| 
Horizon Components
Horizon View 7.5 : Horizon View Introduction & Components
VMware Horizon 7 Datasheet (pdf)
System Requirements (> 50 desktops)
- Connection Server - 4 CPUs, 10 GB RAM
- Composer Server - 4 CPUs, 8 GB RAM
Connection Server
- Serves as the connection broker for Horizon clients
- Authenticates user connection requests
- Verifies entitlement to resources
- Directs connections to appropriate resources
- Hosts the Horizon administrator console
- Interfaces with vSphere to manage, deploy, and maintain virtual desktops
Replica Connection Server
- Subsequent Connection Servers are installed as Replica Servers
- After installation, no different than Standard Server
- Up to seven total Connection Servers can be installed per deployment
Enrollment Server
- Installed as a Connection Server option
- Requests short-lived certificates from internal CA to enable password-free logon
- Facilitates VMware True SSO architecture
- Used as an integration between Horizon and VMware Identity Manager
Composer Server
- Deploys and manages linked clone virtual desktops
- Not used with full clone or Instant Clone virtual desktops
- Can be installed on a Windows-based vCenter Server instance
>> Types of Clone: Full and Linked
>> VMware Instant Clone Technology for Just-In-Time Desktop Delivery
>> Get Started with VMware Instant Clone Technology in VMware Horizon 7
Security Server
- Customized instance of Connection Server that is designed to exist in a DMZ
- Provides strong authentication and secure access for outside-the-LAN clients
- Typically installed onto a Windows Server instance in a workgroup
>> VMware Horizon 7.6 Security Server
Unified Access Gateway (formerly known as Access Point)
- Arrives as an ESXi-hosted virtual appliance that is delivered via an OVF
- Provides strong authentication and secure access for outside-the-LAN clients
- Access Point is considered to be VMware's primary focus going forward
-------------- end of Horizon Components ----------------
Horizon 7 Installation (pdf) - p.29 Preparing Active Directory
Horizon 7 Administration (pdf) p.12
Infrastructure Requirements
Determine AD Domains and Trusts
Horizon Agents, Composer Servers, and users and groups can exist in the following AD domain configurations:
- Single Domain
- A different domain having a two-way trust with the Connection Server domain
- A domain in a different forest than the View Connection Server domain that is trusted by the View Connection Server
domain in a one-way external or realm trust, or a one-way or two-way transitive trust relationship
Note: One-way trusted domains require secondary credentials for administrator users using View Administrator
Secondary credentials are supplied using the vdmadmin -T command
Determine User Accounts - Horizon 7 Accounts
- vCenter Server - install guide p.101 - Privileges Required for the vCenter Server User
create a role on vCenter and assign user to it with those privileges at vCenter permissions level
- Composer Server
*1 When View Composer is collocated with vCenter server, add vCenter user to the local admins group
*2 When View Composer is NOT collocated with vCenter server, create and add a standalone View Composer Server user to the local
admins on View Composer
- Composer AD Operations
Create a separate account for Composer AD Operations. Delegate permissions to account in the OU where AD objects will be stored:
- Create Computer Objects
- Delete Computer Objects
- Write All Properties permissions
Ensure that permissions apply to child objects of the OU
- Instant Clone Operations - Separate account with SAME setup as Composer AD Operations account
Determine DHCP Scopes
- DHCP is required for linked clone and Instant Clone desktops
- DHCP is not required for full clone desktops
- Configure DHCP on master templates
- Configure DHCP with a short lease time
Determine Organizational Units
- Create an OU for virtual desktops
- Create a sub-OU for linked clone virtual desktops
- Create an OU for kiosk mode user accounts
- Create an OU for RDS servers
Group Policy Template files
- look for VMware-Horizon-Extras-Bundle zip file
example: VMware-Horizon-Extras-Bundle-4.3.0-4710077.zip
Once ADMX files are copied to Central Store, create GPO, edit and
Navigate to Computer Configuration\Policies\Administrative Templates
- PCoIP Client Session Variables
- VMware View Agent Configuration
^ examples ^
also User Configuration\Policies\Administrative Templates - PCoIP ...
