application on the local client device, and the application looks and behaves as if it were locally installed.

For example, on a Windows client computer, an item for the application appears in the taskbar and looks identical to the way it would look if it were installed on the local Windows computer. Users can also create shortcuts for published applications, and the shortcuts appear on the client desktop, just like shortcuts for locally installed applications.

To publish applications, administrators create an application pool. Horizon 7 automatically enumerates the installed applications on the RDSH servers. Administrators can select which of the applications to deploy and entitle users to.

For this exercise, you will use the newest Horizon 7 management interface, the Horizon Console.

Important: If your session in the Horizon Console is idle for more than a few minutes, you might be automatically logged out, and if you were in the middle of creating an application pool, your changes are lost.

Prerequisites for Publishing Applications

  • RDSH server farm – You need to have completed the exercise Create an Instant-Clone RDSH Server Farm. Although it is possible to actually create the RDSH server farm as part of using the Add Desktop Pool wizard, the steps in this exercise direct you to select an existing server farm.
  • Applications – The applications you provide to end users can be either installed directly on the RDSH server, or dynamically attached, as App Volumes AppStacks. Before you begin this exercise, install any applications that you want to have in the base image, available for all users.
    Note: To install applications directly on an RDSH server, place the host into RD-Install mode, install the desired applications, and place the host back into RD-Execute mode. For more information, see the Microsoft TechNet article Learn How To Install Applications on an RD Session Host Server. If you plan to use AppStacks, be sure to install the App Volumes Agent, as described in the guide Creating an Optimized Windows Image for a VMware Horizon Virtual Desktop.

1. Start the Add Pool Wizard in the Horizon Console

  1. Log in to the Horizon Console, and select Inventory > Applications.
    The format of the URL for accessing the console is: https://<connection-server-FQDN>/newadmin
  2. Click Add.
  3. Select Add from Installed Applications.

Note: For this exercise, you will use installed applications. For information about adding an application pool manually, see the product documentation topic Worksheet for Creating an Application Pool Manually.

2. Select Applications

  1. Select the automated server farm you created.
  2. Click the check box next to an application.
    Note: The list of applications includes both natively installed apps and App Volumes AppStacks that you have attached to the servers, if you are using AppStacks.
  3. Click the check box next to another application. You can create multiple application pools with only one trip through the wizard.
  4. De-select the check box Entitle users after adding the pool. You will entitle users in a later exercise.
  5. For the other settings, use the defaults, and click Next.

For information about the other settings on this page, including Pre-launch, category folder, and restrictions, see the product documentation topic Worksheet for Creating an Application Pool Manually.

3. Edit the Display Name and Begin Pool Deployment

  1. Add RDSH- to the beginning of the display name. This way, if you later open the published app on a Windows computer, you will be able to distinguish between the locally installed app and the RDSH-published app.
  2. Click B.

The wizard closes and the application pools are added to the list.

Perform Maintenance on a Server Farm

When you use automated instant-clone RDSH server farms, you can rapidly change the size of the farm, refresh the servers back to their original state and disk size, or update the servers to use a new master image. Performing maintenance on an instant-clone farm means deleting the VMs in the farm and either recreating them from the current master image or creating VMs from a new master image, or snapshot.

  • Create a recurring maintenance schedule to restore the operating system disk of each VM in the farm to its original state and size, reducing storage costs. The VM is deleted and recreated from the currently selected master image.
  • Schedule immediate maintenance to change the master image used by the VMs in the farm, such as to apply an urgent security patch.

You can use both types of schedules at the same time, and if you specified a minimum number of provisioned servers to be available during maintenance operations, your end users might never have their work interrupted.

Prerequisites for Performing This Exercise

This exercise involves making changes to instant-clone RDSH server farms. Therefore, you must have completed the exercise Create an Instant-Clone RDSH Server Farm before you begin this exercise.

1. Click the Farm Name

  1. Log in to the Horizon Console, and select Inventory > Farms.
    The format of the URL for accessing the console is: https://<connection-server-FQDN>/newadmin
  2. Click the farm name; for this example the farm name is RDSH-Farm.

