VMware Hands-on Labs - HOL-1851-01-ADV


Lab Overview - HOL-1851-01-ADV - Horizon 7.1 Enterprise - Getting Started

Lab Guidance


Note: It will take more than 90 minutes to complete this lab. You should expect to only finish 2-3 of the modules during your time.  The modules are independent of each other so you can start at the beginning of any module and proceed from there. You can use the Table of Contents to access any module of your choosing.

The Table of Contents can be accessed in the upper right-hand corner of the Lab Manual.

This lab module is an overview of Horizon 7.1 new features and integrations.  See the Just-In-Time Management platform in action as well as Workspace One.

Lab Module List:

 Lab Captains:

 

This lab manual can be downloaded from the Hands-on Labs Document site found here:

http://docs.hol.vmware.com

This lab may be available in other languages.  To set your language preference and have a localized manual deployed with your lab, you may utilize this document to help guide you through the process:

http://docs.hol.vmware.com/announcements/nee-default-language.pdf


 

Location of the Main Console

 

  1. The area in the RED box contains the Main Console.  The Lab Manual is on the tab to the Right of the Main Console.
  2. A particular lab may have additional consoles found on separate tabs in the upper left. You will be directed to open another specific console if needed.
  3. Your lab starts with 90 minutes on the timer.  The lab can not be saved.  All your work must be done during the lab session.  But you can click the EXTEND to increase your time.  If you are at a VMware event, you can extend your lab time twice, for up to 30 minutes.  Each click gives you an additional 15 minutes.  Outside of VMware events, you can extend your lab time up to 9 hours and 30 minutes. Each click gives you an additional hour.

 

 

Alternate Methods of Keyboard Data Entry

During this module, you will input text into the Main Console. Besides directly typing it in, there are two very helpful methods of entering data which make it easier to enter complex data.

 

 

Click and Drag Lab Manual Content Into Console Active Window

You can also click and drag text and Command Line Interface (CLI) commands directly from the Lab Manual into the active window in the Main Console.  

 

 

Accessing the Online International Keyboard

 

You can also use the Online International Keyboard found in the Main Console.

  1. Click on the Keyboard Icon found on the Windows Quick Launch Task Bar.

 

 

Activation Prompt or Watermark

 

When you first start your lab, you may notice a watermark on the desktop indicating that Windows is not activated.  

One of the major benefits of virtualization is that virtual machines can be moved and run on any platform.  The Hands-on Labs utilizes this benefit and we are able to run the labs out of multiple datacenters.  However, these datacenters may not have identical processors, which triggers a Microsoft activation check through the Internet.

Rest assured, VMware and the Hands-on Labs are in full compliance with Microsoft licensing requirements.  The lab that you are using is a self-contained pod and does not have full access to the Internet, which is required for Windows to verify the activation.  Without full access to the Internet, this automated process fails and you see this watermark.

This cosmetic issue has no effect on your lab.  

 

 

Look at the lower right portion of the screen

 

Please check to see that your lab is finished all the startup routines and is ready for you to start. If you see anything other than "Ready", please wait a few minutes.  If after 5 minutes your lab has not changed to "Ready", please ask for assistance.

 

Module 1 - What is Horizon 7.1 (15 minutes)

Introduction


This module contains a brief overview of VMware Horizon 7 and covers the follwing topics:


Horizon 7 Overview


Before getting started with the lab it is helpful to understand what Horizon 7 is and some of the key features and licensing options.  

VMware Horizon 7 is the leading platform for virtual desktops and applications.  You can use Horizon 7 to provide end users access to all their virtual desktops, applications, and online services through a single digital workspace


 

Horizon 7 Delivers Desktops and Applications from a Single Platform

Transform static desktops into secure, digital workspaces that can be delivered on demand. Provision virtual or remote desktops and applications through a single VDI and app virtualization platform to streamline management and easily entitle end users.

 

 

Horizon 7 Components and Constructs


To complete the lab, it is helpful to familiarize yourself with the Horizon 7 components and constructs


 

Horizon 7 Components

 

This graphic shows the main components of Horizon 7 that you will use throughout the Horizon 7 Enterprise labs.

 

 

Horizon 7 Constructs

 

In addition, take a moment to understand the Horizon 7 constructs shown in this graphic.

 

VMware Horizon 7 Architecture


This graphic provides a simple logical overview of the architecture of Horizon 7 to provide some context of the components for this lab as well as the other labs.

 


Horizon 7 Editions


VMware Horizon 7 is available in three editions: Horizon Standard, Advanced, and Enterprise. All three editions include all components needed for an end-to end virtual desktop deployment.

Horizon Standard Edition  Simple, powerful VDI with great user experience

Horizon Advanced Edition  Cost-effective delivery of desktops and applications through a unified workspace

Horizon Enterprise Edition  Desktop and application delivery with closed-loop management and automation

Horizon for Linux is also available to provide simple, powerful VDI for Linux operating system

 

 


Just- In-Time Management Platform - JMP


JMP (pronounced jump), which stands for Just-in-Time Management Platform, represents capabilities in VMware Horizon 7 Enterprise Edition that deliver Just-in-Time Desktops and Apps in a flexible, fast, and personalized manner.

JMP is composed of the following VMware technologies:

JMP allows components of a desktop or RDSH server to be decoupled and managed independently in a centralized manner, yet reconstituted on demand to deliver a personalized user workspace when needed.

JMP is supported with both on-premises and cloud-based Horizon 7 deployments, providing a unified and consistent management platform regardless of your deployment topology.

The JMP approach provides several key benefits, including simplified desktop and RDSH image management, faster delivery and maintenance of applications, and elimination of the need to manage “full persistent” desktops.

 


VMware Horizon and Windows 10


VMware Horizon 7 has long had support for Windows 10 as a virtual desktop. More and more organizations are exploring how to implement Windows 10 in their environments. Horizon 7 can help in several ways.

Simplify management

Increase productivity

Improve Security

Boost the bottom line

Free and easy upgrades to Windows 10 for many home users has increased pressure for enterprise IT to follow suit in the move to Windows 10. In fact, Microsoft had a goal of 1 billion deployed Windows 10 devices by mid-2018, with more than 400 million monthly active devices running Windows 10 as of mid-2016.

However, many enterprises still have scars from previous manual and decentralized desktop OS upgrades e.g. Win XP to Windows 7. Unfortunately, the majority of customers have found that migrating to Windows 10, takes the same amount of time as previous migrations. VMware can help. Here’s how:

  1. Test and certify your apps: Before you roll out the applications that run your business, test and certify them on virtual desktops to ensure a smooth rollout without any incompatibility surprises.
  2. Enable your workforce: Give users a taste of Windows 10 through virtual desktop labs so they learn before they move - and stay productive.
  3. Simplify rollouts: Avoid the cumbersome decentralized upgrades by centrally delivering Windows 10 desktops and apps to end users instantly.

 


Horizon Apps


Horizon Apps is another available licensing model for customers who don’t require VDI desktops but want to provide Windows and SaaS apps to their users.

