Initial Configuration

VMware Horizon 7 version 7.5 and later

Initial Configuration

Introduction

The exercises in this chapter are about configuring the Connection Server so that it can create pools of VDI desktops and RDSH-published desktops and applications. You use the Horizon Administrator UI to perform these Connection Server configuration tasks. In subsequent chapters, you will use the new Horizon Console UI to create and monitor desktop and application pools.

Some exercises in this chapter are mandatory, and some are optional. For example, the exercise Create a Domain User Account and OUs in AD for Clone Operations, is optional in that you are not required to create a new domain user account and new Active Directory organizational units if you just want to set up a proof-of-concept (POC) environment. When prompted in later exercises, you can specify an existing domain user and OUs if you like.

Similarly, you are not required to set up an event database. The event database allows you to monitor logging operations in the Horizon Administrator UI. If you do not complete the exercise Create an Event Database, you can instead look directly in the log files if necessary, or you can configure logs to be sent to a Syslog server.

If you do not perform these optional exercises, configuring the Connection Server involves only three tasks: entering the license key, adding a vCenter Server, and designating an instant-clone domain administrator.

Create a Domain User Account and OUs in AD for Clone Operations

In this exercise, you perform the following preliminary tasks so that instant- or linked-clone desktops can be automatically joined to a specified domain as they are created:

  • Create a user account in Active Directory that has the required permissions for creating and deleting cloned-desktops.
  • Create one organizational unit (OU) in Active Directory for instant-clone desktops, another for instant-clone RDSH servers, and another OU for linked-clone desktops.

Note: This exercise shows how you would typically create an OU in a production environment and set the minimum required Active Directory domain privileges. However, for a test environment, you can skip this exercise and deploy the instant-clone  and linked-clone virtual machines (VMs) to the Computers OU, and use a domain administrator account for the instant-clone domain administrator and the domain administrator for View Composer.

Prerequisites for Creating OUs and the Domain Admin

To perform this exercise, you must have a user account for logging in to the domain controller as an administrator and creating users and OUs in Active Directory.

1. Open Active Directory Users and Computers

On the Active Directory Domain Controller, log in as an administrator, and go to Start button > Administrative Tools > Active Directory Users and Computers.

2. Add a New User

  1. Expand the domain.
  2. Right-click Users.
  3. Select New.
  4. Select User.

2.1. Enter User Name Information

Complete the dialog box, and click Next.

2.2. Enter Password Information

  1. Enter a password.
  2. De-select User must change password at next logon. In a test environment, you can de-select this check box.
  3. Select Password never expires.  In a test environment, you can select this check box.
  4. Click Next, and click Finish in the next wizard page to close the wizard and create the user.

Now that you have a domain user account to use specifically for creating cloned VMs, you can add this user to the Active Directory OUs that will contain the VM computer accounts, as described in the steps that follow. You will also assign permissions to this user so that the user account can create and delete VMs in the OUs.

3. Create an OU for Instant-Clone Desktops and Delegate Control

  1. Right-click the domain.
  2. Select New.
  3. Select Organizational Unit.

3.1. Name the OU

  1. Enter a name; for example, Instant Clones.
  2. Click OK.

This OU is the Active Directory container in which the instant-clone computer accounts will be created. After you complete the text box, you can find the OU under the domain.

3.2. Open the Delegation of Control Wizard

Right-click the OU you created (that is, the container) and select Delegate Control.

3.3. Click Next on the Welcome Page

Click Next to start the wizard.

3.4. Add the Domain User

  1. In the Users or Groups dialog box, click Add.
  2. Enter the name of the domain user you just created; for the example in this exercise, we use Clone Domain User.
  3. Click Check Names to verify that the name can be found in Active Directory.
  4. Click OK.
  5. When you are returned to the Users or Groups page, click Next.

