Quick-Start Tutorial for VMware Horizon 7

JMP (pronounced jump), which stands for Just-in-Time Management Platform, represents capabilities in VMware Horizon 7 Enterprise Edition that deliver Just-in-Time Desktops and Apps in a flexible, fast, and personalized manner. JMP is composed of the following VMware technologies:

• VMware Instant Clone Technology for fast desktop and RDSH provisioning
• VMware App Volumes™ for real-time application delivery
• VMware Dynamic Environment Manager™ for contextual policy management

JMP allows components of a desktop or RDSH server to be decoupled and managed independently in a centralized manner, yet reconstituted on demand to deliver a personalized user workspace when needed. JMP is supported with both on-premises and cloud-based Horizon 7 deployments, providing a unified and consistent management platform regardless of your deployment topology. The JMP approach provides several key benefits, including simplified desktop and RDSH image management, faster delivery and maintenance of applications, and elimination of the need to manage “full persistent” desktops.

This tutorial is provided to help you evaluate Horizon 7. The first chapter provides an overview of the key VDI and RDSH features. Subsequent chapters contain exercises to guide you through the basic installation and initial configuration processes, and to explore key features and benefits.

Note: This tutorial is designed for evaluation purposes only. It uses the minimum required resources for a basic deployment and does not explore every feature. Do not use this evaluation environment as a template for a production environment. For information beyond the considerations of this tutorial, see VMware Horizon 7 Documentation.

This tutorial is intended for IT administrators, architects, engineers, and product evaluators who want to install Horizon 7 and deploy a VDI environment. Both current and new users can benefit from using this tutorial. You should be familiar with VMware vSphere and VMware vCenter Server^®. Familiarity with other technologies is also helpful, including networking and storage in a virtual environment, Active Directory, identity management, directory services, and RSA SecurID.

VMware vCenter Server, included in the vSphere suite, is the central management console for your vSphere infrastructure, virtual machines, and VMware ESXi™ servers. A vCenter Server can be quickly set up and deployed, using host profiles or Linux-based virtual appliances. The vCenter Server console provides centralized control and visibility into servers that host virtual desktops, ESXi servers, virtual machines, storage, networking, and other critical elements of your virtual infrastructure. You can use vCenter Server to allocate resources for improved performance.

For more information, see VMware vSphere Documentation.

VMware ESXi is a bare-metal hypervisor that can be installed directly onto your physical server, and partitioned into multiple virtual machines. Because ESXi runs on bare metal without an operating system, the footprint is reduced, giving a very small surface for possible malware and over-the-network attacks. This also simplifies deployment and configuration by reducing the number of configuration options.

For more information, see the VMware ESXi Installation and Setup.

Horizon Administrator is the classic web-based administrative console for managing users and Horizon 7 resources such as desktops and applications. Horizon Administrator is included when you install a Connection Server. With the use of Horizon Administrator, you can centrally manage thousands of virtual desktops from a single location.

Figure: VMware Horizon Administrator

Horizon Console is the latest version of the Web interface through which you can create and manage virtual desktops and published desktops and applications. Horizon Console integrates VMware Horizon Just-in-Time Management Platform (JMP) Integrated Workflow features for managing workspaces.

Horizon Console includes an almost complete implementation of Horizon 7 features. You can use Horizon Administrator, the classic web interface, to access those very few features that are not yet available in Horizon Console.

To access Horizon Console, you log in to the Horizon Administrator, and click the Horizon Console button. You are authenticated through SSO. Horizon Console appears in a new tab, so both consoles are at your fingertips. You can also access Horizon Console from your browser: https://<connectionserver>/newadmin.

Figure: VMware Horizon Console

Horizon Console includes an easier desktop and application deployment process, just-in-time desktop delivery, and a more secure Web interface. Horizon Console also supports the following features:

• Entitlements: User, group, desktop, and application assignments
• Authentication: Remote access authentication and unauthenticated access for published apps
• Virtual desktops: Virtual desktop pool creation for automated, full clones, and instant clones, including dedicated assignments
• Published desktops: Published desktops with manual and instant-clone farms
• Published applications: Published applications with manual and existing application pools
• Virtual machines: VMs registered both with and without vCenter Server

For more information, see VMware Horizon 7 documentation.

The Horizon Connection Server brokers client connections by authenticating users and directing incoming user desktop and application requests. Users connect to a Connection Server to access their virtual desktops and native, virtual, or RDSH-based applications. The Connection Server provides the following management capabilities:

• Authenticating users
• Entitling users to specific desktops, applications, and pools
• Managing local and remote desktop and application sessions
• Establishing secure connections between users and desktops or applications
• Enabling single sign-on
• Setting and applying policies
• Managing an instant-clone engine

For more information, see Horizon 7 Architecture Planning and Horizon 7 Installation.

The optional Horizon Composer is not required for instant clones. It enables you to create and manage pools of linked-clone desktops. The Composer server works with the Connection Servers and a vCenter Server. Composer is the legacy method that enables scalable management of virtual desktops by provisioning from a single golden image using linked-clone technology.

Horizon Agent communicates between Horizon Client and virtual desktops or RDSH servers. You must install Horizon Agent on all virtual machines managed by vCenter Server so that Connection Server can communicate with the virtual machines. Horizon Agent also provides features such as connection monitoring, client drive redirection, virtual printing, and access to locally connected USB devices. This process can be simplified by installing Horizon Agent on the golden image used to deploy virtual machines to a group of users.

VMware Horizon^® Client for Windows, Windows 10 UWP, macOS, iOS, Linux, or Android is installed on every endpoint. This enables your end users to access their virtual desktops and published applications from a variety of devices such as smartphones, zero clients, thin clients, PCs, laptops, and tablets.

Horizon Client enables users to do the following:

• Connect to a Connection Server or a VMware Unified Access Gateway™ appliance
• Log in to their remote desktops in the data center
• Edit the list of servers that they connect to

You can choose between multiple download processes. One option is to allow your end users to download Horizon Client directly from Download VMware Horizon Clients. Another option is to determine which Horizon Client each end user can download, and store the Horizon Client installers on a local storage device using the View user portal (the default landing page for Connection Server).

For more information, see Configure the VMware Horizon Web Portal Page for End Users.

VMware Unified Access Gateway (formerly called VMware Access Point) provides a secure gateway that allows users to access their desktops and applications from outside a corporate firewall. You can design a Horizon 7 deployment that uses Unified Access Gateway for secure external access to internal Horizon 7 desktops and applications. Unified Access Gateway appliances typically reside in a demilitarized zone (DMZ) and act as a proxy host for connections inside your trusted corporate network. This structure shields Horizon 7 virtual desktops, servers, applications, and Connection Servers from the public Internet, adding an extra layer of security. In addition to security, Unified Access Gateway features include:

• Authentication in the DMZ
• Smart-card support
• Native RSA SecurID and RADIUS authentication
• Blast Extreme traffic directed to port 443 by default
• Security Assertion Markup Language (SAML) assertions

For more information, see the Unified Access Gateway: Overview and Use Cases video series.

VMware App Volumes is a real-time Windows application-delivery and application life-cycle-management solution. App Volumes uses application containers called AppStacks, which are virtual disks that contain all of the components that are required to run an application, such as executables and registry keys. When an AppStack is deployed, it is available for use within seconds without end-user installation. Applications can be deployed once to a single central file and accessed by thousands of desktops. This simplifies application maintenance, deployment, and upgrades.

App Volumes also provides user-writable volumes for a limited number of users. Writable volumes are a mechanism to capture user-installed applications that are not, or cannot be, delivered by AppStacks. This reduces the likelihood that persistent desktops would be required for a use case. The user-installed applications follow the user as they connect to different virtual desktops.

For more information, see VMware App Volumes Documentation.

VMware Dynamic Environment Manager (formerly called User Environment Manager) is a scalable solution for profile and policy management for virtual, physical, and cloud-based Windows desktop environments. You can use Dynamic Environment Manager to simplify your policy management by replacing and unifying problematic, unmaintainable, or complex login scripts and profile logic. You can map environmental settings, such as networks and printers, and dynamically apply end-user security policies and customizations. Dynamic Environment Manager ensures that each end user’s settings and customizations follow them from one location to the next, regardless of the endpoint used to access their resources.

For more information, see  VMware User Environment Manager 9.2 Technical Overview.

VMware Workspace ONE Access (formerly called VMware Identity Manager) is a solution that provides application provisioning, a self-service catalog of applications and virtual desktops, conditional access controls, and single sign-on (SSO) for software as a service (SaaS), web, and cloud resources. Workspace ONE Access gives your IT team a central place to manage user provisioning and access policy with directory integration, identity federation, and user analytics.

For more information, see the VMware Workspace ONE Access (Identity Manager) Documentation.

On any web browser, navigate to the VMware Horizon 7 Product Evaluation Center, and log in. If you do not already have an account, you can create one here.

In the Product Evaluation Center, scroll down to the License Information, and make a note of the Horizon 7 Enterprise license.