2. Select to Schedule Maintenance

On the Summary tab, select Schedule from the Maintain drop-down list.

3. Set a Weekly Maintenance Schedule

  1. For Schedule, select Recurring.
    Note: If, instead, you select Immediate from the drop-down list, you are prompted to specify the task start time.
  2. For Maintenance Period, select Weekly.
  3. Click Next.

4. Click Next to Use the Current Snapshot

On the Image page, click Next. (If the Next button is dimmed, de-select Use current parent VM image and then select the check box again.)

The default is to use the current master image. To select a different master VM and snapshot, you can de-select the check box, browse to a new master VM, and select one of its snapshots.

Note: Setting this schedule so that it runs weekly means that on a weekly basis, the servers are refreshed back to their original state and disk size using the master VM and snapshot that you specify.

5. Click Next to Start the Task After Users Log Off

Click Next.

The default is Wait for users to log off. If, instead, you select to force users to log off, you can give users a warning and a grace period of 5 minutes, by default. To edit this setting, after you finish creating the schedule, open the Horizon Administrator (https://<connection-server-FQDN>/admin), navigate to View Configuration > Global Settings, and click Edit in the General settings section.

6. Click Finish to Complete the Maintenance Schedule

Click Finish. You are returned to the Summary tab for the farm.

The schedule you set appears in the Farm Maintenance section.

If, in addition to this recurring schedule, you find you need to schedule an immediate push of a new master image, you can repeat this process, selecting Maintenance > Immediate rather than Recurring. The farm would then have both a recurring and an immediate maintenance schedule.

In the following steps, we will explore other maintenance tasks.

7. Select to Edit the Farm

Scroll back up to the top of the page, and click Edit.

8. Change the Max Number of Machines to 4

  1. Click the Provisioning Settings tab.
  2. In the Farm Sizing section, set the Max number of machines to 4.
  3. Click OK.

You are returned to the Farms Summary tab.

9. Monitor Changing the Size of the Farm

Click the RDS Hosts tab. Note that the status for some of the servers changes to Deleting. Some servers are deleted to reduce the size of the farm to 4 machines.

Click the Refresh icon, if necessary, to update the status.

Tip: If you change the maximum number of machines to a larger number, the new RDSH servers will typically become available within a minute. This is because the VM snapshot is already published, and therefore only the instant-clone provisioning phase is required.

Provisioning Users and Accessing Virtual Desktops

Introduction to User Provisioning

The first part of this chapter walks you through the process of entitling end users to a desktop or application pool. The second part of this chapter shows you how to connect to a virtual desktop or published application as an end user would, from a variety of client devices.

User Entitlement

You can entitle users to an application pool or desktop pool when you create the pool. At the end of the Add Application Pool wizard or Add Desktop Pool wizard, you can select the Entitle users after this wizard finishes check box.

You can also create user entitlements after the pool is created. If you are entitling users to application pools, you can select multiple application pools, and entitle users to all the selected pools. For desktop pools, you must select one pool at a time.

It is also possible to set up the system so that end users can access RDSH application pools without having to authenticate at all.

Note: For this evaluation, you create local entitlements, which entitle users to desktops within one Horizon 7 pod. A pod is a group of interconnected Connection Servers running in the same LAN segment that broker desktops or published applications. For information about using the Cloud Pod Architecture feature to create global entitlements, which entitle users to multiple desktops across multiple pods in a pod federation, see the guide Administering Cloud Pod Architecture in Horizon 7.

Important: Alternatively, for instant-clone desktop pools, you can also entitle users by using the JMP Integrated Workflow to define a JMP assignment. JMP assignments include information about the App Volumes AppStacks, instant-clone desktops pools, and User Environment Manager settings for specific groups of users. For instructions, see the Quick-Start Tutorial for VMware Horizon JMP Integrated Workflow.

Launching Remote Desktops and Applications from Client Devices

After you have finished deploying virtual desktops or published applications and entitling users, you are ready to explore end-user connection options. End users can connect to desktops and applications using different Horizon Clients, including desktop and mobile clients. VMware provides native Horizon Clients for iOS, Android, Chrome, macOS, Windows, Linux, and Windows 10 UWP.

