1. The area in the RED box contains the Main Console.  The Lab Manual is on the tab to the Right of the Main Console.
2. A particular lab may have additional consoles found on separate tabs in the upper left. You will be directed to open another specific console if needed.
3. Your lab starts with 90 minutes on the timer.  The lab can not be saved.  All your work must be done during the lab session.  But you can click the EXTEND to increase your time.  If you are at a VMware event, you can extend your lab time twice, for up to 30 minutes.  Each click gives you an additional 15 minutes.  Outside of VMware events, you can extend your lab time up to 9 hours and 30 minutes. Each click gives you an additional hour.

During this module, you will input text into the Main Console. Besides directly typing it in, there are two very helpful methods of entering data which make it easier to enter complex data.

You can also click and drag text and Command Line Interface (CLI) commands directly from the Lab Manual into the active window in the Main Console.  

You can also use the Online International Keyboard found in the Main Console.

1. Click on the Keyboard Icon found on the Windows Quick Launch Task Bar.

In this example, you will use the Online Keyboard to enter the "@" sign used in email addresses. The "@" sign is Shift-2 on US keyboard layouts.

1. Click once in the active console window.
2. Click on the Shift key.

1. Click on the "@ key".

Notice the @ sign entered in the active console window.

When you first start your lab, you may notice a watermark on the desktop indicating that Windows is not activated.  

One of the major benefits of virtualization is that virtual machines can be moved and run on any platform.  The Hands-on Labs utilizes this benefit and we are able to run the labs out of multiple data centers.  However, these data centers may not have identical processors, which triggers a Microsoft activation check through the Internet.

Rest assured, VMware and the Hands-on Labs are in full compliance with Microsoft licensing requirements.  The lab that you are using is a self-contained pod and does not have full access to the Internet, which is required for Windows to verify the activation.  Without full access to the Internet, this automated process fails and you see this watermark.

This cosmetic issue has no effect on your lab.  

Please check to see that your lab is finished all the start-up routines and is ready for you to start. If you see anything other than "Ready", please wait a few minutes.  If after 5 minutes your lab has not changed to "Ready", please ask for assistance.

VMware Horizon is a platform for delivering virtual desktops and apps efficiently and securely across hybrid cloud for the best end-user digital workspace experience.

Horizon helps IT efficiently deploy and scale virtual desktops and apps from a single control plane with rapid provisioning, automation and simplified management.

Leveraging best-in-class management capabilities and deep integrations with the VMware technology ecosystem, the Horizon platform delivers a modern approach for desktop and app management that extends from on-premises to the hybrid and multi-cloud. The result is fast and simple virtual desktop and application delivery that extends an optimal experience to all applications.

Dedicated-assignment pools

Each user is assigned a particular remote desktop and returns to the same desktop at each login. Dedicated assignment pools require a one-to-one desktop-to-user relationship. For example, a pool of 100 desktops are needed for a group of 100 users.

Floating-assignment pools

Using floating-assignment pools also allows you to create a pool of desktops that can be used by shifts of users. For example, a pool of 100 desktops could be used by 300 users if they worked in shifts of 100 users at a time. The remote desktop is optionally deleted and re-created after each use, offering a highly controlled environment.

With single-user desktops, each virtual machine allows a single end-user connection at a time. In contrast, with session-based desktops, one RDSH server can accommodate many concurrent user connections.

We will walk through the process of creating an Instant Clone Desktop Pool. A clone is a copy of a parent VM with a unique identity of its own, including a MAC address, UUID, and other system information. The VMware Instant Clone Technology improves and accelerates the process of creating cloned VMs over the previous View Composer linked-clone technology. In addition, instant clones require less storage and less expense to manage and update because the desktop is deleted when the user logs out, and a new desktop is created using the latest parent VM image.

An instant-clone desktop pool is an automated desktop pool. vCenter Server creates the desktop VMs based on the settings that you specify when you create the pool. Instant clones share a virtual disk of the golden image and therefore consume less storage than full VMs. In addition, instant clones share the memory of the golden image.

Before you can deploy a pool of desktops, you must create an optimized golden image, which includes installing and configuring a Windows or Linux operating system in a VM, optimizing the OS, and installing the various VMware agents required for desktop pool deployment.

VMware Horizon: Create an Instant Clone desktop pool

You configure entitlements to control which remote desktops and applications your users can access. Before users can access remote desktops or applications, they must be entitled to use a desktop or application pool.  In this exercise, we will add an entitlement to an existing desktop pool.

Launch Google Chrome from the desktop of the Main Console

1. Click on Horizon in the Chrome bookmarks bar
2. Click Horizon-01-AdminConsole

1. Enter Administrator as username
2. Enter VMware1! as the password
3. Click Sign in

1. Click on Desktops under Inventory

1. Click on the check box next to the existing IC-Pool1
2. Click on Entitlements to see options of either add or remove entitlements for this desktop pool
3. Click on Add Entitlements

Click on Add

1. Enter Jim in the Name/user name contains field
2. Click on Find
3. Select  Jim Hendrix  by clicking on the check box
4. Click OK

Note you may need to scroll down or resize the window to be able to select the user. You can also click the box next to Name to select all, then click ok.

1. Check the box next to jim@corp.local
2. Click OK

1. Click on IC-Pool1 to go to the desktop pool details

1. Click on the Entitlements tab
2. Verify that Jim@corp.local (Jim Hendrix) is entitled to the pool

1. Click on the Desktops tab to return to the list of desktop pools - congratulations on finishing the exercise to add an entitlement to an existing pool!

Congratulations on completing  Module 1.

If you are looking for additional information on Horizon, try one of these:

• What is VMware Horizon?
• Learn more about Anywhere Workspace Solutions

Proceed to any module below which interests you most.

• Module 1 - Virtual Desktop Pools (30 minutes) (Basic) Create and entitle both Windows and Server desktop pools.
• Module 2 - Create an RDSH Farm - Instant Clones (15 minutes) (Basic) Create, provision and load balance RDSH farms.
• Module 3 - Application Pools (15 minutes) (Basic) Create and maintain both RDSH & VM hosted application pools.
• Module 4 - Modern Management of Horizon Desktops (30 minutes) (Advanced) Workspace ONE UEM modern management for VMware Horizon Windows 10
• Module 5 - Integrate Horizon with Workspace ONE Access (60 minutes) (Basic) Workspace ONE Access delivering a secure and comprehensive catalog of apps and desktops from VMware Horizon.
• Module 6 - Single Sign-On with True SSO and Workspace ONE Access (15 minutes) (Basic) Workspace ONE access, TrueSSO, RADIUS and SSO integration with VMware Horizon.
• Module 7 - Dynamic Environment Manager (60 minutes) (Basic) Overview of Dynamic Environment Manager capabilities with focused on key features and integration with Horizon (smart policies).
• Module 8 - App Volumes (60 minutes) (Basic) Explore the new simplified application management workflows of App Volumes 4.
• Module 9 - VMware Horizon Cloud Service (60 minutes) (Basic) Introduction to Horizon Cloud Services and capabilities.

To end your lab, click on the END button.  

Interested in learning more about VMware End User Computing (EUC) but don't know where to start? Look no further than https://techzone.vmware.com, your fastest path to understanding, evaluating, and deploying VMware End User Computing products!

Tech Zone focuses on providing practical product guidance, curated activity paths, and technical content to take you from zero to hero!  Our mission at Tech Zone is to provide you with the resources you need to keep leveling up your knowledge no matter where you are in your digital workspace journey.

Interested? Check us out at https://techzone.vmware.com!

Today, end users are more mobile and productive than ever with the need to access their Windows apps alongside their SaaS and web applications, from their personal or business devices. In this new mobile cloud world, managing and delivering services to end users with traditional PC-centric tools has become increasingly difficult. Data loss and image drift have become real security and compliance concerns with organizations further struggling to contain costs.

Horizon Apps provides organizations with a streamlined approach to deliver, protect, and manage Windows applications while containing costs and ensuring that end users can work anytime, anywhere, on any device.

With VMware's next-gen desktop and application platform leveraging the power of the Just-in-Time Management Platform (or JMP, pronounced "jump"), IT can deliver just-in-time apps to streamline management, reduce costs, and easily maintain compliance. These applications can be accessed by end users with the efficiency and flexibility that business demands.

JMP is the next-generation desktop and application delivery platform from VMware, and is a key component of VMware Horizon. It enables you to focus on defining outcomes based on business needs instead of maintaining and troubleshooting environments. JMP leverages VMware Instant Clones, VMware App Volumes, and VMware Dynamic Environment Manager technologies to untangle the operating system, applications, and user personalization. By doing so, all the component pieces together can be automatically assembled on demand to deliver just-in-time desktops and apps to any device. Horizon with JMP lets you deliver Windows as a service.

JMP technologies include VMware Instant Clones technology together with VMware App Volumes and VMware Dynamic Environment Manager.  This not only dramatically reduces the infrastructure requirements, but also enhances security, allowing you to deliver a brand new personalized desktop and application services instantly to end users every time they log in. Here are just a few of the benefits: 

• Provision brand new session hosts in seconds, easily and elastically supporting peak demand.  
• Enhance security by shutting down RDSH farms daily/weekly, and easily and quickly spin up brand new hosts.  
• Reduce storage and operational costs by up to 70 percent with App Volumes and one-to-many provisioning, which slashes the number of images managed by up to 95 percent.
• With updated Cloud Pod Architecture, scale to over 50,000 RDSH farms across 50+ sites with improved failover characteristics, in a fraction of the time of traditional application virtualization models.

Farms simplify the task of managing RDS hosts, published desktops, and applications in an enterprise. You can create manual or automated farms to serve groups of users that vary in size or have different desktop or application requirements.

A manual farm consists of RDS hosts that already exist. The RDS hosts can be physical or virtual machines. You manually add the RDS hosts when you create the farm.

An automated farm consists of RDS hosts that are instant-clone virtual machines in vCenter Server.

The Horizon Connection Server creates the instant-clone virtual machines based on the parameters that you specify when you create the farm. Instant clones share a virtual disk of a parent VM and therefore consume less storage than full virtual machines. In addition, instant clones share the memory of a parent VM and are created using the vmFork technology.

When you create an application pool or a published desktop pool, you must specify one and only one farm. The RDS hosts in a farm can host published desktops, applications, or both. A farm can support at most one published desktop pool, but it can support multiple application pools. A farm can support both types of pools simultaneously.

An automated instant clone pool or farm is created directly from an image VM Replica using the vSphere instant clone API without creating any parent VM.

Horizon automatically chooses the type to provision based on :

• Low Density of VMs per host in selected cluster - Created without Parent VMs
• High Density of VMs per host in selected cluster - Created with Parent VMs

This is a little slower to provision than a pool created with Parent VMs, but memory and disk space savings offset this.

• No ParentVM created = memory and disk space savings
• Less customization on reboot (ClonePrep)
• Logoff = Reverts snapshot and resets VM PW
• Push Image = Full Sync

The first three minutes of the video provides a technical overview of Instant Clone technology.  

VMware Horizon: Create an Instant Clone RDSH Farm

1. From the desktop of the Main Console, double-click Google Chrome

1. Select Horizon from the bookmarks bar
2. Select Horizon-01-AdminConsole

1. User name: Administrator
2. Password: VMware1!
3. Leave Domain at CORP as the default.
4. Click Sign in

1. Click on Dashboard to open the Horizon Dashboard
2. Click View under System Health

1. Click on RDS Farms
2. Click RDSH-01

1. Scroll down on the right side
2. Scroll all the way to the right
3. View Load Index and notice that Load Balancing is Disabled
4. Click OK

Horizon calculates the Server Load Index based on the load balancing settings you configure in Horizon Administrator. The Server Load Index indicates the load on the server. The Server Load Index can range from 0 to 100, where 0 represents no load and 100 represents full load. A Server Load Index of -1 indicates that load balancing is disabled.

1. Click on Farms
2. Click on the RDSH-01 Farm

On the summary page for RDSH-01 scroll down to the Load Balancing Settings.  Notice that no settings are configured.

