Introduction to VMware Horizon for Citrix AdministratorsVMware Horizon 8
Today's workforce requires access to applications, at any time, from any device. In this new mobile-cloud world, managing and delivering services to end users with traditional PC-centric tools remains a challenge.
VMware Horizon provides a digital workspace with the efficient delivery of virtual desktops and applications that equips workers anywhere, anytime, and on any device. With deep integration into the VMware technology ecosystem, the platform offers an agile cloud-ready foundation, modern best-in-class management, and end-to-end security that empowers today’s Anywhere Workspace.
Purpose of This Tutorial
Deploying Horizon is simple and straightforward; you can set up a basic environment in just a few hours. This guide points you to step-by-step guides and interactive labs to get you quickly set up, running, and comfortable with a Horizon deployment.
This guide introduces you to VMware Horizon and discusses:
- What’s new in Horizon
- VMware Horizon features and benefits
- How Horizon features correlate to Citrix Virtual Apps and Desktops features
- Where to learn more and give Horizon a try
This guide is intended for anyone who is a Citrix administrator and has a Citrix background who wants to learn about VMware Horizon. Familiarity with networking and storage in a virtual environment, Active Directory, identity management, and directory services is assumed.
Introduction to VMware Horizon
Horizon is a complete solution that delivers, manages, and protects virtual desktops, RDSH-published desktops, and applications across devices and locations. The following sub-sections describe the key elements that make Horizon an enterprise-class solution.
Enterprise-Class Application-Publishing and Virtual-Desktop Solution
VMware Horizon provides a single management platform for delivering virtual desktops and RDSH-published desktops and applications to end users at scale, both on-prem and in the cloud. From provisioning to management and monitoring, Horizon offers an integrated stack of enterprise-class technologies. With mobile device support and identity-driven workspaces, Horizon offers a consumer-simple, enterprise-secure user experience.
Figure 3: Horizon’s multi-cloud capabilities can be deployed on a multitude of platforms
Cloud-Based Management Options
Horizon Control Plane Services offer a set of cloud management services to deploy, manage, and scale virtual apps and desktops across all Horizon environments, both on-premises and in the cloud.
Figure 10: Horizon Control Plane Services
The services offered by Horizon Control Plane Services include the following:
- Universal Brokering with Multi-cloud Assignments - Intelligently connects users to their virtual desktops and apps through a single URL to Horizon Pods based on available capacity, user location, preference, and more, regardless of if the Horizon deployment type is on-premises or in the cloud.
- - Centrally manages and distributes desktop images across Horizon environments, on-premises and in the cloud. Leverages markers to orchestrate updates or roll-backs of images for individual user groups or desktop pools, tracks changes of images, and automates the replication of an image to multiple locations.
- - Packages apps once and deploys them across Horizon environments, on-premises and in the cloud. Reduces image count, maintenance and application packaging complexity by managing applications separately from the image with VMware App Volumes.
- - Real-time health monitoring of the user session, virtual desktops, and apps across Horizon environments, on-premises and in the cloud, with a single user interface. Leverages a help-desk service to quickly troubleshoot user sessions with detailed metrics.
- - Simplifies initial onboarding and configuration of your Horizon environment on any cloud. Automatically installs, upgrades, and scales Horizon infrastructure in environments such as Horizon Cloud on Azure with built-in automation and lifecycle management.
Integrated Enterprise-Class Technologies
VMware Horizon includes and is tightly integrated with the enterprise-class and enterprise-proven VMware SDDC technology stack, including VMware vSphere® and VMware vSAN™. In addition, Horizon is built upon a set of integrated operating system, application, and user-environment technologies. Horizon provides a faster way to provision fully personalized and customized virtual desktops or RDSH hosts. VMware vSphere Instant Clone Technology, combined with Dynamic Environment Manager and App Volumes, dramatically improves application delivery and management at scale.
Figure 4: VMware App Volumes Management Console
Horizon Enterprise includes real-time application delivery, user personalization, fast desktop provisioning, and application packaging.
VMware Horizon Apps for Published Applications and Desktops
VMware Horizon represents a leap forward in managing and delivering not just virtual desktops, but also published applications and desktops in a scalable, secure, and enterprise manner.
VMware provides you with the opportunity to deploy enterprise software for published applications and desktops, with or without VDI. VMware has introduced VMware Horizon Apps to the market—a standalone offering that focuses on delivering and managing published RDSH applications, including session-based desktops. Horizon Apps is essentially the same as VMware Horizon but without the option to deploy virtual desktops. Horizon allows applications to be deployed from both RDSH servers and Windows 10 Virtual Machines. Remote physical Windows 10 machine access is also available in Horizon Apps.