Scroll down to Download Packages, expand the VMware Horizon Enterprise Binaries section, and download the following packages, and note where you store them for reference during the installation process:

• Horizon Connection Server (64-bit)
• Horizon Agent (64-bit)
• Horizon Composer

If you do not already have a vSphere environment set up, scroll down and expand the Hypervisor and Management Server Binaries section, and download the following packages:

• VMware vSphere Hypervisor (ESXi ISO) image (Includes VMware Tools)
• VMware vCenter Server and modules for Windows

Before you can perform the exercises in this guide, you must have a VMware vSphere 6 infrastructure that contains at least one VMware ESXi host and one vCenter Server instance. This guide does not provide instructions for installing these vSphere components. For instructions see the vSphere Product Documentation.

Navigate to Download VMware Horizon Clients and download VMware Horizon Client (64-bit). Horizon Client is required for exercises in other chapters.

To perform this exercise, you need a  VMware vSphere 6 infrastructure that contains at least one VMware ESXi host and one VMware vCenter Server instance. This guide does not provide instructions for installing these vSphere components. For instructions see the vSphere Product Documentation.

Step-by-step instructions for using vSphere Web Client to create a VM are beyond the scope of this tutorial, and are already provided in a companion guide. See the section Create a Virtual Machine, in the guide Creating an Optimized Windows Image for a VMware Horizon Virtual Desktop.

Use the following specifications.

Step-by-step instructions for installing the OS in a VM are beyond the scope of this tutorial, and are already provided in a companion guide. See the section Install Windows, in the guide Creating an Optimized Windows Image for a VMware Horizon Virtual Desktop. For the Windows Operating system, we recommend using one of the following:

• Windows Server 2016 Standard (Desktop Experience)
• Windows Server 2016 Datacenter (Desktop Experience)

For a list of all possible supported operating systems, see Supported Operating Systems for Horizon Connection Server.

Step-by-step instructions for updating Windows are beyond the scope of this tutorial, and are already provided in a companion guide. See the section Update Windows and Run Ngen and DISM, in the guide Creating an Optimized Windows Image for a VMware Horizon Virtual Desktop.

Step-by-step instructions for installing VMware Tools are beyond the scope of this tutorial, and are already provided in a companion guide. See the section Install VMware Tools, in the guide Creating an Optimized Windows Image for a VMware Horizon Virtual Desktop.

Step-by-step instructions for changing the network adapter type from E1000 to VMXNET 3 are included in the procedure Optimize the Hardware, in the guide Creating an Optimized Windows Image for a VMware Horizon Virtual Desktop.

Important: Do not perform the exercises in Creating an Optimized Windows Image for a VMware Horizon Virtual Desktop for installing the RDSH role. For the purposes of creating Horizon Connection Server, the database server, and the Composer server, the servers should not have the RDSH role installed. That role is for servers that will be used to create RDSH server farms.

For instructions cloning a VM to a VM template, see the vSphere product documentation topic Clone a Virtual Machine to a Template.

Deploy VMs as needed for the following Horizon servers:

• Connection Server
• Microsoft SQL Server, if you do not already have a server to use
• Composer, if you plan to perform the exercises for creating linked clones

For instructions on deploying VMs from a VM template, see the vSphere product documentation topic Deploy a Virtual Machine from a Template.

You can edit the virtual hardware settings for the number of vCPUs and the amount of memory as you complete the Deploy Template wizard. You do not need to edit these settings, but you can if you wish. For information about minimum requirements, see the following product documentation topics:

• Hardware Requirements for Horizon Connection Server
• Hardware Requirements for Standalone View Composer

To perform this exercise, you will need the following:

• User account – When you log in to the OS to run the installer, the account you use must have administrative privileges.
• Installer – If necessary, you can download the installer from the Download VMware Horizon page or the VMware Horizon 7 Product Evaluation Center. You must download and copy the installer file to the Connection Server VM, or, alternatively, you can copy it to a location accessible to the system.
• VM that satisfies virtual hardware requirements – If you performed the exercise Create VMs for the Connection Server and Composer, you have an appropriate VM. If you did not perform that exercise, make sure that the VM you have adheres to the specifications listed in the product documentation topic Hardware Requirements for Horizon Connection Server.
• Windows OS – The system must be running a supported Windows version. We recommend Windows Server 2016. for a complete list of supported operating systems, see Supported Operating Systems for Horizon Connection Server.
• Static IP address – The system must have an IP address that does not change. In an IPv4 environment, configure a static IP address. In an IPv6 environment, machines automatically get IP addresses that do not change.
• Supported browser – The last step of this procedure has you log in to Horizon Console, the latest web-based administrative console. The latest versions of most browsers are supported. For a complete list, see Horizon Administrator Requirements.
  Note: To use the older, Flash-based Horizon Administrator console, you must have Adobe Flash 10.1 or later installed.

Navigate to the Connection Server installation file that you downloaded earlier, and double-click the file to start the installation wizard.

If asked whether to allow changes to your device, click Yes.

On the installation wizard Welcome page, click Next.

1. Select I accept the terms in the license agreement.
2. Click Next.

Click Next.

1. Select the Horizon 7 Standard Server installation option.
2. Select the Install HTML Access option to allow users to connect through web browsers.
3. Accept the default IPv4 protocol option.
4. Click Next.

1. In the Data Recovery window, enter the password.
2. You can enter an optional reminder for future reference.
3. Click Next.

1. Accept the default to configure the firewall automatically.
2. Click Next.

1. Enter the domain user or domain group to authorize access to the Horizon Administrator.
2. Click Next.

1. In the User Experience Improvement Program window, you can deselect the Join the VMware Customer Experience Improvement Program option to opt out of the program.
2. Click Next.

In the Ready to Install the Program window, click Install.

Click Finish to close the wizard.

Launch the Horizon Console using one of the following methods:

• If you are logged in to the server on which you installed the Connection Server, open a browser and enter the following URL: https://127.0.0.1/newadmin
• If you are accessing Horizon Administrator from a machine other than the one you used for installation, open a browser and enter the following URL: https://<connection-server-name>/newadmin.

If you see the security warning, such as this one in Firefox, use the necessary UI controls to continue on. For example, for Firefox, you would click the Advanced button and then scroll down and click Accept the risk and continue.

Alternatively, if you would rather use the legacy Horizon Administrator console than the Horizon Console, on the server where you installed the Connection Server, you can double-click the Horizon 7 Administrator desktop icon. Remember, to use this UI, you must have Flash installed.

Log in to Horizon Console using an account that belongs to the user or group account you specified in Specify the User or Group Who Will Have Full Administrative Privileges.

For more information about installation and all the options, see the Horizon 7 Installation guide.

To perform this exercise, you need the following:

• SQL Server instance – This is the database server on which you will create the Composer database. For the example in this exercise, we used Microsoft SQL Server 2016. To simplify the setup for completing this tutorial in a lab setup, we recommend that you use the same SQL Server instance for the Composer database, the event database, and the JMP server database. For a list of databases that support all three of these components, see the product documentation topic Database Requirements for JMP Server.
  Tip: If you performed the exercise Create VMs for the Connection Server and Composer, you can also clone a VM for your SQL Server instance.
• Microsoft SQL Server Management Studio – For the example in this exercise, we used Microsoft SQL Server Management Studio v17.7. The instructions might differ slightly for different versions of SQL Server Management Studio.
• SA credentials – To create the necessary logins for the Composer server database, you will log in to the SQL Server instance as the sysadmin (SA) or as a user account with SA privileges.

1. On the VM where SQL Server and SQL Server Management Studio are installed, click the Start button.
2. Navigate to and select Microsoft SQL Server Management Studio.

1. Select SQL Server instance. By default your Windows login credentials are used, but you are not required to use Windows authentication.
2. Log in as the sysadmin (SA) or using a user account with SA privileges.
3. Click Connect.

1. In the Object Explorer, right-click Databases.
2. Select New Database.

1. For the database name, enter ComposerDB. You must use only ASCII characters. Use the default settings.
2. Click OK.

The new database is added under the Databases folder in the Object Explorer pane.

1. Expand the Security folder, and right-click Logins.
2. Select New Login.

1. Enter a login name, using ASCII characters only; for example, ComposerUser.
2. Select SQL Server authentication, and create a password.
3. De-select Enforce password expiration. For the purposes of this exercise, you do not need to use password expiration.
4. Set the default database to the Composer database.
5. Select a default language.

1. Select the Server Roles page.
2. Select the sysadmin check box.

1. Select the User Mapping page.
2. Select the ComposerDB database.
3. Select the db_owner role.
4. Click OK.

The new login is added under the Security > Logins folder in the Object Explorer pane.

To perform this exercise, you will need the following:

• Database – Verify that you have performed all the steps in the exercise Set Up the Composer Database, which include creating the database for storing Composer information and a login user with the correct privileges for the Composer server to communicate with the database.
• SQL Server Native Client 11 – If the driver for the native client is not already installed on the Composer server machine, you can download the installer, which is called sqlncli.msi and is one of the components included in the Microsoft SQL Server 2016 Feature Pack. You will select this driver when you are completing the Composer installation wizard.
• User account for running the installer – When you log in to the OS to run the installer, the account you use must have administrative privileges.
• Installer – If necessary, you can download the installer from the Download VMware Horizon page or the VMware Horizon 7 Product Evaluation Center. You must download and copy the installer file to the Composer server VM, or, alternatively, you can copy it to a location accessible to the system.
• VM that satisfies virtual hardware requirements – If you performed the exercise Create VMs for the Connection Server and Composer, you have an appropriate VM. If you did not perform that exercise, make sure that the VM you have adheres to the specifications listed in the product documentation topic Hardware Requirements for Standalone View Composer.
• Windows OS – The system must be running a supported Windows version. We recommend Windows Server 2016. for a complete list of supported operating systems, see the product documentation topic Supported Operating Systems for View Composer.

