VMware Hands-on Labs - HOL-2051-01-VWS


Lab Overview - HOL-2051-01-VWS - VMware Horizon 7 - Getting Started with App and Desktop Virtualization

Lab Guidance


Note: It will take more than 90 minutes to complete this lab. You should expect to only finish 2-3 of the modules during your time.  The modules are independent of each other so you can start at the beginning of any module and proceed from there. You can use the Table of Contents to access any module of your choosing.

The Table of Contents can be accessed in the upper right-hand corner of the Lab Manual.

This lab will use VMware Horizon 7 to create and manage Instant Clone desktop pools and RDSH farms. In this lab expect to learn common troubleshooting techniques to ensure a great user experience. The lab will be consuming desktops and apps with a single sign-on experience which integrates VMware Horizon, True SSO, and VMware Identity Manager.

Lab Module List:

 Lab Captains:

 

This lab manual can be downloaded from the Hands-on Labs Document site found here:

http://docs.hol.vmware.com

This lab may be available in other languages.  To set your language preference and have a localized manual deployed with your lab, you may utilize this document to help guide you through the process:

http://docs.hol.vmware.com/announcements/nee-default-language.pdf


 

Location of the Main Console

 

  1. The area in the RED box contains the Main Console.  The Lab Manual is on the tab to the Right of the Main Console.
  2. A particular lab may have additional consoles found on separate tabs in the upper left. You will be directed to open another specific console if needed.
  3. Your lab starts with 90 minutes on the timer.  The lab can not be saved.  All your work must be done during the lab session.  But you can click the EXTEND to increase your time.  If you are at a VMware event, you can extend your lab time twice, for up to 30 minutes.  Each click gives you an additional 15 minutes.  Outside of VMware events, you can extend your lab time up to 9 hours and 30 minutes. Each click gives you an additional hour.

 

 

Alternate Methods of Keyboard Data Entry

During this module, you will input text into the Main Console. Besides directly typing it in, there are two very helpful methods of entering data which make it easier to enter complex data.

 

 

Click and Drag Lab Manual Content Into Console Active Window

You can also click and drag text and Command Line Interface (CLI) commands directly from the Lab Manual into the active window in the Main Console.  

 

 

Accessing the Online International Keyboard

 

You can also use the Online International Keyboard found in the Main Console.

  1. Click on the Keyboard Icon found on the Windows Quick Launch Task Bar.

 

 

Activation Prompt or Watermark

 

When you first start your lab, you may notice a watermark on the desktop indicating that Windows is not activated.  

One of the major benefits of virtualization is that virtual machines can be moved and run on any platform.  The Hands-on Labs utilizes this benefit and we are able to run the labs out of multiple datacenters.  However, these datacenters may not have identical processors, which triggers a Microsoft activation check through the Internet.

Rest assured, VMware and the Hands-on Labs are in full compliance with Microsoft licensing requirements.  The lab that you are using is a self-contained pod and does not have full access to the Internet, which is required for Windows to verify the activation.  Without full access to the Internet, this automated process fails and you see this watermark.

This cosmetic issue has no effect on your lab.  

 

 

Look at the lower right portion of the screen

 

Please check to see that your lab is finished all the startup routines and is ready for you to start. If you see anything other than "Ready", please wait a few minutes.  If after 5 minutes your lab has not changed to "Ready", please ask for assistance.

 

Module 1 - Create a Desktop Pool (30 minutes)

Introduction


This Module contains the following lessons:


 

Horizon 7

Virtual desktop infrastructure (VDI) products, such as VMware Horizon 7, enable IT departments to run virtual machine (VM) desktops and applications in the data center and remotely deliver these desktops and applications to users as a managed service. This computer-within-a-computer strategy enables multiple VMs to be run per physical server core.

For administrators, this means desktop and application management can be simplified and automated. Admins can quickly create virtual desktops on demand based on location and profile, and securely deliver desktops as a service from a central location.

End users can access their personalized virtual desktops or remote applications from company laptops, their home PCs, thin client devices, Macs, tablets, or smartphones. Horizon 7 is the leading platform for Windows desktop and application virtualization, providing a consistent user experience across devices and locations while keeping organizations data compliant and securely stored in the data center.

When VDI solutions first started appearing, about a decade ago, the strategy was to take a Windows desktop system, virtualize it, and place it in the data center. Unlike this traditional VDI, Horizon 7 is built on technologies that allow components of a desktop or application to be decoupled and managed independently in a centralized manner, yet reconstituted on demand to deliver a personalized user workspace. For example, when the user logs in, a virtual desktop can assemble itself on the fly by combining an instant clone of a master image (VM) with a user environment profile and one or more containerized applications that attach themselves to (but are not installed in) the VM.

In addition, Horizon 7 integrates with VMware Workspace ONE on a common identity framework to provide a single catalog for accessing Windows applications and desktops, as well as software-as-a-service (SaaS), web, cloud, and native mobile applications.

If you are not familiar with Horizon 7 you can read more on our Digital Workspace Tech Zone at

https://techzone.vmware.com/resource/what-horizon-7

 

 

Why Consider Horizon 7?

Horizon 7 is a complete solution that delivers, manages, and protects virtual desktops, RDSH-published desktops, and applications across devices and locations. From provisioning to management and monitoring, Horizon 7 offers an integrated stack of enterprise-class technologies that can deploy hundreds of customized desktops and RDSH servers in a few minutes from centralized single images.

Horizon 7 can be integrated with Workspace ONE through VMware Identity Manager (either on-premises or as part of the Workspace ONE service). VMware Identity Manager is provided with Horizon 7 Enterprise Edition or Workspace ONE when purchased.

 

Overview of Desktop Pools


With Horizon 7, you can create desktop pools that include thousands of virtual desktops. You can deploy desktops that run on virtual machines (VMs) and physical machines. Create one VM as a master image, and Horizon 7 can generate a pool of virtual desktops from that image. The master image is also known as a base image or a golden image.

There are two main types of virtual desktop pools: automated and manual. Automated desktop pools use a vCenter Server virtual machine template or snapshot to create a pool of identical virtual machines. Manual desktop pools are a collection of Server virtual machines, physical computers, or third-party virtual machines. In automated or manual pools, each machine is available for one user to access remotely at a time.


 

Advantages of Desktop Pools

Horizon 7 offers the ability to create and provision pools of desktops as its basis of centralized management. If you use a vSphere virtual machine as a desktop source, you can automate the process of making as many identical virtual desktops as you need. You can set a minimum and maximum number of virtual desktops to be generated for the pool. Setting these parameters ensures that you always have enough remote desktops available for immediate use but not so many that you overuse available resources.

Using pools to manage desktops allows you to apply settings or deploy applications to all remote desktops in a pool. You can also specify how users are assigned desktops in a pool.

 

 

Desktop Pools

 

With single-user desktops, each virtual machine allows a single end-user connection at a time. In contrast, with session-based desktops, one RDSH server can accommodate many concurrent user connections.

We will walk through the process of creating an Instant Clone Desktop Pool. A clone is a copy of a master VM with a unique identity of its own, including a MAC address, UUID, and other system information. The VMware Instant Clone Technology improves and accelerates the process of creating cloned VMs over the previous View Composer linked-clone technology. In addition, instant clones require less storage and less expense to manage and update because the desktop is deleted when the user logs out, and a new desktop is created using the latest master image.

 

Create a Desktop Pool


When you create a desktop pool, you select configuration options that determine how the pool is managed and how users interact with the desktops.

We will walk through the steps to create an Instant Clone Desktop Pool but because of time and resources in the lab environment, we will cancel out before completing. We will use an existing Desktop Pool to complete the remaining lab lessons.


 

Instant Clone Desktop Pool

An instant-clone desktop pool is an automated desktop pool. vCenter Server creates the desktop VMs based on the settings that you specify when you create the pool. Instant clones share a virtual disk of the master image and therefore consume less storage than full VMs. In addition, instant clones share the memory of the master image. Instant clones are created using the vmFork technology.

Before you can deploy a pool of desktops, you must create an optimized master image, which includes installing and configuring a Windows or Linux operating system in a VM, optimizing the OS, and installing the various VMware agents required for desktop pool deployment.

We will not be creating the optimized master image in this lab as it has already been set up for us in the interest of time. For step-by-step instructions, see the guide Creating an Optimized Windows Image for a VMware Horizon Virtual Desktop.

https://techzone.vmware.com/creating-optimized-windows-image-vmware-horizon-virtual-desktop

 

 

Launch Google Chrome Browser

 

  1. On the main console desktop, launch the Google Chrome shortcut located on the desktop.

 

 

Launch the Horizon Console

 

To perform desktop or application pool deployment tasks, troubleshooting tasks, or manage JMP workflows, you must log in to Horizon Console. You can access Horizon Console through the Horizon Administrator Web interface. We will use the new HTML 5 Horizon Console for this lab.  With the latest version of Horizon Console, it is in feature parity with almost everything that you can do in the Horizon Administrator Flex console.  We will launch the Horizon Console using the URL https://horizon-01.corp.local/newadmin

  1. Click on the Horizon favorites bookmark bar at the top of the Chrome browser and Click on Horizon-01-NewAdminConsole
  2. Enter administrator as the Username
  3. Password is VMware1!
  4. Click on Sign In

 

 

Horizon Console

 

The Horizon Console

The Horizon Console is the newest HTML5 based web interface to manage Horizon 7 Environments. Horizon Console is used to create and manage virtual desktops and published desktops and applications. Horizon Console also integrates VMware Horizon Just-in-Time Management Platform (JMP) Integrated Workflow features for managing workspaces.