- Blast Extreme to take advantage of modern codecs and technologies such as H.264 and GPU-based hardware offloading—on both the client and host
- VMware Instant Clone Technology for fast desktop and Remote Desktop Session Host (RDSH) provisioning
- VMware App Volumes™ for real-time application delivery
- VMware Dynamic Environment Manager™ for contextual real-time policy and user profile management
App Volumes, Instant Clones, and Dynamic Environment Manager allow components of a desktop or RDSH server to be decoupled and managed independently in a centralized manner, yet reconstituted on demand to deliver a personalized user workspace when needed. These components are supported in both on-premises and cloud-based Horizon deployments, providing a unified and consistent management platform regardless of your deployment topology. This approach provides several key benefits, including simplified desktop and RDSH image management, faster delivery and maintenance of applications, and elimination of the need to manage fully persistent desktops.
Figure 2: The desktop creation and customization process
Simple, Fast, Efficient Management at Scale
The new deployment reality for Horizon at scale is automatic deployment of hundreds of customized desktops and RDSH servers in a few minutes from centralized single images. Horizon supports real-time application delivery and management through VMware technologies. Instant Clone Technology provides a faster way to provision virtual machines in VMware vSphere with reduced deployment complexity. When administrators combine App Volumes, Dynamic Environment Manager, and Instant Clone Technology, they can rapidly spin up RDSH-shared or virtual desktops that retain user customization across sessions, even though the desktop itself is destroyed when the user logs out.
Following are some features and products that contribute to simple, fast, and efficient management at scale for Horizon:
Note: To confirm the latest configuration maximums, see VMware Horizon configuration limits.
Provisioning of Virtual Machines
Instant Clone Technology for RDSH farms allows administrators to instantly spin up new RDSH farms and quickly refresh existing RDSH farms, with zero downtime.
Figure 5: RDSH Farm in VMware Horizon Administrator
After the single golden image has been published in the environment, it can take only 1 to 2 seconds, on average, to create a VM. Scaling out from 1 RDSH VM to 51 RDSH VMs takes less than 2 minutes.
Deployment at Scale
A single Horizon virtual-desktop pod consists of Horizon Connection Servers, shared storage, a database server, and vSphere and network infrastructure. With Cloud Pod Architecture, you can join multiple pods together and manage this pod federation globally through a single entitlement layer.
To verify the configuration maximums for Cloud Pod Architecture, see VMware Horizon configuration limits. IT can aggregate multiple pods in either the same data center or different data centers, and entitle users to a desktop in any location.
VMware vSAN (included as part of Horizon Enterprise Edition and ) offers simple, hyper-converged storage that is easy to provision and manage. When combined with Horizon, VMware vSAN offers the ability to deploy a linear, scalable hyper-converged virtual desktop and application solution. VMware vSAN has tight integration with Horizon and provides optimized storage policies that are automatically enabled, depending on the deployment type. vSAN allows storage costs to be reduced and lightens the admin load of managing additional storage devices.
Figure 6: Horizon vSAN Storage Policies
Flexible, Robust Security
Security is at the forefront of the VMware Horizon architecture. VMware takes security seriously across all product areas, from the data center and network to the endpoint, including mobile devices.
Examples of security features include:
- for secure external access; also supports the Blast Extreme and PCoIP protocols, single sign-on (SSO), and integration with Workspace ONE Access
- for policies that provide granular access-control at the application, user, device, and network levels, such as policies that ensure that a desktop login from an unsecure network location results in the disabling of cut-and-paste features or access to USB drives
- for virtual networking and micro-segmentation for network data separation and security within the hypervisor, as well as no additional hardware requirement and integration with VMware vSphere
Here are some of the security features and products available in Horizon:
- for secure external access to desktops and applications
- VMware Horizon Smart Policies for context-aware policy controls
- for application and desktop access with single sign-on and True SSO
- Multi-factor, smart-card, and biometric authentication
- Centralized data in the data center
- Smart-card support on mobile devices
- URL-content redirection for secure browsing
Consistent, Adaptive User Experience
Horizon delivers a complete and consistent end-user experience through the following technologies:
- for fast, secure, and mobile contextual application access
- for optimized user experience
- Dynamic Manager for continuity and consistency across desktop sessions and applications
Workspace ONE Access, the Blast Extreme protocol, and Dynamic Environment Manager all contribute to the consistent and adaptive user experience in Horizon and Horizon Apps.
Horizon comes with an identity-driven workspace in VMware Workspace ONE® AccessTM which provides a unified application catalog and portal for enterprise-secure access to Horizon virtual desktops and published applications and Saas applications.
A consumer-simple experience is driven across devices with the Workspace ONE app. The app can be downloaded from public app stores, and users can then access their desktops and applications from mobile devices through Workspace ONE Access. For more information, see the Workspace ONE Access product page.