Alternatively, you can use the HTML Access web client by entering the URL of your Connection Server, using the following format:

https://<FQDN or IP address>

On the VMware Horizon web portal page that appears, you can click either the icon that takes you to the Horizon Clients download page or the icon for logging in using the HTML Access web client.

Entitle End Users to Application Pools or Desktop Pools

Entitling users means specifying which users and groups are allowed to access the desktop or application. You can entitle users to an application pool or desktop pool when you create the pool. At the end of the Add Application Pool wizard or Add Desktop Pool wizard, you can select the Entitle users after this wizard finishes check box.

You can also create user entitlements after the pool is created, which is what we do in this exercise.

For this exercise, you will use the newest Horizon 7 management interface, the Horizon Console.

Prerequisites for Entitling Users

Before you can entitle users, you must create a desktop or application pool. Exercises for performing these tasks are included in the chapters Creating Single-User Desktop Pools and Creating RDSH-Published Desktops and Applications.

1. Start the Add Entitlements Wizard in the Horizon Console

  1. Log in to the Horizon Console, and select Inventory > Desktops or, for application pools, select Inventory > Applications.
    The format of the URL for accessing the console is: https://<connection-server-FQDN>/newadmin
  2. Select the check box next to the name of the pool you want to entitle users to.
    Important: If you are entitling users to application pools, you can select multiple pools, and entitle users to all the selected pools. For desktop pools, you must select one pool at a time.
  3. Select Entitlements > Add Entitlements.

2. Click Add to Add New Users

Click Add.

3. Search for Users and Groups

  1. Use the Name/User name drop-down list and text box to search for users. For this example, we selected Starts with and entered a D so that all user and group names that begin with D will be returned.
    You can narrow your query using the drop-down menus to add search terms and modifiers. If you leave the text boxes empty, all users and groups are returned.
  2. Click Find.
  3. Scroll through the list and select the check boxes next to the names of the users and groups to entitle.
  4. Click OK.

4. Click OK to Add Entitlements

Click OK.

Note: The Add button in this dialog box is for adding additional users to the list. The check boxes are for selecting a user or users you want to remove.

You are returned to the Application Pools list or the Desktop Pools list.

5. Verify That Entitlements Have Been Added

Click the name of the desktop or application pool in the list of pools, and select the Entitlements tab.

Note: You can also use the buttons on the Entitlements tab to add and remove user entitlements for a specific pool.

Configure Unauthenticated Access to Published Applications

In this exercise, you set up the system so that end users can access RDSH-published application pools without having to authenticate first. Use this feature to provide unauthenticated access if your users require access to a seamless application that has its own security and user management, or for kiosk use cases.

For this exercise, you will use the newest Horizon 7 management interface, the Horizon Console, to add and entitle an unauthenticated user. You will use the Horizon Administrator UI to configure unauthenticated access for a specific Connection Server.

Prerequisites for Configuring Unauthenticated Access

To perform this exercise, you need to have created a user account, not a user group, in Active Directory that will be used for unauthenticated access. For this example, we created a user account named Unauthenticated User.

Be sure to create a user account that will not be used for any other purpose. If you select a user with desktop entitlements and make the user an unauthenticated access user, the user will not have access to the entitled desktops.

1. Start the Unauthenticated Access User Wizard

  1. Log in to the Horizon Console, and select Users and Groups.
    The format of the URL for accessing the console is: https://<connection-server-FQDN>/newadmin
  2. Select the Unauthenticated Access tab.
  3. Click Add.

2. Select the User Account to Designate for Unauthenticated Access

  1. Use the Name/User name drop-down list and text box to search for users. For this example, we selected Starts with and entered a Un so that all user and group names that begin with Un will be returned.
    You can narrow your query using the drop-down menus to add search terms and modifiers. If you leave the text boxes empty, all users and groups are returned.
  2. Click Find.
  3. Scroll through the list and select the user account.
  4. Click Next.