Horizon Console is available after you install and configure Horizon Connection Server.

 

 

Add a Desktop Pool

 

The Add Desktop Pool wizards guides you through the steps of creating an instant-clone desktop pool.  We will not go over the steps to clone or configure a desktop image but will use one already created for this lab. For more information on how to clone a desktop or create a new virtual machine to use, please consult the documentation at https://docs.vmware.com/en/VMware-Horizon-7/7.9/horizon-virtual-desktops/GUID-C875E8BE-20C9-4845-96DC-70F125BCA907.html

  1. Click on Desktops in the left navigation pain under Inventory
  2. Notice the existing Instant Clone Pool - IC-Pool1. Do not click on the existing pool at this time.
  3. Click on Add in the Desktop Pools pain to add a new desktop pool

 

 

Desktop Pool Type

 

  1. Select the Automated desktop pool
  2. Click Next

Options here are

 

 

Instant Clone on vCenter Server

 

  1. Choose the Instant Clone option from the vCenter Server screen.
  2. Click on the vCenter Server: vcsa-01a.corp.local

 

 

View Storage Accelerator Ignore

 

Click on Ignore for View Storage Accelerator pop up

With the vCenter Server selected, Click on Next

 

 

User Assignment

 

  1. From the User Assignment screen, Click on Dedicated
  2. Click Next to continue

With Dedicated, each user is assigned a particular remote desktop and returns to the same desktop at each login. This is a one-to-one desktop-to-user relationship. With Floating assignment users log in to any available desktop. This reduces the number of desktops required if everyone does not need to be logged in at the same time.  We will pick Dedicated for this pool so that we can see the new feature of Longer-lived Instant Clones.  We will explain more on this feature shortly.

 

 

Storage Optimization - Storage Policy Management

 

From the Storage Optimization page:

  1. Click on Next as we do not use vSAN in this lab.

 

 

Desktop Pool Identification

 

On the Desktop pool identification screen,

  1. Enter IC-TestPool1 as the pool ID
  2. Display name is IC-TestPool1
  3. Keep access group as is with the /
  4. You can enter anything in the Description field like Test pool created for HOL
  5. Click on Next

 

 

Provisioning Settings

 

Provision Settings:

  1. Make sure Enable Provisioning is checked as this will provision the desktop pool after completion.
  2. For the Virtual Machine Naming, use the naming convention: Test-{n}. Using a token n is replaced with a unique number. You can also add a fixed length with number of digits.
  3. Click on Provision machines on demand.  

We will only provision machines as we need them with a minimum number of 1 and max number set to 2.

  1. Min number of machines is set to 1

Note the warning message "Minimum number of ready/(provisioned) machines must be less than maximum and minimum number of machines. Be sure to edit the Max number of machines below to 2.

  1. Desktop Pool Sizing: Max number of machines set to 2.
  2. Number of spare (powered on) machines set to 1
  3. Click Next

 

 

vCenter Settings

 

For vCenter Settings, we have already created the master image in the environment that we will be using so we will enter the information here.

  1. Parent VM in vCenter, click on Browse... and select /RegionA01/vm/base-w10-1709-x64-01, click Submit
  2. Snapshot, click on Browse....select /IC Desktop Base HOL 2019, click Submit
  3. VM Folder Location, click on Browse....select Discovered virtual machine, click Submit
  4. Resource settings, Cluster, click on Browse....select RegionA01-IC01, click Submit
  5. Resource Pool, click on Browse....select RegionA01-IC01, click Submit
  6. Datastores, click on Browse....select the ESX04a-Local datastore, click Submit

 

 

Warning

 

Click OK on the warning pop up.

 

 

Click Next on the Desktop Pool

 

Click on Next

 

 

Longer Lived Instant Clones

With the latest version of Horizon, we introduce the feature of Longer Lived Instant Clones. Longer Lived Instant Clones have functionality similar to Linked Clones. This features is only available for dedicated pools.  It supports the same refresh options as linked clones:

Longer Lived Instant Clones supports disk reclamation.

You would use Longer Lived Instant Clones in the following use cases:

We will show you the settings in the next lesson.

 

 

Desktop Pool Settings

 

  1. Scroll down to the bottom.
  2. This is where you set the Longer Lived Instant Clones setting for Refresh OS disk after logoff, set to Every
  3. Enter 30 for days
  4. We would click on Reclaim VM disk space but this is not available in this lab environment and is disabled. But here is where you would enter the value for the Initiate reclamation when unused space on VM exceeds. Leave as is and don't modify.
  5. Click on Next to continue.

 

 

Remote Display Settings

 

You can set the Remote Display protocol for the desktop pool to be either: Blast, PCoIP or RDP. Keep as Blast.

Click on Next.

 

 

Guest Customization

 

Guest Customization options, we will keep the defaults, click Next.

 

 

Ready to Complete

 

The Ready to Complete screen lets you review the resettings. You can also click on the Entitle Users after this wizard finishes to go to the entitle screen. We will cancel out of this and will look at entitlements for an existing Instant Clone pool.

  1. CLICK on Cancel as we do not have the resources or time to continue the creation of the Instant Clone Desktop Pool.

Due to limited resources and time in this lab environment, we will cancel out of Creating an Instant Clone Desktop Pool and instead look at an existing Instant Clone pool already provisioned.

 

 

Confirm cancel of Creation

 

Click Ok to confirm.

 

 

Existing Desktop Pool

 

The lab has an existing Instant Clone Desktop Pool created for users named IC-Pool1.  In the next step we will connect into that Desktop Pool through VMware Horizon HTML Access.

 

 

Open a New Tab in Chrome

 

  1. Open a new tab in Chrome by clicking on the tab.
  2. Click on VMware Horizon from the bookmark bar
  3. Click on VMware Horizon HTML Access to login to Horizon

 

 

Open VMware Horizon HTML Access

 

  1. Enter Username: user1mod1
  2. Enter Password: VMware1!
  3. Click on Login

 

 

Click on Instant Clone Pool

 

Click on the Instant Clone Pool to launch the Desktop.

 

 

Confirm Instant Clone Desktop

 

  1. If "Enable Copy and Paste" window present, you can click on OK to dismiss it. This is from another part of this lab.
  2. Desktop opens in the Horizon tab. Notice Host Name and User.  You are logged into one of the Instant Clone Desktops named WIN10IC-# desktop with the Username user1mod1.

 

 

Sign Out of Desktop

 

We will disconnect from the desktop.

  1. Click on the Window's Icon for the Desktop only
  2. Click on person icon
  3. Click Sign out

This will sign out from that Instant Clone Window's desktop and disconnect.

 

 

Confirm Disconnected

 

Click Close in the Disconnected popup.

 

 

Close VMware Horizon tab in Chrome

 

  1. Click on X on the VMware Horizon tab to close it
  2. NOTE: Do NOT close the VMware Horizon 7 tab as you will use it in the next step

 

Add Entitlement to a Desktop Pool


You configure entitlements to control which remote desktops and applications your users can access. Before users can access remote desktops or applications, they must be entitled to use a desktop or application pool.


 

VMware Horizon 7 Console

  1. Click on the VMware Horizon 7 tab in the Chrome Browser
  2. Click on Desktop Pools if not already open

 

 

Edit Entitlement in the IC-Pool1

 

  1. Click on the check box next to the existing IC-Pool1
  2. Click on Entitlements to see options of either add or remove entitlements for this desktop pool
  3. Click on Add Entitlements

 

 

Add Entitlements

 

Click on Add

 

 

Find User or Group

 

  1. Enter domain user in the Name/user name contains field
  2. Click on Find
  3. Select the Domain Users by clicking on the check box
  4. Click OK

Note you may need to scroll down or resize the window to be able to select the Domain Users. You can also click the box next to Name to select all, then click ok.

 

 

OK Add Entitlement

 

Click OK again to accept the User in the Add Entitlements

 

Desktop Pool Settings


In this section we will go over the Desktop pool Settings and touch on a few of the new features available.


 

Existing Pool Settings

 

Now we will look at the configuration of the existing Instant Clone Desktop pool.

  1. Under Inventory on the left side, click on Desktops if you are not already on this page
  2. Click on the IC-Pool1 ID name to see its settings

 

 

Observe Desktop Pool Settings

 

Observe the summary settings for this existing Instant Clone Desktop pool.

Click on Machines

 

 

IC Machines

 

Observe the Instant Clone Machines currently provisioned and their status.

You can see the Horizon Agent Version here as well.

 

 

Machines (InstantClone Details)

 

Click on the Machines (InstantClone Details) tab.

Here you will see details on the Image and you can see when it was last composed.

 

Drag and Drop Feature


With the latest release of the Horizon Agent, you can drag and drop files, folders, text, rich text, and images between the Client System and remote desktops and published applications. You can drag and drop multiple files and folders at the same time. A progress bar shows the status of the drag and drop operation.