Built on JMP, VMware’s next-gen desktop and application delivery platform, Horizon Apps securely publishes Windows apps in the data center and delivers end users all their apps including virtualized applications, apps packaged and isolated with VMware ThinApp, SaaS apps, and mobile apps in one unified digital workspace on any device, anywhere. Leveraging the power of JMP, IT can deliver Just-in-Time apps to streamline management, reduce costs, and easily maintain compliance.

Horizon Apps is available in Standard and Advanced editions.  Advanced includes Horizon Instant Clones and Horizon App Volumes to provide the full Just-In-Time Management Platform functionality.  


Conclusion


This concludes Module 1 - What is Horizon 7.1.  You should have a good understanding of Horizon 7 Overview, Components and Constructs, Architecture, Editions, JMP, Horizon and Windows 10 as well as Horizon Apps.


 

You've finished Module 1

 

Congratulations on completing  Module 1.

If you are looking for additional information on Horizon 7.1 try one of these:

Proceed to any module below which interests you most.

 

 

Module 2 - What's New in Horizon 7.1 (15 minutes)

Introduction


This Module discusses some of the new features in Horizon 7 and contains the following lessons:


What's New in Horizon 7 Overview


VMware Horizon 7 is a mature platform for desktops and applications with a feature set developed over years of effort.  This section of the lab describes some of the important new features.  While not an exhaustive list of new features, it will give you some idea of the latest and most exciting developments.  


Horizon 7 Instant Clones for RDSH Farms


Instant Clone Technology is all about delivering VDI desktops just in time. Instant Clone Technology allows administrators to rapidly clone and deploy virtual machines at a rate of about one clone per second on average. Horizon 7 can provision 2000 Virtual Desktops in about 20 minutes. Previously, it took about 4-5 hours with View Composer doing linked clones.

Horizon Instant Clone technology was released in 2016 as part of Horizon 7 Enterprise. Provisioning was limited to Windows VDI desktops. With the release of Horizon 7.1, we added the capability to quickly provision RDSH Farms with Instant Clones. Adding servers to an existing RDSH farm happens in seconds, enabling the quick scaling of RDSH Farms to meet increased demand.

Maintenance windows for RDS Host can now be very brief and we can keep some of the servers in a Farm available throughout the maintenance operations. This helps provide a near zero downtime maintenance window for RDSH Farms provisioned with Instant Clones. Maintenance can be done immediately to push out important updates or on a recurring basis.

 

Instant Clone RDSH Farms enable Horizon published applications as a part of JMP.  Once the RDSH Farms are provisioned through Instant Clones, applications can be provisioned by attaching VMware App Volumes AppStacks to the RDS Host when the App Volumes service starts at boot.  Horizon Smart Policies can be used to customize the user experience with these applications.  


Additional Instant Clone Enhancements


We have added native support in the Horizon Administrator for large Instant Clone pools greater than a single subnet mask permits.  When creating an Instant Clone pool, multiple VLANS can be selected on which to place the new Instant Clone desktops or RDS Hosts.  

 

Instant Clone VDI desktop pools can be created with graphics acceleration with NVIDIA GRID vGPU support.  This works with the NVIDIA M series cards only.  The Blast Extreme protocol is fully supported and PCOIP is available as a tech preview.  

 


Blast Extreme Adaptive Transport


In 2016 VMware introduced a brand new UDP/TCP based remote display protocol into the market that is optimized for H.264 enabled devices called Blast Extreme.  Designed to deliver better user experience across a range of low-cost devices including zero and thin clients, Horizon 7 with Blast Extreme allows end users to enjoy better battery life across their devices and support end users with great performance even over lossy networks.

The introduction of Blast Extreme and the ability for customers to continue to use PCoIP provides organizations with added flexibility when optimizing the user experience across use cases.

VMware has also rapidly added support for new features like NVIDIA GRID vGPU and HTML Access to Blast and expects to innovate rapidly around this VMware-developed protocol.

What’s more, this protocol is common across VMware’s on premises, cloud-hosted and hybrid-mode offerings to ensure end users have the same great experience regardless of where their infrastructure and desktops are deployed.

Blast Extreme Adaptive Transport uses a new UDP stack (UDPv2) which provides a great user experience on non-optimal networks such as those experiencing excessive packet loss.  

 


VMware Horizon Virtualization pack for Skype for Business


With Horizon 7 version 7.2 we released the VMware Virtualization pack for Skype for Business for Windows clients.  This solution enables customers to use Skye for Business within Horizon Desktops to make optimized audio and video calls.  

Without the VMware Horizon® Virtualization Pack for Skype for Business installed, all media processing will take place inside the Horizon virtual desktop.

The VMware Horizon® Virtualization Pack for Skype for Business uses the same network ports as a native Skype for Business client (non VDI).  However, because the media engine is installed on the client endpoint, all the media processing will take place on the client endpoint instead of inside the virtual desktop.

By leveraging client endpoints for media processing, server infrastructure is not negatively impacted during audio/video calls.  All media is sent as a separate RTP stream directly between endpoints outside of the display protocol.  Through the use of native Skype codecs, bandwidth usage is equivalent to native Skype for Business calls.

 

Some features of Skype for Business do not require the VMware Horizon Virtualization Pack for Skype for Business.  If users are simply using Instant Messaging and Presence it is not required.  It is for the optimal use of audio and video in virtual desktops.  

For additional information on this feature see

Blog: https://blogs.vmware.com/euc/2017/03/vmware-horizon-virtualization-pack-skype-for-business-beta.html

Video: https://youtu.be/WObgv2Omk0M


Ongoing Remote Experience Innovation


VMware is committed to enhance the remote experience for users on an ongoing basis. We update Horizon clients and agents on a quarterly basis. There are many features that enable a great user experience such as USB redirection, Client Drive Redirection, Smart Card authentication, printer redirection, and Real Time Audio Video to name a few. We have Horizon clients for Windows, Linux, Mac, iOS, Android, Windows 10 UWP, HTML Access, and Chrome OS. Each of these clients supports different features and it is important to understand which features each client type supports so that you can deliver the required features to your users.

To that end, we maintain a KB for each client and agent release that outlines the features available for each client type with each new release. The latest KB at the time this manual was created can be found here:

https://kb.vmware.com/kb/2149515

To be sure you have the latest version of the matrix, search the VMware Knowledgebase at kb.vmware.com for the Horizon client feature matrix.


Horizon Smart Policies


Horizon 7 Enterprise includes Horizon Smart Policies which is a tight integration between VMware Horizon 7 and VMware User Environment Manager to provide context based policy management for the end user experience. It provides a single location for granular management of the user experience.

Horizon Smart Policies allow you to enable, disable, or restrict:

 

By using conditions such as location, pool name, and remote display protocol, the level of access to a given resource can be managed.  For example, a user connecting from outside the organizational network might have USB redirection, client drive redirection, and clipboard shut off to enhance security.  

These are just a few of the new features of Horizon 7.  You will have an opportunity to work with many of them in the other Horizon 7 labs.  

For more information on Smart Policies, you can take HOL-1851-04-ADV and look at Module 4- Horizon Smart Polices.


Conclusion


This concludes Module 2 - What's New in Horizon 7.1.  You should have a good understanding of latest features in Horizon 7.


