VMware Horizon Deployment Guide for Healthcare

1 Introduction and Purpose of this Document

This document describes testing configurations and best practices for integrating VMware Horizon with a variety of healthcare software products.

1.1 Executive Overview

This document is intended for IT professionals responsible for deploying VMware Horizon in Healthcare environments. This document provides guidance for Horizon 8. Included in this document are details on and references to:

  • Best practices for VMware Horizon in healthcare, including RDSH and VDI workloads
  • Versions of Horizon and supporting components tested specifically for healthcare use cases and environments
  • Integration details for 3rd party healthcare software products

1.2 Intended Audience

The intent of this document is to help aid a technical practitioner/implementer of Horizon in healthcare environments. Typical audiences for this type of document include:

Typical audiences

Roles

Responsibilities

Horizon Administrator

Responsible for deployment, configuration, and maintenance of the Horizon instances including supportive solutions like App Volumes, Dynamic Environment Manager, and Workspace ONE Access.

vSphere / Platform Administrator

Responsible for deployment, configuration, and maintenance of the vSphere platform environment including supportive technologies such as the hardware platform, storage, and networking.

Enterprise Architect

Responsible for the overall implementation design of any given IT solution.

IT Administrator

General IT Administrator or user responsible for a specific domain included in a Horizon deployment. Relevant administrators may be from other technical domains such as end-user support, networking, storage, and security teams.

Application Director

Responsible for the delivery of applications throughout the healthcare facility. These include end-user productivity applications, EPR systems, and Electronic Medical Record systems which include all aspects of patient care.

Application Analyst

Responsible for the configuration and integration of applications across the continuum of care. Examples of these include EMR, PACs, cardiology, and speech recognition applications.

Table 1: Typical Audiences

For more information on VMware products and solutions for the healthcare space, see the Healthcare Industry Solutions page.

1.3 Healthcare Personas

Included in this document are references to different Healthcare personas or roles. A persona in healthcare delivery should be thought of in terms of where the care is taking place. As opposed to a specific role such as doctor or nurse, personas in Healthcare should be thought of in terms of context and location.

Consumption of applications differs between ambulatory and inpatient facilities, in addition to when a care provider is working directly with a patient or in a location such as a nursing station or physician’s office. Understanding the demands of these personas helps to define a successful application delivery strategy.

2 Use Cases for Healthcare Deployments

Use cases drive the design for any End User Computing (EUC) solution and dictate which technologies are deployed to meet user requirements. Use cases can be thought of as common user scenarios. For example, a finance or marketing user might be considered a “normal office worker” use case.

Designing an environment includes building out the functional definitions for the use cases and their requirements. We define typical use cases that are also adaptable to cover most scenarios. We also define services to deliver the requirements of those use cases.

2.1 Patient and Business Support

In healthcare, use cases can be grouped into two separate descriptions:

  • Clinical use cases - Clinical is defined as anything that can impact a patient while they are being cared for. Any service outage or degradation assumes the highest priority to restore any services that impact direct patient care.
  • Non-clinical use cases - Non-clinical is defined as roles that are not directly impacting patient care. They are in support of running the business (such as billing, analysts, IT) or supportive of clinical efforts, but do not directly impact patient care.

In most cases, electronic medical record (EMR) software that is deployed has a heavy influence on the other supporting applications for the EMR platform. Organizations must create an application delivery strategy by understanding user requirements and how applications are consumed at the point of care.

Most healthcare providers deliver EMR platform software in the form of published applications. This is because the EMR platform has integrated different modes of disparate business functions into a single application platform. Different users will use the software differently based on the task or function they are performing at that given time. Delivering the EMR software as a published application gives the IT provider more flexibility in designing a single platform to deliver the EMR software.

Choosing the correct services for targeted use cases is critical to having a successful Horizon implementation. Many healthcare customers have multiple service offerings as a result.

Common use cases for Horizon in healthcare environments:

Common use cases

Use Case

Description

Registration / Reception

Registration for hospitals, clinics, and specialties. Patients interact with reception staff for arrivals, after-visit summaries, and insurance coverage-related activities.

Nurse Station

Central location for care team members to meet and discuss rounding and patient care needs. EMR access is typically through a shared workstation and can be presented as a single published application.

Patient Room

Patient room is often suited for a single application delivery such as Horizon Apps.

Operating Room

The Operating Room often contains multiple specialty machines for patient care applications, such as EMR, PACs, anesthesia, etc. These are not always integrated into a single station and may be represented by multiple wall-mounted units or carts.