Navigate to the Composer installation file that you downloaded earlier, and double-click the file to start the installation wizard.

On the installation wizard Welcome page, click Next.

1. Select I accept the terms in the license agreement.
2. Click Next.

Click Next.

Click ODBC DSN Setup.

Click Add.

1. Now that a data source is created, enter the data source name; for example, Composer-data-source.
2. Enter the user name and password for the login you created in the exercise Set Up the Composer Database.
3. Click Next.
4. Click OK. You can safely ignore this warning because the user you created uses SQL Server authentication rather than Windows authentication.

Click Next.

Click Install.

When installation is complete, click Finish to close the wizard.

To finalize the installation, click Yes to reboot the virtual machine.

On the Composer VM, open the Services applet, and verify that the VMware Horizon 7 Composer service is running.

To perform this exercise, you must have a user account for logging in to the domain controller as an administrator and creating users and OUs in Active Directory.

On the Active Directory Domain Controller, log in as an administrator, and go to Start button > Administrative Tools > Active Directory Users and Computers.

1. Expand the domain.
2. Right-click Users.
3. Select New.
4. Select User.

1. Right-click the domain.
2. Select New.
3. Select Organizational Unit.

If you plan to perform the exercise for creating an instant-clone farm of RDSH servers, repeat the step Create an OU for Instant-Clone Desktops and Delegate Control to create an OU for the instant-clone RDSH server computer accounts. You might name the OU RDSH Servers.

If you plan to perform the exercise for using the Composer and creating a linked-clone desktop pool, repeat the step Create an OU for Instant-Clone Desktops and Delegate Control to create an OU for linked-clone desktop computer accounts. You might name the OU Linked Clones. The OUs for linked clones require the same delegation permissions as those for instant clones.

Note: In a production environment, usually the decision is made to use either linked clones or instant clones.

Before you perform this exercise, you need a valid license. You can use an evaluation license. For information about purchase options, see the VMware End-User Computing Packaging and Licensing guide.

1. In the Horizon Console, navigate to Settings >  Product Licensing and Usage.
2. Click Edit License.

1. Enter the 25-character serial number of the product license key.
2. Click OK.

1. Verify that the license expiration date has not already passed.
2. Verify that the licenses for Desktop, Application Remoting, Composer, and Instant Clone are all enabled.

Before you perform this exercise you need the following:

• Horizon 7 license – See Add the Product License Key.
• vCenter Server user account – For more information, see Configure a vCenter Server User for Horizon 7 and View Composer. The account privileges you need depend on whether you are using the Composer (which is optional).
  Tip: In a test environment, you could use the administrator account (administrator@vsphere.local), which has all administrator privileges.
• View Composer Server user account – (Optional) The account must be a domain user account and must be a member of the local Administrators group on the standalone View Composer machine. Complete this setting if you plan to create linked-clone desktop pools.
• Domain user account for adding linked clones – (Optional) This is a domain administrator account with permissions to create and delete computer objects and write properties in the domain. You already created this user account if you performed the exercise Create a Domain User Account and OUs in AD for Clone Operations. You need this information only if you plan to created linked-clone desktop pools.
  Tip: In a test environment, you could use an account that is a member of the Domain Administrators group, which has all the required privileges.

1. In Horizon Console, navigate to Settings > Servers.
2. Click Add.

1. Enter the FQDN of the vCenter Server instance, and the user name and password for the vCenter Server user account, as described in Prerequisites for Adding vCenter Server.
2. Accept the default values for the port and other advanced settings, and click Next.

Important: If your session in the Horizon Console is idle for more than a few minutes, you might be automatically logged out, and if you were in the middle of completing the Add vCenter Server wizard, your changes will be lost.

If an Invalid Certificate Detected prompt is displayed, click View Certificate., and in the Certificate Information window that appears, review the thumbprint of the default self-signed certificate that was generated during installation, and click Accept.

1. In the Horizon Composer section, select Standalone Horizon Composer Server, and configure the following Composer Settings:
   • Server address: Enter the FQDN of your Composer VM.
   • User Name: Enter the user name of your vCenter Server user account; for example, domain.com\user or user@domain.com. This account is described in Prerequisites for Adding vCenter Server.
   • Password: Enter the password of your vCenter Server user account.
   • Port: Use the default.
2. Click Next.

Important: If you do not plan to create linked-clone desktop pools, you can skip this step and its sub-steps.

In the Storage Settings section, accept the defaults, and click Next.

1. On the Ready to Complete page, review the vCenter Server information.
2. Click Submit.

On the vCenter Servers tab, verify the vCenter Server that you just connected to your Horizon 7 environment.

Before you perform this exercise, you must have a domain user account that has the required Active Directory permissions so that cloned desktops can be joined to the domain. These include permissions to create and delete computer objects, and write properties in the domain or in the OUs (organizational units) that you select when creating desktops in later exercises. You have already created this user account if you performed the exercise Create a Domain User Account and OUs in AD for Clone Operations.

Tip: In a test environment, you could use an account that is a member of the Domain Administrators group, which has all the required privileges.

1. Select the domain from the drop-down list.
2. Enter the user name and password of the domain user account for creating instant-clones.
3. Click OK.

Verify that the domain and the domain admin user name now appear on the Instant Clone Domain Accounts page.

To perform this exercise, you need the following:

• SQL Server instance – This is the database server on which you will create the event database. For the example in this exercise, we used Microsoft SQL Server 2016. To simplify the setup for completing this tutorial in a lab setup, we recommend that you use the same SQL Server instance for the event database, the Composer database, and the JMP server database. For a list of databases that support all three of these components, see Database Requirements for JMP Server.
• Microsoft SQL Server Management Studio – For the example in this exercise, we used Microsoft SQL Server Management Studio v17.7. The instructions might differ slightly for different versions of SQL Server Management Studio.
• Microsoft SQL Server Configuration Manager – For the example in this exercise, we used SQL Server 2016 Configuration Manager. The instructions might differ slightly for different versions of SQL Server Configuration Manager.
• SA credentials – To create the necessary logins for the JMP server database, you will log in to the SQL Server instance as the sysadmin (SA) or as a user account with SA privileges.

1. On the VM where SQL Server and SQL Server Management Studio are installed, click the Start button.
2. Navigate to and select Microsoft SQL Server Management Studio.

1. Select the SQL Server instance from the drop-down list.
2. Log in as the sysadmin (SA) or using a user account with SA privileges.
3. Click Connect.

1. In the Object Explorer, right-click Databases.
2. Select New Database.

1. For the database name, enter Horizon7Events. Use the default settings.
2. Click OK.

1. To create a login so that the Connection Server can access the database to log events, expand the Security folder, and right-click Logins.
2. Select New Login.

You must verify that the TCP/IP protocol is enabled and that the default port 1433 is used for all IP addresses.

1. In Horizon Console, navigate to Settings > Event Configuration.
2. In the Event Configuration pane, click Edit.

To perform this exercise, you need the following:

• Golden VM and snapshot – Before you can deploy a pool of desktops, you must create an optimized golden image, which includes installing and configuring a Windows operating system in a VM, optimizing the OS, and installing the various VMware agents required for desktop pool deployment. For step-by-step instructions, see the guide Creating an Optimized Windows Image for a VMware Horizon Virtual Desktop.
• Connection Server – For installation and setup instructions, see the exercises Install Horizon Connection Server, Add the Product License Key, and Add a vCenter Server Instance.
• AD OU – You must have determined which Active Directory OU to use for storing instant-clone computer accounts. In a test environment, you can use the Computers OU. In a production environment, VMware recommends that you create a specific OU and domain user, and delegate the minimum required permissions, as described in the exercise Create a Domain User Account and OUs in AD for Clone Operations.
• Instant-clone domain administrator – You must have added an instant-clone domain administrator, as described in the exercise Add an Instant-Clone Domain Administrator.
• VM folder – (Optional) Having a specific VM folder in the vCenter Server inventory helps you locate and manage the virtual desktops in the instant-clone pool.

1. Log in to the Horizon Console, and select Inventory > Desktops.
   The format of the URL for accessing the console is: https://<connection-server-FQDN>/newadmin
2. Click Add.

1. Select Automated Desktop Pool.
2. Click Next.

1. Select Instant Clone, and, optionally, add a description of the pool.
2. Select the vCenter Server instance.
3. Click Next.

1. Select Floating. Instant-clone pools can use either floating or dedicated user assignment. For this exercise, we use floating assignment.
   • Dedicated assignment – Each desktop is assigned to a specific user. A user logging in for the first time gets a desktop that is not assigned to another user. The user always gets this same desktop after logging in, and this desktop is not available to any other user.
   • Floating assignment – Users get a random desktop every time they log in. When a user logs out, the desktop is deleted. With automatic deletion, you keep only as many VMs as you need at one time.
2. Click Next.