 

You've finished Module 2

 

Congratulations on completing  Module 2.

If you are looking for additional information on Horizon 7.1 try one of these:

Proceed to any module below which interests you most.  

 

 

Module 3 - JMP for Applications (45 minutes)

Introduction


This Module contains the following lessons:


Deploying Just in Time Applications with Instant Clones


JMP - Next-Generation Desktop and Application Delivery Platform JMP (pronounced jump) represents capabilities in VMware Horizon 7 Enterprise Edition that deliver Just-in-Time Desktops and Apps in a flexible, fast, and personalized manner. JMP is composed of the following VMware technologies:

JMP allows components of a desktop or RDSH server to be decoupled and managed independently in a centralized manner, yet reconstituted on demand to deliver a personalized user workspace when needed. JMP is supported with both on-premises and cloud-based Horizon 7 deployments, providing a unified and consistent management platform regardless of your deployment topology. The JMP approach provides several key benefits, including simplified desktop and RDSH image management, faster delivery and maintenance of applications, and elimination of the need to manage full persistent desktops.

When it comes to JMP we have brought together our best-of-breed application and desktop management technologies (which incidentally do not require full VM control).

In doing so we are allowing you to dynamically scale desktops and apps to drive down costs without compromising user experience. Whats more, we are extending JMP capabilities to address not only virtual desktops, but also published apps functioning both on premises and in the cloud. This will allow you to extend the benefits of JMP across any Horizon virtual desktop or app deployment within your environment.


 

Logical Architecture

 

Horizon Clients - A major advantage of using Horizon 7 is that remote desktops and applications follow the end user regardless of device or location. The client software for accessing remote desktops and applications can run on a tablet, a phone, a Windows, Linux, or Mac PC or laptop, a thin client, and more. After logging in, users select from a list of remote desktops and applications that they are authorized to use

Horizon Connection Server - This software service acts as a broker for client connections. Horizon Connection Server authenticates users through Windows Active Directory and directs the request to the appropriate virtual machine, physical PC, or Microsoft RDS host.

Horizon Agent - You install the Horizon Agent service on all virtual machines, physical systems, and Microsoft RDS hosts that you use as sources for remote desktops and applications. On virtual machines, this agent communicates with Horizon Client to provide features such as connection monitoring, virtual printing, Horizon Persona Management, and access to locally connected USB devices

View Composer - You can install this software service on a vCenter Server instance that manages virtual machines or on a separate server. View Composer can then create a pool of linked clones from a specified parent virtual machine. This strategy reduces storage costs by up to 90 percent. Optional.

VMware Unified Access Gateway - Secure gateway providing edge services. Provides externally and secure access to desktops and applications. (Formally known as Access Point)

Desktop Pools - Automated pools of desktops, floating or dedicated assignment, based on Instant Clones, Linked Clones or Full Clones. Cloned from a common master VM image.

RDSH Farms and Application Pools - Automated farms made up of RDSH servers. Based on Instant Clones, Linked Clones or Full Clones, cloned from a common master VM image. Deliver published applications and shared desktops.

Instant Clones - Rapidly provisioned, customized and available. Forked from a running Parent VM. Fast copy of memory and linked disk with no reboot required.

Linked Clone - Disk linked clones, cloned from a replica disk, required a boot of the clone.

VMware App Volumes - Integrated and unified application delivery and user management system for Horizon 7 and other virtual environments. Applications and data managed by App Volumes are kept in specialized VMDKs or VHDs called AppStacks, which are attached to each Windows user session at login or reboot. This strategy ensures that the most current applications and data are delivered to the user.

User Environment Manager - You can use the Smart Policies feature to create policies that control the behavior of the USB redirection, virtual printing, clipboard redirection, client drive redirection, and PCoIP display protocol features on specific remote desktops. User Environment Manager allows IT to control which settings users are allowed to personalize, and also maps environmental settings such as networks and location specific printers.

 

 

Horizon Apps

Horizon makes apps simple. With the unveiling of Just-in-Time apps in Horizon 7.1, we also make this simple to buy. Horizon Apps is a new stand-alone offering focused on published applications. Horizon Apps comes in two editions:

  1. Standard Edition: Includes app publishing (RDSH apps and session-based desktops), User Environment Manager, VMware vSphere and VMware vCenter.
  2. Advanced Edition: Includes everything in Standard Edition, plus all JMP technologies for Just-in-Time apps (Instant Clone, App Volumes and User Environment Manager).

For customers who need published applications but do not need VDI desktops, Horizon Apps is a great choice.

 

RDS Instant Clone Farm


In this section we are going to look at an already created RDS Instant Clone Farm and verify the settings.


 

RDS Hosts and Farms

You can use Microsoft Remote Desktop Services (RDS) to provide users with desktop sessions on RDS hosts and deliver applications to many users.

RDS Hosts are server computers that have Windows Remote Desktop Services and Horizon Agent installed. These servers host applications that users can access remotely. To access RDS applications, Horizon Client3.0 or later is required.

Farms are collections of RDS hosts and facilitate the management of those hosts. Farms can have a variable number of RDS hosts and provide a common set of published applications or RDS published desktops to users. When you create an RDS application pool, you must specify a farm. The RDS hosts in the farm provide application sessions to users. A farm can contain up to 200 RDS host servers.

Published Applications are application pools that run on a farm of RDS hosts. Published applications let you deliver seamless applications to many users.

 

 

Open the Chrome Browser

 

  1. Click the Chrome icon on the Windows Quick Launch Task Bar to launch.

 

 

Launch the Horizon View Administrator

 

  1. Click on View-01A Admin in the toolbar to open the Horizon 7 Administrator
  2. Enter the User name: Administrator
  3. Enter the Password: VMware1!
  4. Click Log In

 

 

Overview of RDS Farms

Farms simplify the task of managing RDS hosts, RDS desktops, and applications in an enterprise. You can create manual or automated farms to serve groups of users that vary in size or have different desktop or application requirements.

Connection Server creates the instant-clone virtual machines based on the parameters that you specify when you create the farm. Instant clones share a virtual disk of a parent VM and therefore consume less storage than full virtual machines. In addition, instant clones share the memory of a parent VM and are created using the vmFork technology.

View Composer creates the linked-clone virtual machines based on the parameters that you specify when you create the farm. The virtual machines are cloned from a single parent virtual machine and are linked to the parent in a mechanism that reduces the amount of storage that the virtual machines require.

When you create an application pool or an RDS desktop pool, you must specify one and only one farm. The RDS hosts in a farm can host RDS desktops, applications, or both. A farm can support at most one RDS desktop pool, but it can support multiple application pools. A farm can support both types of pools simultaneously.

 

 

RDS Farms

 

In this Hands on Lab we have already created an RDS Instant Clone Farm for you to work with. We will be walking through the configuration of the new RDS Instant Clone Farm and making some changes.

  1. In the left Inventory pane under Resources, click on Farms
  2. Right-click on the existing RDS-IC Farm
  3. Click on Edit so we can view the configuration of the already created RDS Instant Clone Farm.