1. Scroll back up and look for the Edit button.
2. Click on Edit to modify the RDSH-01 Farm

1. Click on Load Balancing Settings
2. Click to uncheck the Use Custom Script option (if checked)
3. Click to check the Include Session Count option

1. Click the ? icons to learn more about each of the load balancing settings

Enter the following values:

1. CPU Usage Threshold:  90
2. Memory Usage Threshold:  90
3. Click OK

1. Click on Dashboard to open the Horizon Dashboard
2. Click View under System Health

1. Click on RDS Farms (this step could take a few seconds to load)
2. Click RDSH-01

1. Scroll down on the right side
2. Scroll all the way to the right
3. Note the Server Load Index has changed to reflect the current load on the server.
   1. Note - The actual value of the Server Load Index will vary from this screen shot, as the value is being dynamically populated.
4. Select OK

In this module, we have learned about RDSH farms (using a full demonstration simulator), how to create an RDSH farm and also all the components such as JMP that enable a succesful delivery of Session Farms for both desktops and applications. The last part of the module looked at load balancing Horizon Farms and making sure you can qualify the settings for this setup. Feel free to use the material and links below to learn more about the topics we have just covered.

Congratulations on completing  Module 2.

If you are looking for additional information on Horizon, try one of these:

• What is VMware Horizon?
• Or learn more about Anywhere Workspace Solutions

Proceed to any module below which interests you most.

• Module 1 - Virtual Desktop Pools (30 minutes) (Basic) Create and entitle both Windows and Server desktop pools.
• Module 2 - Create an RDSH Farm - Instant Clones (15 minutes) (Basic) Create, provision and load balance RDSH farms.
• Module 3 - Application Pools (15 minutes) (Basic) Create and maintain both RDSH & VM hosted application pools.
• Module 4 - Modern Management of Horizon Desktops (30 minutes) (Advanced) Workspace ONE UEM modern management for VMware Horizon Windows 10
• Module 5 - Integrate Horizon with Workspace ONE Access (60 minutes) (Basic) Workspace ONE Access delivering a secure and comprehensive catalog of apps and desktops from VMware Horizon.
• Module 6 - Single Sign-On with True SSO and Workspace ONE Access (15 minutes) (Basic) Workspace ONE access, TrueSSO, RADIUS and SSO integration with VMware Horizon.
• Module 7 - Dynamic Environment Manager (60 minutes) (Basic) Overview of Dynamic Environment Manager capabilities with focused on key features and integration with Horizon (smart policies).
• Module 8 - App Volumes (60 minutes) (Basic) Explore the new simplified application management workflows of App Volumes 4.
• Module 9 - VMware Horizon Cloud Service (60 minutes) (Basic) Introduction to Horizon Cloud Services and capabilities.

To end your lab click on the END button.  

Interested in learning more about VMware End User Computing (EUC) but don't know where to start? Look no further than https://techzone.vmware.com, your fastest path to understanding, evaluating, and deploying VMware End User Computing products!

Tech Zone focuses on providing practical product guidance, curated activity paths, and technical content to take you from zero to hero!  Our mission at Tech Zone is to provide you with the resources you need to keep leveling up your knowledge no matter where you are in your digital workspace journey.

Interested? Check us out at https://techzone.vmware.com!

An application pool contains a single application and is associated with a single farm. To avoid errors, you must install the application on all of the RDS hosts in the farm. One of the benefits of using instant clones to create farms of RDS hosts is the assurance of a consistent configuration.

When you create an application pool, Horizon automatically displays the applications that are available on all the RDS hosts in the farm. You can select one or more applications from the list. If you select multiple applications from the list, a separate application pool is created for each application. You can also manually specify an application that is not on the list.

Horizon published applications can be accessed using VMware Blast, PCoIP, or HTML Access.

1. From the desktop of the Main Console, double-click Google Chrome

1. Select Horizon from the bookmarks bar
2. Select Horizon-01-AdminConsole

1. User name: Administrator
2. Password: VMware1!
3. Click Sign in

1. Select Applications

Notice there are a number of Application Pools already created and associated with Farm RDSH-01

Review the applications and details.

1. Select Add
2. Select Add from Installed Applications

This option performs an automated scan of the applications installed on the RDS hosts in Farm RDSH-01

1. Make sure that RDS Farm and RDSH-01 are selected
2. Type internet into the filter box
3. Check the box for Internet Explorer where the installation path matches C:\Program Files\Internet Explorer\iexplore.exe
4. Select Next

1. In the Display name field overwrite the existing content with Web App IE
2. Select Submit

1. Select Add

1. Enter user1mod3
2. Select Find
3. Check the box for User1 Mod3
4. Select OK

1. Select OK

You will now edit the Application Pool to customize the parameters.

1. Check the box for the Internet Explorer (Web App IE) application pool
2. Select Edit

1. Scroll down until you see Parameters
2. Enter parameters: https://techzone.vmware.com
3. Select Submit

You will now create a second application pool using the same application.

1. Select Add
2. Select Add from Installed Applications

This option performs an automated scan of the applications installed on the RDS hosts in Farm RDSH-01

1. Make sure that RDS Farm and RDSH-01 are selected
2. Type internet into the filter box
3. Check the box for Internet Explorer where the installation path matches C:\Program Files\Internet Explorer\iexplore.exe
4. Select Next

1. In the Display name field overwrite the existing content with Web App IE2
2. Select Submit

1. Select Add

1. Enter user1mod3
2. Select Find
3. Check the box for User1 Mod3
4. Select OK

1. Select OK

You will now edit the Application Pool to customize the parameters.

You should now have two application pools: Web App IE and Web App IE2

Note - Leave the Horizon Admin page open to the Application Pools page, as you will start here in the next lesson.

Beginning with Horizon 7.9, you are able to publish applications from a Windows 10 desktop pool using the same deployment and configuration process as you do for desktops.

We will walk through that process below.  First, we will edit the existing desktop pool and make it a desktop and application pool. Then we will add an application pool using the application discovered in the desktop pool.  

• Windows 10 UWP Apps: these are the Universal Windows Platform Apps developed for Windows 10 that run on Windows 10 devices such as PC, Tablet, Xbox, HoloLens, Surface Hub and IoT Devices without the need to be rewritten for each
• Applications and .NET framework version compatibility
• Applications that don't behave well in RDSH
• Applications that require special device support, where drivers may not run or be supported on RDSH
• Applications that are only tested/certified on Windows 10
• ISVs that require installed license & use reporting
• Windows Virtual Desktop on Azure

Go back to the Horizon Console on Horizon-01.corp.local.

1. Under Inventory, click on Desktops
2. Click the check for the IC-Pool1 desktop pool
3. Click on Edit

1. Click on the Desktop Pool Settings tab

1. Scroll down
2. Under the General Section, Select Session Types and pick Desktop & Application
3. Under Remote Settings, confirm Empty Session timeout is set to After = 1 minutes
4. Click OK

Supported Session Types can be configured for the Desktop Pool. There are 3 options:

• Desktop: only desktop sessions are supported
• Application: only application sessions are supported
• Desktop & Application: A Pool can be set to Application and Desktop session type, but they cannot be used at the same time

If you choose to support application sessions, then this desktop pool can be used to publish application pools.

Next we are going to add an application from the desktop pool.

1. Under Inventory on the left, Click on Applications
2. Click on Add
3. Select Add from Installed Applications

With Application Pools, you can deliver a single application to many users. The application runs on a farm of RDS Hosts or a desktop pool. You will add an application from a desktop pool here.

1. Under Select RDS Farm or Desktop Pool, Select Desktop Pool. It will take a few seconds to populate the list of installed applications.
2. Make sure IC-Pool1 is selected
3. Type Wordpad into the filter box
4. Check on the Wordpad app.
5. Notice Entitle users after this wizard finishes is checked
6. Click Next

1. Change the Display name to WIN10Hosted-WordPad so you can distinguish this application coming from the IC Desktop pool.
2. Click Submit

1. Click on Add to add user to this pool

1. In the Name/User Name field, type domain
2. Click on Find
3. Click the check next to Domain Users
4. Click OK

1. Click OK

Notice that the WIN10Hosted-Wordpad was added and Pool or Farm is listed as Instant Clone Pool. You may have to scroll down to see it in the list.

1. In Chrome, open a new tab
2. From the favorites bar, click VMware Horizon
3. Click on VMware Horizon HTML Access

Login to VMware Horizon

1. User name: user1mod3
2. Password: VMware1!
3. Click on Login

1. Notice the WIN10Hosted-Wordpad application. This is the one we just created.
2. Also notice the Instant Clone Pool is present as well since we chose the Desktop and Application session type.
3. Click on the WIN10Hosted-WordPad application to launch it 

Notice that the application launched and looked exactly like an RDSH hosted application.  

We will delete the IC Application Pool so that it doesn't interfere with the modules that follow this. Switch back to the Horizon Administrator tab in Chrome.

1. Under Inventory, Click on the Applications
2. Select the WordPad application
3. Click Delete

1. Confirm delete of the Application pool, click on OK

We need to modify IC-Pool1 to be only a desktop pool for the next modules.

1. Under Inventory, click on Desktops
2. Click the Checkbox to select the IC-Pool1
3. Click Edit

We will change the Session Type back to Desktop only for the remainder of this lab.

1. Click on Desktop Pool Settings
2. Under Session Types, Click on Desktop
3. Click OK

Congratulations on completing  Module 3.

If you are looking for additional information on Horizon, try one of these:

• Click on this link
• Or go to https://www.vmware.com/products/horizon.html
• Or learn more about Anywhere Workspace Solutions

Proceed to any module below which interests you most.

• Module 1 - Virtual Desktop Pools (30 minutes) (Basic) Create and entitle both Windows and Server desktop pools.
• Module 2 - Create an RDSH Farm - Instant Clones (15 minutes) (Basic) Create, provision and load balance RDSH farms.
• Module 3 - Application Pools (15 minutes) (Basic) Create and maintain both RDSH & VM hosted application pools.
• Module 4 - Modern Management of Horizon Desktops (30 minutes) (Advanced) Workspace ONE UEM modern management for VMware Horizon Windows 10
• Module 5 - Integrate Horizon with Workspace ONE Access (60 minutes) (Basic) Workspace ONE Access delivering a secure and comprehensive catalog of apps and desktops from VMware Horizon.
• Module 6 - Single Sign-On with True SSO and Workspace ONE Access (15 minutes) (Basic) Workspace ONE access, TrueSSO, RADIUS and SSO integration with VMware Horizon.
• Module 7 - Dynamic Environment Manager (60 minutes) (Basic) Overview of Dynamic Environment Manager capabilities with focused on key features and integration with Horizon (smart policies).
• Module 8 - App Volumes (60 minutes) (Basic) Explore the new simplified application management workflows of App Volumes 4.
• Module 9 - VMware Horizon Cloud Service (60 minutes) (Basic) Introduction to Horizon Cloud Services and capabilities.

To end your lab click on the END button.  

Interested in learning more about VMware End User Computing (EUC) but don't know where to start? Look no further than https://techzone.vmware.com, your fastest path to understanding, evaluating, and deploying VMware End User Computing products!

Tech Zone focuses on providing practical product guidance, curated activity paths, and technical content to take you from zero to hero!  Our mission at Tech Zone is to provide you with the resources you need to keep leveling up your knowledge no matter where you are in your digital workspace journey.

Interested? Check us out at https://techzone.vmware.com!

As more companies embrace modern management for mobile devices, macOS and Windows devices, management of virtualized environments is a logical extension for systems management.  Recently, Workspace ONE UEM was certified as a management platform for managing Horizon virtual desktops to offer administrators a single management solution for mobile, physical and virtual platforms of all kinds.  With Workspace ONE UEM, an administrator can manage Horizon virtual desktops as well as the endpoints used to access those VMs in one console.

By managing Horizon virtual desktops in Workspace ONE UEM, administrators can have a single software library, consistent policies, consolidated and flexible Windows update settings and a unified reporting and automation solution delivered across physical and virtual systems. 

While managing physical and virtual in one console provides simplicity to the administrator, considerations must be given to the Windows configurations that will be deployed.  Key considerations around VDI management include ensuring required services are running, other services are prevented from starting and tools such as the OS Optimization Tool is using appropriate settings for a VM.

This lab will walk through the basics of golden image creation, the enrollment process for VMs in Workspace ONE UEM and the basics of policy management and app distribution. Additional details on managing Windows through Workspace ONE UEM can be found in the following labs:

• HOL-2251-09-UEM - Getting Started with Workspace ONE UEM

To begin this lab, you will need to login to the Workspace ONE UEM admin console.