1. Select Do not use VMware Virtual SAN, and select Use separate datastores for replica and OS disks.
2. Click Next.

For this exercise, use separate datastores so that you can see the extra settings In the next window. With separate datastores, you can place the replica VM on a solid-state, disk-backed datastore. Solid-state disks have low storage capacity but high read performance, typically supporting 20,000 IOPS. Separate datastores are used in tiered-storage models.

In a production environment, you might select to use VMware Virtual SAN. VMware Virtual SAN, or VMware vSAN™, is a software-defined storage tier that virtualizes the local physical storage disks available on a cluster of vSphere hosts. You specify only one datastore when creating an automated desktop pool or an automated farm, and the various components, such as virtual machine files, replicas, user data, and operating system files, are placed on the appropriate solid-state drive (SSD) disks or direct-attached hard disks (HDDs).

1. Add a pool ID.
2. (Optional) Add a display name, which users will see when they log in using Horizon Client or the HTML Access web client.
   If you do not provide a display name, the pool ID is used for the display name.
3. (Optional) Select an access group.
   If you do not specify an access group, the pool is placed in the root access group. For more information about access groups, see the product documentation topic Manage and Review Access Groups.
4. Click Next.

1. Enter a naming pattern for the VMs. For example, for this exercise, you can use Win10-IC.
   This naming pattern helps you identify Windows 10 instant clones in Horizon Console.
2. Select Provision machines on demand, and use the default minimum of 1.
3. Set Max number of machines to 10 or fewer (for the purposes of this exercise).
   In a production environment, instant-clone pools have been tested to support up to 2,000 desktops.
4. Set Number of spare (powered on) machines to 1.
5. Use the defaults for the other settings, and click Next.

Click the Browse button next to the first setting, which is Parent VM.

Important: This page has numerous settings, and in the next steps, we do not copy this screenshot into every step, but instead only refer to it and show a screenshot of the window that appears when you click Browse for that setting.

Note: This page refers to the default image because after the pool is created, you can edit the pool and select a different snapshot to use if you want to push a new image and generate new desktops using that other image.

Describing all the settings in detail is beyond the scope of this quick-start guide. For details about all the settings in the Add Desktop wizard, see the product documentation topic Worksheet for Creating an Instant-Clone Desktop Pool in Horizon Console.

For the purposes of this exercise, use the default settings, and click Next.

1. Select the HTML Access check box so that users will be able to access virtual desktops using their web browsers instead of Horizon Client.
2. Select the Allow Session Collaboration check box.
3. Use the defaults for the other settings, and click Next.

1. Under Domain, select the instant-clone domain administrator, which you added in the exercise Add an Instant-Clone Domain Administrator.
2. Click Browse in the AD Container section.

Leave the check box at the top of the window de-selected, and click Submit. Entitling users is a separate exercise.

For more information about the available settings in this wizard, see the product documentation topic Worksheet for Creating an Instant-Clone Desktop Pool in Horizon Console.

To access details about the newly added pool, click the pool name on the Desktop Pools page.

If you do not see the pool listed, click the Refresh icon above the table.

In the Machine Status area, verify that one instant-clone desktop is now available. For this exercise, you selected to provision the desktops on demand, with a minimum of one desktop available.

Important: Now that you have created an instant-clone desktop pool, you can entitle users to it, either by using the Add Entitlements wizard, as described in a later exercise, or by using the JMP Integrated Workflow to define a JMP assignment. JMP assignments include information about the App Volumes AppStacks, instant-clone desktops pools, and Dynamic Environment Manager settings for specific groups of users. For instructions, see the Quick-Start Tutorial for VMware Horizon JMP Integrated Workflow.

To perform this exercise, you need:

• Instant-clone desktop pool – You must have completed the exercise Deploy an Instant-Clone Desktop Pool.
• New VM snapshot – You must have a new image to push to the desktop pool. Therefore, use vSphere Web Client, select the VM that you created for deploying the instant-clone pool, and create a new VM snapshot. For details, see the vSphere documentation topic Taking a Snapshot.

1. Log in to the Horizon Console, and select Inventory > Desktops.
   The format of the URL for accessing the console is: https://<connection-server-FQDN>/newadmin
2. Click the pool name on the Desktop Pools page.

On the Summary tab, select Schedule from the Maintain drop-down list.

1. Select the new snapshot that you created.
2. Click Next.

For this exercise, we select a new snapshot taken of the same golden VM, but you can also use this page to navigate to a different VM and select a snapshot.

Leave the start time set to the default so that the push starts after you complete the wizard, and click Next.

The default is Wait for users to log off. If, instead, you select to force users to log off, you can give users a warning and a grace period of 5 minutes, by default. To edit this setting, after you finish creating the schedule, open the Horizon Administrator (https://<connection-server-FQDN>/admin), navigate to View Configuration > Global Settings, and click Edit in the General settings section.

Note: The Stop at first error check box is available only if the Stop provisioning on error check box is not selected on the Edit Pool > Provisioning Settings tab.

Click Finish. You are returned to the Summary tab for the desktop pool, where the pending image for the push operation is displayed in the vCenter Server panel. The state changes from Publishing to Published.

Click the Machines (InstantClone Details) tab to monitor which individual desktops are using which image.

To perform this exercise, you need the following:

• Golden VM template – Before you can deploy a pool of full-clone desktops, you must create an optimized golden image, which includes installing and configuring a Windows operating system in a VM, optimizing the OS, and installing the various VMware agents required for desktop pool deployment. For step-by-step instructions, see the guide Creating an Optimized Windows Image for a VMware Horizon Virtual Desktop.

  Important: Follow the instructions in the guide Creating an Optimized Windows Image for a VMware Horizon Virtual Desktop, but instead of taking a snapshot of the VM after you finish creating and optimizing it, you must clone the VM to a VM template. For instructions, see the vSphere product documentation topic Clone a Virtual Machine to a Template in the vSphere Web Client. When creating instant-clone and linked-clone desktops, you use a VM snapshot, but for full-clone desktops, you must use a VM template instead of a snapshot.

• Microsoft Sysprep customization specification – If you do not already have a Microsoft Sysprep customization specification for the Windows 10 guest operating system, use the Guest Customization wizard in the vSphere Client to create one. See the vSphere product documentation topic Create a Customization Specification for Windows. You will select this customization specification when completing the Add Desktop Pool wizard.

  Note: VMware recommends that you test a customization specification in vSphere before you use it to create a desktop pool. When you use a Sysprep customization specification to join a Windows desktop to a domain, you must use the FQDN of the Active Directory domain. You cannot use the NetBIOS name.

• Connection Server – For installation and setup instructions, see the exercises Install Horizon Connection Server, Add the Product License Key, and Add a vCenter Server Instance.
• VM folder – (Optional) A VM folder in the vCenter Server inventory. Having a specific folder in the vCenter Server inventory helps you locate and manage the virtual desktops in the full-clone pool.

1. Log in to the Horizon Console, and select Inventory > Desktops.
   The format of the URL for accessing the console is: https://<connection-server-FQDN>/newadmin
2. Click Add.

1. Select Automated Desktop Pool.
2. Click Next.

1. Select Full Virtual Machines, and, optionally, add a description of the pool.
2. Select the vCenter Server instance.
3. Click Next.

1. Select Allow automatic assignment.
2. Click Next.

1. Select Do not use VMware Virtual SAN.
2. Click Next.

In a production environment, you might select to use VMware Virtual SAN. VMware Virtual SAN, or VMware vSAN™, is a software-defined storage tier that virtualizes the local physical storage disks available on a cluster of vSphere hosts. You specify only one datastore when creating an automated desktop pool or an automated farm, and the various components, such as virtual machine files, replicas, user data, and operating system files, are placed on the appropriate solid-state drive (SSD) disks or direct-attached hard disks (HDDs).

1. Add a pool ID.
2. (Optional) Add a display name, which users will see when they log in using Horizon Client or the HTML Access web client.
   If you do not provide a display name, the pool ID is used for the display name.
3. (Optional) Select an access group.
   If you do not specify an access group, the pool is placed in the root access group. For more information about access groups, see the product documentation topic Manage and Review Access Groups.
4. Click Next.

1. Enter a naming pattern for the VMs. For example, for this exercise, you can use Win10-FC.
   This naming pattern helps you identify Windows 10 full clones in Horizon Console.
2. Select Provision machines on demand, and use the default minimum of 1.
3. Set Max number of machines to 10 or fewer (for the purposes of this exercise).
   In a production environment, full-clone pools have been tested to support up to 2,000 desktops.
4. Set Number of spare (powered on) machines to 1.
5. Use the defaults for the other settings, and click Next.

Click the Browse button next to the first setting, which is Template.

Important: This page has numerous settings, and in the next steps, we do not copy this screenshot into every step, but instead only refer to it and show a screenshot of the window that appears when you click Browse for that setting.