 

 

Review the Configuration of the RDS Farm Settings

 

We will review the configuration and make a couple changes:

In the RDS-IC farm, the Default display protocol was set to VMware Blast.

  1. Change the Empty session timeout to 5 minutes.
  2. Make sure the check box to Allow HTML Access to desktops and applications on this farm is Enabled.

 

 

Review the Provisioning Settings for the RDS Farm

 

Now we will look at and verify the Provisioning Settings for the Farm.

  1. Click on the Provisioning Settings tab in the Edit Farm window
  2. Verify that Enable Provisioning is checked
  3. Confirm that the Naming Pattern is set to RDS-IC-{n:fixed=2] which will start naming the RDS Servers RDS-IC-01.
  4. Change the Farming Sizing - Max number of machines to 2 and Minimum number of ready set to 1.
  5. Click OK to make changes

 

 

Verify the RDS Servers are in vSphere

 

  1. Open a second tab on the Chrome Browser to the vSphere Client by clicking on box next to View Administrator
  2. In the new tab, click on the HOL-1851 Admin drop down
  3. Select vCenter Web Client

 

 

Login to vCenter Web Client

 

If not already logged in, log in with Administrator@corp.local and password VMware1!

 

 

Verify the RDS Servers are provisioned

 

  1. In the navigation left hand panel, open the vcsa-01a.corp.local
  2. Expand the RegionA01
  3. Expand the RegionA01-IC01
  4. Notice the servers that match the naming pattern in the list: RDS-IC-01 and RDS-IC-02 are provisioned. You may need to scroll down to see the entire list.
  5. Notice in Recent Tasks that RDS-IC-02 was recently provisioned.

 

RDS Instant Clone Application Pool


In these steps we are going to add an application pool with a couple of applications using the RDS Instant Clone Farm and entitle users to it.


 

Advantages of Application Pools

With application pools, you give users access to applications that run on servers in a data center instead of on their personal computers or devices.

Application pools offer several important benefits:

One of the tasks that you perform to give users remote access to an application is to create an application pool. Users who are entitled to an application pool can access the application remotely from a variety of client devices.

 

 

Go back to Horizon View Administrator

 

Go back on the tab in the Chrome Browser for the Horizon View Administrator.

  1. Click on the View Administrator tab in the Chrome Browser.

 

 

Set up an Application Pool with the RDS Farm

 

Now we are going to set up an application pool utilizing the newly provisioned RDS Farm and RDS Servers.

  1. Expand the Catalog in the Inventory
  2. Click on Application Pools
  3. Click on Add so that we can create an application pool

Notice there is already an existing application pool that uses the RDS farm.  We are going to create a new application pool.

 

 

Add Application Pool

 

  1. Click on Select an RDS Farm dropdown menu to select RDS-IC farm
  2. Add some applications by selecting Notepad and Performance Monitor. You will need to scroll down to see these applications. You can also expand the window by pulling the bottom right corner and stretching the window.
  3. Click Next to continue

 

 

Edit ID and Display Name of Applications

 

You can edit the display name of the applications.

  1. Click on the ID name and the Display Name and add "-IC" to the end of the application name for both the Performance Monitor and Notepad applications.  This will be the display name that we will observe shortly.
  2. Accept the defaults and click Finish

 

 

Entitlements to the Application Pool

 

Next you can entitle users or groups to the application pool

  1. Click on Add and another window will pop up.
  2. In the Find User or Group windows under Name/User Name: Contains: Enter lab1user
  3. Click Find
  4. Select the lab1user
  5. Click OK in the Find User or Group window
  6. Click OK in the Add Entitlements window to proceed with the entitlement for lab1user.

You could also provision for groups like "Domain Users" just substitute that for lab1user above.

 

Verify the Application Pool


In these steps we are going to log in and verify that the application pool is present, we see the applications and we are entitled to them.


 

Minimize the Chrome browser

 

Click on the dash in the upper right corner to minimize the Chrome browser so we can start the Horizon Client from the Main Console desktop.

 

 

Open the VMware Horizon Client

 

Launch the Horizon Client from the Main Console Desktop

  1. Double-click the VMware Horizon Client on the Main Console Desktop

 

 

Login to view-01a.corp.local

 

Double-click the view-01a.corp.local server

 

 

Login as lab1user

 

  1. Log in as lab1user
  2. Enter Password VMware1!
  3. Click Login

 

 

Verify the Application Pool is shared out

 

Verify that you see the Applications that we added to the Application Pool: Notepad-IC and Performance Monitor-IC should be present and available.

 

 

Connect to an Application in the Application Pool

 

Double click one of the applications to test that it connects.

  1. Double-click on Notepad-IC. It may take a minute to bring it up.  You will see a window pop up with "A Connection has been established and the application is launching"
  2. Type text in the WordPad app to show that you can access it.
  3. Click the X to close the WordPad app
  4. Click on Don't Save to finish closing the app.

 

 

Disconnect and close

 

  1. Disconnect from the Horizon Client by clicking on the disconnect icon
  2. Confirm OK to close the window.
  3. Click the X to close the VMware Horizon Client window

 

Elastic RDS Instant Clone Farm


An RDS Instant Clone Farm can be expanded dynamically to support more users or shrunk down by removing RDS servers. We will not perform these steps in this lab due to the limited size of the vpod. However, we will review the steps and then cancel at the end.


 

Open the Chrome Browser

 

  1. Bring the Chrome Browser back up by clicking on View Administrator in the toolbar at the bottom on the Main Console.

 

 

RDS Farms

 

We are going to shrink the already configured RDS Instant Clone Farm to remove an RDS Servers.

  1. In the left Inventory pane under Resources click on the Farms
  2. Right-click on the existing RDS-IC Farm
  3. Click on Edit so we can view the configuration of the already created RDS Instant Clone Farm.

 

 

Review the Configuration of the RDS Farm Settings

 

We will review the configuration and make a couple of changes:

 

 

Provisioning Settings for the RDS Farm

 

We can increase the Max number of machines to support additional users or remove an RDS server.  Look at these steps and then click cancel.

  1. Click on the Provisioning Settings tab in the Edit Farm window
  2. Verify that Enable Provisioning is checked
  3. Confirm that the Naming Pattern is set to RDS-IC-{n:fixed=2] which will start naming the RDS Servers RDS-IC-01.
  4. Change the Farming Sizing Max number of machines to a larger or small number and you would change the Minimum number of ready as well.
  5. Click CANCEL as we will not commit these changes.

For more info on Instant Clones you can visit the HOL-1851-02-ADV lab on Instant Clones.

 

Real-Time Application Delivery with App Volumes


VMware App Volumes provides real-time application delivery and lifecycle management. IT can use App Volumes to build a real-time application delivery system that ensures all applications are centrally managed. With App Volumes, applications are delivered to desktops through virtual disks, without modifying the desktops or applications themselves and can be scaled out with superior performance, at lower costs and without compromising end-user experience.