3. Enter a User Alias

  1. Enter an alias for the account. For this example, because the user name was Unauthenticated User, which has a space between the words, we added a hyphen to create the alias. Spaces are not allowed.
  2. Click Submit.

The user account is added to the list of users who have unauthenticated access.

4. Edit the Connection Server Configuration

  1. Log in to the Horizon Administrator, and select View Configuration > Servers.
    The format of the URL for accessing the console is: https://<connection-server-FQDN>/admin
  2. Select the Connection Servers tab.
  3. Click Edit.

5. Configure the Authentication Settings for Unauthenticated Access

  1. Scroll down to the View Authentication section, and set Unauthenticated Access to Enabled.
  2. In the Default unauthenticated access user drop-down list, select the user account you added; for this example, Unauthenticated-User.
  3. Click OK.

6. Start the Add Entitlement Wizard in Horizon Console

  1. Log in to the Horizon Console, and select Inventory >  Applications.
    The format of the URL for accessing the console is: https://<connection-server-FQDN>/newadmin
  2. Select the check box next to the name of the pool you want to entitle users to.
    You can select multiple pools.
  3. Select Entitlements > Add Entitlements.

7. Click Add to Add the New User

Click Add.

8. Select the User Account for Entitling Unauthenticated Access to This Pool

  1. Select the Unauthenticated users check box.
  2. Use the Name/User name drop-down list and text box to search for the user. For this example, we selected Starts with and entered a Un so that all user and group names that contains Un will be returned.
    You can narrow your query using the drop-down menus to add search terms and modifiers. If you leave the text boxes empty, all users and groups are returned.
  3. Click Find.
  4. Scroll through the list and select the check box next to the name of the user entitle.
  5. Click OK.

9. Click OK to Add the Entitlement

Click OK.

10. Verify That Entitlement Has Been Added

Click the name of the application pool in the list of pools, and select the Entitlements tab.

Important: At the time of this writing, the latest client software release is Horizon Client 4.8, and this feature is available only for the HTML Access web client, and for Linux, Windows, Android, and Chrome OS client devices. Part of the exercise Use Horizon Client from a PC or Laptop gives step-by-step instructions for using this feature to access published applications anonymously.

For a complete list of rules and guidelines for configuring unauthenticated users, see the product documentation topic Providing Unauthenticated Access for Published Applications.

Use Horizon Client from a PC or Laptop

After you have finished deploying virtual desktops or published applications and entitling users, you are ready to explore end-user connection options. This exercise guides you through using VMware Horizon Client™ on a PC or laptop endpoint, which include Windows, macOS, and Linux.

Prerequisites for Connecting to a Desktop or Application with Horizon Client

To perform this exercise, you need the following:

  • Endpoint PC – You can use a Mac, Linux, or Windows PC. For this exercise, do not use a device with a Windows 10 UWP operating system because the unauthenticated user access feature is not yet available for that OS.
  • Installer – Go to the Download VMware Horizon Clients page, and download and install the free Horizon Client software.
  • User account – To install the Horizon Client software, you must log in to the endpoint device as a user with administrative privileges.
  • Connection Server address – Verify that you have the fully qualified domain name of the Connection Server that brokers connections to the desktop and application pools you created in earlier exercises.
  • Desktop or application pools – Exercises for creating pools are included in the chapters Creating Single-User Desktop Pools and Creating RDSH-Published Desktops and Applications.
  • Configuration of unauthenticated access – To connect anonymously to a published application, you must have performed the exercise Configure Unauthenticated Access to Published Applications.

1. Start Horizon Client

Start VMware Horizon Client the same way you would start any application. For example, on a Windows PC, double-click the desktop icon.

2. Connect to the Connection Server

  1. Click New Server.
  2. When prompted, enter the FQDN of the Connection Server.
  3. Click Connect.

3. Click Continue If You Receive a Security Warning

Click Continue to bypass the certificate warning. If you install a CA-signed security certificate on the machine that hosts the Connection Server, this warning does not appear.

4. Supply User Credentials

Enter credentials of a user who is entitled to desktops and published applications, and click Login.