Describing all the settings in detail is beyond the scope of this quick-start guide. For details about all the settings in the Add Desktop wizard, see the product documentation topic Worksheet for Creating an Automated Pool That Contains Full Virtual Machines in Horizon Console.

For the purposes of this exercise, use the default settings, and click Next.

1. Select the HTML Access check box so that users will be able to access virtual desktops using their web browsers in addition to Horizon Client.
2. Select Allow Session Collaboration.
3. Use the defaults for the other settings, and click Next.

Click Next.

1. Select Use this customization specification.
2. Select the customization specification.
   Note: The customization specification selected in the screenshot is just an example; select the customization specification you created.
3. Click Next.

Leave the check box at the top of the window de-selected, and click Submit. Entitling users is a separate exercise.

For more information about the available settings in this wizard, see the product documentation topic Worksheet for Creating an Automated Pool That Contains Full Virtual Machines in Horizon Console.

To access details about the newly added pool, click the pool name on the Desktop Pools page.

If you do not see the pool listed, click the Refresh icon above the table.

Scroll down to the Machine Status area, which displays the VM state. The state changes from Provisioning to Customizing to Available.

To perform this exercise, you need the following:

• Golden VM and snapshot – Before you can deploy a pool of desktops, you must create an optimized golden image, which includes installing and configuring a Windows operating system in a VM, optimizing the OS, and installing the various VMware agents required for desktop pool deployment. For step-by-step instructions, see the guide Creating an Optimized Windows Image for a VMware Horizon Virtual Desktop.
• AD OU – You must have determined which Active Directory OU to use for storing linked-clone computer accounts. In a test environment, you can use the Computers OU. In a production environment, VMware recommends that you create a specific OU and domain user, and delegate the minimum required permissions, as described in the exercise Create a Domain User Account and OUs in AD for Clone Operations.
• Connection Server – For installation and setup instructions, see the exercises Install Horizon Connection Server and Add the Product License Key.
• Composer server – For installation and setup instructions, see the exercises Install the Composer and Add a vCenter Server Instance.
• VM folder – (Optional) A VM folder in the vCenter Server inventory. Having a specific folder in the vCenter Server inventory helps you locate and manage the virtual desktops in the linked-clone pool.

Important: In this exercise, you use the Horizon Console. If your session in the Horizon Console is idle for more than a few minutes, you might be automatically logged out, and if you were in the middle of creating a desktop pool, your changes will be lost.

1. Log in to the Horizon Console, and navigate to Inventory > Desktops.
   The format of the URL for accessing the console is: https://<connection-server-FQDN>/newadmin
2. Click Add.

1. Select Automated Desktop Pool.
2. Click Next.

1. Select View Composer linked clones.
2. Select the vCenter Server instance.
3. Click Next.

1. Select Floating. Linked-clone pools can use either floating or dedicated user assignment. For this exercise, we use floating assignment.
   • Dedicated assignment: Each desktop is assigned to a specific user. A user logging in for the first time gets a desktop that is not assigned to another user. The user always gets this same desktop after logging in, and this desktop is not available to any other user.
   • Floating assignment: Users get a random desktop every time they log in. When a user logs out, the desktop is either refreshed and returned to the pool or deleted, depending on pool settings. With automatic deletion, you keep only as many VMs as you need at one time.
2. Click Next.

1. On the View Composer Disks page, leave the default setting to redirect disposable files to a nonpersistent disk that will be deleted automatically when a user’s session ends. Disposable files consist of the paging file and the system-level Temp directory.
2. Click Next.

1. Select Use separate datastores for replica and OS disks.
2. Click Next.

For this exercise, use separate datastores so that you can see the extra settings on the next wizard page. With separate datastores, you can place the replica VM on a solid-state, disk-backed datastore. Solid-state disks have low storage capacity but high read performance, typically supporting 20,000 IOPS. Separate datastores are used in tiered-storage models.

In a production environment, you might select to use VMware Virtual SAN. VMware Virtual SAN, or VMware vSAN™, is a software-defined storage tier that virtualizes the local physical storage disks available on a cluster of vSphere hosts. You specify only one datastore when creating an automated desktop pool or an automated farm, and the various components, such as virtual machine files, replicas, user data, and operating system files, are placed on the appropriate solid-state drive (SSD) disks or direct-attached hard disks (HDDs).

1. Complete the Desktop Pool Identification page:
   • Add a pool ID.
   • (Optional) Add a display name, which users will see when they log in using Horizon Client or the HTML Access web client.
     If you do not provide a display name, the pool ID is used for the display name.
   • (Optional) Select an access group.
     If you do not specify an access group, the pool is placed in the root access group. For more information about access groups, see the product documentation topic Manage and Review Access Groups.
2. In the lower right, click Next.

1. On the Provisioning Settings page, change the following settings.
   • Enter a naming pattern for the VMs. For example, for this exercise, you can use Win-10-LC-. This naming pattern helps you identify Windows 10 linked clones in Horizon Administrator.
   • Select Provision machines on demand, and set Min number of machines to 2.
   • Set Max number of machines to 10 or fewer (for the purposes of this exercise). In a production environment, linked-clone pools have been tested to support up to 2,000 desktops.
   • Set Min number of spare (powered on) machines to 2.
   • Set Min number of ready (provisioned) machines to 1.
2. Click Next.

1. On the vCenter Settings page, click Browse next to each text box to make your selections. When making your selections, use the following guidelines:
   • Parent VM: Select the golden VM that you created for linked clones in the guide Creating an Optimized Windows Image for a VMware Horizon Virtual Desktop.
   • Snapshot: Select the snapshot of the golden VM that you created.
   • VM folder location: If you do not have a folder created, select the data center, and click OK.
   • Linked clone datastores and Replica disk datastores: If you are not using a tiered-storage model, you can select the same datastore for replicas and clones.
2. Click Next.

On the Desktop Pool Settings page, you can leave the default settings and click Next. Be sure to leave State set to Enabled.

Note: if you select Yes for Allow users to initiate separate sessions from different client devices, a user connecting to the same desktop pool from different client devices will get different desktop sessions. In this case, the user does not pick up from where they left off unless they are connecting to the same session from the same client device.

1. On the Remote Display Settings page, complete the following settings:
   • Leave Default display protocol set to VMware Blast. The Blast Extreme display protocol is optimized for all types of devices.
   • Set HTML Access to Enabled. Because you are enabling HTML Access, you can access your desktop from a browser if you do not want to install VMware Horizon Client later.
   • Set Allow Session Collaboration set to Enabled. This setting allows users of the pool to invite other users to join their remote desktop sessions. Session owners and session collaborators must use the VMware Blast display protocol.
   • For assistance with selecting the other settings, click the ? icon next to the setting, or use the default setting.
2. Click Next.

On the Advanced Storage Options page, click Next.

For the purposes of this exercise, you can use the defaults, but make sure to read the Advanced Storage Options page and the embedded help text on the page to learn about the storage features available for linked clones.

1. On the Guest Customization page, use the following settings.
   • Domain: Select the domain and user that were used when configuring View Composer settings.
   • AD container: Click Browse and select the OU that you created in the exercise Create a Domain User Account and OUs in AD for Clone Operations, or if this is a test environment, you can select the Computers OU.
   • Use QuickPrep: Select this option. When you create linked-clone machines, you must modify each VM so that it can function as a unique computer on the network. QuickPrep and Microsoft Sysprep provide different approaches to customization. Because QuickPrep runs faster than Sysprep, and because QuickPrep does not require you to create a customization specification, use QuickPrep for this exercise.
     Note: For this exercise, you do not enter scripts. In a production environment, you can specify that a script run immediately after a clone is created. You can also run another script before the clone is powered off. These scripts can invoke any process that can be created with the Windows CreateProcess API, such as CMD, VBScript (VBS), EXE, and batch-file processes.
2. Click Next.

On the Ready to Complete page, click Submit. You return to the Inventory > Desktops list. The new pool appears in the list.

Click the desktop pool name to go to the Summary tab for the pool.

Scroll down to the Machine Status area, which displays the VM state. The state changes from Provisioning to Customizing to Available.

Note: To create another linked-clone pool, you can select this pool In the Desktop Pools window and click Clone to clone this pool. The pool’s settings are copied into the Add Desktop Pool wizard, allowing you to create a new pool without having to fill in each setting manually. You can clone full-clone and linked-clone desktop pools.

To perform this exercise, you need the following:

• Golden VM and snapshot – Before you can deploy a farm of RDSH servers, you must create an optimized golden image, which includes installing and configuring a Windows operating system in a VM, optimizing the OS, and installing the various VMware agents required for server farm deployment. For step-by-step instructions, see the guide Creating an Optimized Windows Image for a VMware Horizon Virtual Desktop.
  Important: The golden VM for RDSH servers must have the appropriate RDSH roles and services installed, as described in the section of that guide called Configure Windows Server Systems for VDI or RDSH. 

  Note: It is also possible to enable Windows Server machines to be used as single-user desktops rather than RDSH servers, which provide session-based shared desktops. For information, see the product documentation topic Prepare Windows Server Operating Systems for Desktop Use. None of the exercises that follow involves creating single-user desktops from Windows Server machines.