The drag and drop feature works differently depending on the Horizon Agent version and how it is configured.

Depending on the Horizon Agent version, a Horizon administrator can use certain group policy settings or Smart Policies to configure drag and drop behavior.


 

Dragging Files and Folders

If you drag a file or folder between the client system and a remote desktop, the file or folder appears in the file system on the target system. If you drag a file and drop it into an open application, such as Notepad, the text appears in the application. If you drag a file into a new email message, the file becomes an attachment to the email message.

By default, dragging and dropping from the client system to remote desktops and published applications is enabled, and dragging and dropping from remote desktops and published applications to the client system is disabled. A Horizon administrator can control the drag and drop direction by configuring group policy settings.

Dragging and dropping files and folders requires that the client drive redirection feature is enabled in Horizon Agent by selecting the Client Drive Redirection option during Horizon Agent installation.

 

 

Configuring the Drag and Drop Feature

 

 

Using Group Policy Settings to Configure Drag and Drop

You can configure the drag and drop direction, the allowed drag and drop formats, and the drag and drop size limit by editing group policy settings for the VMware Blast and PCoIP display protocols.

 

 

Using User Environment Manager to Configure Drag and Drop

With the latest UEM and Horizon Client, you can use Smart Policies to configure drag and drop behavior, including disabling the entire drag and drop feature.

See HOL-2051-02 lab for more information on this.

 

 

Drag and Drop Test

In this lesson we are going to show drag and drop by dragging text from the Chrome Browser on the Main Console Desktop and dropping it into the Wordpad application running on a Instant Clone Desktop. We will also grab an image and drag and drop it into the Wordpad document as well.

 

 

Open Chrome Browser

 

Open the Google Chrome Browser.

Note: If you already have the browser open and logged into the Horizon Console, you can skip ahead and click on Dashboard in the Horizon Console.

 

 

Login to Horizon Console

 

  1. Click on Horizon-01-NewAdminConsole
  2. Enter username: administrator
  3. Enter password: VMware1!
  4. Click on Sign in

 

 

Copy Image from Browser to Desktop

 

  1. Right click on the Image in the Browser
  2. Click Save image as...

If you were already logged into Horizon Console, you can just click on Dashboard in the left column to get to this place.

 

 

Save Image to Desktop

 

  1. Click Desktop on the Main Console
  2. Keep default name and click Save

 

 

Launch VMware Horizon Client

 

We will launch Horizon Client to open up an Instant Clone Desktop VM to test the Drag and Drop feature. We will drag and drop this file to the desktop VM.

Double-click the VMware Horizon Client on the Main Console Desktop

 

 

Launch Horizon-01

 

Double-Click on horizon-01.corp.local

 

 

Login in to Horizon-01

 

Login to the Horizon-01 system

  1. User name: user1mod1
  2. Password: VMware1!
  3. Click on Login

 

 

Open the Instant Clone Pool

 

Click on the Instant Clone Pool to open a Desktop VM

 

 

Take the Desktop out of full screen mode

 

If the Desktop takes up the entire screen, click on the Maximize button (two squares) in the top right corner beside the Close X button to take out of maximize window size so we can see the Main Console desktop as well.

 

 

Open Wordpad on the Desktop

 

  1. Double-Click on WordPad (created by UEM) on the Instant Clone Desktop
  2. The Wordpad window opens

 

 

Drag Text from the MainConsole Browser to the Desktop

 

  1. Arrange the Browser windows beside the Instant Clone Desktop
  2. Select text in the Browser and drag it over to the Wordpad application
  3. Drop into Wordpad Application on the Instant Clone Desktop
  4. Hit Return/Enter key a few times to add lines below the text

 

 

Drag the Image File

 

Click on the dashboard_hero.png file that you saved to the desktop of the MainConsole and drag it to the Desktop

 

 

Drop Image File onto WordPad Document on Desktop

 

Drop the image file into the WordPad Document

 

 

 

Disconnect and Logoff

 

  1. On the Instant Clone WIN10IC-# Desktop, click on the Options pull down
  2. Click on Disconnect and Log Off
  3. Click OK on the pop up

 

 

Close Horizon Client

 

If Horizon Client is minimized, click on the bottom to open it back up so you can close it to clean up.

  1. Click the Disconnect symbol to disconnect
  2. Click to OK to log off the Horizon Client
  3. Click X to close the VMware Horizon Client window

 

VM Hosted Applications


With the latest version of Horizon agents, you are able to publish applications from a Windows 10 Desktop Pool using the same deployment and configuration process as you do for Desktops.

We will walk through that process below.  First we will edit the existing desktop pool and make it a desktop and application pool. Then we will add an application pool using the Application discovered in the Desktop Pool.  


 

VM Hosted Application Use Cases

 

 

Edit the IC Pool

 

Go back to the Horizon Console.

  1. Under Inventory, click on Desktops
  2. Click the check for the IC-Pool1 Desktop pool
  3. Click on Edit

 

 

Click on Desktop Pool Settings

 

Click on the Desktop Pool Settings tab

 

 

Edit Session Types

 

  1. Scroll down
  2. Under the General Section, Select Session Types and pick Desktop & Application
  3. Under Remote Settings, confirm Empty Session timeout is set to After = 1 minutes
  4. Click OK

Supported Session Types can be configured for the Desktop Pool. There are 3 options:

If you choose to support application sessions then this desktop pool can be used to publish application pools.

 

 

Add Application Pool  

 

We are going to now add an application from the desktop pool.

  1. Under Inventory on the left, Click on Applications
  2. Click on Add
  3. Select Add from Installed Applications

With Application Pools, you can deliver a single application to many users. The application runs on a farm of RDS Hosts or a desktop pool. We will show running an application from a desktop pool here. If you want more info on running applications from an RDS Host, be sure to continue on to the Module 2: Create an RDSH Farm - Instant Clones and  Module 3: Create an Application Pool after this module.

 

 

Select from Desktop Pool

 

  1. Under Select RDS Farm or Desktop Pool, Select Desktop Pool. It will take a few seconds to populate the list of installed applications.
  2. Scroll down under Select installed applications
  3. Check on the Wordpad app.
  4. Notice Entitle users after this wizard finishes is checked
  5. Click Next

 

 

Edit Application

 

  1. Change the Display name to VMHosted-WordPad so you can distinguish this application coming from the IC Desktop pool.
  2. Click Submit

 

 

Add Entitlements

 

Click on Add to add user to this pool

 

 

Find User for Domain Users

 

  1. Under Name/User name Contains enter in the box domain user
  2. Click on Find
  3. Click the check next to Domain Users
  4. Click OK

 

 

Ok to Add Entitlement

 

Click OK

 

 

Observe Application Pool Added

 

Notice that the VMHosted-Wordpad was added and Pool or Farm is listed as Instant Clone Pool. You may have to scroll down to see it in the list.

 

 

Launch VMware Horizon Client

 

  1. Open a new tab in the Google Chrome Browser
  2. Click on VMware Horizon on the Bookmark Bar to launch it
  3. Click on VMware Horizon HTML Access

 

 

Login to VMware Horizon

 

Login to VMware Horizon

  1. User name: user1mod1
  2. Password: VMware1!
  3. Click on Login

 

 

Desktop Hosted App

 

  1. Notice the VMHosted-Wordpad Icon in the catalog. This is the one we just created.
  2. Also notice the Instant Clone Pool is present as well.
  3. Close the Horizon Client by click X on the VMware Horizon Tab

If we had chosen just the Application Session Type then we would just have the Application here and no Instant Clone Desktop Pool.  

NOTE: Due to constraints in the Hands on Lab environment, we are not able to launch the VMHosted-WordPad application in this lab. The machines in the pool are not at the current level to support application remoting. We are limited in the HOL lab environment but wanted to show you the steps to set this up.  

 

 

Delete the IC Application Pool

 

We will delete the IC Application Pool so that it doesn't interfere with the modules that follow this.

  1. Under Inventory, Click on the Applications
  2. Select the WordPad application
  3. Click Delete

 

 

Confirm Delete

 

Confirm delete of the Application pool, click on OK

 

 

Edit Desktop Pool

 

We need to edit the Desktop pool to put back as an Instant Clone Desktop pool for the next modules.

  1. Under Inventory, click on Desktops
  2. Click the Checkbox to select the IC-Pool1
  3. Click Edit

 

 

Change to Desktop

 

We will change the Session Type back to Desktop only for the remainder of this lab.

  1. Click on Desktop Pool Settings
  2. Under Session Types, Click on Desktop
  3. Click OK

 

Conclusion


This module went over creating a Desktop Pool in Horizon.


 

You've finished Module 1

 

Congratulations on completing  Module 1.

If you are looking for additional information on Horizon, try one of these:

Proceed to any module below which interests you most.

 

 

 

Test Your Skills!

 

Now that you’ve completed this lab, try testing your skills with VMware Odyssey, our newest Hands-on Labs gamification program. We have taken Hands-on Labs to the next level by adding gamification elements to the labs you know and love. Experience the fully automated VMware Odyssey as you race against the clock to complete tasks and reach the highest ranking on the leaderboard. Try the Horizon Odyssey lab

 

 

How to End Lab

 

To end your lab click on the END button.  