5. Launch a Desktop or Application

To launch an application or desktop, double-click the icon for the application or desktop.

6. Allow Sharing of Removable Storage and Local Files

Click Allow to allow access to files on your client device, as well as locally connected storage devices such as USB thumb drives, while using virtual desktops and published applications.

7. Verify a Successful Connection

Verify that you have successfully logged in to your desktop or application. For this example, we have successfully logged in to an instant-clone VM from the Windows 10 Desktop pool.

8. Disconnect from the Session and Exit

  1. Close the window as you normally would, and, for desktops, confirm that you want to disconnect.
  2. Quit Horizon Client.
  3. Restart Horizon Client.

9. Select to Log In to Published Applications Anonymously

  1. In Horizon Client, click the Settings toolbar button.
  2. Click to place a check mark in front of Log in anonymously using Unauthenticated Access.

Important: At the time of this writing, the latest release is Horizon Client 4.8, and this feature is available only for the HTML Access web client and for Linux, Windows, Android, and Chrome OS client devices.

10. Connect to the Server

Double-click the server icon.

Instead of being prompted to enter user credentials, you will see the application selector screen, displaying all the published applications that are configured for unauthenticated user access. If no applications appear in the selector, you need to complete the exercise Configure Unauthenticated Access to Published Applications.

11. Launch the Application

Double-click the icon for the application.

12. Verify Unauthenticated Access

Note that the application window looks just like it would if it were a locally installed application.

The application icon for the published application appears in the taskbar just as it would for a locally installed application.

The screenshots in this exercise showed the Windows-based client and seamless integration into the Windows user experience. If you install Horizon Client on other operating systems, such as macOS or Linux, the experience of using Horizon Client is likewise integrated into those operating systems and their OS-specific features.

Tip: If you have problems logging in anonymously, see the complete list of rules and guidelines for configuring unauthenticated users, available in the product documentation topic Providing Unauthenticated Access for Published Applications.

Use the HTML Access Web Client

You can connect to virtual desktops and published applications from an HTML5-enabled web browser. The supported web browsers are

  • Chrome
  • Internet Explorer
  • Microsoft Edge
  • Firefox
  • Safari

The versions of browsers supported depend on the client operating system. For details about supported client operating systems and browser versions, see the VMware Horizon HTML Access User Guide.

Important: The desktop or application you are connecting to through HTML Access must be in a pool with the HTML Access feature enabled. The exercises in this quick-start guide directed you to enable HTML Access when creating pools.

Prerequisites for Connecting to a Desktop or Application with HTML Access

To perform this exercise, you need the following:

1. Use a Browser to Launch HTML Access

  1. Open a supported web browser and enter the address of your Connection Server. The URL format is https://<connection-server-FQDN>
    Note: If you do not have a CA-signed security certificate, you might be prompted to add a security exception to your browser.
  2. Click VMware Horizon HTML Access.

2. Log In to the Server

Enter credentials of a user who is entitled to the desktop or application pool, and click Login.

After the credentials are validated, you can see the available desktops and applications.

3. Mark an Item as a Favorite

  1. Click a star in one of the desktop icons to mark the desktop as a favorite.
    This feature is convenient if you have many desktops and applications and do not want to have to scroll to find the applications and desktops you use most frequently.
  2. Click the Star toolbar button to display only favorites.
  3. Click the desktop icon, rather than the star, to launch the desktop in your browser.

Note: You can also use the Search field to quickly locate an application or desktop if you know its display name.

4. Click an Icon to Launch a Desktop and Then Open the Sidebar

Click the tab on the left side of the screen to open the navigation sidebar.

Note: The green desktop shortcut is for the VMware Horizon Performance Tracker. You selected to install this component when you installed Horizon Agent in the master VM.

5. Open a Published Application Using the Sidebar

  1. Hover your cursor over each toolbar button to display its tooltip.
    You can use the toolbar at the top of the sidebar to
    • Send Ctrl+Alt+Del to the application work area
    • Transfer files, if the feature is enabled
    • Open the Copy & Paste panel
    • Open the Settings menu
  2. Click an application in the sidebar to launch it.