Double-click the Google Chrome shortcut located on the desktop of the virtual machine you are currently connected to.

1. Click the WS1 bookmark folder.
2. Click the WS1 UEM Console link.
3. Enter your Username. This is the email address that you have associated with your VMware Learning Platform (VLP) account that you utilized to take Hands-on Labs.
           Note: Your password for the next step will be VMware1!
4. Click Next.

The password field is displayed.

1. Enter VMware1! in the Password field.
2. Click the Log In button.

NOTE: You may need to wait here for a minute or so while the Hands On Lab contacts the Workspace ONE UEM Hands On Labs server.

You will be presented with the Workspace ONE UEM Terms of Service. Click the Accept button.

NOTE: The following steps are only performed for the initial login to the administration console.

After accepting the Terms of Use, you will be presented with this Security Settings pop-up

The Password Recovery Question is in case you forget your admin password and the Security PIN is to protect certain administrative functionality in the console.  

1. Scroll down to see the Password Recovery Questions and Security PIN sections.
2. Select a question from the Password Recovery Question drop-down (default selected question is ok here).
3. Enter VMware1! in the Password Recovery Answer field.
4. Enter VMware1! in the Confirm Password Recovery Answer field.
5. Enter 1234 in the Security PIN field.
6. Enter 1234 in the Confirm Security PIN field.
7. Click the Save button when finished.

A popup window will appear after you complete your security questions.

Click the 'X' in the upper right corner to close the Workspace ONE UEM Console Highlights window.

We will now prepare the Horizon desktop to automatically enroll to Workspace ONE.    This will include:

• Optimizing the golden image with the VMware OS Optimization Fling
• Command line enrollment into Workspace ONE
• Installing the Horizon Agent and setting up a manual dedicated pool

There is an VMware Horizon 8.x on Workspace ONE template that must be used. The golden image used for Horizon managed by Workspace ONE needs to have the OS Optimization Fling run on it to make sure that it properly works with Workspace ONE.   This ensures the system is optimized for Horizon VDI and also optimized for Workspace ONE.  

Why Optimize? Windows was designed for physical hardware, specifically desktops, and for that hardware to be accessed by just one user at a time. Windows uses many resources to present a responsive desktop, but many of its settings are unnecessary or even detrimental when applied to a virtual environment. These actions include, for example, animating windows as the user opens them. Performing this animation takes significant CPU resources, which decreases the number of desktops that you can host per VMware vSphere server. Consequently, this non-essential function in a virtual machine (VM) environment increases the amount of system hardware that you need.

Even if the hardware is adequate, Windows animations do not perform well when accessed remotely, especially when connecting over a slow WAN or Internet connection. As a result, keeping animations enabled (in addition to other features unnecessary for VMs) impairs the end-user experience. Another example of desktop optimization in a virtual machine environment is to disable Windows Update so that control of the service is isolated to administrators. Administrators can run Windows Update in batch mode for the VMs as opposed to users performing this task.

Before using the OSOT, which contains recommended configurations in the built-in OSOT templates, your IT organization should investigate and evaluate the benefits of the various optimizations. There is sometimes a trade-off between productivity and optimization. Also, test before and after using the OSOT to ensure that optimizations do not interfere with other software that might be in use within your organization.

Using the OSOT involves the following steps:

1. Analyze the golden image.
2. Verify that the list of optimizations checked in the analysis results are those that you want to apply.
3. (Optional) Export the analysis results to an HTML file.
4. Optimize the golden image.
5. Analyze the optimization results. (Each optimization will include the status SUCCESS or FAILED).
6. Troubleshoot FAILED results: Click the respective FAILED links to review error code and error string information.
7. Address the cause of the failure and optimize again.
8. (Optional) View the optimization history.

In the Workspace ONE UEM Console,

1. Click on your Organization Group name.
2. Copy or write down your Group ID value. In this example, the Group ID is yourid1234.

We will need to enter it into the enrollment batch file

Double-click the Win10-01a RDP link on the Control Center desktop.  You will be automatically logged in as an Admin

We will now install the Horizon Agent in order to connect to this desktop via the Horizon Client

1. Open File Manager
2. Browse to c:\tools
3. Double Click the VMware-Horizon-Agent-x86xxxxxx.exe Installer

1. Click Next

1. Accept the License Agreement
2. Click Next

1. Make sure IPv4 is selected
2. Click Next

1. Accept the default configuration and click Next

1. Click Install to start installation of the program

Monitor the progress of the installation

1. Click Finish

1. Click No to restart the system later

We will now edit the enrollment batch file with your GroupID in order to do command line enrollment into Workspace ONE.

1. In Windows File Explorer browse to c:\tools
2. Select enroll.bat
3. Right-Click and choose Edit
4. Replace YOURgroupID with the groupid from Workspace ONE that you captured earlier
5. Click File and then Save to save the file
6. Click the X to close Notepad

1. In Windows File Explorer, browse to C:\Tools
2. Right-click the RegKey.bat file
3. Click Run as Administrator

This batch file will automatically add a key to the registry that will cause the enroll.bat file to run automatically upon the next device boot.

1. Click Yes to allow the Batch file to run

1. In the Registry Editor, navigate to the Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce path
2. The EnrollToWSO key was created as a String with the value C:\tools\enroll.bat
3. Click X to close the Registry Editor

This will cause the enroll.bat file to run automatically when the device reboots, which will trigger the Workspace ONE UEM agent installation and enrollment process. The device is now ready to be rebooted.

1. Click the Windows Start Button
2. Click the Power Button
3. Choose Restart

While the Win10-01a desktop is restarting, we will create a manual pool in Horizon that contains the Win10-01a desktop and then enroll it to Workspace ONE. You will perform these actions from the Main Console.

From the Main Console virtual machine:

1. Click Google Chrome from the task bar to return to the browser
2. Click the New tab button
3. Click the Horizon folder
4. Click the Horizon-01-AdminConsole link

1. Enter Administrator for the username
2. Enter VMware1! for the password
3. Click the Sign in button

1. Click Desktops on the left pane under Inventory
2. Click Add to add a new desktop pool

1. Select Manual desktop pool
2. Click Next

1. Click vCenter virtual machines
2. Click Next

1. Select vcsa-01a.corp.local
2. Click Next

1. Select Dedicated - make sure Enable automatic assignment is checked.
2. Click Next

1. Enter Horizon_WSO as the ID
2. Enter Horizon_WSO as the Display name
3. Enter Horizon Managed by Workspace ONE UEM in the description field
4. Click Next

Leave all default settings and click Next

Leave all default settings and click Next

1. Select the Win10-01a machine
2. Click Next

Click Next on the Advanced Storage Options page

1. Check the box to Entitle Users After Adding Pool
2. Click Submit

Click Add to add new Entitlements

1. Type Jim in the Name/User name search field
2. Click Find
3. Check the box to select all results (Because of the limited screen space in the lab, you may not be able to see the Jim user)
4. Click OK

Click OK to save the entitlement.  You have created and entitled a desktop pool to be managed by Workspace ONE UEM.

Click the link for the Horizon_WSO pool

1. Click the Machines tab
2. Click the refresh button until the agent status shows as Available
3. Once the agent status is Available, you can close the Horizon Administrator
   NOTE: You may need to scroll to the right to view the Status column

We will now connect into the new Horizon pool and enroll it to Workspace ONE

1. In Google Chrome, click the new tab button
2. Click on the VMware Horizon link shortcut
3. Click on VMware Horizon HTML Access

1. Enter Jim as the username
2. Enter VMware1! as the password
3. Click Login

1. Click on the Horizon_WSO pool

1. Click on Advanced
2. Click Proceed to win10-01a.corp.local (unsafe)

Click OK on this box if it pops-up or if the Audio Box pops-up

It may take a few minutes to log in and run the script.  This is the first time Jim has logged into this box, so have a look at the below points to make sure you have no issues before continuing with this exercise.

1. If the command prompt running the enroll.bat file is still open, wait for it to complete. The command prompt will close on its own once the command finishes executing.
2. Click Start and confirm you can see Workspace ONE Intelligent Hub under Recently Added.
3. At this point, you can click the task bar tray arrow to see the Intelligent Hub icon.
4. You may see the AirWatch Enrollment icon on the Desktop if this is still busy enrolling. This will disappear when enrollment is completed.

1. Click on the up arrow to expand the notification area
2. Right-click the Workspace ONE Hub icon
3. Select Troubleshoot
4. Select Hub Status
5. Scroll down to find the Native OMA-DM Client Status section. Review the enrollment details.

1. Right-click the start button
2. Choose Shut down or sign out
3. Choose Sign out

1. In Google Chrome, click the first tab to return to the Workspace ONE UEM administrator console
2. Select Devices
3. Select List View
4. You will see Jim's device listed - click on the link to see more details on the device.

Review details on Jim's device in Workspace ONE UEM - we have successfully enrolled a Horizon desktop, next we will push a profile down to it.  

We will be doing the next few steps in the Workspace ONE UEM Console

1. Click on Resources
2. Click on Profiles & Baselines
3. Click on Profiles
4. Click Add
5. Click Add Profile

1. Click on Windows

NOTE: Be sure to click Windows, not Windows Rugged

1. Click on Windows Desktop for device type.

1. Select Device Profile for context

1. Click on General
2. Under Name enter Desktop Background
3. Click the Smart Groups search bar
4. Click All Devices (your@email.shown.here)

This will cause this profile, named Desktop Background, to be deployed to all of the devices (dictated by the All Devices smart group) in your organization.

1. Scroll down on the left side
2. Select Personalization
3. Click Configure

This will enable the Personalization payload for this profile, which you will use to push a desktop background image down to the device.

1. Click on the Upload button next to Desktop Image
2. Click the Choose File button
3. Browse to C:\tools\images
4. Select vmware.jpg
5. Click Open
6. Verify vmware.jpg is listed as the file to add
7. Click Save

1. You will notice that vmware.jpg is listed as the Desktop Image.
2. Click Save and Publish

1. A preview of the devices in your organization that will receive this profile based on the configured smart groups is displayed.
2. Click Publish.

1. Select the radio button next to Desktop Background.
2. Click Devices to view the devices that received the Desktop Background payload.
3. Confirm that Jim's Desktop now shows Installed.
4. If the Status does not show Installed, click Refresh until the Status shows Installed.
5. Close the Window using the X.

1. In Chrome, return to the VMware Horizon tab.
2. Click the Horizon_WSO desktop pool.

NOTE: If you are prompted to login, remember that the username is Jim and the password is VMware1!.

Notice that the desktop background was pushed down to the endpoint.  The Horizon desktop is now managed by Workspace ONE UEM.  

In this module we did the following:

• Prepared a system for Horizon
• Created a command line enrollment method
• Created a manual pool in Horizon
• Connected to the manual pool and enrolled to Workspace ONE
• Created a device profile to customize the desktop
• Pushed the device profile down to a desktop and validated it was received

This module was a brief walk-through of managing Horizon desktops with Workspace ONE UEM

To learn more about managing Windows 10 with Workspace UEM, take the following labs.

• HOL-2251-09-DWS Module 2 - Introduction to Windows 10 Management
• HOL-2251-09-DWS Module 1 - Introduction to Freestyle Orchestrator

Congratulations on completing Module 4.

If you are looking for additional information on Horizon, try one of these:

• Click on this link
• Or go to https://www.vmware.com/products/horizon.html
• Or learn more about Anywhere Workspace Solutions

Proceed to any module below which interests you most.

• Module 1 - Virtual Desktop Pools (30 minutes) (Basic) Create and entitle both Windows and Server desktop pools.
• Module 2 - Create an RDSH Farm - Instant Clones (15 minutes) (Basic) Create, provision and load balance RDSH farms.
• Module 3 - Application Pools (15 minutes) (Basic) Create and maintain both RDSH & VM hosted application pools.
• Module 4 - Modern Management of Horizon Desktops (30 minutes) (Advanced) Workspace ONE UEM modern management for VMware Horizon Windows 10
• Module 5 - Integrate Horizon with Workspace ONE Access (60 minutes) (Basic) Workspace ONE Access delivering a secure and comprehensive catalog of apps and desktops from VMware Horizon.
• Module 6 - Single Sign-On with True SSO and Workspace ONE Access (15 minutes) (Basic) Workspace ONE access, TrueSSO, RADIUS and SSO integration with VMware Horizon.
• Module 7 - Dynamic Environment Manager (60 minutes) (Basic) Overview of Dynamic Environment Manager capabilities with focused on key features and integration with Horizon (smart policies).
• Module 8 - App Volumes (60 minutes) (Basic) Explore the new simplified application management workflows of App Volumes 4.
• Module 9 - VMware Horizon Cloud Service (60 minutes) (Basic) Introduction to Horizon Cloud Services and capabilities.