 

Module 2 - Create an RDSH Farm - Instant Clones (15 minutes)

Introduction


This module contains the following lessons:


 

Horizon Apps

 

Today, end users are more mobile and productive than ever with the need to access their Windows apps alongside their SaaS and web applications, from their personal or business devices. In this new mobile cloud world, managing and delivering services to end users with traditional PC-centric tools has become increasingly difficult. Data loss and image drift are real security and compliance concerns. And organizations are struggling to contain costs.

Horizon Apps provides IT with a new streamlined approach to deliver, protect, and manage Windows applications while containing costs and ensuring that end users can work anytime, anywhere, on any device.

Built on JMP, the VMware next-gen desktop and application delivery platform, Horizon Apps securely publishes Windows apps in the data center and delivers end users all their apps including virtualized applications, apps packaged and isolated with VMware ThinApp, SaaS apps, and mobile apps in one unified digital workspace on any device, anywhere. Leveraging the power of JMP, IT can deliver Just-in-Time apps to streamline management, reduce costs, and easily maintain compliance. These applications can be accessed by end users with the efficiency and flexibility that business demands.

 

 

Just-in-Time App Provisioning with Instant Clones Technology

 

Overview of RDSH Farms


A farm is a group of Windows Remote Desktop Services (RDS) hosts. You can create published desktops associated with a farm. You can also deliver a published application to many users by creating application pools. The published applications in application pools run on a farm of RDS hosts.

You will work with application pools in Module 3 of this lab.


 

RDSH Farm Types

 

 

 

Instant Clone RDSH Farms

 

The Horizon Connection Server creates the instant-clone virtual machines based on the parameters that you specify when you create the farm. Instant clones share a virtual disk of a parent VM and therefore consume less storage than full virtual machines. In addition, instant clones share the memory of a parent VM and are created using the vmFork technology.

When you create an application pool or a published desktop pool, you must specify one and only one farm. The RDS hosts in a farm can host published desktops, applications, or both. A farm can support at most one published desktop pool, but it can support multiple application pools. A farm can support both types of pools simultaneously.

 

 

Additional Information on Horizon Instant Clone Technology

Overview

Benefits

 

Create an RDSH Farm


This lesson steps you through the Farm creation wizard. Please note, due to resource and timing constraints in the HOL, it is recommended you cancel the farm creation wizard. A farm has already been created for you to use in other modules of this lab.


 

Authenticate to the Horizon Admin Console

 

 

Create a New Farm

The following steps will guide you through the Farm creation wizard.

 

Configure Load Balancing for Horizon Farms


Load balancing sessions across the RDS hosts in a Horizon farm improves utilization of resources, resulting in a better end user experience.

You can configure load balancing for RDS hosts by configuring load balancing settings in Horizon Administrator or by creating and configuring load balancing scripts.

In this lesson you will configure load balancing settings for an existing RDS farm.


 

Authenticate to the Horizon Admin Console

 

 

Navigate to RDSH1 Host Details

 

  1. Start on the Dashboard
  2. Navigate to RDS Farms > RDSH-01 and select the RDS host RDSH1
  3. Note the Server Load Index is currently set to -1
  4. Select OK

Horizon 7 calculates the Server Load Index based on the load balancing settings you configure in Horizon Administrator. The Server Load Index indicates the load on the server. The Server Load Index can range from 0 to 100, where 0 represents no load and 100 represents full load. A Server Load Index of -1 indicates that load balancing is disabled.

 

 

Configure RDS Load Balancing on the RDSH-01 Farm

Horizon 7.8 introduced a number of improvements to RDS host load balancing. In the following steps you will configure load balancing settings using sample values. The ideal values for your Horizon implementation may differ.

 

 

Review Updated Server Load Index

 

  1. Select Dashboard
  2. Navigate to RDS Farms > RDSH-01 and select the RDS host RDSH1
  3. Note the Server Load Index has changed to reflect the current load on the server.
    Note - The actual value of the Server Load Index will vary from this screen shot, as the value is being dynamically populated.
  4. Select OK

By default, the CPU, Memory and Disk statistics are collected every 30 seconds. If you wait a few seconds and again select the RDSH1 RDS host, you should see the Server Load Index value change again.

 

Conclusion


This module covered how to create an RDSH Farm with Instant Clones.


 

You have Finished Module 2

 

Congratulations on completing Module 2.

If you are looking for additional information on Horizon Instand Clone farms, try one of these:

Proceed to any module below which interests you most.

 

 

 

How to End Lab

 

To end your lab click on the END button.  

 

Module 3 - Create an Application Pool (15 Minutes)

Introduction


This module contains the following lessons:


Overview of Application Pools


With application pools you deliver a single, published application to many users. The application runs on a farm of RDS hosts.

Horizon automatically distributes client requests for the application among the RDS hosts in the farm. Therefore, it is important that all RDS hosts in the farm are configured the same way. Horizon Instant Clone technology is ideal for creating scalable RDS farms with identical configurations.

In this lesson, you will create an application pool using an existing Horizon farm: RDSH-01.


 

Application Pools

 

 

Create an Application Pool


In this lesson you will create multiple applications pools from an existing RDSH farm.


 

Authenticate to the Horizon Admin Console

 

 

Navigate to Applications

 

  1. Select Applications

 

 

Review Existing Application Pools

 

Notice there are a number of Application Pools already created and associated with Farm RDSH-01

 

 

Add Application Pool

 

  1. Select Add
  2. Select Add from Installed Applications

This option performs an automated scan of the applications installed on the RDS hosts in Farm RDSH-01

 

 

Select Installed Applications

 

  1. Scroll down until you find Internet Explorer in the list of installed applications
  2. Check the box for Internet Explorer where the installation path matches C:\Program Files\Internet Explorer\iexplore.exe
  3. Select Next

 

 

Customize the Display Name

 

  1. In the Display name field overwrite the existing content with Web App 1
  2. Select Submit

 

 

Add Entitlements

 

  1. Select Add

 

 

Find User or Group

 

  1. Enter user1mod3
  2. Select Find
  3. Check the box for User1 Mod3
  4. Select OK

 

 

Confirm Entitlements

 

  1. Select OK

 

 

Edit an Application Pool

You will now edit the Application Pool to customize the parameters.

 

 

Create a Second Application Pool

You will now create a second application pool using the same application. You will use these in a later lesson.

 

 

Review New Application Pools

 

You should now have two application pools: Web App 1 and Web App 2

Note - Leave the Horizon Admin page open to the Application Pools page, as you will start here in the next lesson.

 

Update Application Pool Icons


When creating an Application Pool, Horizon automatically detects and uses the application icon from the primary executable. When publishing the same executable with multiple application pools, it may be difficult to distinguish one app from another in the Horizon Client or Workspace ONE catalog. Horizon 7.9 introduced the ability to update Application Pool icons.

In this lesson you will update the icon for the Application Pools you created. In the next lesson you will see the impact it has on the user experience.  


 

Update Icon for Web App 1 Application Pool

You should still have the Horizon Admin console open to the Application Pools page.

 

 

Update Icon for Web App 2 Application Pool

You should still have the Horizon Admin console open to the Application Pools page.

 

 

Application Icons Updated

 

With the new icons in place, you are ready to test the published applications.

 

Testing End User Experience of Published Application


In this lesson you will use the Horizon Client to run published applications from the Application Pools.


 

Horizon Client

 

 

 

Launch the VMware Horizon Client

 

  1. From the Desktop of the Main Console double-click VMware Horizon Client

 

 

Select Horizon Connection Server

 

  1. Double-click horizon-01.corp.local

 

 

Login to Horizon

 

  1. User name: user1mod3
  2. Password: VMware1!
  3. Select Login

 

 

Launch Web App 1

 

  1. Notice Web App 1 and Web App 2 are displayed using the updated icons
  2. Double-click Web App 1

 

 

Internet Explorer Opens to Tech Zone

 

Internet Explorer is opened from an RDS host running on the Horizon Farm RDSH-01 using the parameters defined in the Application Pool.

 

 

Launch Web App 2

 

  1. Double-click Web App 2

 

 

Internet Explorer Opens to VMware.com

 

Internet Explorer is opened on an RDS host running on the Horizon Farm RDSH-01 using the parameters defined in the Application Pool.

 

Conclusion


This module covered creating and editing an application pool from a Horizon farm.


 

You have Finished Module 3

 

Congratulations on completing Module 3.

If you are looking for additional information on Horizon application pools, try one of these:

Proceed to any module below which interests you most.

 

 

 

How to End Lab

 

To end your lab click on the END button.  

 

Module 4 - Horizon Published Apps Maintenance (30 Minutes)

Introduction


This Module contains the following lessons:


Overview of Horizon Published Apps Maintenance Operations


Maintenance operations serve two primary purposes:

  1. Push updates to operating systems and applications, or any other changes necessary for the RDS hosts in your farms.
  2. Refresh RDS hosts in your farm so end users are always accessing a clean, optimized environment.

In this lesson you will learn how and when to use maintenance operations.

 With the maintenance operations, you can schedule recurring or immediate maintenance of all the RDS hosts in an automated instant-clone farm. During each maintenance cycle, all the RDS hosts are refreshed from the parent virtual machine.