 

Log in to App Volumes Admin

 

  1. Open a new tab in the Chrome browser by clicking the grey box
  2. Select the App Volumes Admin from the toolbar. It should open https://appvol-01a.corp.local/login
  3. Log in as administrator
  4. Password VMware1!
  5. Click Login

 

 

App Volumes Admin Manager Console

 

This is the App Volumes Manager.  The App Volumes Manager is a Windows server system used as the Web console for administration and configuration of App Volumes and assignment of AppStacks and writable volumes. We are going to look at one of the AppStacks.

  1. Click on the Volumes tab
  2. Expand the Sample Apps so we can see what it contains.
  3. Click on the Assignments, Attachments and Applications to see what this AppStack contains.

You can click on the tabs across the top under Volumes to see writable volumes, attachments for all AppStacks, assignments for all AppStacks and applications.

The lab1user has access to this Sample Apps AppStack.

An AppStack has already been created for us and provisioned so we will just connect to see the applications on our desktop.

 

 

Applications in the AppStack

 

Look at the Applications in this Sample Apps AppStack.  

  1. Click on the 8 Applications arrow to open the box that shows the apps. You will need to scroll down to see all 8 of them.

You can also click on the tab at the top under Volumes labeled Applications.

We are going to attach some of these apps that are part of the AppStack to the RDS Farm. We are going to attach 7-Zip and VLC Media Player.

 

 

AppStack Assignments

 

To see what the assignments are for the Sample Apps AppStack you can click on the Assignments tab.

 

 

Access View Administrator

 

We will now go back into View Administrator and assign 2 of those AppStack applications to an Application Pool. We will assign that pool to lab1user and access the applications. The next few steps will walk you through that process.

  1. Click the View Administrator tab on the Chrome Browser
  2. Click on Application Pools under the Catalog section of the Inventory
  3. Click on Add to set up a new Application Pool with a couple apps from the AppStack.

 

 

Add Application Pool

 

  1. Click on the Select an RDS Farm to select RDS-IC farm
  2. Select the two apps by clicking the check box for: 7-Zip File Manager and VLC Media Player.
  3. Click Next to create the application pool.

 

 

Add Application Pool Edit ID

 

You can edit the display name or leave as is.  We will leave the display name as is.

Click Finish to complete.

Entitle Users after this wizard finishes is checked so we will proceed to Entitle users in next step.

 

 

Add Entitlements

 

  1. Click Add to add an entitlement so that lab1user has access to this newly created application pool
  2. Under Name/user name: type domain user
  3. Click Find
  4. Select the Domain Users that comes up
  5. Click OK in the Find User or Group window
  6. Click OK in the Add Entitlements window

 

 

Application Pools for RDS-IC

 

Notice the application pools from the RDS-IC Instant Clone Pool that we just added and the previous ones we added.  There should be 4 in total for the RDS-IC pool.

 

 

Minimize the Chrome browser

 

Click on the dash to minimize the Chrome Browser so we can start the Horizon Client from the Main Console desktop.

 

 

Open the VMware Horizon Client

 

From the Main Console Desktop you will see the VMware Horizon Client icon.

Double-click the VMware Horizon Client

 

 

Login to view-01a.corp.local

 

Double-click the view-01a.corp.local server.

 

 

Log in as lab1user

 

  1. Log in as lab1user
  2. Enter Password VMware1!
  3. Click Login

 

 

Applications Available

 

Observe the newly added Apps from the AppStack that are available now.  

Feel free to click on 7-zip File Manager to launch but be sure to close it when finished.

Due to the limited lab environment, it may take a minute or two to bring the application up.

 

 

Disconnect from the View-01a system

 

  1. Click the disconnect icon at the top left of the window Horizon View Client
  2. Click OK when prompted to logoff.

We will keep the VMware Horizon Client open for the next steps.

 

 

App Volumes More Info

There is an entire lab on App Volumes.  If you want more info please see HOL-1851-03-MBL - Horizon 7.1: App Volumes that will go more into depth on this topic.

 

Contextual Policy Management with UEM


VMware User Environment Manager provides end users with a personalized and dynamic Windows desktop, adapted to their specific situation, based on aspects like role, device and location.

VMware User Environment Manager offers a desktop that adjusts to the actual situation of the end user, providing access to the IT resources that are required, based on a users role, device and location. Many organizations suffer from hidden productivity loss as a result of ad hoc activities like manually mapping network drives and printers or providing application shortcuts to end users. This so-called distortion not only impacts IT departments but also affects end users. The relevant user experience that User Environment Manager offers, significantly eliminates this distortion.

User Environment Manager consists of five functional areas:

User Environment Manager offers a complete user environment management solution without requiring additional backend infrastructure servers. It can manage user and Windows settings and dynamically configure the desktop. For example, User Environment Manager can create drive and printer mappings, file type associations, and shortcuts. User Environment Manager can even manage virtual applications for users.


 

Minimize the Horizon Client

 

Minimize the Horizon Client for use later in this lesson.  

Click the dash in the upper right corner.

 

 

Open up UEM Management Console

 

From the Main Console, double-click the Management Console shortcut on the desktop.

(Minimize the Chrome browser if it is still open so that you can see the desktop.)

 

 

Personalization of Applications in UEM

 

This is the UEM Management Console.  We are going to look at the Personalization of Applications.

Make sure you are under the Personalization tab and Expand the Applications under General in the left pane.

Under General then Applications, Click on the Paint Application.

 

 

UEM Manage Application

 

  1. On the Import/Export tab for Paint, Click on the Manage drop-down menu.
  2. Select Expand.
  3. A prompt will pop up asking if you want to expand the Paint Application Template. Click Yes.

We are going to open Paint, make a change, logout and then log back in to see if the change was retained.  We will also map a drive and see it in the application.

 

 

Minimize the UEM Management Console

 

Minimize the UEM Management Console.

Click on the dash in the upper right corner of the UEM Window.

 

 

Login to the view-01a.corp.local

 

Let's open the Horizon Client so we can launch the Paint application.

  1. Click on the VMware Horizon Client on the bottom toolbar.
  2. Double-click the view-01a.corp.local server

 

 

Log in as lab1user

 

  1. Log in as lab1user
  2. Enter Password VMware1!
  3. Click Login

 

 

Open the Paint Application

 

Double-click the Paint application

It may take a minute to open the application.

 

 

Make Changes to Paint App

 

  1. Click on View
  2. Select the check next to Rulers and Gridlines to turn those on for this application.

 

 

NO Drive Mapping

 

Verify for the next steps that we do not have a Drive Mapping in the application for the M drive.

  1. Click on File for the Application.
  2. Click Open
  3. Look under This PC and notice no drive mapped to the M drive.
  4. Click Cancel

 

 

Close the Paint Application

 

  1. On the Paint application, click on File
  2. Click Exit

 

 

Disconnect from the View-01a system

 

  1. Click the disconnect icon at the top left of the Horizon View Client window.
  2. Click OK when prompted to logoff.

 

 

Go Back to UEM Management Console

 

We are going to Add a Drive Mapping for the Application.

Click on the VMware User Environment Console on the bottom toolbar to relaunch it.

 

 

UEM - Add Drive Mapping

 

  1. Make sure you are clicked on Paint under General/Applications.
  2. Click on the User Environment tab in the Paint section.  Do not click on the User Environment tab next to Personalization.
  3. Click Add
  4. Select Drive Mapping

 

 

UEM Drive Mapping

 

Now lets map a drive to letter M.