To end your lab click on the END button.  

Interested in learning more about VMware End User Computing (EUC) but don't know where to start? Look no further than https://techzone.vmware.com, your fastest path to understanding, evaluating, and deploying VMware End User Computing products!

Tech Zone focuses on providing practical product guidance, curated activity paths, and technical content to take you from zero to hero!  Our mission at Tech Zone is to provide you with the resources you need to keep leveling up your knowledge no matter where you are in your digital workspace journey.

Interested? Check us out at https://techzone.vmware.com!

Integrating VMware Horizon with the VMware Workspace ONE Access service provides users with the ability to access their entitled Horizon desktops and applications from the Workspace ONE portal or app. You can integrate independent Horizon pods, which consist of Horizon Connection Server instances, and pod federations, which contain multiple pods and can span multiple sites and data centers.

You deploy and manage desktop and application pools in the Horizon Administrator interface. You also create entitlements for Active Directory users and groups in Horizon, not in Workspace ONE Access. You must sync these users and groups to the Workspace ONE Access service from Active Directory before integrating with Horizon.

To integrate Horizon pods and pod federations with Workspace ONE Access, you create one or more virtual apps collections in the Workspace ONE Access administration console. The collections contain the configuration information for the pods and pod federations, as well as sync settings. You then sync the Horizon resources and entitlements to Workspace ONE Access.

In the Workspace ONE Access administration console, you can view the Horizon desktops and applications. You can also view user and group entitlements.

End users can run their entitled desktops and applications from the Workspace ONE portal or app. These desktops and apps can be accessed over HTML in a browser or over a supported display protocol in the Horizon Client.

1. From the desktop of the Main Console, double-click Google Chrome

1. Select Horizon from the bookmarks bar
2. Select Horizon-02-AdminConsole

1. User name: administrator
2. Password: VMware1!
3. Click Sign in

1. Select Desktops from the Inventory drop-down

1. Select Manual-Pool from the list of Desktop Pools

1. Select Entitlements
2. Verify the Domain Users group has been entitled to the Desktop Pool

1. Click the Machines tab
2. Note there are currently no VMs in this pool
3. Click Add

1. Check the box to select base-w10-x64-01
2. Click OK

Wait for the success message to confirm the machine was added successfully.

Continue to the next step when this message is displayed.

1. Refresh the window
2. Verify the VM is added to the pool

Leave the VMware Horizon Console tab open in Chrome, as you will use it in the next lesson.

To launch remote desktops and applications from Workspace ONE Access or to connect to remote desktops and applications through a third-party load balancer or gateway, you must create a SAML authenticator in Horizon.

A SAML authenticator contains the trust and metadata exchange between Horizon and the device to which clients connect.

You associate a SAML authenticator with a Connection Server instance. If your deployment includes more than one Connection Server instance, you must associate the SAML authenticator with each instance.

1. Scroll down to find the Settings section
2. Expand Settings and select Servers
3. Select Connection Servers
4. Select HORIZON-02
5. Select Edit

1. Select Authentication

You have successfully configured your Horizon Connection Server for SAML authentication.

Leave Chrome running as you will use it in the next lesson.

The Horizon Cloud Pod Architecture (CPA) feature links together multiple Horizon pods to form a single, large desktop and application brokering and management environment called a pod federation. A pod federation can span multiple sites and data centers.

While CPA is outside the scope of this lab, note that Workspace ONE Access can be integrated with both single Horizon pods as well as CPA pod federations.

To integrate Horizon pods in Workspace ONE Access, you create one or more virtual apps collections in the Workspace ONE Access administration console. The collections contain the configuration information for the Horizon Connection Servers as well as sync settings.

1. In Google Chrome, click the New Tab button
2. Select WS1 from the shortcut menu
3. Select WS1 Access-01 Admin

1. Click the drop-down menu to select a domain
2. Select System Domain
3. Clear the checkbox for Remember this setting
4. Select Next

The System Directory is a local directory that is automatically created in the service when Workspace ONE Access is initially set up. This directory has the domain System Domain. You cannot change the name or domain of the System Directory, or add new domains to it, nor can you delete the System Directory or the System Domain.

The local administrator user that is created when you first set up the Workspace ONE Access appliance is created in the System Domain of the System Directory.

The System Directory is typically used to set up a few local administrator users to manage the service. In the following step, you will authenticate with a local administrator account called admin.

1. Username: admin
2. Password: VMware1!
3. Click Sign in

You can integrate Horizon desktops and applications, Horizon Cloud desktops and applications, Citrix published resources, and ThinApp applications with WS1 Access.

1. Select the Catalog tab, being sure to click on the down arrow
2. Select Virtual Apps

Note: The Virtual Apps page may take several seconds to load the first time. If the list of apps does not show up within several seconds, please refresh the Chrome browser window.

Workspace ONE Access has already been integrated with one Horizon Pod containing a single Horizon Connection Server: Horizon-01.corp.local.

1. Review the list of applications in the catalog, which are delivered from Horizon-01. Note there are individual application names such as Notepad++ as well as desktop pool names like Instant Clone Pool.
2. Review the associated application types. Note there are two types currently configured: Horizon Application (published application) and Horizon Desktop (VDI desktop).

1. Note there is an existing Virtual Apps configuration item of source type Horizon
2. Select NEW

Workspace ONE Access is now syncing Horizon resources from two independent Horizon implementations. WS1 Access creates a single catalog of desktop and application resources that can be distributed to end users.

1. Navigate to the VMware Workspace ONE tab in Chrome.

You should still have Chrome opened with a tab for VMware Workspace ONE.

1. Select the drop-down menu next to the logged on user
2. Select Logout

1. Select Go back to login page

If you checked the Remember this settings box when logging in last time, you will be prompted to sign in with a System Domain account again. If this occurs, click Change to a different domain. If this screen is not displayed, ignore these instructions.

Continue to the next step.

1. Verify the domain selected is corp.local
2. Select Remember this setting
3. Select Next

1. Username:  user1mod5
2. Password: VMware1!
3. Click Sign in

Once logged on to Workspace ONE, your catalog of applications and desktops is available.

1. Select the User Logo (UM)
2. Select Account

Workspace ONE is currently configured to launch apps and desktops using the Horizon Client.

While this option provides the best overall user experience, Horizon also supports HTML access for added flexibility.

1. Click Browser (this will auto update)

1. Select Apps

1. Click the Man-Pool1 tile

Workspace ONE Access checks the network and access policy rules, then passes a SAML token to Horizon to start and authenticate to the remote desktop.

If you get a popup warning while connecting to the Horizon desktop pool:

1. Click the popup settings
2. Select Always allow pop-ups...
3. Click Done

1. The remote desktop is opened in a new Chrome tab
2. Click to expand the Horizon Client controls

1. Select Options for the running VM
2. Select Log Off

1. Select OK
2. Select Close

1. Select Options for Horizon
2. Select Log out

1. Select OK

1. Return to the Workspace ONE Access tab in Google Chrome
2. Select the user logo (UM)
3. Select Sign Out

Leave this page open as you will use it in the next exercise.

1. From the desktop of the Main Console, double-click Google Chrome

1. Select WS1 from the shortcut menu
2. Select WS1 Access-01 Admin

1. Select Sign In

1. The logon page is currently configured to authenticate to the corp.local domain
2. Select Change to a different domain

1. Click the drop-down menu to select a domain
2. Select System Domain
3. Clear the checkbox for Remember this setting
4. Select Next

The System Directory is a local directory that is automatically created in the service when Identity Manager is first set up. This directory has the domain System Domain. You cannot change the name or domain of the System Directory, or add new domains to it. Nor can you delete the System Directory or the System Domain.

The local administrator user that is created when you first set up the Workspace ONE Access appliance is created in the System Domain of the System Directory.

The System Directory is typically used to set up a few local administrator users to manage the service. In the following step you will authenticate with a local administrator account called admin.

Authenticate to the System Domain as admin.

1. Username: admin
2. Password: VMware1!
3. Select Sign in

1. Select Identity & Access Management
2. Select Policies

1. Select Network Ranges

1. Select Add Network Range

A default network range containing all IP addresses is created be default. You can modify the existing range, and/or add new ranges.

In this lesson, you will create a new network range and use it to apply policies.

1. Name: Corporate Network
2. IP Ranges: 192.168.0.0 to 192.168.255.255
3. Select Save

1. Wait for the success message to appear
2. Select the X to close the Network Ranges dialog box

The Workspace ONE Access service includes a default access policy that controls user access to their Workspace ONE portals and their Web applications. You can edit the policy to change the policy rules as necessary.

When you enable authentication methods other than password authentication, you must edit the default policy to add the enabled authentication method to the policy rules.

Each rule in the default access policy requires that a set of criteria be met to allow user access to the applications in the portal. You apply a network range, select which type of user can access the content, and select the authentication methods to use.

1. Select default_access_policy_set

1. The default access policy applies to 21 applications in the catalog
   This is the Horizon Desktop Pool as a result of the sync operation you completed.
2. There are two policy rules created by default, controlling the access behavior when users logon from a Web Browser or the Workspace ONE App
3. Select Edit

1. Select Configuration

1. Select Cancel as no changes are necessary for this lab.

The default policy can be modified as needed.

A policy rule can be configured to deny access to users by network range and device type.

You will create a rule to deny access to a Horizon published application when it is accessed from a specific network.

1. Select Add Policy

1. Policy Name: Internal Network
2. Click in the Select applications from your catalog... window to bring up a list of available applications
3. Select Man-Pool1
4. Click Next

1. Select Add Policy Rule

1. Choose Corporate Network for the user network range
2. Enter Domain Users into the User Group search
3. Click Domain Users@corp.local from the results to select it

1. Choose Deny access from the Action drop-down list
2. Click Save

1. Select Next

1. Select Save

Wait for the success message indicating the policy has been added.

The client access URL is used to launch locally-entitled resources from the Horizon pod, when users request applications and desktops via Workspace ONE Access.

In an earlier exercise, you configured Horizon Virtual Apps, and supplied the FQDN of a single Connection Server to complete the Workspace ONE Access integration with your Horizon pod.

In production Horizon implementations, it is common to configure a load-balancer virtual IP (VIP) in front of your Connection Servers or UAGs. The client access URL should be configured so it directs requests for Horizon resources to the VIP.

1. Select Catalog, making sure you click the down arrow
2. Select Virtual Apps Collection

1. Select Horizon02

You have successfully:

• Added and configured a network range.
• Create an access policy to deny access to an application from a specific network range.
• Configured the client access URL access to your Horizon pod resources.

You should already have Chrome open with a tab to VMware Workspace ONE. If so, you can skip the next couple of steps and proceed to Authenticate to Workspace ONE as an End User.

1. From the desktop of the Main Console, double-click Google Chrome

1. Select WS1 from the Chrome bookmarks bar
2. Select VIDM-01 Admin

1. Verify the domain selected is corp.local
2. Select Next

1. Username: user1mod5
2. Password: VMware1!
3. Select Sign in

1. Click Man-Pool1

1. Select OK

This time the Horizon Desktop can not be opened due to the deny rule you created in the previous exercise.

Congratulations on completing  Module 5.

If you are looking for additional information on Horizon, try one of these:

• Click on this link
• Or go to https://www.vmware.com/products/horizon.html
• Or learn more about Anywhere Workspace Solutions

Proceed to any module below which interests you most.