You can make changes to the parent virtual machine without affecting the RDS host instant clones because the snapshot of the current parent VM is used for maintenance. The instant clones created in the automated farm use the information in the parent VM for their system configuration.

You can schedule maintenance on an automated farm but not on individual RDS hosts in the farm.

If possible, schedule maintenance operations during off-peak hours to ensure all that RDS hosts have finished maintenance and are available during peak hours.


 

Immediate Farm Maintenance Operation

 

Immediate farm maintenance is a one off update or refresh of the RDSH farm. To address operating system or application drift, the current Master image snapshot may be used for the refresh operation. To quickly distribute security patches or other updates to the farm, a new Master image snapshot may be selected.

Immediate farm maintenance operations can be run immediately, or scheduled to run (one time) at a later date.

Order of operations when an immediate farm maintenance operation occurs:

 

 

Recurring Farm Maintenance Operation

 

Recurring farm maintenance is an automated means of restoring RDS hosts in a farm to a known good running state.

Recurring maintenance operations can be scheduled daily, weekly, or monthly.

If you create a recurrent maintenance schedule and select a new Master image snapshot:

 

 

A recurring maintenance schedule ensures that the RDS hosts are periodically regenerated. Potential contamination is removed so that the farm runs optimally. Because the maintenance operation does only provisioning, the operation needs little time to complete, which is one of the many reasons why using instant clones is highly recommended.

We recommend scheduling weekly or daily maintenance outside of business hours to minimize the impact on users. If you have multiple shifts per day of users, weekly maintenance is recommended. Otherwise, daily maintenance is recommended.

 

Schedule Immediate Farm Maintenance


In this lesson you will schedule and run an immediate farm maintenance operation on an existing Horizon RDSH farm.


 

Authenticate to the Horizon Console

Note - If you already have the Horizon Admin console open in Chrome, you can skip ahead to Navigate to Farms.

 

 

Navigate to Farms

 

  1. Select Farms
  2. Select RDSH-01

Note - Be sure to click the farm ID, not the checkbox next to it

 

 

Select Maintenance Schedule

 

  1. Select Maintain
  2. Select Schedule

 

 

Immediate Schedule

 

  1. Select Immediate

 

 

Schedule Maintenance Setting

 

  1. Select Force users to log off
  2. Select Next

 

 

Ready to Complete

 

  1. Select Finish

 

 

Navigate to vCenter

 

  1. Leave the VMware Horizon 7 tab open in Chrome
  2. Open a New Tab in Chrome
  3. Select vCenter
  4. Select RegionA vSphere Client (HTML)

 

 

Authenticate to vCenter

 

  1. Check the box for Use Windows session authentication
  2. Select Login

 

 

vCenter Recent Tasks

 

  1. Monitor the Recent Tasks window to observe the Instant Clone operations
  2. The RDS host from the Horizon farm is deleted
  3. A new, clean Instant Clone RDS host is provisioned from the existing parent image

Note - It may take a couple of minutes to delete and recreate the host, due to constraints in the HOL environment.

 

 

Navigate to Horizon 7 Console

 

  1. Navigate to the VMware Horizon 7 tab you left running in a previous step
  2. Select Events

 

 

Review Horizon Events

 

Note the two log entries:

  1. RDSH1 was deleted
  2. The Horizon Agent on RDSH1 successfully contacted the Horizon Connection Server (Broker) after it was provisioned
  3. If the event messages are not showing up, wait thirty seconds and refresh the window

 

 

Leave the Horizon Console Open

Leave Chrome open to the Horizon Console page as you will use it in the next lesson.

 

Schedule Recurring Farm Maintenance


In this lesson you will create a recurring farm maintenance operation on an existing Horizon RDSH farm.


 

Select Farm

 

You should still have the Horizon 7 Console open from the previous lesson.

  1. Select Farms
  2. Select RDSH-01

 

 

Maintenance Schedule

 

  1. Select Maintain
  2. Select Schedule

 

 

Maintenance Mode

 

  1. Select Recurring
  2. Select a date and time to start the schedule
  3. Select Weekly to create a weekly recurring schedule
  4. Select Next

 

 

Image

 

A recurring schedule is often used to bring the RDS hosts in the farm back to an optimal running condition. Optionally, you can  choose a different Parent VM or snapshot.

  1. Uncheck Use current parent VM image
  2. Select snapshot RDSH IC Base - HoL 2019
  3. Select Next

 

 

Schedule Maintenance Setting

 

  1. Select Force users to log off
  2. Select Next

 

 

Ready to Complete

 

  1. Review changes and select Finish

 

 

Review Maintenance Schedule

 

  1. Scroll down to the Farm Maintenance section
  2. Review the Recurring Maintenance configuration

 

Conclusion


This module covered immediate and recurring farm maintenance operations, as well as recommended practices for maintaining Horizon farms.


 

You have Finished Module 4

 

Congratulations on completing Module 4.

If you are looking for additional information on Horizon farm maintenance, try one of these:

Proceed to any module below which interests you most.

 

 

 

How to End Lab

 

To end your lab click on the END button.  

 

Module 5 - Horizon Basic Troubleshooting (30 Minutes)

Introduction


This Module contains the following lessons:


 

Troubleshooting the Horizon 7 Environment

You can use Horizon Administrator and the new Horizon Console to monitor desktop and application sessions. These consoles give you a view into details from a farm, pool, or machine perspective. For example, you can see how many sessions are active for a pool. If you need to drill down into details for a particular user, the new Help Desk Tool is the preferred method.

 

Troubleshooting the Horizon 7 Environment


You can use a variety of procedures for diagnosing and fixing problems that you might encounter when using Horizon 7. You can use Horizon Help Desk Tool for troubleshooting, use other troubleshooting procedures to investigate and correct problems, or obtain assistance from VMware Technical Support.

VMware has a number of tools available to assist in troubleshooting and we will cover a few in the coming lessons.


 

Identifying the Problem Domain

 

Architectural view of environment.

 

 

Common Issues Encountered around Certificates

We will not be covering this in the lab so please reference this document for more information.

  1. Configuring Certificates for Horizon https://docs.vmware.com/en/VMware-Horizon-7/7.9/horizon-installation/GUID-80CC770D-327E-4A21-B382-786621B23C44.html
  2. Troubleshooting Certificates for Horizon 7 https://docs.vmware.com/en/VMware-Horizon-7/7.9/horizon-installation/GUID-1AB8E13E-B82F-4671-A80C-91BD4C5EA7C6.html

 

 

Troubleshooting using vRealize Operations for Horizon

 

VMware vRealize Operations for Horizon provides end-to-end visibility into the health, performance, and efficiency of VMware and Citrix virtual desktop and application environments from the data center and the network, all the way through to devices. It enables desktop administrators to proactively optimize end-user experience, avert incidents, and eliminate bottlenecks. Designed for VMware Horizon and Citrix XenApp and XenDesktop environments, along with NVIDIA GRID powered desktops, vRealize Operations for Horizon reduces costs and expedites time to resolution (TTR) with in-depth monitoring.

vRealize Operations for Horizon provides a single console for administrators with applications and desktop performance metrics and usage insights. The fully customizable dashboards automatically track detailed health of your end user computing deployment, from virtual applications and desktop down to the underlying vSphere infrastructure.

Quickly find and troubleshoot problems across your end user computing environment with in-guest metrics that analyze user and session-centric metrics, including CPU/RAM/disk utilization, logon times, PCoIP and Blast protocol performance and application experience. Easily isolate system weaknesses and proactively optimize performance.

Automatically learn normal operating patterns for Horizon infrastructure and user workloads. Leverage these analytics to set alerts based on dynamic rather than hard thresholds to catch system deficiencies while minimizing false positives. Receive advanced notifications before events impact end users to proactively manage your environment. Take advantage of user-centric dashboards and out-of-the box usage and license-compliance reports, and easily remediate your environment with common commands.

 

 

Horizon Connection Server Log Files

 

As your Horizon deployment grows, the list of logs that may need to be collected for troubleshooting can be extensive as each of these technologies has a logging component.

Horizon 7 creates log files that record the installation and operation of its components.  The Connection Broker logs are located at C:\ProgramData\VMware\VDM\logs

Reference these KB articles that will help you navigate where the logs are and how to change the log levels when you need to debug.  

 

 

Open Google Chrome Browser

 

Click on the Main Console Desktop and open the Google Chrome Browser

 

 

Open vCenter Server

 

  1. Click on the vCenter favorites on the Bookmark bar
  2. Select the RegionA vSphere Client (HTML) to connect to the vCenter Server
  3. Click on Use Windows session authentication
  4. Click on Login

 

 

Open Connection Server

 

Open a Remote Console to the Horizon Connection Server

  1. Click on arrow to open the RegionA01-COMP01
  2. Right Click on the Horizon-01 Connection Server
  3. Select Open Remote Console

Note: Horizon-01 is located under RegionA01-COMP01 and not RegionA01-IC01

 

 

Sign in to the Connection Server

 

  1. Click on the Ctrl-alt-del icon at the top of the window to login
  2. Enter the password for the CORP\administrator: VMware1!
  3. Click the arrow to continue

 

 

Connection Broker Logs

 

Make sure you are on the Horizon-01 Remote Console screen. You may want to click on the Minimize button at the top right of the window so it is not in maximum full screen mode. Confirm desktop says Horizon-01

  1. Open Explorer from bottom toolbar
  2. Enter C:\ProgramData\VMware\VDM\logs into the box to see the logs

We will just observe that this is where the logs are located.

