Components and Architecture

VMware Horizon 7 version 7.5 and later

Components and Architecture


Horizon 7 contains key components and integrated products that work together.

Figure: Horizon 7 Architecture Overview

This figure shows how Horizon components—such as Connection Server, User Environment Manager, App Volumes, vCenter Server, and vSphere—work together to provide access to virtual desktop pools, RDSH desktop and application pools, and more.

The core Horizon 7 components—including Connection Server, Horizon Client, and Horizon Agent—are described in About Core Horizon 7 Components.

The underlying infrastructure components—including vCenter Server and vSphere—are described in About Components Underlying Horizon 7.

User Environment Manager, App Volumes, and Unified Access Gateway are described in About Components That Enhance Horizon 7.


About Components Underlying Horizon 7

A number of key components provide the underlying foundation for Horizon 7.

VMware vSphere Foundation for Horizon 7

VMware vSphere is a suite of virtualization products that provides a scalable platform for running virtual desktops and applications. The VMware vSphere Web Client is a browser-based application that you can use to configure the host and to operate its virtual machines.

For more information, see VMware vSphere Documentation.

VMware vCenter Server

VMware vCenter Server, included in the vSphere suite, is the central management console for your vSphere infrastructure, virtual machines, and VMware ESXi™ servers. A vCenter Server can be quickly set up and deployed, using host profiles or Linux-based virtual appliances. The vCenter Server console provides centralized control and visibility into servers that host virtual desktops, ESXi servers, virtual machines, storage, networking, and other critical elements of your virtual infrastructure. You can use vCenter Server to allocate resources for improved performance.

For more information, see VMware vSphere Documentation.

VMware ESXi

VMware ESXi is a bare-metal hypervisor that can be installed directly onto your physical server, and partitioned into multiple virtual machines. Because ESXi runs on bare metal without an operating system, the footprint is reduced, giving a very small surface for possible malware and over-the-network attacks. This also simplifies deployment and configuration by reducing the number of configuration options.

For more information, see the VMware ESXi Installation and Setup.

About Core Horizon 7 Components

With Horizon 7, IT departments can run virtual machine (VM) desktops and applications in the data center and remotely deliver virtual desktops and applications to employees as a managed service. One advantage of Horizon 7 is that remote desktops and applications follow the end user regardless of device or location. Users can access their personalized virtual desktops or published applications from company laptops, their home PCs, thin client devices, Macs, tablets, or smartphones. The benefits to administrators include centralized control, efficiency, and security with desktop data stored in the data center.

Horizon 7 contains a number of core components.

Horizon Administrator

Horizon Administrator is the classic web-based administrative console for managing users and Horizon 7 resources such as desktops and applications. Horizon Administrator is included when you install a Connection Server. With the use of Horizon Administrator, you can centrally manage thousands of virtual desktops from a single location.

Figure: VMware Horizon Administrator

Horizon Console

Horizon Console is the latest version of the Web interface through which you can create and manage virtual desktops and published desktops and applications. Horizon Console integrates VMware Horizon Just-in-Time Management Platform (JMP) Integrated Workflow features for managing workspaces.

Horizon Console includes a partial implementation of Horizon 7 features. You can use Horizon Administrator, the classic web interface, to access those features that are not yet available in Horizon Console.

To access Horizon Console, you log in to the Horizon Administrator, and click the Horizon Console button. You are authenticated through SSO. Horizon Console appears in a new tab, so both consoles are at your fingertips. You can also access Horizon Console from your browser: https://<connectionserver>/newadmin.

Figure: VMware Horizon Console

Horizon Console includes an easier desktop and application deployment process, just-in-time desktop delivery, and a more secure Web interface. Horizon Console also supports the following features:

  • Entitlements: User, group, desktop, and application assignments
  • Authentication: Remote access authentication and unauthenticated access for published apps
  • Virtual desktops: Virtual desktop pool creation for automated, full clones, and instant clones, including dedicated assignments
  • Published desktops: Published desktops with manual and instant-clone farms
  • Published applications: Published applications with manual and existing application pools
  • Virtual machines: VMs registered both with and without vCenter Server

For more information, see VMware Horizon 7 documentation.

Horizon Connection Server

The Horizon Connection Server brokers client connections by authenticating users and directing incoming user desktop and application requests. Users connect to a Connection Server to access their virtual desktops and native, virtual, or RDSH-based applications. The Connection Server provides the following management capabilities:

  • Authenticating users
  • Entitling users to specific desktops, applications, and pools
  • Managing local and remote desktop and application sessions
  • Establishing secure connections between users and desktops or applications
  • Enabling single sign-on
  • Setting and applying policies
  • Managing an instant-clone engine

For more information, see Horizon 7 Architecture Planning and Horizon 7 Installation.