The Workspace ONE app launches device-native versions of the VMware Horizon Client™ to provide seamless access to Microsoft Windows-based applications and desktops on any device. The VMware Horizon Client, in combination with Workspace ONE Access, supports features such as biometric authentication, multi-factor authentication, single sign-on, and policy-controlled access to applications.
Horizon Enterprise Edition includes Workspace ONE Access—an identity-driven workspace and self-service app store.
Workspace ONE Access provides a consistent user experience for accessing all corporate applications, regardless of deployment technology. Whether deployed on premises or in the cloud, the self-service app store provides fast single sign-on to user applications and desktops without the need to remember multiple passwords. A variety of secure-access mechanisms, including multi-factor authentication, are supported. In addition, customized policies can deliver context-aware access to applications and desktops.
Figure 7: VMware Workspace ONE Access application catalog provides a consistent user experience
Some remote display protocols are acceptable across high-bandwidth and low-latency networks, but they degrade under non-ideal conditions. VMware has developed Blast Extreme Adaptive Transport—an extension of the Blast Extreme protocol—to improve user experience across varying network conditions. Blast Extreme has been optimized to perform well under non-ideal conditions such as public Wi-Fi and mobile networks. Blast Extreme adapts to low bandwidth and dropped packets, and, by offloading to the client-device GPU, reduces the impact on battery life and improves user experience.
In the data center, Blast Extreme can be offloaded (using NVIDIA NVENC technology) to a virtual GPU attached to a virtual desktop or RDSH virtual machine to improve user experience and reduce CPU overhead. Finally, by using Dynamic Environment Manager, Blast Extreme session settings can be customized and personalized based on a number of different factors. The following screenshot shows how a bandwidth profile can be set through Dynamic Environment Manager.
Figure 8: VMware Blast Extreme options in Horizon Smart Policies (through Dynamic Environment Manager)
Dynamic Environment Manager offers a complete user environment management solution without requiring additional back-end infrastructure servers. It can manage user and Windows settings and dynamically configure the desktop or RDSH session. For example, Dynamic Environment Manager can create drive and printer mappings, file type associations, and shortcuts. Dynamic Environment Manager can even manage virtual applications for users.
Dynamic Environment Manager is used to provide a consistent user experience across physical and virtual desktop and published application sessions, regardless of the device used for access.
When VMware RDSH servers are refreshed, Dynamic Environment Manager ensures user customizations, settings, personalization, policies, and application configurations are delivered just in time when a user logs in.
How Citrix Virtual Apps & Desktops Maps to VMware Horizon
Citrix Virtual Apps and Desktops is very similar in architecture to VMware Horizon. Both solutions use a combination of connection brokers, web-based application catalogs, and RDSH or VDI servers to securely deliver virtual desktops and published applications to give administrators even more options to provide the best end-user experience.
The following figure compares the major Citrix Virtual Apps and Desktops components to those of VMware Horizon.
Figure 11: Comparison of the Components of Horizon and Citrix Virtual Apps and Desktops
Remote Desktop Services
Both Citrix Virtual Apps and Desktops and VMware Horizon are enhancements to Microsoft Remote Desktop Services. VMware Blast Extreme and PColP are tightly integrated into Remote Desktop Services using Microsoft APls.
Citrix provides a user portal through Citrix Web Interface, Citrix StoreFront, or Citrix Cloud.
The equivalent VMware user portal is an identity-driven application and desktop catalog provided by Workspace ONE. This application and desktop catalog supports Horizon virtual desktops, Horizon published applications and shared desktops, and Saas applications like Salesforce.
Management and administration of Citrix Virtual Apps and Desktops is performed using a legacy Microsoft Management Console (MMC) application. or a web-based administration console through Citrix Cloud.
The VMware Horizon administration console is web-based. The Horizon Administrator console provides the ability to manage virtual desktops, RDSH servers, and published applications and desktops, all from a single console.
The following figure displays the VMware Horizon Administrator console.
Figure 12: VMware Horizon Administrator Console
- Dashboard – Display See an overview and details of the system health for the environment, including Connection Servers, RDSH farms, datastores, ESXi hosts, VMware vCenter Server® instances, and more.
- Help Desk -– View user session status and perform troubleshooting and maintenance in real time.
- Users and Groups – Add desktop and application entitlements to users and groups.
- Inventory – Manage your desktop pools, application pools, RDSH farms, individual machines, and persistent disks.
- Settings – Manage environment configuration, including servers, licensing, domain administrators for instant clones, Cloud Pod Architecture, event database, and more.
Citrix Virtual Apps and Desktops require installation and maintenance of a license server. VMware Horizon does not require use of a license server.
Session Handling and Load Management
In Citrix Virtual Apps and Desktops, the Citrix Delivery Controllers perform session handling and load management.
In Horizon, the Horizon Connection Servers perform session handling and load management. VMware Horizon provides a flexible and granular method to load-balance RDSH servers.