• Module 1 - Virtual Desktop Pools (30 minutes) (Basic) Create and entitle both Windows and Server desktop pools.
• Module 2 - Create an RDSH Farm - Instant Clones (15 minutes) (Basic) Create, provision and load balance RDSH farms.
• Module 3 - Application Pools (15 minutes) (Basic) Create and maintain both RDSH & VM hosted application pools.
• Module 4 - Modern Management of Horizon Desktops (30 minutes) (Advanced) Workspace ONE UEM modern management for VMware Horizon Windows 10
• Module 5 - Integrate Horizon with Workspace ONE Access (60 minutes) (Basic) Workspace ONE Access delivering a secure and comprehensive catalog of apps and desktops from VMware Horizon.
• Module 6 - Single Sign-On with True SSO and Workspace ONE Access (15 minutes) (Basic) Workspace ONE access, TrueSSO, RADIUS and SSO integration with VMware Horizon.
• Module 7 - Dynamic Environment Manager (60 minutes) (Basic) Overview of Dynamic Environment Manager capabilities with focused on key features and integration with Horizon (smart policies).
• Module 8 - App Volumes (60 minutes) (Basic) Explore the new simplified application management workflows of App Volumes 4.
• Module 9 - VMware Horizon Cloud Service (60 minutes) (Basic) Introduction to Horizon Cloud Services and capabilities.

To end your lab click on the END button.  

Interested in learning more about VMware End User Computing (EUC) but don't know where to start? Look no further than https://techzone.vmware.com, your fastest path to understanding, evaluating, and deploying VMware End User Computing products!

Tech Zone focuses on providing practical product guidance, curated activity paths, and technical content to take you from zero to hero!  Our mission at Tech Zone is to provide you with the resources you need to keep leveling up your knowledge no matter where you are in your digital workspace journey.

Interested? Check us out at https://techzone.vmware.com!

True SSO provides a way to authenticate to Microsoft Windows, retaining all of the users normal domain privileges, without requiring them to provide AD credentials. True SSO is a VMware Horizon technology that integrates VMware Identity Manager with Horizon.  With the True SSO (single sign-on) feature, after users log in to VMware Identity Manager using a smart card or RSA SecurID or RADIUS authentication, users are not required to also enter Active Directory credentials in order to use a virtual desktop or published desktop or application.

True SSO uses SAML (Security Assertion Markup Language) to send the User Principal Name (for example, sarah@example.com) to the identity providers authentication system to access AD credentials. Horizon then generates a unique, short-lived certificate for the Windows login process.

• Separates authentication (validating a users identity) from access (such as to a specific Windows desktop or application).
• Provides enhanced security. User credentials are secured by a digital certificate. No passwords are vaulted or transferred within the data center.
• Supports a wide range of authentication methods. Selecting or changing authentication protocols has a limited impact on the infrastructure of the enterprise.

1. User authenticates to VMware Identity Manager using an extensive set of authentication methods (RSA SecurID, RADIUS, Biometric, etc). After authentication the user selects a desktop or application to launch.
2. Horizon Client is launched with the user's identity and credentials are directed to the Connection Server.
3. The connection server validates the user's identity with Identity Manager by sending a SAML assertion.
4. Using the certificate enrollment service, Horizon requests the Microsoft Certificate Authority (CA) generate a temporary, short-lived certificate on behalf of that user.
5. Horizon presents the certificate to the Windows operating system.
6. Windows validates the authenticity of the certificate with Active Directory.
7. The user is logged in to the Windows desktop or application, and a remote session is initiated on the Horizon Client.

For True SSO to function, several components must be installed and configured within the environment. The enrollment server is responsible for receiving certificate signing requests (CSR) from the Connection Server. The enrollment server then passes the CSRs to the Microsoft Certificate Authority to sign using the relevant certificate template. The Enrollment Server is a lightweight service that can be installed on a dedicated Windows Server instance, or it can co-exist with the MS Certificate Authority service.

Many user authentication options are available for logging in to VMware Workspace ONE Access.  Active Directory credentials are only one of these many authentication options. Ordinarily, using anything other than AD credentials would prevent a user from being able to single-sign-on to a Horizon virtual desktop or published application. After selecting the desktop or published app from the catalog, the user would be prompted to authenticate again, this time with AD credentials.

True SSO provides users with SSO to Horizon desktops and applications regardless of the authentication mechanism used. True SSO uses SAML, where Workspace ONE is the Identity Provider and the Horizon server is the Service Provider. True SSO generates unique, short-lived certificates to manage the login process.

In this lesson we will setup RADIUS as an additional authentication and configure it to work with our FreeRADIUS.net instance

VMware Workspace ONE using Identity Manager allows for setting up Network Ranges and different authentication policies that can be assigned to different network ranges. For example, you might want your end-users to authenticate with their Active Directory credentials when they are in the office and connected to the corporate network.  You might want your users to use 2-factor authentication when working from home. You might have a group of users requiring Multi-Factor Authentication (MFA) because of the applications they can access.

For this lab, we are using FreeRADIUS.net to simulate a RADIUS compatible authentication adapter, in a real-world scenario this could be your RSA server or any other 2-factor authentication solution supporting RADIUS protocol. We have setup a different password (2251) other than the default AD-password (VMware1!) typically used in the HOL, so consider this your RSA token.  We will start this simulation in the next steps.

We will walk through the configuration of the RADIUS authentication adapter within Workspace ONE Access and assign RADIUS authentication to all connections coming from a specific network range.

1. Open the Start Menu on the main console
2. Select FreeRADIUS START
3. Verify FreeRADIUS is started and Ready to process requests.

Attention: Please leave the FreeRADIUS START window open or minimize it, but DO NOT close it.

From the main console, Open Google Chrome

1. Click WS1 on the Bookmark bar and open WS Access-01 Admin to open the management Console
2. Confirm System Domain and click Next

1. Username: Admin
2. Password: VMware1!
3. Click Sign in

1. Click Identity & Access Management tab
2. Click Setup on the tab to the right next to manage
   1. You should be on the Legacy Connectors tab
3. Click on conn-01 under Worker.  conn-01 is the Workspace One Access Connector that is already setup to handle synchronization of the directory / Horizon and to configure authentication.

1. Click Auth Adapters in the center top
2. Click RadiusAuthAdapter at the bottom, and notice it is disabled so we will enable it in the next step

This will redirect you to the Admin Console to edit the Authentication Adapter.

Note:  Leave all of the settings that we don't mention below to their defaults

1. Check 'Enable RADIUS Adapter'
2. Check 'Enable direct authentication' to Radius server during auth chaining'
3. Set 'Number of attempts to Radius server' to 5
4. Set 'Server timeout in seconds' to 5
5. Specify 192.168.110.10 as the RADIUS server ip. This is the IP of the Main Console where we are running FreeRADIUS.
6. Scroll down
7. Set Accounting port to 1813
8. Chose PAP as Authentication type
9. Enter EUCrocks! as the shared secret
10. Leave configuration for secondary server empty
11. Click Save

Confirm no errors at the top.

Confirm that RadiusAuthAdapter shows Enabled.

1. Close this tab to return to the Admin Console

To limit RADIUS authentication to clients in a specific network, we have to create a networks range and modify the default policy to use RADIUS for this specific range we create. We will be logging in from a Windows 10 Desktop in the Instant Clone pool so will use that network range to use to login with RADIUS authentication.

1. Click Manage on the right side next to Setup
2. Click Policies
3. Click Network Ranges

Click Add Network Range

1. Enter RADIUS Test as 'Name' for the network range
2. Provide a description RADIUS Test (optional)
3. Enter 192.168.100.1 as 'From'
4. Enter 192.168.100.255 as 'To'
5. Click Save

This will add all the 192.168.100.xxx IP addresses to the RADIUS Test network range and will include our test VM.

1. Verify RADIUS Test IP Address Range was created
2. Close the Network Ranges Window

Click default_access_policy_set

Click Edit

1. Click the X to ignore the warning about modifying the default policy
2. Click the Next

Click Add Policy Rule

We will add a policy to use RADIUS for our newly created network range test

1. Select RADIUS Test from dropdown menu for "If a user's network range is"
2. Select Web Browser from dropdown menu for "and user accessing content from"
3. Select RADIUS from dropdown menu for "then the user may authenticate using"
4. Select Password from dropdown menu for "If the preceding method fails or is not applicable, then"
5. Scroll Down

1. Click on Advanced Properties

Besides setting the time after which a user has to re-authenticate, you can configure a Custom Error Message, Custom Error Link Text and a Custom Error Link URL, where you could guide the user to a how-to document or further information on how to resolve any issues with authentication.

Please take a minute to look at all the different and authentication method options, allowing you to setup different authentication methods for different devices/access methods and locations (based on network range). You can also combine multiple authentication methods if you need more than 2-factor authentication.

2. Click Save

1. Hover the mouse cursor over Radius Test until the cursor changes, then click on Radius Test and keep the button pushed
2. Drag the rule all the way to the top
3. Release the Radius Test Policy Rule

1. Verify Radius Test is listed as the first rule
2. Click Next

1. Verify Policy Rule
2. Click Save

You have set up a new policy rule to use RADIUS authentication with the IP range specified. Next we will test connecting from a desktop in that IP range and see we are prompted for our RADIUS password instead of our AD password.

The next steps are to turn on True SSO in vIDM under the Virtual Apps configuration.

1. In the Workspace ONE Access admin console, click on the Catalog pull down
2. Select Virtual Apps Collection

1. Click on the Virtual Apps Collection named Horizon

1. Click Edit

1. Click Next

1. Notice that True SSO is set to disabled currently
2. Click on the Horizon Connection Server horizon-01.corp.local
3. Set True SSO to Enabled
4. Click Save

Verify that True SSO is now enabled

1. Click Next

1. Click Next

1. Review configuration and click Save

Now we will test the RADIUS authentication. We will test the connection by first opening up a Windows 10 VM via the Horizon Client and then logging in via RADIUS authentication from that client that is in the IP range we specified.

Open Horizon Client from the Main Console desktop

1. Click horizon-01.corp.local

1. User name: user1mod1
2. Password: VMware1!
3. Click Login

Double-click Instant Clone Pool to open the Windows10 VM

Wait for the Instant Clone VM to load, then

1. Notice the subnet of the VM is 192.168.100.xxx (which is within the Network Range we defined earlier in the policy)
2. Open the Google Chrome Browser
3. Type https://access-01.corp.local

1. Confirm domain is set to corp.local and click Next

Since the IP address of our test VM is within the RADIUS test network range (192.168.100.180-192.168.100.190) we defined earlier, we now (as expected) get prompted for the RADIUS Passcode instead of our CORP.LOCAL domain password.

1. Notice "Please enter RADIUS Passcode" message
2. Username: user1mod1
3. RADIUS Passcode: 2251
4. Click Sign In

Since we are logging in as a new user, there are no favorite applications defined.  Click the Apps tab to see the applications assigned to this user.

You will now see all applications which are assigned to the user.  

Let's launch an application and verify that we are not prompted for login or password for AD using True SSO.

1. Click on All Apps
2. Click on Open for the Horizon Application Calculator.

1. You will see a separate tab open up on the browser and credentials passed to the Horizon-01 environment. It may take a minute in this limited lab environment to open up this application.
2. Verify that Calculator launches and doesn't ask for login. You may need to close the Horizon slide out to see the application. To close the slide out just click on the three lines on the pull out.
3. Click X to close the calculator app.

1. Click Options at the top of the Windows 10 VM window
2. Select Disconnect and Log Off
3. Click OK

1. Click the X to close the Horizon Client

Congratulations on completing  Module 6.

If you are looking for additional information on Horizon, try one of these:

• Click on this link
• Or go to https://www.vmware.com/products/horizon.html
• Or learn more about Anywhere Workspace Solutions

Proceed to any module below which interests you most.

• Module 1 - Virtual Desktop Pools (30 minutes) (Basic) Create and entitle both Windows and Server desktop pools.
• Module 2 - Create an RDSH Farm - Instant Clones (15 minutes) (Basic) Create, provision and load balance RDSH farms.
• Module 3 - Application Pools (15 minutes) (Basic) Create and maintain both RDSH & VM hosted application pools.
• Module 4 - Modern Management of Horizon Desktops (30 minutes) (Advanced) Workspace ONE UEM modern management for VMware Horizon Windows 10
• Module 5 - Integrate Horizon with Workspace ONE Access (60 minutes) (Basic) Workspace ONE Access delivering a secure and comprehensive catalog of apps and desktops from VMware Horizon.
• Module 6 - Single Sign-On with True SSO and Workspace ONE Access (15 minutes) (Basic) Workspace ONE access, TrueSSO, RADIUS and SSO integration with VMware Horizon.
• Module 7 - Dynamic Environment Manager (60 minutes) (Basic) Overview of Dynamic Environment Manager capabilities with focused on key features and integration with Horizon (smart policies).
• Module 8 - App Volumes (60 minutes) (Basic) Explore the new simplified application management workflows of App Volumes 4.
• Module 9 - VMware Horizon Cloud Service (60 minutes) (Basic) Introduction to Horizon Cloud Services and capabilities.