3.5. Create a Custom Task to Delegate

  1. Select Create a custom task to delegate.
  2. Click Next.

3.6. Delegate Control of Computer Objects

  1. Select Only the following objects in the folder.
  2. Select the following check boxes:
    • Computer objects
    • Create selected objects in this folder
    • Delete selected objects in this folder
  3. Click OK.

3.7. Select Permissions

  1. in the Permissions list, select the following items:
    • Create All Child Objects
    • Delete All Child Objects
    • Read All Properties
    • Write All Properties
    • Reset Password
  2. Click Next.

These are the required permissions for the user account, including permissions that are assigned by default.

  • List Contents
  • Read All Properties
  • Write All Properties
  • Read Permissions
  • Reset Password
  • Create Computer Objects
  • Delete Computer Objects

3.8. Click Finish

Click Finish to close the wizard.

4. Create an OU for Instant-Clone RDSH Servers and Delegate Control

If you plan to perform the exercise for creating an instant-clone farm of RDSH servers, repeat the step Create an OU for Instant-Clone Desktops and Delegate Control to create an OU for the instant-clone RDSH server computer accounts. You might name the OU RDSH Servers.

5. Create an OU for Linked Clones and Delegate Control (Optional)

If you plan to perform the exercise for using the Composer and creating a linked-clone desktop pool, repeat the step Create an OU for Instant-Clone Desktops and Delegate Control to create an OU for linked-clone desktop computer accounts. You might name the OU Linked Clones. The OUs for linked clones require the same delegation permissions as those for instant clones.

Note: In a production environment, usually the decision is made to use either linked clones or instant clones.

Add the Product License Key

The first step of initial configuration after installing the Connection Server is to add a product license key. The first time you log in to the Connection Server, the Horizon Administrator opens to the Product Licensing and Usage page.

Prerequisites for Adding a License

Before you perform this exercise, you need a valid license. You can use an evaluation license. For information about purchase options, see the VMware End-User Computing Packaging and Licensing guide.

1. Click the Edit License Button

  1. In Horizon Administrator, navigate to View Configuration, and select Product Licensing and Usage.
  2. Click Edit License.

2. Provide the License Serial Number

  1. Enter the 25-character serial number of the product license key.
  2. Click OK.

3. Verify Successful License Edit

  1. Verify that the license expiration date has not already passed.
  2. Verify that the licenses for Desktop, Application Remoting, Composer, and Instant Clone are all enabled.

Add a vCenter Server Instance

vCenter Server creates and manages the virtual machines used in Horizon 7 desktop pools. The Connection Server uses a secure channel (SSL) to connect to the vCenter Server instance.

Prerequisites for Adding vCenter Server

Before you perform this exercise you need the following:

  • Horizon 7 license – See Add the Product License Key.
  • vCenter Server user account – For more information, see Configure a vCenter Server User for Horizon 7 and View Composer. The account privileges you need depend on whether you are using the Composer (which is optional).
    Tip: In a test environment, you could use the administrator account (administrator@vsphere.local), which has all administrator privileges.
  • View Composer Server user account – (Optional) The account must be a domain user account and must be a member of the local Administrators group on the standalone View Composer machine. Complete this setting if you plan to create linked-clone desktop pools.
  • Domain user account for adding linked clones – (Optional) This is a domain administrator account with permissions to create and delete computer objects and write properties in the domain. You already created this user account if you performed the exercise Create a Domain User Account and OUs in AD for Clone Operations. You need this information only if you plan to created linked-clone desktop pools.
    Tip: In a test environment, you could use an account that is a member of the Domain Administrators group, which has all the required privileges.

1. Click Add on the vCenter Servers Tab

  1. In Horizon Administrator, navigate to View ConfigurationServers.
  2. Click Add.

2. Enter vCenter Server Settings

  1. In the vCenter Server Settings section, enter the FQDN of the vCenter Server instance, and the user name and password for the vCenter Server user account, as described in Prerequisites for Adding vCenter Server.
  2. Accept the default values for the port and other advanced settings, and click Next.