Medical imaging

Use for diagnostics of radiology or other medical images. Typically require specialty hardware for image review. Subject to review and certification by the FDA to ensure lossless images.

Pharmacy

Delivery of applications for the dispensing of medications, in addition to tracking inventory, packaging, and distribution.

Clinical Research

Research related to AI/ML, genomics, population health, and others. Though the EMR is leveraged by researchers most time is spent extracting and working with the data from the EMR and integrating them into an Enterprise data warehouse.

Non-Clinical Staff

Typically require a broader set of applications, such as for IT operations, finance, human resources, etc.

Patient Kiosk

Used in reception and front desk areas. Patients can self-register, pay bills, and do other controlled activities related to their medical visit.

Telehealth

A patient and healthcare provider interacting remotely by means of telecommunications technology.

Table 2: Common Use Cases

3 Healthcare Specific Service Offerings

This section of the Healthcare Supplement for the Workspace ONE Reference Architecture for Horizon use case services addresses a wide range of user needs. The Business Process Application service described below can be created for static task workers, who require only a few Windows applications.

For specifics on using Horizon to deliver EMR client applications, refer to the guidance provided by the EMR system vendor. For example, some EMR systems client applications were developed prior to the introduction of modern CPU designs and may not be able to take advantage of multiple simultaneous threads to handle application processing. You may find that delivery of such applications is more performant in an RDSH / streamed delivery model instead of leveraging virtual desktops as a delivery option.

3.1 EMR System Client Application Delivery Service (Patient Care Station Service)

An endpoint is set up to automatically log in to Horizon and then launch a single application. The application is delivered via RDSH to the endpoint. Users will typically authenticate themselves to the application by using an identification card and a proximity reader which handles the automatic login to the application.

Typically, this is handled by leveraging the unauthenticated user handling features of Horizon and implementing the solution that best fits your organization’s need.

The EMR Client Application is delivered as a published application provided by farms of RDSH servers. The RDSH servers are instant clones to provide space and operational efficiency. Applications are installed into the golden image of an RDSH host and are available through the VMware Workspace ONE Access catalog. Dynamic Environment Manager applies profile settings and folder redirection.

EMR System Client Application Delivery Service

Unique Requirements

Components

EMR System Client Application

Client application used by EMR systems for multiple use cases.

EMR System Plugins

3rd Party software plugins to integrate other systems or hardware peripherals into an EMR system.

USB-connected Peripherals

Peripheral devices like a proximity card reader, printer, scanner, and cameras that can be connected to a physical endpoint for handling a specific patient workflow, such as registration and discharge.

Serial-connected Peripheral

Peripheral devices like a credit card reader, E-signature pad, scanner, and printer that can be connected to a physical endpoint for handling a specific patient workflow such as billing or document signing.

Table 3: EMR System Client Application Delivery Service

image 20230509200701 1

Figure 1: EMR System Client Application Delivery Service (Patient Care Station Service)

3.2 Digital Status Board Display Service

An endpoint is set up to automatically log in and launch an application that does not require any end-user interaction. It is typically a status display window showing a queue of patients waiting for their turn in the Emergency Room, for example. The application is delivered via RDSH to the endpoint, which handles the automatic login to the application.

Digital Status Board Display Service

Unique Requirements

Components

Digital Status Board Application

Client application used by EMR systems for displaying a patient or order queue.

Thin or Zero Client

Endpoint plugged into the display and hidden from sight.

Automatic Authentication

Does not require a keyboard or mouse because it automatically launches and authenticates to the relevant application.

Table 4: Digital Status Board Display Service

Typically, this is handled by leveraging the unauthenticated user handling features of Horizon and implementing the solution that best fits your organization’s need.

3.3 Telehealth

In 2020, with the new reality of a global pandemic, Telehealth became a critical service provided by healthcare providers. Patients still required consultation and there was a need to reduce crowds and as much unnecessary contact with others. Telehealth is a perfect solution for this. The patient and the healthcare provider connect via a common video conferencing solution such as Microsoft Teams, Zoom, Cisco WebEx, or Microsoft Skype. Many EMR providers have built-in solutions. Both the patient and the healthcare provider are commonly on real-time video and audio and can have a very similar experience as an in-person appointment. You should plan to use an optimization pack, RTAV, or URL content redirection for the best experience and system utilization. For example, the Microsoft Teams optimization pack for Horizon will use the local endpoint to help offload audio/video from the virtual machine. If there is not an optimization pack, VMware Real-Time Audio-Video (RTAV) or URL content redirection can be used to redirect audio and video from local to remote VDI sessions with much better performance and reduced bandwidth than USB redirection alone. RTAV, URL Content Redirection, and the other optimization solutions for Telehealth are detailed below.