Note: In the sidebar, you can click the star icon to the right of an application or desktop name to designate the item as a favorite, and click the star above the list to display only favorites.

6. Examine the Settings Available Through the Sidebar

Click the Menu toolbar button, and select Settings.

7. Turn On Hardware Decoding

  1. Click the toggle button to set Allow H.264 decoding to On.
  2. Click Close.

When you use a Chrome browser and use the VMware Blast Extreme display protocol, this setting causes the graphics processor on the client device to do the work involved in playing back video and images. Hardware decoding offloads the work to the GPU, so that CPU consumption is reduced, resulting in less device power consumed, for longer battery life. To make the setting take effect, you must disconnect and reconnect to the desktop or application.

For information about the Shadow Session Display Fit to viewer setting, see the product documentation topic Using the Session Collaboration Feature.

8. Disconnect from the Desktop

In the list of running desktops and applications, click the Menu toolbar button next to the desktop and select Close, or close the browser tab or window.

This exercise described using the HTML Access web client, which does not require installing any software on the client device. For information about HTML Access features such as copying and pasting or transferring files between your local client system and the virtual desktop or published application, see the HTML Access documentation.

This exercise described logging in as an entitled user. For information about logging in using unauthenticated user access, see the product documentation topic Use Unauthenticated Access to Connect to Published Applications.

Use Horizon Client from a Mobile Device

This exercise guides you through using the iOS Horizon Client on an iPad, though Horizon Clients are also available for Android, Windows 10 UWP, and Chromebook mobile devices.

Prerequisites for Connecting to a Desktop or Application with Horizon Client

To perform this exercise, you need the following:

1. Start Horizon Client

Launch Horizon Client, enter the FQDN of the Connection Server in the Server Address text box, and tap Add Server.

Tip: If you are using the default self-signed SSL certificate, an Untrusted View Connection warning appears. You can modify the Horizon Client security settings by tapping the Settings link in the upper-right corner.

2. Click Continue to Accept the Self-Signed Certificate

If prompted about an untrusted Horizon connection, click Continue.

3. Log In to the Connection Server

Enter the credentials of a user who is entitled to the desktop or application pool.

4. Launch a Desktop

On the desktop and application selector page, tap a desktop icon to connect to a virtual desktop.

Tip: You can tap and hold an icon to display a context menu and mark the item as a favorite. Tap Favorites at the bottom of the screen to display only items marked as favorites.

The Unity Touch sidebar appears on the left side of the screen. If you are connected to a desktop, the sidebar provides the functionality of a typical Windows Start menu without having to maneuver your touch screen to use the Start menu. If the sidebar is closed, you can slide the tab to the right to open the sidebar.

5. Tap All Programs and Select an Application

Tap All Programs in the sidebar and tap an application such as a word-processing or spreadsheet application, which allows you to enter text.

Tip: For convenience, to keep favorite applications or files listed in the sidebar, tap Manage under FAVORITE APPLICATIONS or FAVORITE FILES and select your favorites.

6. Enter Text in the Application

Tap in the application to enter text.

The on-screen keyboard appears unless you already have a keyboard attached to the device.

Above the traditional keyboard overlay is a row of Windows-specific keys such as arrow keys, Ctrl, Win, and so on.

7. Tap the Horizon Client Tools Icon

Tap the Horizon Client Tools icon, and note the various icons for the various client settings.

The Horizon Client Tools enable you to perform such tasks as disconnecting from the session or bringing up the keyboard.

8. 9.Tap the Disconnect Icon

To end the desktop session, tap the Disconnect icon.

After you confirm that you want to disconnect, you are disconnected from your desktop session and returned to the list of available desktops and applications.

9. Launch a Published Application

On the desktop and application selector screen, tap a published application, such as Calculator.

The Calculator application appears, along with the sidebar. To exit out of the Calculator application, you can tap the Close button (X) just as you would for a Windows application installed on a Windows PC or laptop.

The Unity Touch sidebar displays a list of the other application pools and desktop pools the user is entitled to. You can use the sidebar to quickly switch to another desktop or published application provided by the server you are logged in to.