Composer (Optional)

The optional Horizon Composer is not required for instant clones. It enables you to create and manage pools of linked-clone desktops. The Composer server works with the Connection Servers and a vCenter Server. Composer is the legacy method that enables scalable management of virtual desktops by provisioning from a single master image using linked-clone technology.

Horizon Agent

Horizon Agent communicates between Horizon Client and virtual desktops or RDSH servers. You must install Horizon Agent on all virtual machines managed by vCenter Server so that Connection Server can communicate with the virtual machines. Horizon Agent also provides features such as connection monitoring, client drive redirection, virtual printing, and access to locally connected USB devices. This process can be simplified by installing Horizon Agent on the master image used to deploy virtual machines to a group of users.

VMware Horizon Client

VMware Horizon® Client for Windows, Windows 10 UWP, macOS, iOS, Linux, or Android is installed on every endpoint. This enables your end users to access their virtual desktops and published applications from a variety of devices such as smartphones, zero clients, thin clients, PCs, laptops, and tablets.

Horizon Client enables users to do the following:

  • Connect to a Connection Server, a VMware Unified Access Gateway™ appliance, or a security server
  • Log in to their remote desktops in the data center
  • Edit the list of servers that they connect to

You can choose between multiple download processes. One option is to allow your end users to download Horizon Client directly from Download VMware Horizon Clients. Another option is to determine which Horizon Client each end user can download, and store the Horizon Client installers on a local storage device using the View user portal (the default landing page for Connection Server).

For more information, see Configure the VMware Horizon Web Portal Page for End Users.

About Components That Enhance Horizon 7

Horizon 7 contains many products and components that can interoperate to extend and enhance your implementation. Access to and availability of these components varies, based on the edition of Horizon 7 installed. For more information about the different editions, see VMware Workspace ONE and VMware Horizon Packaging and Licensing.

VMware Unified Access Gateway

VMware Unified Access Gateway (formerly called VMware Access Point) provides a secure gateway that allows users to access their desktops and applications from outside a corporate firewall. You can design a Horizon 7 deployment that uses Unified Access Gateway for secure external access to internal Horizon 7 desktops and applications. Unified Access Gateway appliances typically reside in a demilitarized zone (DMZ) and act as a proxy host for connections inside your trusted corporate network. This structure shields Horizon 7 virtual desktops, servers, applications, and Connection Servers from the public Internet, adding an extra layer of security. In addition to security, Unified Access Gateway features include:

  • Authentication in the DMZ
  • Smart-card support
  • Native RSA SecurID and RADIUS authentication
  • Blast Extreme traffic directed to port 443 by default
  • Security Assertion Markup Language (SAML) assertions

For more information, see the Unified Access Gateway: Overview and Use Cases video series.

VMware App Volumes

VMware App Volumes is a real-time Windows application-delivery and application life-cycle-management solution. App Volumes uses application containers called AppStacks, which are virtual disks that contain all of the components that are required to run an application, such as executables and registry keys. When an AppStack is deployed, it is available for use within seconds without end-user installation. Applications can be deployed once to a single central file and accessed by thousands of desktops. This simplifies application maintenance, deployment, and upgrades.

App Volumes also provides user-writable volumes for a limited number of users. Writable volumes are a mechanism to capture user-installed applications that are not, or cannot be, delivered by AppStacks. This reduces the likelihood that persistent desktops would be required for a use case. The user-installed applications follow the user as they connect to different virtual desktops.

For more information, see VMware App Volumes Documentation.

VMware User Environment Manager

VMware User Environment Manager is a scalable solution for profile and policy management for virtual, physical, and cloud-based Windows desktop environments. You can use User Environment Manager to simplify your policy management by replacing and unifying problematic, unmaintainable, or complex login scripts and profile logic. You can map environmental settings, such as networks and printers, and dynamically apply end-user security policies and customizations. User Environment Manager ensures that each end user’s settings and customizations follow them from one location to the next, regardless of the endpoint used to access their resources.

For more information, see VMware User Environment Manager Technical Overview.

VMware Identity Manager

VMware Identity Manager is a solution that provides application provisioning, a self-service catalog of applications and virtual desktops, conditional access controls, and single sign-on (SSO) for software as a service (SaaS), web, and cloud resources. VMware Identity Manager gives your IT team a central place to manage user provisioning and access policy with directory integration, identity federation, and user analytics.

For more information, see VMware Identity Manager Documentation.