• AD OU – You must have determined which Active Directory OU to use for storing instant-clone computer accounts. In a test environment, you can use the Computers OU. In a production environment, VMware recommends that you create a specific OU and domain user, and delegate the minimum required permissions, as described in the exercise Create a Domain User Account and OUs in AD for Clone Operations.
  Note: For the server farm OU, give the OU a descriptive name such as RDSH Servers.
• Instant-clone domain administrator – You must have added an instant-clone domain administrator, as described in the exercise Add an Instant-Clone Domain Administrator.
• VM folder – (Optional) A VM folder in the vCenter Server inventory. Having a specific folder in the vCenter Server inventory helps you locate and manage the RDSH servers in the instant-clone farm.
• Applications – The applications you provide to end users can be either installed directly on the RDSH server, or dynamically attached, as App Volumes AppStacks. Before you begin this exercise, install any applications that you want to have in the base image, available for all users.
  Note: To install applications directly on an RDSH server, place the host into RD-Install mode, install the desired applications, and place the host back into RD-Execute mode. For more information, see the Microsoft TechNet article Learn How To Install Applications on an RD Session Host Server. If you plan to use AppStacks, be sure to install the App Volumes Agent, as described in the guide Creating an Optimized Windows Image for a VMware Horizon Virtual Desktop.

1. Log in to the Horizon Console, and select Inventory > Farms.
   The format of the URL for accessing the console is: https://<connection-server-FQDN>/newadmin
2. Click Add.

1. Select Automated Farm.
2. Click Next.

1. Select Instant Clone.
2. Select the vCenter Server instance.
3. Click Next.

1. Select Do not use VMware Virtual SAN.
2. Click Next.

In a production environment, you might select to use VMware Virtual SAN. VMware Virtual SAN, or VMware vSAN, is a software-defined storage tier that virtualizes the local physical storage disks available on a cluster of vSphere hosts. You specify only one datastore when creating an automated desktop pool or an automated farm, and the various components, such as virtual machine files, replicas, user data, and operating system files, are placed on the appropriate solid-state drive (SSD) disks or direct-attached hard disks (HDDs).

1. Add a pool ID; for example, enter RDSH-Farm.
2. Scroll down and select the HTML Access check box so that users will be able to access virtual desktops using their web browsers in addition to Horizon Client.
3. Enable Allow Session Collaboration.
4. Use the defaults for the other settings, and click Next.

1. Enter a naming pattern for the VMs. For example, for this exercise, you can use RDSH-.
   This naming pattern helps you identify RDSH server instant clones in Horizon Console.
2. For farm sizing, set Max number of machines to 10 or fewer (for the purposes of this exercise).
   In a production environment, instant-clone farms have been tested to support up to 200 servers.
3. Set Number of ready machines to 1.
4. Use the defaults for the other settings, and click Next.

Click the Browse button next to the first setting, which is Parent VM.

Important: This page has numerous settings, and in the next steps, we do not copy this screenshot into every step, but instead only refer to it and show a screenshot of the window that appears when you click Browse for that setting.

Note: This page refers to the default image because after the pool is created, you can edit the pool and select a different snapshot to use if you want to push a new image and generate new desktops using that other image.

Describing all the settings in detail is beyond the scope of this quick-start guide. For details about all the settings in the Add Desktop wizard, see the product documentation topic Worksheet for Creating an Automated Instant-Clone Farm in Horizon Console.

1. Select the instant-clone domain administrator, which you added in the exercise Add an Instant-Clone Domain Administrator.
2. Click Browse in the AD Container section, select the OU, and click Submit.
3. Click Next.

Leave the check box at the top of the window de-selected, and click Submit. Entitling users is a separate exercise.

For more information about the available settings in this wizard, see the product documentation topic  Worksheet for Creating an Automated Instant-Clone Farm in Horizon Console.

You are returned to the Farms list, where you can verify that the newly created farm was added to the list.

To access details about the newly added pool, click the farm name on the Farms page.

If you do not see the farm listed, click the Refresh icon above the table.

On the Summary tab, scroll down to the State area. The status changes from Publishing to Published.

After the status changes to Published, scroll up and click the RDS Hosts tab to verify that the 10 RDSH servers were created.

To perform this exercise, you need to have completed the exercise Create an Instant-Clone RDSH Server Farm. Although it is possible to actually create the RDSH server farm as part of using the Add Desktop Pool wizard, the steps in this exercise direct you to select an existing server farm.

1. Log in to the Horizon Console, and select Inventory > Desktops.
   The format of the URL for accessing the console is: https://<connection-server-FQDN>/newadmin
2. Click Add.

1. Select RDS Desktop Pool.
2. Click Next.

1. Add a pool ID; for example, RDSH-desktops.
2. (Optional) Add a display name, such as RDSH Desktop, which users will see when they log in using Horizon Client or the HTML Access web client.
   If you do not provide a display name, the pool ID is used for the display name.
3. Click Next.

Click Next to accept the default settings. For more information about the settings, see the product documentation topic Desktop Pool Settings for RDS Desktop Pools.

1. Click Select an RDS farm for this desktop pool.
2. Select the farm name in the list. This is the farm that you created in the exercise Create an Instant-Clone RDSH Server Farm.
3. Click Next.

Note: As an alternative to creating the RDSH server farm before you complete this Add Desktop Pool wizard, you can select Create a new RDS farm. If you use this option, additional pages are added to this wizard, and you are prompted to specify farm settings and select the RDSH server or servers to add to the farm.

Leave the check box at the top of the window de-selected, and click Submit. Entitling users is a separate exercise.

To access details about the newly added pool, click the pool name on the Desktop Pools page.

If you do not see the pool listed, click the Refresh icon above the table.

Review the pool information. In addition to the information shown in the screenshot, if you scroll down, you see information about the server farm used for this pool.

• RDSH server farm – You need to have completed the exercise Create an Instant-Clone RDSH Server Farm. Although it is possible to actually create the RDSH server farm as part of using the Add Desktop Pool wizard, the steps in this exercise direct you to select an existing server farm.
• Applications – The applications you provide to end users can be either installed directly on the RDSH server, or dynamically attached, as App Volumes AppStacks. Before you begin this exercise, install any applications that you want to have in the base image, available for all users.
  Note: For Windows Server 2014 and earlier, to install applications directly on an RDSH server, place the host into RD-Install mode, install the desired applications, and place the host back into RD-Execute mode. For more information, see the Microsoft TechNet article Learn How To Install Applications on an RD Session Host Server. For Windows Server 2016 and later, see the Microsoft documentation. If you plan to use AppStacks, be sure to install the App Volumes Agent, as described in the guide Creating an Optimized Windows Image for a VMware Horizon Virtual Desktop.

1. Log in to the Horizon Console, and select Inventory > Applications.
   The format of the URL for accessing the console is: https://<connection-server-FQDN>/newadmin
2. Click Add.
3. Select Add from Installed Applications.

Note: For this exercise, you will use installed applications. For information about adding an application pool manually, see the product documentation topic Worksheet for Creating an Application Pool Manually.

1. Select RDS Farm, and select the automated server farm you created.
   Note: With Horizon 7.9, it is also possible to publish applications using a Windows 10 desktop pool rather than a farm of RDSH servers. For more information, see the What's New video Horizon 7.9: Desktop Application Publishing. For this exercise, we use RDSH.
2. Click the check box next to an application.
   Note: The list of applications includes both natively installed apps and App Volumes AppStacks that you have attached to the servers, if you are using AppStacks.
3. Click the check box next to another application. You can create multiple application pools with only one trip through the wizard.
4. De-select the check box Entitle users after adding the pool. You will entitle users in a later exercise.
5. For the other settings, use the defaults, and click Next.

For information about the other settings on this page, including Pre-launch, category folder, and restrictions, see the product documentation topic Worksheet for Creating an Application Pool Manually.

1. Add RDSH- to the beginning of the display name. This way, if you later open the published app on a Windows computer, you will be able to distinguish between the locally installed app and the RDSH-published app.
2. Click Submit.

The wizard closes and the application pools are added to the list.

This exercise involves making changes to instant-clone RDSH server farms. Therefore, you must have completed the exercise Create an Instant-Clone RDSH Server Farm before you begin this exercise.

1. Log in to the Horizon Console, and select Inventory > Farms.
   The format of the URL for accessing the console is: https://<connection-server-FQDN>/newadmin
2. Click the farm name; for this example the farm name is RDSH-Farm.

On the Summary tab, select Schedule from the Maintain drop-down list.

1. For Schedule, select Recurring.
   Note: If, instead, you select Immediate from the drop-down list, you are prompted to specify the task start time.
2. For Maintenance Period, select Weekly.
3. Click Next.

On the Image page, click Next. (If the Next button is dimmed, de-select Use current parent VM image and then select the check box again.)

The default is to use the current golden image. To select a different golden VM and snapshot, you can de-select the check box, browse to a new golden VM, and select one of its snapshots.

Note: Setting this schedule so that it runs weekly means that on a weekly basis, the servers are refreshed back to their original state and disk size using the golden VM and snapshot that you specify.

Click Next.

The default is Wait for users to log off. If, instead, you select to force users to log off, you can give users a warning and a grace period of 5 minutes, by default. To edit this setting, after you finish creating the schedule, navigate to Settings > Global Settings, and click Edit in the General settings section.