10. Launch a Desktop Using the Sidebar

Tap an arrow next to a desktop listed in the sidebar, and tap Connect. You are logged in to the desktop.

This exercise showed only a few of the features available on mobile clients. For more information about all the features for the various Horizon Clients, see the VMware Horizon Client documentation.

Troubleshooting

Introduction to Troubleshooting

The exercises in this chapter demonstrate a couple of tools you can use for troubleshooting using the new Horizon Console UI.

For further information about troubleshooting, see the following Horizon 7 product documentation topics:

Monitor Remote Sessions

You can use Horizon Administrator and the new Horizon Console to monitor desktop and application sessions. These consoles give you a view into details from a farm, pool, or machine perspective. For example, you can see how many sessions are active for a pool. If you need to drill down into details for a particular user, the new Help Desk Tool is preferred, as is described in later exercises.

Note: To monitor linked-clone pools, which are created using the Composer, you must use Horizon Administrator. Linked-clone pools are visible but dimmed in the Horizon Console Inventory > Desktops list of desktop pools.

Prerequisites for Monitoring Remote Sessions

To perform this exercise, you need to have created a desktop or application pool.

1. Go to the Summary Page for the Pool or RDSH Server Farm

  1. Log in to the Horizon Console, and select Inventory > Desktops, for VDI desktop pools, or Inventory > Farms, for RDSH server farms.
    The format of the URL for accessing the console is: https://<connection-server-FQDN>/newadmin
  2. For VDI desktop pools, click the pool name on the Desktop Pools page. For published applications or desktops, click the farm name on the Farms page.

2. Monitor Sessions for a Desktop Pool or Farm

Click the Sessions tab to see the following information about each session:

  • User name
  • Host name
  • Start and duration time
  • Session state
  • Display protocol; for example: Blast Extreme, PCoIP, RDP

3. Select Sessions

If you need to perform emergency maintenance tasks, you can select one or more users in the list, and click a button to

  • Disconnect the session.
  • Log the user out of the session.
  • Restart the user's desktop.
  • Reset the VM.
  • Send a message to the user.

Note: The Restart Desktop and Reset Virtual Machine buttons are not available for RDSH server sessions.

Verify Prerequisites for Using the Horizon Help Desk Tool

To use the Horizon Help Desk Tool to look up and troubleshoot user sessions, you must have the correct type of Horizon license and you must verify that at least one user account in Horizon Administrator has been assigned the required role.

1. Verify That the Horizon License Includes Horizon Help Desk Tool

  1. Log in to Horizon Administrator, and select View Configuration > Product Licensing and Usage.
    The format of the URL for accessing Horizon Administrator is: https://<connection-server-FQDN>/admin
  2. Verify that the Help Desk license is enabled.

You must have a valid product license key for Horizon 7 Enterprise Edition or Horizon Apps Advanced. If you do not have the correct license, after you obtain one, you can click the Edit License button to add the new license.

2. Familiarize Yourself with the Help Desk Administrators Roles

  1. In Horizon Administrator, select View Configuration > Administrators.
  2. Click the Roles tab.
  3. Select the Help Desk Administrators role.
  4. Scroll through the Permissions list to see which permissions are granted to this role.

Note: If you installed the Horizon Connection Server that included this instance of Horizon Administrator, you were automatically given the Administrators role. This role includes all the permissions required for the Help Desk Administrator role. If you do not have the correct permissions, you will need to edit your permissions and add the Help Desk Administrators role, as shown in the following screen shot:

Use the Help Desk Tool to Restart a User's Virtual Desktop

In this exercise, you are a help-desk administrator. An end user needs your help because their virtual desktop has stopped responding. For virtual desktops in this desktop pool, end users are not allowed to reset or restart their machines, so the user has asked you to restart the machine. Using the Horizon Help Desk Tool, you can perform this task in less than a minute.