3.4 Shared Clinical Workstation

A workstation or endpoint is configured for use by multiple end users. Different users will have different sets of applications available to them, based on their role. Applications are delivered by a virtual desktop or as nested RDSH delivered applications from that virtual desktop. Nested mode, aka double-hop, is a user connecting from the Horizon client to a VDI session, then from the VDI session launching an RDSH application.

You may consider amending the service, depending on the applications that are included in the virtual desktop in this service offering. For most clinical use cases, the primary EMR application dictates the rate of revision or updating of applications included in the desktop. For application configurations that do not change often, it is recommended that you deliver the applications as a part of the base image rather than using an application layering solution. Application layering with App Volumes can be used to complement the shared clinical workstation service.  This allows for delivery of applications with high rates of change as well as those with entitlements to specific departments, which helps reduce the total number of gold images.

Note that some product features and 3rd party peripherals may not be fully supported with nested-mode configurations. See Features Supported in Nested Mode and VMware Horizon Guidelines for Nested Mode for details on nested-mode configurations. Also, see section 4.4 of this document for details on peripheral certification.

Shared Clinical Workstation

Unique Requirements

Components

Multiple applications

Multiple applications are available to a clinician to perform multiple tasks specific to their role in the hospital. Applications could be delivered via VDI, they could be all RDSH, or there could be a combination of VDI with nested RDSH.

Thin Client, Desktop or Laptop

Full-featured endpoint with sufficient ports for required peripherals.

User-based Authentication

Does require a keyboard and mouse and possibly other peripherals. Users will typically authenticate themselves by using an identification card and a proximity reader. Authentication is typically handled inside the EMR application or through a 3rd party authentication service because it automatically launches and authenticates to the relevant application.

USB Peripherals

Attached dictation device is used to scan prescription drugs and other sundries administered for patient care.

Table 5: Shared Clinical Workstation

image 20230509200727 2

Figure 2: Dedicated Clinician Productivity Station

4 Deployment Notes for Horizon in Healthcare

VMware recommends that you test your platform design prior to final wide deployment. If you are migrating from an existing environment, we suggest that you profile your current deployment with a workplace assessment solution like Lakeside SysTrack to document the system configuration and usage patterns. That information is extremely valuable for building a relevant test plan.

Once you have a validated test plan, leveraging a test bench tool can help you test to see if your targeted results, based on your own performance goals, are achievable.

4.1 Horizon Extended Service Branch

In Q2 of 2018, VMware introduced Extended Service Branch (ESB), in addition to the Current Release branch. Horizon 8 Extended Service Branch releases receive up to four Maintenance Updates after the base release and are actively supported for three years during which hot patches are available. Only critical defect or security fixes and support for new Windows 10/11 feature updates are included in the ESB maintenance updates to provide the most stable platform release of Horizon available.

VMware recommends customers use the ESB branch for environments that rely on the most stable platform for a long-term duration. Using a Horizon ESB release assures customers that they are basing their Horizon implementation on the most stable release branch of Horizon. No new functionality updates are provided in the ESB branch, only patches and hotfixes to features and functions that existed at the base ESB release.

For more information on the ESB, see Knowledge Base Article 86477.

For details on VMware releases and interoperability with other recommended releases, see the VMware Product Interoperability Matrix.

For details on VMware lifecycle support, see the VMware Lifecycle Support Matrix.

4.2 Validated Configuration Details for VMware Components

Based on research conducted at several hospital systems, we have included typical end-user workflows of healthcare customers using Horizon in our QE testing process. The intent is to assure that common endpoint configurations, peripheral devices, and user workflows are validated as a part of a continuous testing effort by VMware.

Note that we are unable to test with the EMR systems themselves as a part of this effort, due to restrictions placed on us by EMR system vendors. EMR system vendors are focusing on validating Horizon as a suitable platform for EMR systems as a separate part of these efforts.

4.3 Certified Endpoints for use with Horizon

In addition to standard Windows-based devices, there are several endpoint options recommended for use with Horizon. 