Click Finish. You are returned to the Summary tab for the farm.

The schedule you set appears in the Farm Maintenance section.

If, in addition to this recurring schedule, you find you need to schedule an immediate push of a new golden image, you can repeat this process, selecting Maintenance > Immediate rather than Recurring. The farm would then have both a recurring and an immediate maintenance schedule.

In the following steps, we will explore other maintenance tasks.

Scroll back up to the top of the page, and click Edit.

1. Click the Provisioning Settings tab.
2. In the Farm Sizing section, set the Max number of machines to 4.
3. Click OK.

You are returned to the Farms Summary tab.

Click the RDS Hosts tab. Note that the status for some of the servers changes to Deleting. Some servers are deleted to reduce the size of the farm to 4 machines.

Click the Refresh icon, if necessary, to update the status.

Tip: If you change the maximum number of machines to a larger number, the new RDSH servers will typically become available within a minute. This is because the VM snapshot is already published, and therefore only the instant-clone provisioning phase is required.

You can entitle users to an application pool or desktop pool when you create the pool. At the end of the Add Application Pool wizard or Add Desktop Pool wizard, you can select the Entitle users after this wizard finishes check box.

You can also create user entitlements after the pool is created. If you are entitling users to application pools, you can select multiple application pools, and entitle users to all the selected pools. For desktop pools, you must select one pool at a time.

It is also possible to set up the system so that end users can access RDSH application pools without having to authenticate at all.

Note: For this evaluation, you create local entitlements, which entitle users to desktops within one Horizon 7 pod. A pod is a group of interconnected Connection Servers running in the same LAN segment that broker desktops or published applications. For information about using the Cloud Pod Architecture feature to create global entitlements, which entitle users to multiple desktops across multiple pods in a pod federation, see the guide Administering Cloud Pod Architecture in Horizon 7.

Important: Alternatively, for instant-clone desktop pools, you can also entitle users by using the JMP Integrated Workflow to define a JMP assignment. JMP assignments include information about the App Volumes AppStacks, instant-clone desktops pools, and Dynamic Environment Manager settings for specific groups of users. For instructions, see the Quick-Start Tutorial for VMware Horizon JMP Integrated Workflow.

After you have finished deploying virtual desktops or published applications and entitling users, you are ready to explore end-user connection options. End users can connect to desktops and applications using different Horizon Clients, including desktop and mobile clients. VMware provides native Horizon Clients for iOS, Android, Chrome, macOS, Windows, Linux, and Windows 10 UWP.

Alternatively, you can use the HTML Access web client by entering the URL of your Connection Server, using the following format:

https://<FQDN or IP address>

On the VMware Horizon web portal page that appears, you can click either the icon that takes you to the Horizon Clients download page or the icon for logging in using the HTML Access web client.

Before you can entitle users, you must create a desktop or application pool. Exercises for performing these tasks are included in the chapters Creating Single-User Desktop Pools and Creating RDSH-Published Desktops and Applications.

1. Log in to the Horizon Console, and select Inventory > Desktops or, for application pools, select Inventory > Applications.
   The format of the URL for accessing the console is: https://<connection-server-FQDN>/newadmin
2. Select the check box next to the name of the pool you want to entitle users to.
   Important: If you are entitling users to application pools, you can select multiple pools, and entitle users to all the selected pools. For desktop pools, you must select one pool at a time.
3. Select Entitlements > Add Entitlements.

Click Add.

1. Use the Name/User name drop-down list and text box to search for users. For this example, we selected Starts with and entered a D so that all user and group names that begin with D will be returned.
   You can narrow your query using the drop-down menus to add search terms and modifiers. If you leave the text boxes empty, all users and groups are returned.
2. Click Find.
3. Scroll through the list and select the check boxes next to the names of the users and groups to entitle.
4. Click OK.

Click OK.

Note: The Add button in this dialog box is for adding additional users to the list. The check boxes are for selecting a user or users you want to remove.

You are returned to the Application Pools list or the Desktop Pools list.

Click the name of the desktop or application pool in the list of pools, and select the Entitlements tab.

Note: You can also use the buttons on the Entitlements tab to add and remove user entitlements for a specific pool.

To perform this exercise, you need to have created a user account, not a user group, in Active Directory that will be used for unauthenticated access. For this example, we created a user account named Unauthenticated User.

Be sure to create a user account that will not be used for any other purpose. If you select a user with desktop entitlements and make the user an unauthenticated access user, the user will not have access to the entitled desktops.

1. Log in to the Horizon Console, and select Users and Groups.
   The format of the URL for accessing the console is: https://<connection-server-FQDN>/newadmin
2. Select the Unauthenticated Access tab.
3. Click Add.

1. Use the Name/User name drop-down list and text box to search for users. For this example, we selected Starts with and entered a Un so that all user and group names that begin with Un will be returned.
   You can narrow your query using the drop-down menus to add search terms and modifiers. If you leave the text boxes empty, all users and groups are returned.
2. Click Find.
3. Scroll through the list and select the user account.
4. Click Next.

1. Enter an alias for the account. For this example, because the user name was Unauthenticated User, which has a space between the words, we added a hyphen to create the alias. Spaces are not allowed.
2. Click Submit.

The user account is added to the list of users who have unauthenticated access.

1. Navigate to Settings > Servers.
2. Select the Connection Servers tab.
3. Select the Connection Server in the list.
4. Click Edit.

1. Select the Authentication tab, scroll down to the Horizon Authentication section, and set Unauthenticated Access to Enabled.
2. In the Default unauthenticated access user drop-down list, select the user account you added; for this example, Unauthenticated-User.
3. Click OK.

1. Log in to the Horizon Console, and select Inventory >  Applications.
2. Select the check box next to the name of the pool you want to entitle users to.
   You can select multiple pools.
3. Select Entitlements > Add Entitlements.

Click Add.

1. Select the Unauthenticated users check box.
2. Use the Name/User name drop-down list and text box to search for the user. For this example, we selected Starts with and entered a Un so that all user and group names that contains Un will be returned.
   You can narrow your query using the drop-down menus to add search terms and modifiers. If you leave the text boxes empty, all users and groups are returned.
3. Click Find.
4. Scroll through the list and select the check box next to the name of the user entitle.
5. Click OK.

Click OK.

Click the name of the application pool in the list of pools, and select the Entitlements tab.

Important: At the time of this writing, the latest client software release is Horizon Client 4.8, and this feature is available only for the HTML Access web client, and for Linux, Windows, Android, and Chrome OS client devices. Part of the exercise Use Horizon Client from a PC or Laptop gives step-by-step instructions for using this feature to access published applications anonymously.

For a complete list of rules and guidelines for configuring unauthenticated users, see the product documentation topic Providing Unauthenticated Access for Published Applications.

To perform this exercise, you need the following:

• Endpoint PC – You can use a Mac, Linux, or Windows PC. For this exercise, do not use a device with a Windows 10 UWP operating system because the unauthenticated user access feature is not yet available for that OS.
• Installer – Go to the Download VMware Horizon Clients page, and download and install the free Horizon Client software.
• User account – To install the Horizon Client software, you must log in to the endpoint device as a user with administrative privileges.
• Connection Server address – Verify that you have the fully qualified domain name of the Connection Server that brokers connections to the desktop and application pools you created in earlier exercises.
• Desktop or application pools – Exercises for creating pools are included in the chapters Creating Single-User Desktop Pools and Creating RDSH-Published Desktops and Applications.
• Configuration of unauthenticated access – To connect anonymously to a published application, you must have performed the exercise Configure Unauthenticated Access to Published Applications.

Start VMware Horizon Client the same way you would start any application. For example, on a Windows PC, double-click the desktop icon.

1. Click New Server.
2. When prompted, enter the FQDN of the Connection Server.
3. Click Connect.

Click Continue to bypass the certificate warning. If you install a CA-signed security certificate on the machine that hosts the Connection Server, this warning does not appear.

Enter credentials of a user who is entitled to desktops and published applications, and click Login.

To launch an application or desktop, double-click the icon for the application or desktop.

Click Allow to allow access to files on your client device, as well as locally connected storage devices such as USB thumb drives, while using virtual desktops and published applications.

Verify that you have successfully logged in to your desktop or application. For this example, we have successfully logged in to an instant-clone VM from the Windows 10 Desktop pool.

1. Close the window as you normally would, and, for desktops, confirm that you want to disconnect.
2. Quit Horizon Client.
3. Restart Horizon Client.

1. In Horizon Client, on the screen that lists the Connection Servers, click the Settings toolbar button.
2. Click to place a check mark in front of Log in anonymously using Unauthenticated Access.

Important: At the time of this writing, the latest release is Horizon Client 5.2, and this feature is available only for the HTML Access web client and for Linux, Windows, Android, and Chrome OS client devices.

Double-click the server icon.

Instead of being prompted to enter user credentials, you will see the application selector screen, displaying all the published applications that are configured for unauthenticated user access. If no applications appear in the selector, you need to complete the exercise Configure Unauthenticated Access to Published Applications.

Double-click the icon for the application.