Active Directory Delegation for Instant Clones and Composer
Assigning minimum required AD permissions to VMware Composer (KB 2089676)
Horizon View 7.5 : Horizon View Introduction & Components
VMware Horizon 7 Datasheet (pdf)
System Requirements (> 50 desktops)
- Connection Server - 4 CPUs, 10 GB RAM
- Composer Server - 4 CPUs, 8 GB RAM
Connection Server
- Serves as the connection broker for Horizon clients
- Authenticates user connection requests
- Verifies entitlement to resources
- Directs connections to appropriate resources
- Hosts the Horizon administrator console
- Interfaces with vSphere to manage, deploy, and maintain virtual desktops
Replica Connection Server
- Subsequent Connection Servers are installed as Replica Servers
- After installation, no different than Standard Server
- Up to seven total Connection Servers can be installed per deployment
Enrollment Server
- Installed as a Connection Server option
- Requests short-lived certificates from internal CA to enable password-free logon
- Facilitates VMware True SSO architecture
- Used as an integration between Horizon and VMware Identity Manager
Composer Server
- Deploys and manages linked clone virtual desktops
- Not used with full clone or Instant Clone virtual desktops
- Can be installed on a Windows-based vCenter Server instance
>> Types of Clone: Full and Linked
>> VMware Instant Clone Technology for Just-In-Time Desktop Delivery
>> Get Started with VMware Instant Clone Technology in VMware Horizon 7
Security Server
- Customized instance of Connection Server that is designed to exist in a DMZ
- Provides strong authentication and secure access for outside-the-LAN clients
- Typically installed onto a Windows Server instance in a workgroup
>> VMware Horizon 7.6 Security Server
Unified Access Gateway (formerly known as Access Point)
- Arrives as an ESXi-hosted virtual appliance that is delivered via an OVF
- Provides strong authentication and secure access for outside-the-LAN clients
- Access Point is considered to be VMware's primary focus going forward
-------------- end of Horizon Components ----------------
Horizon 7 Installation (pdf) - p.29 Preparing Active Directory
Horizon 7 Administration (pdf) p.12
Infrastructure Requirements
Determine AD Domains and Trusts
Horizon Agents, Composer Servers, and users and groups can exist in the following AD domain configurations:
- Single Domain
- A different domain having a two-way trust with the Connection Server domain
- A domain in a different forest than the View Connection Server domain that is trusted by the View Connection Server
domain in a one-way external or realm trust, or a one-way or two-way transitive trust relationship
Note: One-way trusted domains require secondary credentials for administrator users using View Administrator
Secondary credentials are supplied using the vdmadmin -T command
Determine User Accounts - Horizon 7 Accounts
- vCenter Server - install guide p.101 - Privileges Required for the vCenter Server User
create a role on vCenter and assign user to it with those privileges at vCenter permissions level
- Composer Server
*1 When View Composer is collocated with vCenter server, add vCenter user to the local admins group
*2 When View Composer is NOT collocated with vCenter server, create and add a standalone View Composer Server user to the local
admins on View Composer
- Composer AD Operations
Create a separate account for Composer AD Operations. Delegate permissions to account in the OU where AD objects will be stored:
- Create Computer Objects
- Delete Computer Objects
- Write All Properties permissions
Ensure that permissions apply to child objects of the OU
- Instant Clone Operations - Separate account with SAME setup as Composer AD Operations account
Determine DHCP Scopes
- DHCP is required for linked clone and Instant Clone desktops
- DHCP is not required for full clone desktops
- Configure DHCP on master templates
- Configure DHCP with a short lease time
Determine Organizational Units
- Create an OU for virtual desktops
- Create a sub-OU for linked clone virtual desktops
- Create an OU for kiosk mode user accounts
- Create an OU for RDS servers
Group Policy Template files
- look for VMware-Horizon-Extras-Bundle zip file
example: VMware-Horizon-Extras-Bundle-4.3.0-4710077.zip
Once ADMX files are copied to Central Store, create GPO, edit and
Navigate to Computer Configuration\Policies\Administrative Templates
- PCoIP Client Session Variables
- VMware View Agent Configuration
^ examples ^
also User Configuration\Policies\Administrative Templates - PCoIP ...
Active Directory Delegation for Instant Clones and Composer
Assigning minimum required AD permissions to VMware Composer (KB 2089676)