  1. Under General Settings, enter for the Name: Map Tools Share
  2. Under Drive Mapping Settings for the Drive Letter select M from the drop-down menu
  3. For the remote path: enter \\controlcenter.corp.local\tools
  4. Make sure to check Undo at application exit
  5. Click Save

 

 

 

UEM Save Config File

 

Now we need to save this config file for changes to take effect.

Click Save Config File under the Personalization tab.

 

 

Open the VMware Horizon Client

 

Click on the Horizon Client along the bottom toolbar to relaunch it.

 

 

Relaunch Paint

 

Double-click the Paint icon again to open the application.

It may take a few seconds for the application to relaunch.

 

 

See Drive Mapping

 

Now let's see the drive mapping that we created earlier.

  1. In the Paint application, click on File
  2. Now click on Open

 

 

Drive Mapped when Launch Application

 

  1. If we look under This PC and expand it, you will see the M: mapped to tools (\\controlcenter.corp.local). There is already a drive mapped to the T: but this is for another lab.
  2. You can grab the edge of the box to see the entire path better.
  3. Click on Cancel as we will not be opening any files.

 

 

Close the application

 

Close the application by clicking on the X in the upper right hand corner of the Paint application.

 

 

Disconnect and Close Horizon Client

 

Disconnect from the View-01a system and close the Horizon Client.

  1. Click the disconnect icon
  2. Click OK

Click the X in the upper right corner of the VMware Horizon Client to close.

 

 

UEM More Info

For a more in depth look at User Environment Manager, the HOL-1851-04-ADV lab will go into more detail.

 

Conclusion


This concludes this Overview Module on Just-In-Time Management Platform (JMP) for Applications.  We walked through deploying Just-In-Time Applications with Instant Clones by setting up an RDS Instant Clone Farm, setting up RDS Instant Clone Application Pools, and showing the elasticity of the RDS Instant Clone Farm.  We also walked through Real-Time Application Delivery with App Volumes and Contextual Policy Management with User Environment Manager.

There are other labs in the 1851 series of labs that go into more detail on Instant Clones, App Volumes, and User Environment Manager.


 

You've finished Module 3

 

Congratulations on completing  Module 3.

If you are looking for additional information on Horizon 7.1 try one of these:

Proceed to any module below which interests you most.

 

 

Module 4 - JMP for Desktops (30 minutes)

Introduction


This module contains the following lessons:


JMP Pool Settings and Concepts


JMP (pronounced jump), which stands for Just-in-Time Management Platform, represents capabilities in VMware Horizon 7 Enterprise Edition that deliver Just-in-Time Desktops in a flexible, fast, and personalized manner. JMP is composed of the following VMware technologies:  

JMP allows components of a desktop to be decoupled and managed independently in a centralized manner, yet reconstituted on demand to deliver a personalized user workspace when needed. JMP is supported with both on-premises and cloud-based Horizon 7 deployments, providing a unified and consistent management platform regardless of your deployment topology. The JMP approach provides several key benefits, including simplified desktop image management, faster delivery and maintenance of applications, and elimination of the need to manage full persistent desktops.


 

JMP Components

  1. Just in Time Desktops

Just-in-Time Desktops leverages Instant Clone technology coupled with App Volumes to dramatically accelerate the delivery of user-customized and fully personalized desktops. Dramatically reduce infrastructure requirements while enhancing security by delivering a brand new personalized desktop and application services to end users every time they log in.  

  1. VMware App Volumes

Provides real-time application delivery and management.

  1. VMware User Environment Manager

Offers personalization and dynamic policy configuration across any virtual, physical, and cloud-based environment.

 

 

Review the Instant Clone Desktop Pool

 

Lets look at the Instant Clone Desktop Pool by logging into the Horizon Administrator Console through Chrome browser.

  1. Double-click the Google Chrome icon on the Windows Quick Launch Task Bar to launch.

 

 

Launch the View Administrator

 

  1. Click on View-01A Admin in the toolbar to open Horizon 7 Administrator
  2. Enter the User name: Administrator
  3. Enter the Password: VMware1!
  4. Click Log In

 

 

Review the Desktop

 

Now we will look at the Instant Clone Desktop Pool.

  1. Expand the Catalog
  2. Click on Desktop Pools
  3. Double-click on the Win10-IC Desktop pool.

 

 

Summary of Instant Clone Desktop Pool

 

Observe under the General heading that the desktop is an Automated Desktop Pool with Floating assignment. The Pool is enabled and Provisioning is Enabled.

Look under the Pool Settings.  You may have to scroll right to see the complete Pool Settings. Review the settings like Max Number of Machines, VM Naming Pattern, Delete or refresh machine on logoff and others.

 

Log in to Desktop - Launch App / Customize App - Add Files - Logoff


In the next steps we will Login to desktop, launch an application, customize that application, add a file to user desktop and logoff.  We will show how the customization of the application is persistent and the file saved to the desktop.


 

Launch Horizon Client

 

Now let's log in to the actual desktop pool and into a desktop. Launch the Horizon Client from the Main Console.

You can just minimize the Chrome browser as we will come back to it later.

  1. From the desktop of the Main Console, double-click the VMware Horizon Client icon

 

 

Log in to Horizon 7

 

Log in to the View-01a.corp.local server.

  1. Double-click the view-01a.corp.local server

 

 

Log in as lab1user

 

  1. Log in as lab1user
  2. Enter password VMware1!
  3. Click Login

 

 

Choose the Windows 10 Instant Clone Pool

 

It will take a few minutes for the desktop to be ready.

 

 

Workspace ONE - Identity Manager Desktop - Login

 

If you get prompted to Log in to Workspace ONE from the Windows 10 Instant Clone Desktop, you can just close the Identity Manager Login as we will not be using in this module.

  1. Click on the upper left corner of the Identity Manager Desktop - Login window
  2. Click Close

You can now proceed to the desktop to continue.

 

 

Instant Clone Desktop

 

Notice that you are connected as the lab1user on Win10-IC-01.  Notice the applications that are on your desktop.  These applications are being delivered through an AppStack from App Volumes.

Let's open one of the applications to see how we can access it and how changes will follow us even when we logoff from our Instant Clone Desktop and log back in to a new desktop.  Remember our apps are being delivered from App Volumes and UEM is providing the Persona Management.  

 

 

Open the VLC Media Player Application from the Desktop

 

Double-click the VLC Media Player icon on the Win10 Desktop

We are going to change some application settings and note that these settings persist when we log back into the desktop.

 

 

Opening the VLC Media Player

 

  1. When the Privacy and Network Access Policy window comes up, uncheck both the Allow metadata network access and Regularly check for VLC updates.
  2. Click Continue

 

 

Customize the VLC Application controls

 

We are going to change some of the application settings.

  1. Click on View on the menu
  2. Check the Advanced Controls and see how it adds the controls at the bottom
  3. Check the Status Bar and notice the very bottom now displays the status and resolution 1.00x.
  4. Close the application by hitting the X in the top right of the window.