3. Enter the Composer Settings (Optional)

  1. In the View Composer Settings section, select Standalone View Composer Server, and configure the following Composer Settings:
    • Server Address: Enter the FQDN of your View Composer VM.
    • User name: Enter the user name of your vCenter Server user account; for example, domain.com\user or user@domain.com. This account is described in Prerequisites for Adding vCenter Server.
    • Password: Enter the password of your vCenter Server user account.
    • Port: Use the default.
  2. Click Next.

Important: If you do not plan to create linked-clone desktop pools, you can skip this step and its sub-steps.

3.1. View the Invalid Certificate

If an Invalid Certificate Detected prompt is displayed, click View Certificate.

3.2. Accept the Certificate

In the Certificate Information window, review the thumbprint of the default self-signed certificate that was generated during installation, and click Accept.

3.3. Add the Composer Domain

  1. On the View Composer Domains page, click Add.

3.4. Enter the Domain Data

  1. In the Add Domain window, enter the domain name, credentials for the domain user account for creating linked clones, as described in Prerequisites for Adding vCenter Server.
    This account must have permission to create computer objects, delete computer objects, and write properties in the domain or in the OUs (organizational units) that you select when creating desktops in later exercises.
  2. Click OK.

3.5. Verify the Domain Data

  1. In the View Composer Domains window, verify the information.
  2. Click Next.

4. Accept Storage Setting Defaults

In the Storage Settings section, accept the defaults, and click Next.

5. Finish the Process

  1. On the Ready to Complete page, review the vCenter Server information.
  2. Click Finish.

6. Verify That vCenter Server Is Connected

On the vCenter Servers tab, verify the vCenter Server that you just connected to your Horizon 7 environment.

Add an Instant-Clone Domain Administrator

You use Horizon Administrator to specify the user account for joining instant-clone VMs to the Active Directory domain.

Prerequisites for Adding the Instant-Clone Domain Administrator

Before you perform this exercise, you must have a domain user account that has the required Active Directory permissions so that cloned desktops can be joined to the domain. These include permissions to create and delete computer objects, and write properties in the domain or in the OUs (organizational units) that you select when creating desktops in later exercises. You have already created this user account if you performed the exercise Create a Domain User Account and OUs in AD for Clone Operations.

Tip: In a test environment, you could use an account that is a member of the Domain Administrators group, which has all the required privileges.

1. Select Instant Clone Domain Admins and Click Add

  1. In Horizon Administrator, go to View Configuration > Instant Clone Domain Admins.
  2. Click Add.

2. Enter Credentials for the Domain Admin User

  1. Select the domain from the drop-down list.
  2. Enter the user name and password of the domain user account for creating instant-clones.

Create an Event Database

In this exercise, you create an event database to log Horizon 7 events to a SQL Server instance, making the event data available to analytics software. For example, you can find the following types of events in the database:

  • Alerts that report system failures and errors
  • End-user actions, such as logging and starting desktop and application sessions
  • Administrator actions, such as adding entitlements and creating desktop and application pools
  • Statistical sampling, such as recording the maximum number of users over a 24-hour period

For details about the types of information recorded, see Integrating Horizon 7 with the Event Database. The event database is not required for every Horizon 7 environment. Alternatively, or in addition to using the event database, you can configure Connection Server to send events to a Syslog server or create a flat file of events written in Syslog format. See Configure Event Logging for Syslog Servers.