 

 

Close the connect to Horizon-01

 

  1. Click on the VMRC pulldown in the top left corner of the window
  2. Click on Exit

 

 

Desktop Performance Issues

Some common issues are with Storage I/O bottleneck, CPU or memory contention, and Network Issues. To troubleshoot look at vCenter Server, vRealize Operations for Horizon, ESXTOP and other 3rd party tools to help.

 

Using Horizon Help Desk Tool


VMware's Horizon Help Desk Tool represents an ongoing initiative to VMware's commitment for providing IT tools and features to ensure the best level of service for your Horizon Deployment.


 

The Help Desk Tool

Horizon Help Desk Tool is a Web application that you can use to get the status of Horizon 7 user sessions and to perform troubleshooting and maintenance operations.

In Horizon Help Desk Tool, you can look up user sessions to troubleshoot problems and perform desktop maintenance operations such as restart or reset desktops.

To configure Horizon Help Desk Tool, you must meet the following requirements:

 

 

Log in to Horizon Help Desk Tool

Horizon Help Desk Tool is integrated into Horizon Console.

 

 

Launch Google Chrome Browser

 

  1. On the main console desktop, launch the Google Chrome shortcut located on the desktop.

 

 

Zoom the Browser View

 

If you want better viewing in the browser window, you can click on the three dots next to the address bar.

Under the Zoom click on the dash "-" and adjust to like 80% for better viewing depending on your monitor.

Click on the three dots when finished adjusting the zoom.

 

 

Launch the Horizon Console

 

We will use the new HTML 5 Horizon Console for this lab.  We will launch the Horizon Console using the URL https://horizon-01.corp.local/newadmin

  1. Click on the Horizon favorites bookmark bar at the top of the Chrome browser and Click on Horizon-01-NewAdminConsole
  2. Enter administrator as the Username
  3. Password is VMware1!
  4. Click on Sign In

 

 

Horizon Console

 

The Horizon Console

The Horizon Console is the newest HTML5 based web interface to manage Horizon 7 Environments. Horizon console is used to create and manage virtual desktops and published desktops and applications. Horizon Console also integrates VMware Horizon Just-in-Time Management Platform (JMP) Integrated Workflow features for managing workspaces.

Horizon Console is available after you install and configure Horizon Connection Server.

 

 

Use the Help Desk Tool to Restart a User's Virtual Desktop

You can perform many troubleshooting tasks for end users with this tool:

 

 

Open a Desktop Session for user1mod1

 

  1. Click on a New Tab to open one in Chrome
  2. Click on the favorites VMware Horizon on the Bookmark bar.

 

 

VMware Horizon HTML Access

 

Click on the VMware Horizon HTML Access to login and connect to an Instant Clone Desktop to use in showing sessions for Help Desk Tool.

 

 

Login to VMware Horizon

 

In the VMware Horizon Login window:

  1. Enter user1mod1 for the username
  2. Enter password of VMware1!
  3. Click Login

 

 

Launch Instant Clone Pool

 

Click Instant Clone Pool

Click OK on the informational Enable Copy and Paste on the Instant Clone Desktop to continue.

 

 

Horizon Console - Help Desk Tool

 

The Horizon Help Desk Tool will allow you to see the status of the user sessions on demand and perform troubleshooting in real-time.

  1. Click back on Horizon 7 Console tab in Chrome
  2. In Horizon Console, enter a username in the User Search field: user1mod1 and return/enter
  3. Select user1mod1 corp.local from pull down.

Horizon Console displays a list of users in the search results. The search can return up to 100 matching results.  The user information appears in a user card.

 

 

Select the Desktop Session to Troubleshoot

 

On the sessions tab, in the list of active sessions, click win10ic-#.corp.local desktop in the Computer Name column.

Where the "#" = the desktop session we just launched.

 

 

Details of User Session

 

Session details for the Horizon Help Desk tool in the details tab provides helpdesk staff with useful information about the Horizon Client, the virtual desktops and published applications, which Unified Access Gateway server the user is connected to, CPU and memory consumption, insights into the logon time, plus many other details.

 

 

User Experience Metrics

 

  1. Click on the More (which changes to Less when you click on it) under User Experience Metrics to expand out to see
  2. Look at the different information available in the Details section

 

 

Scroll down to Logon Segments

 

Logon Breakdown from client to broker include:

 

 

Open Apps on the Desktop

 

Open some applications on the desktop:

  1. Click back on the VMware Horizon Desktop in the browser tab
  2. Click on Wordpad to start the application
  3. Click on Google Chrome to start the browser

 

 

Click on the Applications tab

 

  1. Click back to the Horizon Console on the Chrome Browser tab
  2. Click on the Applications tab for that Desktop in the Console window
  3. Notice the applications are running and click on the Google Chrome application
  4. Notice also that you can End Application here

 

 

Restart the Desktop Session

 

  1. Click back on the Details tab
  2. Scroll down if needed in the Details tab until you get to the end of the User Experience Metrics section,
  3. Look at the More pull down to see options there. Click on More again to close those options
  4. Click Restart

Note the other options available: Send Message, Remote Assistance, Additional options: Disconnect, Logoff, and Reset.

 

 

Confirm Restarting Desktop

 

Click OK to confirm restarting the Desktop.

Notice that the session for the desktop is removed from the list.

 

 

Disconnected from Horizon Session

 

  1. Click back over to the VMware Horizon Desktop
  2. Notice that the desktop was Disconnected by the restart we sent from the Help Desk Tool.
  3. Click Close.

 

 

Close VMware Horizon Tab

 

Click on the X for the VMware Horizon tab to close it.

Keep Chrome open as we will use in the next lesson.

 

Horizon Performance Tracker


A feature in Horizon 7 is the Performance Tracker. This utility runs inside a remote desktop and monitors performance of the display protocols and system resource usage. This can also be ran as a published application inside an application pool.


 

Install Horizon Performance Tracker

Horizon Performance Tracker is a custom setup option in the Horizon Agent installer. You must select the option, as it is not selected by default.

 

 

Open Tab for VMware Horizon HTML Access

 

  1. In Google Chrome Browser, open a new tab
  2. Click on VMware Horizon from the bookmarks bar
  3. Click on VMware Horizon HTML Access to connect to your desktop

 

 

Launch Instant Clone Pool Desktop

 

Click on the Instant Clone Pool

 

 

Launch the Performance Tracker

 

After log in, from the desktop launch VMware Horizon Performance Tracker

 

 

Performance Tracker At a Glance

 

Observe current performance graphs and charts.

 

 

Launch Application from the Desktop

 

Launch MS Paint or any other of the applications on the desktop and watch the realtime utilization changes of the graphs and charts of Horizon Performance Tracker.

 

 

Session Properties

 

In the Performance Tracker window click on Session Properties and observe the numerous client properties available at a glance.

 

 

Close Performance Tracker

 

Click on the X to close Performance Tracker

 

 

Close the Application

 

Click on the X to close the MS Paint Application or other application you opened.

 

 

Close the Horizon Desktop

 

  1. Right Click on the windows icon
  2. Click on Shut down or Sign Out to expand it
  3. Click on Sign out to exit the desktop

 

 

Desktop Disconnected

 

You have been disconnect from the desktop so Click Close  

 

Horizon Monitor Events


You can create an event database to record information about Horizon 7 events. In addition, if you use a Syslog server, you can configure Connection Server to send events to a Syslog server or create a flat file of events written in Syslog format.  You would generate syslog format so that the event data can be accessible to analytics software.

The event database stores information about events that occur in the Connection Server host or group, Horizon Agent, and Horizon Console, and notifies you of the number of events on the dashboard.


 

Horizon Console

 

You should still have the Horizon Console opened but if not open it.

  1. From Google Chrome Browser
  2. In the bookmark bar, under Horizon, Select Horizon-01-NewAdminConsole

Sign In with User Name: administrator and password: VMware1! if not already logged in.

 

 

Events detail

 

You can examine the events in detail on the Events page.

From Horizon Console, select under Monitor, Events

You can select the time range of the events, apply filtering ot the events, and sort the listed events by one or more columns.

 

 

Desktop Pool Events

 

In Horizon Console, navigate to a desktop or application pool, virtual machine, persistent disk, or a user or group and click the Events tab to view specific events. Lets look at the Desktop pool specifically.

  1. Under Inventory, Click on Desktops
  2. Click on the IC-Pool1

 

 

Specific Events

 

  1. Click on the Events tab along the top under the IC-Pool1

 

Monitoring System Health


You can use the system health dashboard in Horizon Administrator to quickly see problems that might affect the operation of Horizon 7 or access to remote desktops by end users.

Today this is only available with the old Horizon Administration Flex interface. So we will log in to that interface below.