Thin Client endpoints that are certified for use with Horizon are documented in the VMware Compatibility Guide. For a list of thin clients available by VMware partners, see the VMware Solution Exchange page on Horizon Endpoints.

Chrome Enterprise-based endpoints offer a range of devices in several form-factors that can be customized for the different workstyles of healthcare professionals and are fully supported for use with Horizon. For a list of Chrome OS devices and availability, see the VMware Marketplace list of supported endpoints. For more healthcare-specific information on Chrome Enterprise, see Google's Chrome Enterprise Healthcare reference. 

If you intend to composite USB peripherals, validate with your client endpoint vendor that any endpoint device you use in a Horizon deployment supports that USB composite device splitting. You should also validate your thin client supports the redirection technology you require such as Serial redirection and RTAV.

Note that VMware does not recommend the use of Tera / Tera2-based Zero clients for use in healthcare environments.

4.4 Certified Peripherals for use with Horizon

Peripherals such as scanners, signature pads, and credit card readers are commonly used in Horizon deployments for Healthcare environments. VMware has certified several peripherals for use with Horizon 7. Review the list of peripherals that were tested by VMware at the VMware Solutions Exchange Marketplace for details.

The list of peripherals above also includes composite devices which multiple components that can be split as explained in Configuring Device Splitting Policy Settings for Composite USB Devices.

The following VMware KBs cover USB redirection limitations and troubleshooting tips:

More resources can be found in VMware Docs and the VMware Knowledge Base.

Note: If any given peripheral device is not included in the list of tested peripherals, it does not mean that the device is non-functional with Horizon 7.

If you manufacture peripherals and would like to have a peripheral added to the certified peripheral list, contact us using the email on the VMware Horizon Partner Peripherals Program.

4.5 Epic Hyperspace

VMware works with Epic with each ESB release to ensure the product meets Epic's Target Platform specifications. Epic will provide detailed information to their customers around sizing and specifications for running Epic. Customers should request a Hardware Configuration Guide or Capacity Assessment. These documents are specific to each customer’s deployment and a version of Epic. These guides can be used by our Professional Services team, an implementation provider, or a hardware vendor to appropriately design a Horizon architecture for the customer.

Active Epic customers can sign up for a user web account on Galaxy to receive access to the relevant integration documents.

Customers should be aware of other resources available on Epic Galaxy including:

Epic’s Target Platform represents current platforms that Epic has high confidence in based on functional, performance, and scalability testing as well as real-world observation across the Epic community. Epic can provide robust guidance on how to deploy Epic successfully on these platforms. These are the recommended platforms for most situations.

4.6 Imprivata OneSign

For this testing, we used the following configurations:

Imprivata OneSign

Component

Version validated

Notes

Imprivata OneSign

7.6

Verified to latest ESB release

Table 6: Imprivata OneSign

Imprivata OneSign® is a single sign-on (SSO) solution that enables care providers to spend less time with technology and more time with patients. Imprivata integrates with VMware Horizon to provide fast and secure access to virtual desktops and remotely delivered applications.

Details on the supported components of VMware Horizon can be found in the Imprivata OneSign Supported Components document.

4.7 Nuance

For this testing, we used the following configurations:

Nuance

Component

Version validated

Notes

Nuance Dragon Medical One

2022.3

 

Table 7: Nuance

Dragon Medical One (DMO) is a product from Nuance that is supported on Horizon Apps. Nuance develops other software solutions such as Dragon Network Medical Edition, and Dragon Medical 360. VMware continues to work with Nuance to ensure that

4.8 Other Software Applications Certified for use with Horizon

Learn about other 3rd party software applications that have been certified for use with VMware Horizon at the VMware Solution Exchange – Digital Workspace – Horizon page.

5 Best Practices for Horizon Deployments

This section describes best practices when integrating VMware Horizon with healthcare software products.

5.1 Use the Digital Workspace Designer to Plan Your Horizon Deployment

The VMware Digital Workspace Designer is your companion and aid for planning and sizing a VMware Workspace ONE deployment, maintaining current VMware best practices, and assisting you with key design decisions. The tool is aimed at establishing an initial high-level design for any planned deployment.

For more information, see Digital Workspace Designer Customer Demo.

To access the Digital Workspace Designer, see the VMware Tech Tools page.

5.2 Review Best Practices for Published Applications Through Horizon

Horizon Apps leverages Microsoft RDSH servers to deliver published applications or desktops. Data, applications, and desktops are centrally managed and secured. Users access their published applications and desktops from a single digital workspace, through single sign-on from any authenticated device or OS.