Citrix requires administrators to deploy and maintain database servers to support published applications and shared desktops.
As with the license server, VMware does not require a database server to support published applications and shared desktops.
Both Citrix and VMware have automated deployment systems. VMware Instant Clone Technology is similar to Citrix Provisioning Services (PVS), but offers benefits such as rapid deployment of desktops in fewer steps. Instant Clone Technology shares a virtual machine image running in RAM, “forking” this image to create copies at RAM speed.
Because Instant Clone Technology is built into VMware vSphere, no extra components are required, which reduces deployment complexity.
Dynamic Environment Management
Citrix Workspace Environment Management Service applies users’ personal settings to virtual desktops and applications, regardless of location and endpoint device. Citrix has integrated Profile Management into the Workspace Environment Management service.
Dynamic Environment Manager offers complete user personalization, including drive mappings, shortcuts, printers, and customization across sessions and devices. Dynamic Environment Manager can be used for virtual and physical desktops, as well as RDSH.
Real-Time Application Delivery
Citrix delivers real-time applications with Citrix App Layering.
In Horizon and Horizon Apps, App Volumes offers the same functionality, and more. App Volumes provides real-time application delivery with application life-cycle management in virtual desktop (VDI) and published application environments. App Volumes can be assigned per user and per machine, and it supports physical desktops as well.
Single Sign-On and Application Catalog
Citrix ADC Unified Gateway provides contextual access and single sign-on to web, VDI, and mobile applications.
In Horizon, Workspace ONE Access provides contextual access and a unified enterprise application store with single sign-on across Windows, web, and native mobile applications. The Unified Access Gateway component is used to provide secure connectivity to applications and desktops.
Figure 13: VMware Workspace ONE Web Interface
Clients and Protocols
Both Horizon and Citrix Virtual Apps and Desktops support a broad range of client devices, including Android and Apple-based smartphones and tablets, Windows and macOS-based personal computers, Google Chromebooks, specialized devices like thin clients and zero clients, and any web browser that supports HTML5.
VMware Horizon supports PColP, Microsoft RDP, and the Blast Extreme protocol. PColP and Blast Extreme cover all use cases. Blast Extreme provides equal performance to Citrix HDX.
Now that you have been introduced to Horizon features and capabilities, you can delve deeper into the product with the resources listed in this section. Start with the Hands-on Labs for practical experience without additional infrastructure—all you need is access to a web browser. Next, you can create a proof-of-concept environment, and finally, deploy a large-scale environment.
VMware Hands-On Labs
VMware Hands-on Labs is a free online portal that provides access to the latest products in a tested and documented cloud-based virtual lab environment. Explore the features and functionalities of Horizon using only a web browser.
Deploy a Proof of Concept
After you develop some familiarity with VMware Horizon, you can create and optimize a proof-of-concept environment using the Quick-Start Tutorial for VMware Horizon and optimization tools.
Deploy a Large-Scale Environment
When you are ready to set up a production environment, refer to the VMware Workspace ONE and VMware Horizon Reference Architecture, which provides a framework and guidance for architecting an integrated digital workspace using VMware Workspace ONE and VMware Horizon.
Summary and Additional Resources
In today’s mobile-cloud world, managing and delivering services to end users with traditional PC-centric tools is challenging. But VMware Horizon provides IT with a streamlined approach to deliver, protect, and manage Windows, Linux, SaaS, web, and mobile desktops and applications while ensuring that end users can work anytime, anywhere, on any device.
Topics discussed in this paper included:
- Introduction to VMware Horizon and its features and benefits
- Advances and enhancements to VMware Horizon
- Administration similarities between Horizon and Citrix
For more information about VMware Horizon, explore the VMware Horizon activity path. The activity path provides step-by-step guidance to help you level-up your Horizon knowledge. You will find everything from beginner to advanced curated assets in the form of articles, videos, and labs. You can also learn more about VMware Horizon at:
The following updates have been made to this tutorial:
Description of Changes
About the Authors and Contributors
The latest version of this paper was updated by:
Previous contributors to this document include:
- Graeme Gordon, Senior Staff End-User Computing Architect, EUC Technical Marketing, VMware
- , Technical Marketing Manager, End-User Computing Technical Marketing, VMware
- Gina Daly, Technical Marketing Manager, End-User Computing Technical Marketing, VMware
- Jim Yanik, Senior Manager, End-User Computing Technical Marketing, VMware
- Caroline Arakelian, Senior Technical Marketing Manager, EUC Technical Marketing, VMware
- , Lead Technologist, End-User Computing Competitive Marketing, VMware
- Frank Anderson, VMware Alumni
The original version of this paper was written by:
- Matt Coppinger, Director, xLabs, VMware
Your feedback is valuable.