To end your lab click on the END button.  

Interested in learning more about VMware End User Computing (EUC) but don't know where to start? Look no further than https://techzone.vmware.com, your fastest path to understanding, evaluating, and deploying VMware End User Computing products!

Tech Zone focuses on providing practical product guidance, curated activity paths, and technical content to take you from zero to hero!  Our mission at Tech Zone is to provide you with the resources you need to keep leveling up your knowledge no matter where you are in your digital workspace journey.

Interested? Check us out at https://techzone.vmware.com!

VMware Dynamic Environment Manager (DEM) offers personalization and dynamic policy configuration across any virtual, physical, or cloud-based Windows desktop environment. Dynamic Environment Manager simplifies end-user profile management by providing organizations with a single, light-weight, and scalable solution that leverages existing infrastructure. It accelerates time-to-desktop and time-to-application by replacing bloated roaming profiles and unmanageable, complex logon scripts. It maps environmental settings (such as networked drives and printers), and dynamically applies end user security policies and personalizations. This focused, powerful, and scalable solution is engineered to deliver workplace productivity while driving down the cost of day-to-day desktop support and operations.

• Centralized and simplified management of Windows environments
• Dynamic, contextual policy management
• Consistent user experience across devices and locations
• Integration with Horizon through Smart Policies
• Easy Start for adding applications and environment settings to manage
• Application templates and Application Profiler
• Self-Support Tool
• Helpdesk Support Tool

Some of the most popular reasons why enterprises choose Dynamic Environment Manager include:

• Saving users' settings across devices for a consistent user experience
• Improving logon times by carrying out tasks dynamically, if and when needed, instead of all at logon time
• Managing least privileges to improve IT operations with privilege elevation to elevate permissions instead of granting local admin privilege to end users
• Providing desktops just in time giving users the flexibility to customize their desktops while maintaining non-persistent desktops for streamlined management

Historically, DEM was included with Horizon 7 Enterprise licensing, or could be purchased stand-alone for use with Horizon Standard and Advanced licenses. With the release of Horizon 8 (2006), DEM licensing has been updated to make some DEM features available with all Horizon licenses.

A new version, DEM Standard, is now available for Horizon 7 and Horizon 8 Standard and Advanced. DEM Standard edition includes the following features:

• Personalization
• User Environment Configuration - Drive mapping, folder redirection, logon/logoff tasks, and printer mapping
• Condition Sets
• Application Profiler
• Helpdesk Support Tool

The full-featured DEM Enterprise continues to be bundled with Horizon Enterprise. DEM Enterprise provides all the capabilities of DEM Standard plus application blocking, privilege elevation, and more.

There are three main components of Dynamic Environment Manager:

1. Management Console - Primary application interface for IT to configure and manage Dynamic Environment Manager
2. FlexEngine - Agent component, which is installed on the virtual or physical machines that you want to manage
3. File shares - Dynamic Environment Manager relies on a folder hierarchy to store configuration files in the configuration share and user data in the profile archives share

This overview of the architecture shows how the components relate to each other. All components of Dynamic Environment Manager communicate using the SMB protocol.

• Dynamic Environment Manager GPO - You create a GPO for each Active Directory organizational unit (OU) you want to manage.
• Dynamic Environment Manager NoAD Mode - The NoAD mode is an alternative to configuring Dynamic Environment Manager with Active Directory Group Policy. You do not need to create a GPO, logon and logoff scripts, or configure Windows Group Policy settings.  In NoAD mode, all Dynamic Environment Manager GPO settings are ignored. If settings from a previous GPO-based deployment are encountered, no actions are performed and a message is logged to the FlexEngine log file.  You can provide the settings for configuring Dynamic Environment Manager with the NoAD mode through an XML file on the central configuration share. When a user logs in, FlexEngine reads the settings from the XML file and applies them to the registry.
• Dynamic Environment Manager Management Console - You use this Dynamic Environment Manager administrative UI to configure application settings, Windows environment manager settings, conditions under which the settings go into effect, and various other configuration settings and Horizon Smart Policies for things like printer mapping, attaching devices to the virtual desktop or application, and the ability to copy and paste text.
• Dynamic Environment Manager Application Profiler - For applications for which you cannot find an already-created application template, you can use this standalone application that analyzes where the application stores its file and registry configuration and also sets the initial configuration state of the application.
• Central configuration share - This file share stores the Management Console configuration and Dynamic Environment Manager configuration files. The Dynamic Environment Manager agent (FlexEngine) on virtual desktops and RDSH servers reads the configuration file on this share and applies the settings specified in the configuration file.
• Network folder per user - In this file share, each folder, or profile archive, contains ZIP files where the Dynamic Environment Manager agent (FlexEngine) stores the personalized settings of a user. For each Dynamic Environment Manager (Flex) configuration file that you create, FlexEngine creates a profile archive for each user.
• Dynamic Environment Manager Helpdesk Support Tool - This tool provides capabilities to support and maintain the Dynamic Environment Manager profile archives and profile archive backups.
• Clients with Dynamic Environment Manager FlexEngine - The agent software, FlexEngine, runs on each virtual desktop or RDSH server whose applications are to be managed. This agent reads the centralized configuration file, applies Dynamic Environment Manager settings, and saves those user settings that end users are allowed to control. In this client-server architecture, the FlexEngine agent software plays the client role, and the Dynamic Environment Manager Flex configuration file plays the server role.
• SyncTool - Laptop users who are not always connected to the corporate network need access to their Dynamic Environment Manager configuration files while offline. SyncTool makes all VMware Dynamic Environment Manager configuration files available locally and synchronizes changes when users connect to the corporate network. Additionally, users with a slow WAN connection can use local Dynamic Environment Manager configuration files, thus limiting network traffic and avoiding continuously roaming personal settings.

By default, Dynamic Environment Manager does not manage any applications or environment settings after you install it. You must specify which applications and settings to manage. Although this approach takes a little more work up front, this solution prevents excessive profile growth and profile corruption, enables user settings to roam across Windows versions, and gives you granular control to manage as much or as little of the user experience as needed.

To help with getting started, the Easy Start button instantly adds many common Windows applications, including several versions of Microsoft Office, to the list of applications managed by Dynamic Environment Manager. Many Windows environment settings are also added by Easy Start. You can then easily select an application or Windows setting to review and change the default settings.

With Dynamic Environment Manager personalization, end users can roam between physical, virtual, and cloud-based devices while preserving custom application and Windows settings. When a user logs in to a virtual desktop or application, Dynamic Environment Manager reads the profile archive file for that user's profile and dynamically applies customized settings. Whether roaming from device to device, or accessing non-persistent virtual machines, DEM personalization provides a consistent user experience.

Dynamic Environment Manager provides granular control over which apps or settings may be persisted between sessions. As the IT administrator, you control personalization through the use of application and Windows templates. A number of templates are included with DEM. In this lab, several templates have already been applied using the Easy Start feature. You can create your own templates using a simple utility, which is covered in the Application Profiler exercise. You also have the option to download a variety of templates from VMware. See the feature walkthrough on Tech Zone for more information on this feature.

From the Main Console, double-click the DEM Management Console shortcut on the desktop.  This will open up the Dynamic Environment Manager Management Console.

You may need to minimize the Chrome Browser so you can see the desktop.

1. Click the Personalization tab
2. Expand the Applications by clicking the + sign by the applications under General
3. Click on WordPad
4. Note the DirectFlex is configured and enabled for this application

The personalization template for WordPad has been applied for you using the DEM Easy Start feature.

In this exercise you will open WordPad, customize the layout, and verify those changes persist between sessions.

Leave the DEM management console open as you will use it again later in this exercise.

The Instant Clone desktop pool is configured for one-time use Windows 10 desktops, which are discarded at logoff.

From the desktop of the Main Console, double-click the VMware Horizon Client shortcut.

Double-click horizon-01.corp.local

1. Enter User name: user1mod7
2. Enter Password: VMware1!
3. Click Login

Double-click Instant Clone Pool to connect to a Windows 10 instant clone VM.

Click Allow for the Drive Sharing popup.

Once you are logged in, review and note the VM host name printed on the desktop. It may take several seconds after logon for this information to appear.

Note: You may get a different VM than what is pictured in this lab manual. Just take note of your host name as it will be used later in this exercise.

From the desktop of the instant clone VM, double-click the Wordpad shortcut.

1. Click View.
2. Clear the checkboxes for Ruler and Status Bar.
3. Change the Measurement units from Inches to Centimeters.

Click the X to close WordPad.

1. Click Options
2. Click Disconnect and Log Off

Click OK to confirm.

The instant clone VM is immediately deleted and recreated.

Double-click Instant Clone Pool to connect to a new Windows 10 instant clone VM.

NOTE: If you receive an error stating that the Desktop is logging off from a previous session, wait a few seconds and try the operation again.

While your host name may not match this screen shot, you should be connected to a different Windows 10 instant clone VM than you had previously.

From the desktop of the instant clone VM, double-click the WordPad shortcut.

1. Click View
2. Verify checkboxes for Ruler and Status Bar are still cleared.
3. Verify the Measurement units is still configured for Centimeters.

1. Click the X to close WordPad.
2. Click Minimize on the VMware Horizon Client bar.

Leave the Instant Clone Pool VM running as you will use it again in the next section. Minimize the window if you need to.

Along with persisting custom user settings, DEM personalization can be used to customize the user environment while an application is in use.

In this exercise you will configure WordPad personalization to map a drive at application open and disconnect the drive at application close. This type of dynamic drive mapping ensures resources are only consumed if and when they are needed, rather than performing unnecessary actions at logon.

If you do not still have the DEM management console running, open it from the Main Console desktop shortcut.

1. Click Personalization
2. Navigate to Wordpad
3. Select the User Environment tab
4. Click Add
5. Click Drive Mapping

1. Name: Map Apps
2. Drive letter: E
3. Remote path: \\controlcenter\sourceapps
4. Friendly name: Apps
5. Select Undo at application exit
6. Click Save

Click Save Config File to commit the changes.

Click to maximize the Instant Clone Pool VM.

From the Instant Clone VM, click Windows Explorer

1. Click This PC
2. Click View 
3. Click Small icons
4. Drag the Explorer window to one side of the screen so you can easily see the drive mappings in the next steps

From the desktop of the instant clone VM, double-click the Wordpad shortcut.

Note that E:\ is mapped as WordPad opens.

Click the X to close WordPad.

Note the drive mapping is disconnected as WordPad is closed.

Application Profiler is a standalone tool that helps you determine where in the file system or registry an application is storing its user settings. The output from Application Profiler is a configuration file (template) which can be used to preserve and roam application settings for your end users. Optionally, you can record a default set of application settings and apply and/or enforce these defaults for your users based on a variety of conditions.

Application Profiler analyzes where an application stores its file and registry configuration. The analysis results in an optimized Flex configuration file, which you can edit in the Application Profiler or use directly in the Dynamic Environment Manager environment.

With Application Profiler, you can also create application-specific predefined settings, with which you can set the initial configuration state of applications. Save the Flex configuration file with predefined settings to export the current application configuration state.

Application Profiler is licensed as a VMware Dynamic Environment Manager component and is available in both DEM Standard and DEM Enterprise.

In the following steps, you will profile an application following these simple steps:

1. Start Application Profiler.
2. From within Application Profiler, invoke the application you want to profile.
3. In the background, Application Profiler monitors the registry and file system actions of the running application.
4. Change the necessary settings in the application to make sure that all application settings are saved, and exit the application.
5. Application Profiler stops monitoring and outputs the collected information as a Flex configuration file.

If you already have the DEM management console running from a previous exercise, skip this step.