Published applications and desktops provide the opportunity to reduce hardware, software, and operating costs, and simplify installation, upgrades, and troubleshooting.

This video series provides excellent guidance for RDSH in Healthcare applications from VMware team members focused on Healthcare:

See the Best Practices for Published Applications and Desktops in VMware Horizon and VMware Horizon Apps for more detail on topics like:

  • vSphere Storage and Networking Best Practices
  • ESXi Host Sizing Best Practices
  • Remote Desktop Session Host Best Practices
  • Antivirus Configuration Best Practices

5.3 Create an Optimized Windows Image for a VMware Horizon Virtual Machine

The considerations you must take into account when creating a Windows system image are much different if you plan to deploy virtual desktops rather than physical desktops:

  • Physical desktops – Resource usage on a physical machine impacts only the user who is using that machine. The operating system on a physical machine determines whether or not resources are available. One-time actions impact the user only the first time they are performed because the machine is never refreshed. For example, a user typically gets a new user profile the first time they log on, and they continue to use that same profile with all subsequent logons.
  • Virtual desktops – In contrast, in a virtual environment, the guest operating system behaves as if it has exclusive access to the CPU cores, but in reality, the cores are shared between 2 to 8 virtual machines. When using nonpersistent VMs or user profiles, the actions that are intended to run only once could run every time a user logs on.

With virtual desktops, therefore, one-time system actions must be configured in the base image, and one-time user actions must be configured in the default (or mandatory) user profile. In addition, to reach a higher consolidation ratio, increasing the number of VMs hosted on a single VMware vSphere host, VMware recommends turning off features that are not needed. For step-by-step instructions on accomplishing all these tasks, see Manually Creating Optimized Windows Images for VMware Horizon VMs and Using Automation to Create Optimized Windows Images for VMware Horizon VMs.

5.4 Nested Mode

As mentioned earlier, you can leverage nested mode to first connect to a desktop then inside of the desktop launch published Horizon applications. If you use nested mode, there are some items to consider:

  • Always use the same protocol on each hop
  • Always use the same redirection technology on each hop

See the following KB article for more details on nested mode in Horizon:

5.5 Deliver Office 365 Applications with Horizon

Microsoft Office 365 is a common application that is deployed in a VMware Horizon environment. Be sure to see Best Practices for Delivering Microsoft Office 365 in VMware Horizon, which includes tips and best practices that can improve performance and application manageability.

5.6 Choose a Remote Desktop Protocol That Delivers a Rich User Experience

With Horizon 7, you have a choice of what protocols you use. In View 4.5, VMware partnered with Teradici to use PCoIP (PC over IP) to handle the remote experience. We introduced the Blast Extreme display protocol with VMware Horizon 7, the latest generation of VMware desktop virtualization and remote application-delivery software.

For an overview of the different display protocols Horizon 7 supports, see Choosing a Display Protocol in the VMware Horizon 7 Architecture Planning document in the Horizon 7 documentation.

For details about Blast Extreme, see Blast Extreme Display Protocol in VMware Horizon 7, which covers all versions of Horizon since 7.0. This guide provides a technical description of Blast Extreme, including how to deploy it, configuration best practices, and benefits and limitations, for administrators who are considering using the Blast Extreme display protocol in their organization today.

For details about PCoIP, see the 3rd Party Integration: PCoIP Planning document and the PCoIP article in the VMware Horizon 7 Architecture Planning document in the Horizon 7 documentation.

5.7 Printing

For details on printing options available in Horizon, see the following resources:

6 Authors and Contributors

The following people contributed to the writing and updating of this document.

6.1 Authors

  • Rick Terlep – Senior Architect, EUC Technical Marketing
  • Mike Lonze – Senior Manager, Healthcare Technologies
  • Jon Holloway – Architect, EUC System Test and Engineering Services
  • Chris Halstead – Staff Architect. EUC Technical Marketing
  • Mike Erb – Staff Architect, EUC Technical Marketing

6.2 Contributors

6.3 Reviewers

6.4 Editors

7 Changelog

The following updates were made to this guide:

Date

Description of Changes

2023/05/09

  • Updated graphics and content to accommodate newer ESB releases.

2022/03/24

  • Added updates for Horizon 2111.

2019/09/18

  • Guide was published.

 

Filter Tags

Horizon Horizon Horizon Apps Document Deployment Considerations Intermediate Design Deploy