 

Horizon Administrator Flex Interface

 

  1. Open a new tab in the Google Chrome Browser
  2. Go to https://horizon-01.corp.local/admin to launch the Horizon Administrator Flex Console
  3. Enter User name: administrator
  4. Enter Password: VMware1!
  5. Click on Log In

 

 

Monitor System Health

 

The system health dashboard in the top left of the Horizon Administrator display provides a number of links that you can use to view reports about the operation of Horizon 7.

 

Optimization of Horizon 7 Environment


By disabling certain Windows 7, Windows 8/8.1, and Windows 10 services and tasks, you can reduce the growth in disk usage of instant clones and View Composer linked clones. Disabling certain services and tasks can also result in performance benefits for full virtual machines.


 

Optimize your Images

 

More info on creating an optimized windows image can be found in this techzone link.  

https://techzone.vmware.com/creating-optimized-windows-image-vmware-horizon-virtual-desktop

The VMware OS Optimization Tool fling helps optimize Windows 7/8/10 and Windows Server 2008 R2/2012/2016 systems for use with Horizon 7. The optimization tool includes customizable templates to enable or disable Windows system services and features, according to VMware recommendations and best practices, across multiple systems. Because most Windows system services are enabled by default, the optimization tool can be used to easily disable unnecessary services and features to improve performance. This is the link to the VMware OS Optimization tool. This is beyond the scope of this lab. Go to the VMware OS Optimization Tool page to download and start it for your environment.

https://labs.vmware.com/flings/vmware-os-optimization-tool

 

 

Advantages of an Optimized Image

Optimizing the master image is well worth the time and effort involved. Savings are returned on a variety of fronts.

 

 

Creating an Optimized Windows Image

Considerations you must take into account when creating a Windows system image are much different if you plan to deploy virtual desktops rather than physical desktops:

Therefore, with virtual desktops, one-time system actions must be configured in the base image, and one-time user actions must be configured in the default (or mandatory) user profile. In addition, to reach a higher consolidation ratio, increasing the number of VMs hosted on a single VMware vSphere host, VMware recommends turning off features that are not needed.

 

Troubleshooting Horizon 7 Client


You can solve most Horizon Client problems by restarting or resetting remote desktops or published applications, or by reinstalling Horizon Client.  

There is a desktop pool setting when you create or edit a desktop pool where you can set to allow users to restart/reset their machines. It is not set in this lab so we will reset as the administrator from the Horizon Console.

You can also enable log collection and send log files to VMware for troubleshooting.


 

Open VMware Horizon Client

 

From the Main Console desktop click on the VMware Horizon Client to open it.

 

 

Login in to Connection Server

 

Open the horizon-01.corp.local connection server

 

 

Login to Horizon-01

 

  1. User name: user1mod1
  2. Password: VMware1!
  3. Click on Login

 

 

Open Desktop

 

Double-Click on Instant Clone Pool to open up the Desktop.

 

 

Take Desktop out of Full Screen

 

 

 

Confirm VM name

 

Confirm the VM name displayed on the desktop.

 

 

Horizon Console

 

Click back on the Horizon Console tab to access the Horizon Console

 

 

Machines in Inventory

 

  1. Under Inventory, click on Machines
  2. Click on the WIN10IC-# VM where # is the desktop you are logged into

 

 

Desktop VM

 

You can perform a restart operation on a virtual desktop, which performs a graceful operating system restart of the virtual machine. You can perform a reset operation on a virtual machine without the graceful operating system restart, which performs a hard power-off and power-on of the virtual machine.

Click on Restart Desktop to perform a graceful OS restart of the VM.

 

 

Restart VM

 

 

We will Restart the Desktop, click OK.

 

 

Desktop Connection Lost

The connection you had open to the Desktop VM closes as the VM goes through a graceful shutdown.

 

 

VM Restarting

 

Notice the status of the VM is at a state of either deleting or not present but it is no longer connected since we restarted it.  

 

Conclusion


In this module, we went over the Horizon Basic Troubleshooting steps. We talked about what to look for when troubleshooting, using the Help Desk Tool, Monitoring System Health, using Performance Tracker and Optimizing the Horizon 7 Environment.


 

You've finished Module 5

 

Congratulations on completing  Module 5

If you are looking for additional information on Troubleshooting Horizon, try oe of these:

Proceed to any module below which interests you most.

 

 

 

How to End Lab

 

To end your lab click on the END button.  

 

Module 6 - Single Sign-On with True SSO and Identity Manager (30 Minutes)

Introduction


This Module contains the following lessons:


True SSO Overview


True SSO provides a way to authenticate to Microsoft Windows, retaining all of the users normal domain privileges, without requiring them to provide AD credentials. True SSO is a VMware Horizon technology that integrates VMware Identity Manager with Horizon 7.  With the True SSO (single sign-on) feature, after users log in to VMware Identity Manager using a smart card or RSA SecurID or RADIUS authentication, users are not required to also enter Active Directory credentials in order to use a virtual desktop or published desktop or application.

True SSO uses SAML (Security Assertion Markup Language) to send the User Principal Name (for example, jdoe@example.com) to the identity providers authentication system to access AD credentials. Horizon 7 then generates a unique, short-lived certificate for the Windows login process.


 

Benefits of True SSO

 

 

How True SSO Works

 

  1. User authenticates to VMware Identity Manager using an extensive set of authentication methods (RSA SecurID, RADIUS, Biometric, etc). After authentication the user selects a desktop or application to launch.
  2. Horizon Client is launched with the user's identity and credentials are directed to the Connection Server.
  3. The connection server validates the user's identity with Identity Manager by sending a SAML assertion.
  4. Using the certificate enrollment service, Horizon 7 requests the Microsoft Certificate Authority (CA) generate a temporary, short-lived certificate on behalf of that user.
  5. Horizon 7 presents the certificate to the Windows operating system.
  6. Windows validates the authenticity of the certificate with Active Directory.
  7. The user is logged in to the Windows desktop or application, and a remote session is initiated on the Horizon Client.

 

 

TrueSSO Architecture

 

For True SSO to function, several components must be installed and configured within the environment.  The enrollment server is responsible for receiving certificate signing requests (CSR) from the Connection Server. The enrollment server then passes the CSRs to the Microsoft Certificate Authority to sign using the relevant certificate template. The Enrollment Server is a lightweight service that can be installed on a dedicated Windows Server 2016 instance, or it can co-exist with the MS Certificate Authority service. It cannot be co-located on a Connection Server.

 

TrueSSO Steps


When True SSO is enabled in Horizon, users do not require a password to log into their Windows desktops. However, if users are logged into VMware Identity Manager using a non-password authentication method such as SecurID, when they launch their Windows desktops, they are prompted for a password. You can enable True SSO to prevent a password dialog box from being shown to users.


 

TrueSSO and SSO

Many user authentication options are available for logging in to VMware Identity Manager or Workspace ONE. Active Directory credentials are only one of these many authentication options. Ordinarily, using anything other than AD credentials would prevent a user form being able to single-sign-on to a Horizon 7 virtual desktop or published application. After selecting the desktop or published app from the catalog, the user would be prompted to authenticate again, this time with AD credentials.

True SSO provides users with SSO to Horizon 7 desktops and applications regardless of the authentication mechanism used. True SSO uses SAML, where Workspace ONE is the Identity Provider and the Horizon 7 server is the Service Provider. True SSO generates unique, short-lived certificates to manage the login process.

 

 

High Level Setting up True SSO

The high-level steps that need to be completed are below but we will not be performing them in this lab. They have already been set up for us in this lab to save time.

  1. Configure Horizon 7 and VMware Identity Manager Integration.
  2. Install and configure Microsoft Certificate Authority service.
  3. Set up a certificate template for use with True SSO.
  4. Install and configure the enrollment servers. Setup Software on Enrollment Server.
  5. Export Horizon certificate import to the Enrollment Server
  6. Run the following commands on the Connection Server (Horizon-01)
    • vdmUtil --authAs administrator --authDomain CORP --authPassword VMware1! --truesso --environment --add --enrollmentServer truesso-01.corp.local
    • vdmUtil --authAs administrator --authDomain CORP --authPassword VMware1! --truesso --environment --list --enrollmentServer truesso-01.corp.local --domain corp.local
    • vdmUtil --authAs administrator --authDomain CORP --authPassword VMware1! --truesso --create --connector --domain corp.local --template TrueSSOHOL --primaryEnrollmentServer truesso-01.corp.local --certificateServer controlcenter-ca --mode enabled
    • vdmUtil --authAs administrator --authDomain CORP --authPassword VMware1! --truesso --list --authenticator
    • vdmUtil --authAs administrator --authDomain CORP --authPassword VMware1! --truesso --authenticator --edit --name vidm-01 --truessoMode enabled

These steps are already set up in this lab. The next steps are to turn on TrueSSO in vIDM under the Virtual Apps. We will set up another Authentication source (RADIUS). We can then connect to vIDM with our RADIUS login and launch an application with no password prompt.

For more information on how to install and configure True SSO, see Setting Up True SSO.

 

Setup RADIUS as an Authentication Adapter


In this lesson we will setup RADIUS as an additional authentication and configure it to work with our FreeRADIUS.net instance

VMware Workspace ONE using Identity Manager allows for setting up Network Ranges and different authentication policies that can be assigned to different network ranges. For example, you might want your end-users to authenticate with their Active Directory credentials when they are in the office and connected to the corporate network.  You might want your users to use 2-factor authentication when working from home. You might have a group of users requiring Multi-Factor Authentication (MFA) because of the applications they can access.