 

 

Open Notepad

 

Next, let's open Notepad application and save a file to the Lab1User's desktop.  

Double-click the Notepad icon on the Lab1User desktop

 

 

Save a File to the Desktop

 

  1. Type in text in the Notepad file.  "This is a Test. Save this file as TestLab1User."
  2. Click on File and Save
  3. Name the File TestLab1User.txt
  4. Click Save to save to the Lab1User Desktop

 

Now we will disconnect from this desktop.

  1. Click Options from the Windows 10 Instant Clone window
  2. Click on Disconnect and Log Off

Click OK when prompted "Are you sure you want to disconnect and log off from this desktop?".

 

Review of Elastic JMP Desktops


Because an instant clone can be created so quickly, it does not need to persist after a user logs out. Instead, the instant clone is deleted when the user logs out. Depending on the number of spare VMs configured for the desktop pool, a new instant clone might be created immediately after a used instant clone is deleted. In this manner, users get a newly created desktop whenever they log in. If the master image VM snapshot used to create the pool has been updated since the last login, the user gets the new image.

Note: The instant clone is deleted when the user logs out, not necessarily when the user disconnects. If the user disconnects the session, the virtual desktop remains, unless the administrator has configured the user to be automatically logged out after disconnecting.


 

Open Horizon 7 Administrator from Chrome Browser

 

  1. Click on the View Administrator Chrome browser on the bottom toolbar to open the console.

 

 

Desktop Status

 

You can see the desktop in either the Desktop Pools Inventory or Machines under Resources.  Notice that the w10-uc-01 desktop that Lab1User just Disconnected and Logged Off is showing Status of Deleting. It will delete this Desktop and provision a new desktop.

  1. Expand Resources and click on Machines
  2. You will see the W10-IC-01 Desktop
  3. Click on the refresh button to see Status change

Click on the refresh button to see the status update. The new desktop will be available in a matter of seconds.

 

Log in to Desktop Again - Verify Apps still there. Verify Files still present. Logoff.


Now we will log back into the desktop and verify the applications are still there and the file is present on the desktop.


 

Connect to the Windows 10 Instant Clone Pool Again

 

It will take a few minutes for the desktop to be ready.

 

 

Instant Clone Desktop

 

Notice that you are connected as the lab1user on Win10-IC-01.

Observe that the file TestLab1User you created exists on the desktop.

Next, let's open the application to see that the changes are still present.

If prompted to login to Identity Manager just click on the X in the top right corner of the window and choose Close. You may have to resize the Window to see the X. You can also click on the Window in the top left corner of the pop up window and click close. This is for another module in this lab and we will not be concerned with it for this module.

 

 

Open the VLC Media Player Application from the Desktop

 

Double-click the VLC Media Player icon on the Win10 desktop.

 

 

Verify Test File still is present on desktop

Notice the text file created earlier is still present on the desktop.

 

 

Verify Changes in VLC Player persist

 

Notice the controls are still present at the bottom of the application.

 

 

Logoff the Desktop

 

We are finished with this desktop so you can Disconnect and Log Off.

  1. Click the Options in the top left corner of the Windows 10 Instant Clone Desktop window
  2. Click on Disconnect and Log Off
  3. Click OK when prompted to complete the logoff

 

 

Disconnect from Desktop Pool

 

  1. Click the Disconnect icon to disconnect as the Lab1User from the View environment.
  2. Click OK when prompted.
  3. Click the X to close the Horizon Client window

 

Conclusion


This concludes this Overview Module on Just-In-Time Management Platform (JMP) for Desktops.  We walked through JMP Pool Settings, Launching an App and Customizing it, Review of Elastic JMP Desktops, and Verifying the changes to the App after logout and back in.

There are other labs in the 1851 series of labs that go into more detail on Instant Clones, App Volumes, and User Environment Manager.


 

You've finished Module 4

 

Congratulations on completing  Module 4.

If you are looking for additional information on Horizon 7.1 try one of these:

Proceed to any module below which interests you most.

 

 

Module 5 - Workspace ONE and Identity Manager for Horizon (30 minutes)

Introduction


VMware Identity Manager (vIDM) runs the secure enterprise platform, Workspace ONE, that delivers and manages any application on any device by integrating identity, application, and enterprise mobility management.

What Identity Manager Does

Enterprise Single Sign-On

Simplify business mobility with included identity provider (IDP) or integrate with existing on-premises identity providers so you can aggregate SaaS, Native, Mobile, and Windows 10 apps into a single catalog.

Identity Management with Adaptive Access

Establishes trust between users, devices and the hybrid cloud for a seamless user experience and powerful conditional access controls leveraging AirWatch device enrollment and SSO adaptors.

Self-Service App Store

Build a branded self-service app store so employees can subscribe to applications across devices with automated or manual provisioning.

Enterprise-Grade Hybrid Cloud Infrastructure

Identity Manager leverages the same identity management solution as vCloud Air and the vCloud Suite, used in the most advanced data centers and private clouds.

This module will cover


Launching Single Sign-on Desktops


We are going to walk you through logging into Workspace ONE and launching a desktop


 

Open the Chrome Browser

 

  1. Click the Chrome icon on the Windows Quick Launch Task Bar from the Main Console to launch.

 

 

Launch Workspace ONE

 

If the domain selection window opens, select corp.local and next, otherwise proceed to login on next step.

  1. From the Chrome browser, click the Workspace ONE icon on the bookmark bar.
  2. Click the Next button.

 

 

Log into Workspace ONE

 

  1. Enter the user name lab1user
  2. Enter the password VMware1!
  3. Click the Sign In button

 

 

Workspace ONE Overview

 

Once logged into Workspace ONE you will see a list of all the apps that are available to lab1user.  There is also a Catalog that lists all the available apps for this user. We have added all the apps from the catalog to this user.

 

 

Launch Windows 10 from Workspace ONE

 

From the Launcher screen,

  1. Select the desktop pool Windows 10 Instant Clone by double-clicking it's icon to open.

 

 

Open Windows 10 Instant Clone

 

A windows pops up asking how you want to open the Windows 10 Desktop.  You can choose between Horizon Client (default) or Browser.

  1. We have the Horizon Client loaded on this Main Console, so we will keep the Horizon Client (default) selected and click on Open Horizon Client.

 

 

Connect to the Horizon 10 Desktop

 

It may take a minute for the desktop to come up.  

  1. Verify you are logged in to the Windows 10 Desktop W10-IC-01 as Lab1user.

Notice that you were not prompted for any additional login information on Lab1user.

 

 

Possible Error: Request not supported error

 

You might get an error message "the request is not supported"

NOTE: This is due to the time sync drift in the HOL lab and you would not see this error under normal conditions.  The following steps will walk you through a quick fix.

If the app launched with no errors then please skip ahead

  1. Read the error message "The request is not supported
  2. Close the browser tab

 

 

Log Off Windows 10 Desktop

 

Go ahead and logoff of the Windows 10 Desktop

  1. Click on the Options in the top left corner of the Windows 10 Desktop window.
  2. Select Disconnect and Log Off
  3. Click on OK to continue disconnect

 

 

Open an Application from Workspace ONE

 

From the Workspace ONE browser tab,

  1. Click the WinMerge Application

 

 

 

Proceed to Application

 

If you get a message about Connection is not private then do this step, otherwise proceed to next step.