Note that the application window looks just like it would if it were a locally installed application.

The application icon for the published application appears in the taskbar just as it would for a locally installed application.

The screenshots in this exercise showed the Windows-based client and seamless integration into the Windows user experience. If you install Horizon Client on other operating systems, such as macOS or Linux, the experience of using Horizon Client is likewise integrated into those operating systems and their OS-specific features.

Tip: If you have problems logging in anonymously, see the complete list of rules and guidelines for configuring unauthenticated users, available in the product documentation topic Providing Unauthenticated Access for Published Applications.

To perform this exercise, you need the following:

• Connection Server address – Verify that you have the fully qualified domain name of the Connection Server that brokers connections to the desktop and application pools you created in earlier exercises.
• Desktop or application pools – Exercises for creating pools are included in the chapters Creating Single-User Desktop Pools and Creating RDSH-Published Desktops and Applications.
• Chrome browser – (Optional) To display the Allow H.264 decoding setting, which is pictured in one of the following steps, you must use a Chrome browser.

1. Open a supported web browser and enter the address of your Connection Server. The URL format is https://<connection-server-FQDN>
   Note: If you do not have a CA-signed security certificate, you might be prompted to add a security exception to your browser.
2. Click VMware Horizon HTML Access.

Enter credentials of a user who is entitled to the desktop or application pool, and click Login.

After the credentials are validated, you can see the available desktops and applications.

1. Click a star in one of the desktop icons to mark the desktop as a favorite.
   This feature is convenient if you have many desktops and applications and do not want to have to scroll to find the applications and desktops you use most frequently.
2. Click the Star toolbar button to display only favorites.
3. Click the desktop icon, rather than the star, to launch the desktop in your browser.

Note: You can also use the Search field to quickly locate an application or desktop if you know its display name.

1. Click OK to enable copy and paste functionality.
2. Click the tab on the left side of the screen to open the navigation sidebar.

1. Hover your cursor over each toolbar button to display its tooltip.
   You can use the toolbar at the top of the sidebar to
   • Send Ctrl+Alt+Del to the application work area
   • Transfer files, if the feature is enabled
   • Open the Copy & Paste panel
   • Open the Settings menu
2. Click an application in the sidebar to launch it.

Note: In the sidebar, you can click the star icon to the right of an application or desktop name to designate the item as a favorite, and click the star above the list to display only favorites.

Click the Menu toolbar button, and select Settings.

1. Click the toggle button to set Allow H.264 decoding to On.
2. Click Close.

When you use a Chrome browser and use the VMware Blast Extreme display protocol, this setting causes the graphics processor on the client device to do the work involved in playing back video and images. Hardware decoding offloads the work to the GPU, so that CPU consumption is reduced, resulting in less device power consumed, for longer battery life. To make the setting take effect, you must disconnect and reconnect to the desktop or application.

For information about the Shadow Session Display Fit to viewer setting, see the product documentation topic Using the Session Collaboration Feature.

In the list of running desktops and applications, click the Menu toolbar button next to the desktop and select Close, or close the browser tab or window.

This exercise described using the HTML Access web client, which does not require installing any software on the client device. For information about HTML Access features such as copying and pasting or transferring files between your local client system and the virtual desktop or published application, see the HTML Access documentation.

This exercise described logging in as an entitled user. For information about logging in using unauthenticated user access, see the product documentation topic Use Unauthenticated Access to Connect to Published Applications.

To perform this exercise, you need the following:

• Installer – On your mobile device, go to the Download VMware Horizon Clients page, and download and install the free Horizon Client software.
• Connection Server address – Verify that you have the fully qualified domain name of the Connection Server that brokers connections to the desktop and application pools you created in earlier exercises.
• Desktop or application pools – Exercises for creating pools are included in the chapters Creating Single-User Desktop Pools and Creating RDSH-Published Desktops and Applications.

Alternatively, if you are a VMware customer, partner, or VMUG Advantage member, you can connect to a Horizon server and desktop and application pools through the VMware TestDrive portal. For information about signing up and using TestDrive, go to kb.vmtestdrive.com.

Launch Horizon Client, enter the FQDN of the Connection Server in the Server Address text box, and tap Connect.

Tip: If you are using the default self-signed SSL certificate, an Untrusted View Connection warning appears. You can modify the Horizon Client security settings by tapping the Settings link in the upper-right corner.

If prompted about an untrusted Horizon connection, click Continue.

Enter the credentials of a user who is entitled to the desktop or application pool.

On the desktop and application selector page, tap a desktop icon to connect to a virtual desktop.

Tip: You can tap and hold an icon to display a context menu and mark the item as a favorite. Tap Favorites at the bottom of the screen to display only items marked as favorites.

The Unity Touch sidebar appears on the left side of the screen. If you are connected to a desktop, the sidebar provides the functionality of a typical Windows Start menu without having to maneuver your touch screen to use the Start menu. If the sidebar is closed, you can slide the tab to the right to open the sidebar.

Tap All Programs in the sidebar and tap an application such as a word-processing or spreadsheet application, which allows you to enter text.

Tip: For convenience, to keep favorite applications or files listed in the sidebar, tap Manage under FAVORITE APPLICATIONS or FAVORITE FILES and select your favorites.

Tap in the application to enter text.

The on-screen keyboard appears unless you already have a keyboard attached to the device.

Above the traditional keyboard overlay is a row of Windows-specific keys such as arrow keys, Ctrl, Win, and so on.

Tap the Horizon Client Tools icon, and note the various icons for the various client settings.

The Horizon Client Tools enable you to perform such tasks as disconnecting from the session or bringing up the keyboard.

To end the desktop session, tap the Disconnect icon.

After you confirm that you want to disconnect, you are disconnected from your desktop session and returned to the list of available desktops and applications.

On the desktop and application selector screen, tap a published application, such as Calculator or Word.

The application opens, along with the sidebar. To exit out of the application, you can tap the Close button (X) just as you would for a Windows application installed on a Windows PC or laptop.

The Unity Touch sidebar displays a list of the other application pools and desktop pools the user is entitled to. You can use the sidebar to quickly switch to another desktop or published application provided by the server you are logged in to.

To perform this exercise, you need to have created a desktop or application pool.

1. Log in to the Horizon Console, and select Inventory > Desktops, for VDI desktop pools, or Inventory > Farms, for RDSH server farms.
   The format of the URL for accessing the console is: https://<connection-server-FQDN>/newadmin
2. For VDI desktop pools, click the pool name on the Desktop Pools page. For published applications or desktops, click the farm name on the Farms page.

Click the Sessions tab to see the following information about each session:

• User name
• Type of pool
• Machine name
• Client ID
• Security gateway
• Start and duration time
• Session state
• Time since last session (if currently disconnected)
• Display protocol; for example: Blast Extreme, PCoIP, Microsoft RDP, Console (if you launch a vSphere console)

If you need to perform emergency maintenance tasks, you can select one or more users in the list, and click a button to

• Disconnect the session.
• Log the user out of the session.
• Restart the user's desktop.
• Reset the VM.
• Send a message to the user.

Note: The Restart Desktop and Reset Virtual Machine buttons are not available for RDSH server sessions.

1. Log in to the Horizon Console, and navigate to Settings > Product Licensing and Usage.
   The format of the URL for accessing Horizon Administrator is: https://<connection-server-FQDN>/newadmin
2. Verify that the Help Desk license is enabled.

You must have a valid product license key for Horizon 7 Enterprise Edition or Horizon Apps Advanced. If you do not have the correct license, after you obtain one, you can click the Edit License button to add the new license.

1. In the Horizon Console, navigate to Settings > Administrators.
2. Click the Role Privileges tab.
3. Select the Help Desk Administrators role.
4. Scroll through the Privileges list to see which privileges are granted to this role.

Note: If you installed the Horizon Connection Server that included this instance of Horizon Console, you were automatically given the Administrators role. This role includes all the permissions required for the Help Desk Administrator role. If you do not have the correct permissions, you will need to edit your permissions (from the Administrators and Groups tab, click Add Permission). Next, in the Add Permission wizard, select the Help Desk Administrators role, as shown in the following screen shot:

Use Horizon Client or the HTML Access web client to log in to a virtual desktop as an end user. After you connect to the desktop, an active session can appear in the Horizon Help Desk Tool.

1. Log in to the Horizon Console, and enter the user's name in the search bar.
   The format of the URL for accessing the console is: https://<connection-server-FQDN>/newadmin
2. Select the user from the search results.

On the Sessions tab, in the list of active sessions, click an item in the Computer Name column.

Scroll down the Details tab until you get to the end of the User Experience Metrics section, and click Restart.

Also note the other troubleshooting options. The Remote Assistance option is based on Microsoft Remote Assistance. If you click More, the additional options are Disconnect, Logoff, and Reset. For more information, see Troubleshoot Desktop or Application Sessions in Horizon Help Desk Tool.

Click OK. You are returned to the Sessions list, and the session for the desktop is removed from the list.

For application sessions, the troubleshooting options are slightly different, as shown in the following screenshot.

Be sure to see the VMware Horizon v7.5 Help Desk Tool Feature Walkthrough video for the Horizon 7 Help Desk.