From the Main Console, double-click the DEM Management Console shortcut on the desktop. This will open up the Dynamic Environment Manager Management Console.

On the left side, expand the Applications folder to view the list of Flex configuration files in this environment. DEM provides personalization only for those applications and Windows settings you configure by adding Flex configuration files to the management console. You can add configuration files in several ways, including the use of downloadable templates. See the module on Personalization for more information.  

Notice Notepad++ is not in the list of applications.

In this module, you will profile the Notepad++ application so you can provide personalization, predefined settings, and more for your end users.

Minimize the DEM Management Console, but do not close it.

From the Main Console Desktop, click on the DEM Application Profiler shortcut to open the Application Profiler tool.

The application profiler produces four files upon completion of profiling an app:

1. INI - Dynamic Environment Manager configuration file containing the import and export locations. This file defines the parameters for Dynamic Environment Manager to manage the application.
2. ICO - Icon used by Dynamic Environment Manager Management Console and the Self-Support tool.
3. FLAG - Flag file for FlexEngine, when DirectFlex is enabled (default)
4. ZIP - Contains the predefined user settings (Only produced when creating predefined settings)

1. Click Start Session from the top left toolbar of the Application Profiler.
2. Navigate All Programs > Programs > Notepad++ and select Notepad++.
3. Click OK.

The Application Profiler invokes the executable to start Notepad++. As you make changes to the application configuration, the Application Profiler monitors the file system and registry to track where the changes are made.

1. From the menu bar, select Settings
2. Click on Preferences

1. From the Toolbar list, select Big icons.
2. De-select the Show status bar Show status bar check box.
3. Close the preferences box.

Note: In this example exercise, you are making minimal changes to the application. In practice, you should update many settings for an application to ensure all locations are captured by the Application Profiler tool. Remember, profiling an application is not about capturing specific settings, it is about learning where an application stores settings in the file system or registry. Some applications use the registry for some settings and an INI file for others. The more settings you change during profiling, the better the Application Profiler tool can learn to provide personalization for an application.

1. Click Close for the Notepad++ app.

Application Profiler detects when Notepad++ has stopped running and terminates the monitoring process.

1. The Application Profiler has determined the changes you made to the application settings were stored in <AppData>\Notepad++.
2. Click OK

Minimize the Application Profiler and continue to the next step. 

1. Click Start
2. Enter: %appdata%, then press ENTER.

Double-click Notepad++

Notepad++ stores all sorts of configuration data in this location. During the application profiling process, you changed two settings which were written to files in this location. Application Profiler will produce a Flex configuration file that monitors this entire directory for changes because it has learned this is where the application stores them.

If you would like to see where the settings you changed (Big icons, hide status bar) were written:

1. Double-click config.xml
2. Scroll or search for guiconfig (you can use CTRL+F and type guiconfig to search)

1. Restore the VMware Dynamic Environment Manager Application Profiler from the taskbar
2. From the DEM Application Profiler, Click on Save
3. Click Save Config File from the choices

Note: Because you selected Save Config File, rather than Save Config File with Predefined Settings, the preference settings you changed in this lab will NOT be presented to end users or when you launch the Notepad++ application in the next steps.  You changed only preference settings in Notepad++ so that Application Profiler could monitor and determine the location in which Notepad++ stores configuration changes.  

If you select Save a Flex Configuration File with Predefined Settings, a profile archive is created to use for predefined settings when a user logs in. 

1. Save the files to the desktop by selecting Desktop in the left menu.
2. Enter NPP for the File name
3. Click Save
4. Close the Application Profiler by clicking on the X in the top right corner of the Application Profiler window.

Now that you have profiled Notepad++, you can import the files created by the Application Profiler to the DEM Management Console. Once imported, you can use the Flex config file to provide personalization to end users for the Notepad++ application.

1. On the desktop of the Main Console, select all three files created by the Application Profiler: NPP.ini, NPP.ini.flag, NPP.ico.
2. Once all three are selected, Right click on them and select Copy.

Remember the INI file is the application config file, the INI.FLAG file tells DEM to import and export the settings when the application opens and closes, and ICO is the icon file.

1. Open Windows Explorer from the taskbar
2. Navigate to C:\DEMProd\general\Applications
3. Paste the 3 files here by right clicking then select Paste

1. Navigate to the DEM Management Console. Be sure NOT to click on the Application Profiler window.
2. Click the Refresh Tree Button on the top left bar under Personalization.
3. Click the + sign to expand the Applications folder, if necessary.
4. Click NPP to view the contents of the Flex Config file generated by the Application Profiler.

VMware provides application management templates for commonly-used software packages, and the VMware Dynamic Environment Manager Community Forum contains many more templates created with an included tool called Application Profiler.

Application Profiler is a standalone tool that helps you determine where in the file system or registry an application is storing its user settings. The output from Application Profiler is a configuration file which can be used to preserve and roam application settings for your end users. Optionally, you can record a default set of application settings, and apply and/or enforce these defaults for your users based on a variety of conditions.

Congratulations on completing Module 7.

If you are looking for additional information on Horizon, try one of these:

• Click on this link
• Or go to https://www.vmware.com/products/horizon.html
• Or learn more about Anywhere Workspace Solutions

Proceed to any module below which interests you most.

• Module 1 - Virtual Desktop Pools (30 minutes) (Basic) Create and entitle both Windows and Server desktop pools.
• Module 2 - Create an RDSH Farm - Instant Clones (15 minutes) (Basic) Create, provision and load balance RDSH farms.
• Module 3 - Application Pools (15 minutes) (Basic) Create and maintain both RDSH & VM hosted application pools.
• Module 4 - Modern Management of Horizon Desktops (30 minutes) (Advanced) Workspace ONE UEM modern management for VMware Horizon Windows 10
• Module 5 - Integrate Horizon with Workspace ONE Access (60 minutes) (Basic) Workspace ONE Access delivering a secure and comprehensive catalog of apps and desktops from VMware Horizon.
• Module 6 - Single Sign-On with True SSO and Workspace ONE Access (15 minutes) (Basic) Workspace ONE access, TrueSSO, RADIUS and SSO integration with VMware Horizon.
• Module 7 - Dynamic Environment Manager (60 minutes) (Basic) Overview of Dynamic Environment Manager capabilities with focused on key features and integration with Horizon (smart policies).
• Module 8 - App Volumes (60 minutes) (Basic) Explore the new simplified application management workflows of App Volumes 4.
• Module 9 - VMware Horizon Cloud Service (60 minutes) (Basic) Introduction to Horizon Cloud Services and capabilities.

To end your lab click on the END button.  

Interested in learning more about VMware End User Computing (EUC) but don't know where to start? Look no further than https://techzone.vmware.com, your fastest path to understanding, evaluating, and deploying VMware End User Computing products!

Tech Zone focuses on providing practical product guidance, curated activity paths, and technical content to take you from zero to hero!  Our mission at Tech Zone is to provide you with the resources you need to keep leveling up your knowledge no matter where you are in your digital workspace journey.

Interested? Check us out at https://techzone.vmware.com!

App Volumes is a real-time application delivery and lifecycle management tool. Enterprises use App Volumes to centrally manage applications that are deployed to desktops with virtual disks. App Volumes scales easily and cost effectively without compromising the end-user experience. In App Volumes 4, a new single-app packaging strategy makes it easier to package applications individually and deliver them in any combination. 

• Simplified application management Decouple package management from application delivery, enabling application owners and packagers to work freely and respond quickly to user requests. Application owners can manage the full lifecycle of an application by updating a new version and publishing it through a workflow.
• Cost-optimized application delivery Provide more flexible delivery of applications to users, groups, and devices without changing the existing infrastructure, thereby reducing compute, network, and storage costs.
• Seamless end-user experience Support fully customizable desktops with the option for end users to install their own applications on writable volumes. Users get a persistent user experience in a non-persistent environment.
• Application lifecycle management Manage the entire application lifecycle, from initial installation, through updates and upgrades, to seamless replacement. Save time with single-point application deployment and management.
• Image management Manage a common base image while also providing applications outside of the image to specific users and groups in an easily customized and componentized fashion.

With App Volumes 4, simplified application management (SAM) improves the way the application lifecycle is managed. Instead of capturing applications in objects called AppStacks, as you did in App Volumes 2.x, you now work with applications, packages, and programs. These additional components provide you with granular control over the application lifecycle and improve administrative workflows.

What is an Application Package?

In App Volumes 4, applications are associated with certain VMDK or VHD files, which are called packages. (They were called AppStacks earlier, in App Volumes 2.x.) One or more packages are assigned to an application, and it is at the application level that you assign the packages to desktops.

With App Volumes, applications are presented to the operating system (OS) as if they were natively installed. Quickly providing users with applications that require no installation reduces infrastructure strain and overhead and simplifies application lifecycle management. When an application is no longer required, you can easily remove it.

Applications delivered by App Volumes follow users seamlessly across sessions and devices. Administrators can assign, update, or remove applications at the next user login.

1. Expand the Programs and Features window until you can see the Version column on the right. Note that the currently installed version of VLC Media Player is 3.0.13.

On the Main Console desktop, launch the Google Chrome browser

To login to the App Volumes Manager:

1. Open the AppVolumes shortcut folder
2. Click on AppVol-01 shortcut
3. Enter Username: Administrator
4. Enter Password: VMware1!
5. Click Login

Applications are a logical construct new to App Volumes 4.x and represent a collection of packaged versions of a particular application. Packages are entitled to end users and computers at the application layer.

1. On the Applications tab, click Create

1. In the Name field, enter 7-Zip. Note that we are not entering an application version number, because the 7-Zip Application would likely contain several different versions of the 7-Zip software in a production environment.
2. Click Create

1. Click Create

1. In the Name field, enter 7-Zip 19.00. Note that we are using the version name here, because we are creating a package for this specific version of 7-Zip.
2. Click the Stage drop down and note the various lifecycle stages available with which to label this application. Leave the application stage at New.
3. Click Create.

1. Click Create

1. From the Inventory tab, click Packages
2. Click the + icon next to 7-Zip 19.00
3. Click Package

1. In the Find Packaging Computer field, enter Win10
2. Click Search
3. Select the radio button next to CORP\Win10-01B$
4. Click Package

IMPORTANT: If CORP\WIN10-01B$ shows Powered Off instead of Available, follow the steps below. Otherwise, continue to the next step.

1. Click the Remote Desktop Connection shortcut from the task bar.
2. Enter win10-01b.corp.local for the Computer name.
3. Click Connect.
4. Enter VMware1! for the password.
5. Click OK.

On the Win10-01b virtual machine:

1. Click the Search bar and type services.
2. Click the Services app result.

1. Right-click the App Volumes Service.
2. Click Restart.
3. After the service restarts, click X to close the Services menu.
4. Click X on the remote desktop bar to close the connection to Win10-01b.

After this is completed, return to the App Volumes Manager in Google Chrome on the Main Desktop and complete steps at the top of this section again by re-searching for Win10 in the Packages tab. The CORP\WINI10-01B$ computer should now show as Available.

1. In the Confirm Start Packaging dialogue box, click the Start Packaging button

To log in to vCenter:

1. Click the + icon to open a new tab in the Google Chrome browser
2. Click the vCenter bookmarks folder
3. Click vcsa-01a Web Client to open vCenter
4. Enter Username: administrator@vsphere.local
5. Enter Password: VMware1!

The packaging machine is a specialized VM that is used to create application packages. It is running the same version of Windows 10 as the gold image that will be used to create the VMware Horizon pools to which we will be deploying App Volumes packages. In order to avoid capturing any unnecessary software in the App Volumes application package, a minimum amount of software and agents are installed on the packaging machine. Once the creation of the packaging machine is completed but before any application packages have been packaged, a snapshot of the packaging machine should be taken so that the packaging machine can be reverted to a known clean version for subsequent packaging captures. For more information on preparing the packaging machine, visit Best Practices for Packaging Applications.

1. Scroll down in the list of VMs and Templates until you see Win10-01b
2. Click on Win10-01b to select it
3. Click Launch Web Console

1. Click Other User
2. Enter Username: user1mod8
3. Enter Password: VMware1!
4. Click the arrow button to log in

Note the VMware App Volumes - Packaging in progress dialogue box in the lower right. Do not click OK at this time.

NOTE: The App Volumes popup may take 20-30 seconds to display.