  1. Click Show/Hide Advanced
  2. Click the link to Proceed to 192.168.110.84 (unsafe)

Note that this safety warning is only shown due to a certificate that matches a name but not an IP address and can be safely ignored.

 

 

Confirm WinMerge Opens

 

Confirm that the Application opens and no further login necessary.

  1. A tap in the Chrome browser opens up to the WinMerge application.
  2. Click X on the WinMerge Window to close the application.
  3. You can click the X to close the Chrome tab that was opened to the VMware Horizon Client.

 

Federated Identity with TrueSSO and Horizon


True SSO allows users to authenticate with Identity Manager using non-AD credentials and then single sign-on to the desktop or remoted application without providing any further credentials. True SSO delivers a fast, secure, streamlined experience for the end user.

True SSO is a new feature in Horizon 7 which integrates with VMware Identity Manager. With True SSO, the login experience is free of the requirement for complex AD credentials.


 

Overview of True SSO

True SSO provides a way to authenticate to Microsoft Windows, retaining all of the users normal domain privileges, without requiring them to provide AD credentials. True SSO is a VMware Horizon technology that integrates VMware Identity Manager with Horizon 7. VMware Identity Manager Standard is included in VMware Horizon 7 Advanced and Enterprise Editions.

With True SSO, a user can log into Identity Manager using any non-AD method (for example, RSA SecurID credentials) and once authenticated, the user is able to launch any entitled desktop or app (hosted from any domain) without ever being prompted for a password again.

True SSO uses SAML (Security Assertion Markup Language) to send the User Principal Name (for example, jdoe@example.com) to the identity providers authentication system to access AD credentials. Horizon 7 then generates a unique, short-lived certificate for the Windows login process.

 

 

Benefits of True SSO

 

 

How True SSO Works

 

  1. A user authenticates to VMware Identify Manager. The administrator can select from an extensive set of authentication methods (RSA SecurID, RADIUS, Biometric, and so on). After authentication, the user selects a desktop or application to launch from VMware Identity Manager.
  2. Horizon Client is launched with the users identity, and credentials are directed to the View Connection Server, the broker for Horizon 7.
  3. The broker validates the user's identity with Identity Manager by sending a SAML assertion.
  4. Using the certificate Enrollment Service, Horizon 7 requests that the Microsoft Certificate Authority (CA) generate a temporary, short-lived certificate on behalf of that user.
  5. Horizon 7 presents the certificate to the Windows operating system.
  6. Windows validates the authenticity of the certificate with Active Directory.
  7. The user is logged in to the Windows desktop or application, and a remote session is initiated on the Horizon Client.

True SSO does not rely on password vaulting, which risks compromising the credentials or having them become out of date, for example, with password changes. All authentication and access to enterprise assets are provided by digitally signed credentials and certificates.

 

 

Supported Authentication Methods for Identity Manager

Identity Manager supports the following authentication methods in conjunction with True SSO:

Identity Manager also supports integration with third-party identity providers to federate authentication across the enterprise.

Of course, Identity Manager also supports user name and password credentials as well as smart card logins, but for either of these, True SSO is not needed.

 

 

Infrastructure Requirements for True SSO

True SSO requires a Horizon 7 environment, which includes the View Connection Server and Horizon Agent, as well as a new service called the Enrollment Service. The Enrollment Service can run on Windows Server 2008 R2 or Windows Server 2012 R2 (4 GB RAM is sufficient).

In addition, a Microsoft CA is required. The CA can run on Windows Server 2008 R2 or Windows Server 2012 R2.

For high availability (HA), VMware recommends a minimum of 2 certificate authorities and 2 Enrollment Servers. In an upcoming blog post in this series, we will discuss the various approaches to dealing with HA.

 

 

Desktop OS Support with True SSO

True SSO is supported on all Windows guest operating systems that are supported for Horizon 7 desktops, from Windows 7 to Windows 10, along with Windows Server 2008 R2 and Windows Server 2012 R2. In addition, True SSO is supported on desktops and apps provided by Microsoft Remote Desktop Session Hosts running Windows Server 2008 R2 or Windows Server 2012 R2.

True SSO is supported with all display protocols, including Blast Extreme and HTML Access.

For more in depth look at this technology look at HOL-1851-05-ADV - Horizon 7.1: Identity Manager lab.

 

Conclusion


This concludes the module on Workspace ONE and Identity Manager for Horizon.


 

You've finished Module 5

 

Congratulations on completing  Module 5.

If you are looking for additional information on Workspace ONE and Identity Manager, try these links:

Proceed to any module below which interests you most. If you have finished all the modules in this lab you can end the lab. Lab HOL-1851-05-ADV goes into more detail on Identity Manager.

 

 

Module 6 - Horizon Help Desk (15 minutes)

Horizon Help Desk Tool Introduction


Horizon 7.2 introduced a new Help Desk Tool which provides a tailored troubleshooting interface for the help desk. The tool is installed by default on the Connection Servers and reduces workload for administrators by providing quick troubleshooting and metrics for the help desk. This tool was enhanced in Horizon 7.3.

The Help Desk Tool allows administrators to easily perform tasks on the user machine such as restart, log off, reset, disconnect, and remote assistance.

To access the Horizon Help Desk Tool, navigate to https://<CS_FQDN>/helpdesk, where CS_FQDN is the fully qualified domain name of the Connection Server, or click the Help Desk button in the Horizon Administrator Console.  The login ID is case sensitive and therefore you need to make sure you have the proper information before launching the tool, either directly or through the Horizon Administrator Console.  Failure to do so will result in an unsuccessful login. 


Horizon Help Desk Tool Features



 

Summary of Features

Horizon 7.2 features include:

Metrics – You can obtain metrics such as client username, client IP, client name and operating system (OS), VM computer name, session state and duration, logon time, and more.

Remote assistance – Assist users by remotely accessing their VMs.

Session control ­– Restart, logoff, reset, or disconnect a user session.

Sending messages – Send messages directly to user VMs.

Horizon 7.3.1 features include:

 

 

 

Role-based Access

 

 

 

User Session Details

 

 

 

 

 

 

BLAST Metrics

 

 

Horizon Help Desk Tool Videos



 

VMware Horizon 7.2 Help Desk Tool (Video - 2:01)

See a demo of the VMware Horizon Help Desk tool. The Horizon Help Desk Tool provides a tailored troubleshooting interface for the help desk that is installed automatically on the Horizon 7.2 Connection Servers. The Horizon Help Desk Tool reduces workload for administrators and provides quick troubleshooting and metrics.

 

 

VMware Horizon 7.3.1 : New for the Horizon Help Desk Tool

This demo shows some of the enhancements to the Horizon Help Desk Tool in the new VMware Horizon 7.3.1 release.

 

Conclusion

Thank you for participating in the VMware Hands-on Labs. Be sure to visit http://hol.vmware.com/ to continue your lab experience online.

Lab SKU: HOL-1851-01-ADV

Version: 20180424-121918