Prerequisites for Setting Up the Event Database

To perform this exercise, you need the following:

  • SQL Server instance – This is the database server on which you will create the event database. For the example in this exercise, we used Microsoft SQL Server 2016. To simplify the setup for completing this tutorial in a lab setup, we recommend that you use the same SQL Server instance for the event database, the Composer database, and the JMP server database. For a list of databases that support all three of these components, see Database Requirements for JMP Server.
  • Microsoft SQL Server Management Studio – For the example in this exercise, we used Microsoft SQL Server Management Studio v17.7. The instructions might differ slightly for different versions of SQL Server Management Studio.
  • Microsoft SQL Server Configuration Manager – For the example in this exercise, we used SQL Server 2016 Configuration Manager. The instructions might differ slightly for different versions of SQL Server Configuration Manager.
  • SA credentials – To create the necessary logins for the JMP server database, you will log in to the SQL Server instance as the sysadmin (SA) or as a user account with SA privileges.

1. Open Microsoft SQL Server Management Studio

  1. On the VM where SQL Server and SQL Server Management Studio are installed, click the Start button.
  2. Navigate to and select Microsoft SQL Server Management Studio.

2. Connect to the SQL Server Instance

  1. Select the SQL Server instance from the drop-down list.
  2. Log in as the sysadmin (SA) or using a user account with SA privileges.
  3. Click Connect.

3. Create a Database for Horizon 7 Events

  1. In the Object Explorer, right-click Databases.
  2. Select New Database.

4. Name the Database

  1. For the database name, enter Horizon7Events. Use the default settings.
  2. Click OK.

5. Create a Database Login for the Connection Server Machine

  1. To create a login so that the Connection Server can access the database to log events, expand the Security folder, and right-click Logins.
  2. Select New Login.

5.1. Complete the General Settings

  1. Enter a login name to use for the Connection Server machine, using ASCII characters only; for example, Horizon7EventsUser.
  2. Select SQL Server authentication, and create a password.
  3. De-select Enforce password policy. For the purposes of this exercise, you do not need to use password policies.
  4. Either leave master as the default database or select the Horizon7Events database as the default database.
  5. Select a default language.

5.2. Assign the sysadmin Server Role

  1. Select the Server Roles page.
  2. Select the sysadmin check box.

5.3. Map the Login to the Horizon7Events Database

  1. Select the User Mapping page.
  2. Select the Horizon7Events database.
  3. Click OK.

The new login is added under the Logins folder in the Object Explorer pane, and the user is added under the Databases > Horizon7Events > Security > Users folder.

6. Configure TCP/IP Properties for the Database Server

You must verify that the TCP/IP protocol is enabled and that the default port 1433 is used for all IP addresses.

6.1. Launch the SQL Server Configuration Manager

  1. On the VM where SQL Server and SQL Server Configuration Manager are installed, click the Start button.
  2. Navigate to and select SQL Server Configuration Manager.

6.2. Open the TCP/IP Properties Dialog Box

  1. Expand SQL Server Network Configuration, and select Protocols for <server name>.
  2. In the list of protocols, right-click TCP/IP, and select Properties.

6.3. Enable the Protocol

On the Protocol tab, set or verify that the Enabled property is set to Yes.

6.4. Verify That the Default Port 1433 Is Used

  1. On the IP Addresses tab, set or verify that the TCP port for IPAll is set to the default port 1433.
  2. Click OK.

The database server is now properly configured.

7. Configure the Event Database in Horizon Administrator

  1. In Horizon Administrator, navigate to View Configuration > Event Configuration.
  2. In the Event Configuration pane, click Edit.

8. Complete the Event Database Configuration Dialog Box

  1. In the Edit Event Database window, enter the following information:
    • Database server – Enter the DNS name or IP address.
    • Database type – Accept the default Microsoft SQL Server.
    • Port – Accept the default port number (1433) used to access the database server.
    • Database name – Enter the event database name created on the database server; for example, Horizon7Events.
    • User name and Password – Enter the credentials for the user you created for this database in Complete the General Settings. For this example, the user name is  Horizon7EventsUser.
    • Table prefix – Enter VE_ (for View Events).
  2. Click OK.

The configuration settings you entered are displayed on the Event Configuration page.

9. Verify a Successful Connection

Under Monitoring in the navigation bar on the left, select Events to verify that the connection to the event database is successful.