You can perform many troubleshooting tasks for end users with this tool:

  • Restart the desktop
  • Send a message to the user
  • Launch Microsoft Remote Assistance
  • Disconnect the user session (without logging the user off)
  • Log the user off of the machine
  • Reset the machine, which equates to turning the power off and then on, and is useful if the OS freezes

The following section, Troubleshooting Users in Horizon Help Desk Tool, lists all the details about the various types of information you can view for an end user. (10-minute read)

Prerequisites

Use Horizon Client or the HTML Access web client to log in to a virtual desktop as an end user. After you connect to the desktop, an active session can appear in the Horizon Help Desk Tool.

1. Log In to Horizon Console

In Horizon Administrator, click Horizon Console.

2. Select the End User

  1. Log in to the Horizon Console, and enter the user's name in the search bar.
    The format of the URL for accessing the console is: https://<connection-server-FQDN>/newadmin
  2. Select the user from the search results.

3. Select the Desktop or Application Session to Troubleshoot

On the Sessions tab, in the list of active sessions, click an item in the Computer Name column.

4. Scroll Down and Click the Restart Button

Scroll down the Details tab until you get to the end of the User Experience Metrics section, and click Restart.

Also note the other troubleshooting options. The Remote Assistance option is based on Microsoft Remote Assistance. If you click More, the additional options are Disconnect, Logoff, and Reset. For more information, see Troubleshoot Desktop or Application Sessions in Horizon Help Desk Tool.

5. Confirm Restarting the Desktop

Click OK. You are returned to the Sessions list, and the session for the desktop is removed from the list.

For application sessions, the troubleshooting options are slightly different, as shown in the following screenshot.

Be sure to see the VMware Horizon v7.5 Help Desk Tool Feature Walkthrough video for the Horizon 7 Help Desk.

Summary and Additional Resources

Summary

This quick-start guide demonstrated just how quickly and easily you can use VMware Horizon 7 to create VDI desktops and RDSH-published applications and desktops using a Horizon 7 on-premises infrastructure. You completed simple wizards to install and configure a Connection Server, which streamlines provisioning of RDSH servers and cloned desktops.

You then created automated desktop pools and an automated RDSH farm. With one simple wizard, you created multiple application pools. Next, you entitled end users to applications and desktops. In addition, this guide provided an overview of features, architecture, and components.

Finally, you enjoyed the end-user experience of launching desktops published applications from the Windows-based Horizon Client,  the iOS-based Horizon Client, and the web-based HTML Access client. The native client software can be installed on Windows, Windows UWP, macOS, Linux, Chromebook, iOS, and Android endpoint devices.

Because this guide is meant to get you started quickly, it does not delve into details of all the options and features that provide a rich user experience:

  • Support for use cases such as graphics-intensive 3D applications with NVIDIA GRID vGPU and Unified Communications with Microsoft Skype for Business.
  • Quick and easy access to a user’s files from their virtual desktops and applications with file-type association
  • Support for the most commonly used peripherals, including printers, scanners and imaging devices, smart cards, and USB storage devices
  • Performance optimizations to increase application responsiveness

For more information about these and other topics, see the VMware Horizon 7 documentation.

Additional Resources

The following documents are companion quick-start tutorials for Horizon 7:

You can find out more about Horizon 7 from the following resources:

You can learn more about infrastructure products that support Horizon 7 from the following resources:

About the Authors and Contributors

This tutorial was written by Caroline Arakelian, Senior Technical Marketing Manager, End-User-Computing Technical Marketing, VMware, and Cindy Heyer Carroll, Technical Writer, End-User-Computing Technical Marketing, VMware, with appreciation and acknowledgement for assistance from:

  • Jim Yanik, Senior Manager, End-User-Computing Technical Marketing, VMware
  • Donal Geary, Reference Architect Engineer in End-User-Computing Technical Marketing, VMware
  • Frank Anderson, End-User-Computing Architect, End-User-Computing Technical Marketing, VMware
  • Graeme Gordon, Senior Staff End-User-Computing Architect, End-User-Computing Technical Marketing, VMware
  • Marilyn Basanta, Director, Global Platform Engineering & Analytics, VMware

 

Your feedback is valuable. To comment on this tutorial, contact VMware End-User-Computing Technical Marketing at euc_tech_content_feedback@vmware.com.