For this lab, we are using FreeRADIUS.net to simulate a RADIUS compatible authentication adapter, in a real-world scenario this could be your RSA server or any other 2-factor authentication solution supporting RADIUS protocol. We have setup a different password (123456) other than the default AD-password (VMware1!) typically used in the HOL, so consider this your RSA token.  We will start this simulation in the next steps.

We will walk through the configuration of the RADIUS authentication adapter within Workspace ONE Identity Manager and assign RADIUS authentication to all connections coming from a specific network range.


 

Start FreeRADIUS.net

 

  1. Open Start Menu
  2. Select FreeRADIUS START
  3. Verify FreeRADIUS is started and Ready to process requests.

Attention: Please leave the FreeRADIUS START window open or minimize it, but DO NOT close it.

 

 

Launch Browser

 

From the main console, Open Gooogle Chrome

 

 

Open Identity Manager Console

 

  1. Click WS 1 on the Bookmark bar and open VIDM-01 Admin to open Management Console
  2. If prompted for Select your domain, confirm corp.local and click Next

 

 

Login to Identity Manager

 

  1. Username: administrator
  2. Password: VMware1!
  3. Click Sign in

 

 

Setup Authentication Adapters

 

  1. Click Identity & Access Management tab
  2. Click Setup on the tab to the right next to manage
  3. Click on vidm-01.corp.local under Worker\

vidm is the identity manager VM.

 

 

Modify Authentication Adapters

 

  1. Click Auth Adapters in the center top
  2. Click RadiusAuthAdapter and notice it is disabled so we will enable it in the next step

This will redirect you to the Admin Console to edit the Authentication Adapter.

 

 

Configure RADIUS

 

  1. Check 'Enable RADIUS Adapter'
  2. Check 'Enable direct authentication to Radius server during auth chaining'
  3. Set 'Number of attempts to Radius server' to 5
  4. Set 'Server timeout in seconds' to 5
  5. Specify 192.168.110.10 as the RADIUS server ip. This is the IP of the Main Console where we are running FreeRADIUS.
  6. Scroll down
  7. Set Accounting port to 1813
  8. Chose PAP as Authentication type
  9. Enter HOLrocks! as the shared secret
  10. Scroll down (leave configuration for secondary server empty)
  11. Click Save

Confirm no errors at the top.

 

 

Confirm RadiusAuthAdapter is Enabled

 

Confirm that RadiusAuthAdapter shows Enabled.

 

 

Return to Admin Console

 

Close this tab to return to the Admin Console

 

Create Network Range and Modify Policy


To limit RADIUS authentication to clients in a specific network, we have to create a networks range and modify the default policy to use RADIUS for this specific range we create. We will be logging in from a Windows 10 Desktop from the Instant Clone pool so will use that network range to use to login with RADIUS authentication.


 

Manage Policies

 

  1. Click Manage on the right side next to Setup
  2. Click Policies
  3. Click Network Ranges

 

 

Add Network Range

 

Click Add Network Range

 

 

Define the Network Range

 

  1. Enter RADIUS Test as 'Name' for the network range
  2. Provide a description RADIUS Test (optional)
  3. Enter 192.168.100.1 as 'From'
  4. Enter 192.168.100.255 as 'To'
  5. Click Save

This will add all the 192.168.100.xxx IP addresses to the RADIUS Test network range and will include our test VM.

 

 

Verify the new network range has been added

 

  1. Verify RADIUS Test IP Address Range was created
  2. Close the Network Ranges Window

 

 

Change default access policy

 

Click default_access_policy_set

 

 

Edit the default Policy

 

Click Edit

 

 

Ignore Warning

 

  1. Click the X to ignore the warning about modifying the default policy
  2. Click the Next

 

 

Add Policy Rule

 

Click Add Policy Rule

We will add a policy to use RADIUS for our newly created network range test

 

 

Configure Policy Rule

 

  1. Select RADIUS Test from dropdown menu for "If a user's network range is"
  2. Select Web Browser from dropdown menu for "and user accessing content from"
  3. Select RADIUS from dropdown menu for "then the user may authenticate using"
  4. Select Password from dropdown menu for "If the preceding method fails or is not applicable, then"
  5. Scroll Down

 

 

Advanced Properties

 

  1. Click on Advanced Properties

Besides setting the time after which a user has to re-authenticate, you can configure a Custom Error Message, Custom Error Link Text and a Custom Error Link URL, where you could guide the user to a how-to document or further information on how to resolve any issues with authentication.

Please take a minute to look at all the different and authentication method options, allowing you to setup different authentication methods for different devices/access methods and locations (based on network range). You can also combine multiple authentication methods if you need more than 2-factor authentication.

  1. Click Save

 

 

Change Policy Rule Order

 

  1. Hover the mouse cursor over RADIUS Test until the cursor changes, then click on RADIUS Test and keep the button pushed
  2. Drag the rule all the way to the top
  3. Release the RADIUS Test Policy Rule

 

 

Verify Rule Order

 

  1. Verify Radius Test is listed as the first rule
  2. Click Next

 

 

Policy Summary

 

  1. Verify Policy Rule
  2. Click Save

You have set up a new policy rule to use RADIUS authentication with the IP range specified. Next we will test connecting from a desktop in that IP range and see we are prompted for our RADIUS password instead of our AD password.

 

Single Sign On with TrueSSO


The next steps are to turn on TrueSSO in vIDM under the Virtual Apps.


 

Catalog Virtual Apps

 

  1. In the Workspace ONE/Identity Manager admin console, click on the Catalog pull down
  2. Select Virtual Apps

 

 

Virtual App Configuration

 

Click on the Virtual App Configuration

 

 

Click on Horizon01

 

Click on Horizon01

 

 

Enable TrueSSO

 

For the Horizon View On-Premises Horizon01

  1. Click the button for True SSO enabled

 

 

Save Configuration

 

  1. Scroll down to save
  2. Click on Save

 

Verify SSO via RADIUS


Now we will test the RADIUS authentication. We will test the connection by first opening up a Windows 10 VM via the Horizon Client and then logging in via RADIUS authentication from that client that is in the IP range we specified.


 

Open the Horizon Client

 

Open Horizon Client from the Main Console desktop

 

 

Connect to Horizon-01

 

Click horizon-01.corp.local

 

 

Login to Horizon-01

 

  1. User name: user1mod1
  2. Password: VMware1!
  3. Click Login

 

 

Open Instant Clone Pool

 

Double-click Instant Clone Pool to open the Windows10 VM

 

 

Open Browser in the Windows 10 VM

 

Wait for the Instant Clone VM to load, then

  1. Notice the subnet of the VM is 192.168.100.xxx (which is within the Network Range we defined earlier in the policy)
  2. Open the Edge Browser
  3. Browse to vidm-01.corp.local
  4. If prompted, confirm domain is set to corp.local and click Next

 

 

Authenticate using RADIUS

 

Since the IP address of our test VM is within the RADIUS test network range (192.168.100.180-192.168.100.190) we defined earlier, we now (as expected) get prompted for the RADIUS Passcode instead of our CORP.LOCAL domain password.

  1. Notice "Please enter RADIUS Passcode" message
  2. Username: user1mod1
  3. RADIUS Passcode: 123456
  4. Click Sign In
  5. Click No to not save your password

 

 

Portal Access

 

Verify you can see the portal successfully.

Now lets launch an application and see we are not prompted for login or password for AD.

Click on Open for Calculator.

 

 

Launch an Application to verify SSO

 

  1. You will see a separate tab open up on the browser and credentials passed to the Horizon-01 environment. It may take a minute in this limited lab environment to open up this application.
  2. Verify that Calculator launches and doesn't ask for login. You may need to close the Horizon slide out to see the application. To close the slide out just click on the three lines on the pull out.
  3. Click X to close the calculator app.

 

 

Disconnect and Log off

 

  1. Click Options at the top of the Windows 10 VM window
  2. Select Disconnect and Log Off
  3. Click OK

 

 

Close Horizon Client

 

Click the X to close the Horizon Client

 

Conclusion


In this module we went over Single Sign-on with TrueSSO and Identity Manager.


 

You've finished Module 6

 

Congratulations on completing  Module 6.

If you are looking for additional information on Single Sign On with True SSO and Identity Manager, try one of these:

Proceed to any module below which interests you most.

 

 

 

Test Your Skills!

 

Now that you’ve completed this lab, try testing your skills with VMware Odyssey, our newest Hands-on Labs gamification program. We have taken Hands-on Labs to the next level by adding gamification elements to the labs you know and love. Experience the fully automated VMware Odyssey as you race against the clock to complete tasks and reach the highest ranking on the leaderboard. Try the Horizon Odyssey lab

 

 

How to End Lab

 

To end your lab click on the END button.  

 

Conclusion

Thank you for participating in the VMware Hands-on Labs. Be sure to visit http://hol.vmware.com/ to continue your lab experience online.

Lab SKU: HOL-2051-01-VWS

Version: 20200722-213858