1. Click the File Explorer icon in the taskbar
2. Click Documents
3. Double click on the HOL folder

1. Right click on 7-zip_19.00-x64
2. Click Run as administrator
3. Click Install

1. Click Close

1. Minimize any open windows so that you can see the Packaging in Progress dialogue box on the desktop. Click OK.
2. Click Yes.

1. Click Finalize on the Finalize Package dialogue box. App Volumes will analyze the installed application, and then prompt you to restart the packaging machine.

1. Click OK to restart the packaging machine

After the packaging machine reboots, you will need to log in to the packaging VM as the capture user one more time to complete the package capture process.

1. Enter password: VMware1!
2. Click the arrow button to log in

Click OK on the Packaging successful! dialogue box to complete the capture process.  It may take a few moments for it to appear.

Note: At this point in a production environment, we would revert the packaging machine back to a known clean snapshot in vCenter. Because this is the only application we are capturing in this lab, we are skipping this step in the lab.

1. Click the App Volumes Manager tab to return to App Volumes Manager.

You may find that your session has timed out, and you must log in again.

1. Enter Username: Administrator
2. Enter Password: VMware1!
3. Click Login

In App Volumes 4.x, you have the option to use dynamic marker-based entitlements when assigning application packages. Marker-based entitlements allow the App Volumes administrator to designate a package as Current, and then create an entitlement that states a given user, computer, or group should receive the version of the application that carries the Current tag. Static package-based assignments are also available should a user, computer, or group require a specific version of an application. If there is a conflict (i.e. if one user has both a dynamic and a static entitlement), static package-based assignments have precedence over dynamic marker-based assignments.

1. Click Inventory
2. Click Packages
3. Click the + icon next to 7-Zip 19.00 to expand it
4. Click the Set CURRENT button

1. Click Set CURRENT

Next, we will assign the application to a group of end users using a dynamic marker-based entitlement.

1. Click Applications
2. Click the + icon next to 7-Zip
3. Click Assign

1. In the Search Active Directory field, enter Domain Users
2. Click Search
3. Tick the checkbox next to CORP\Domain Users
4. Ensure the Marker radio button is selected
5. Click Assign

1. Click Assign

Next, we will log in to a VMware Horizon virtual desktop to verify that the assigned application package is successfully deployed.

Minimize the Chrome Browser, and double-click the VMware Horizon Client on the desktop of the Main Console VM.

Double-click horizon-01.corp.local

Log into VMware Horizon.

1. Enter Username: user1mod8
2. Enter Password: VMware1!
3. Click Login

Double click on the Instant Clone Pool to launch the virtual desktop

1. Click the Start Menu button
2. Click the arrow to expand the 7-Zip folder
3. Click 7-Zip File Manager

Close 7-Zip. Note the Host Name of the virtual desktop you are currently logged into.  It may differ from what you see in the image.

NOTE: The Host Name on the virtual desktop may take a few minutes to display.

1. Minimize the Horizon Client using the buttons in the upper right of the Horizon Client Toolbar at the top of the screen.

1. Restore Google Chrome from the taskbar and return to the App Volumes Manager tab
2. Click Inventory
3. Click Attachments to view all currently attached app packages
4. Note the name of the Host Computer 7-Zip is currently deployed to. It should match the name of the Instant Clone desktop you were logged into in the Horizon Client in the previous step.

In this exercise, you will update an application package currently deployed using dynamic marker entitlements to a new version by moving the Current marker from one package to another.

1. Open the minimized Instant Clone Pool virtual desktop

1. Click the search box on the taskbar, type appwiz.cpl and hit ENTER on the keyboard

1. In the VMware Horizon Toolbar at the top of the screen, click Options
2. Click Disconnect and Log Off

1. Click OK on the confirmation pop-up

In this lab, we have an existing entitlement for CORP\Domain Users to receive the version of VLC Media Player that is tagged as Current. To save time, we have pre-packaged the new version of VLC, Media Player 3.0.14. To update VLC Media Player for CORP\Domain Users, we need to move the Current marker from VLC 3.0.13 to VLC 3.0.14.

1. Restore Google Chrome from the taskbar and click the App Volumes Manager tab
2. Click Inventory
3. Click Packages
4. Click the + sign next to VLC 3.0.14 to expand it
5. Click Set CURRENT

1. Click Set CURRENT to apply the change

Note that the green Current tag has now moved to VLC 3.0.14. Only one version of an application package can be set to Current at a time.

1. Click the VMware Horizon Client shortcut on the task bar.
2. Click the Instant Clone Pool.

NOTE: If you were signed out of horizon-01.corp.local, follow the below steps to sign-in again. Otherwise, continue to the next step.

1. In the VMware Horizon Client, click horizon-01.corp.local.
2. Enter user1mod8 for User name.
3. Enter VMware1! for the Password.
4. Click Login.

Follow the first steps in this section to launch the Instant Clone Pool after logging in.

On the Instant Clone Pool virtual machine:

1. Click the search box on the taskbar, type appwiz.cpl and hit ENTER on the keyboard

1. Expand the Programs and Features window until you can see the Version column on the right. Note that VLC has been updated to version 3.0.14.

1. Click Options.
2. Click Disconnect and Log Off.
3. Click OK.

In this lesson you will upload a writable volume template and create a user writable volume.

The App Volumes Writable Volumes feature enables the creation of a per-user volume where the following user-centric data can be installed and configured in different ways and move with the users:

• Application settings
• Licensing information
• Configuration files
• User-installed applications

The key differences between Application Packages and Writable Volumes are:

• Package VMDKs are mounted as read-only and can be shared among multiple desktop virtual machines (VMs) within the data center.
• Writable Volumes are dedicated to individual users and are mounted as the user authenticates to the desktop. Writable volumes roam with the user for non-persistent desktops.

Writable Volumes are not a replacement, but a complementary option to a user environment management solution.  VMware Dynamic Environment Manager is a companion to App Volumes and provides management of user application settings that are applied when the user logs in or when an application launches. VMware Dynamic Environment Manager can manage data within writable volumes at a more granular level, and provide contextual rules to enforce policies based on different conditions or events.  To find out more information on VMware Dynamic Environment Manager please see Module 7 of this lab.

You are now ready to walk through the creation of a Writable Volume.

If Google Chrome is not already opened on the Main Console:

1. Double click the Google Chrome shortcut from the Main Console desktop.

If you still have the App Volumes Manager tab open in Google Chrome, return to the tab.

If you closed the App Volumes Manager session or were signed out after the last exercise:

1. Open the AppVolumes shortcut folder
2. Click on AppVol-01 shortcut
3. Enter Username: Administrator
4. Enter Password: VMware1!
5. Click Login

There are three user writable volume templates available, each providing different capabilities. Before creating a user writable volume, you must upload the template or templates you want to use.

• Profile-Only:  Captures and persists the entire Windows profile for the assigned user.
• UIA Only - The user-installed applications template captures and persists any software programs installed to a non-persistent Windows VM. Windows profile data is ignored, and may be addressed using alternative technologies such as Dynamic Environment Manager. Note: End users must have the appropriate permissions in Windows to install software. Dynamic Environment Manager privilege elevation may be combined with UIA only user writable volumes to support the user-installed applications use case for end users with standard Windows permissions.
• UIA+Profile -  This template captures and persists both the Windows profile and user-installed applications.

1. Click CONFIGURATION
2. Click Storage
3. Click Upload Templates

1. Notice the App Volumes 2.x templates are already uploaded to the App Volumes Manager server. The manager was upgraded from 2.x to 4, and is running in co-existence mode. With co-existence you can still manage your 2.18 agents, while strategically migrating to App Volumes 4.
2. Select the checkbox for the UIA Only template.
3. Click Upload.

In this lab you will only use the UIA Only template. In practice, you may choose to upload multiple templates to provide different capabilities to various groups of end users.

1. Click Upload

The template should take just a few seconds to upload. The update icon with a "1" will change back to "0" once the process is completed.

No action is required on this step.

1. Click the INVENTORY tab
2. Click Writables
3. Click Create

First you need to determine who the writable volume will be assigned to.

1. In the Search Active Directory box, type user1mod8
2. Click Search
3. Select CORP\user1mod8

In this window you enter a variety of information pertaining to the writable volume.  This includes the template type.  Your template type determines what types of information will be stored within your writable volume.  

Enter the following information:

1. Confirm the storage type is listed as vcsa-01a.corp.local: [RegionA01] ESX04a-Local. In a production environment you should place the writable volume onto shared storage optimized for random IOPs with 50% read/write.
2. Accept the default destination path.
3. Drop down the source template section and select the /template_uia_only.vmdk (10GB).  You can expand the size of your writable volume once the volume has been created.
4. Exception Resolution allows an administrator to define what happens if the writable volume becomes unavailable for attachment.  Select Block user login.
5. Click the Limit the attachment check box.
6. Enter Base.  This will prevent the writable volume from attaching to any virtual machines who's machine name doesn't begin with "base."
7. Click Create.

1. Select Create volumes immediately
2. Click Create

1. Click + next to the writable volumes.  As you can see, the writable volume for user1mod8 has been created.
2. You have the ability to modify the Writable Volume in the following ways:

• Edit - Allows you to modify such settings as Exception Resolution and Limit Attachment
• Disable - Prevents a user from being able to attach to the Writable Volume
• Expand - Allows you to increase the size of the writable volume.
• Move - Is for when you want to relocate your writable volume to a different datastore
• Backup - Schedule backups of your writable volumes.  
• Restore - Restore a Writable volume

With a simple registry edit you can allow your users to view the size of their writable volume.  Please consult the following KB for more information.

Click to begin interactive demo.

Congratulations on completing Module 8.

If you are looking for additional information on Horizon, try one of these:

• Click on this link
• Or go to https://www.vmware.com/products/horizon.html
• Or learn more about Anywhere Workspace Solutions

Proceed to any module below which interests you most.

• Module 1 - Virtual Desktop Pools (30 minutes) (Basic) Create and entitle both Windows and Server desktop pools.
• Module 2 - Create an RDSH Farm - Instant Clones (15 minutes) (Basic) Create, provision and load balance RDSH farms.
• Module 3 - Application Pools (15 minutes) (Basic) Create and maintain both RDSH & VM hosted application pools.
• Module 4 - Modern Management of Horizon Desktops (30 minutes) (Advanced) Workspace ONE UEM modern management for VMware Horizon Windows 10
• Module 5 - Integrate Horizon with Workspace ONE Access (60 minutes) (Basic) Workspace ONE Access delivering a secure and comprehensive catalog of apps and desktops from VMware Horizon.
• Module 6 - Single Sign-On with True SSO and Workspace ONE Access (15 minutes) (Basic) Workspace ONE access, TrueSSO, RADIUS and SSO integration with VMware Horizon.
• Module 7 - Dynamic Environment Manager (60 minutes) (Basic) Overview of Dynamic Environment Manager capabilities with focused on key features and integration with Horizon (smart policies).
• Module 8 - App Volumes (60 minutes) (Basic) Explore the new simplified application management workflows of App Volumes 4.
• Module 9 - VMware Horizon Cloud Service (60 minutes) (Basic) Introduction to Horizon Cloud Services and capabilities.

To end your lab click on the END button.  

Interested in learning more about VMware End User Computing (EUC) but don't know where to start? Look no further than https://techzone.vmware.com, your fastest path to understanding, evaluating, and deploying VMware End User Computing products!

Tech Zone focuses on providing practical product guidance, curated activity paths, and technical content to take you from zero to hero!  Our mission at Tech Zone is to provide you with the resources you need to keep leveling up your knowledge no matter where you are in your digital workspace journey.

Interested? Check us out at https://techzone.vmware.com!

Horizon Cloud Services transforms traditional virtual desktop and application infrastructure with unprecedented simplicity and flexibility.

Horizon Cloud provides a multi-tenant, cloud-scale architecture that enables you to choose where virtual desktops and apps reside: VMware-managed cloud, BYO cloud, or both. Horizon Cloud makes it easier than ever for end users to securely access their digital workspace on any device, anytime, anywhere regardless of your cloud choice.

Horizon Cloud also includes functionality above and beyond Microsoft Windows Virtual Desktop, including user environment management, application management, advanced power management, support for hybrid environments, and more as we will see in this module

Horizon helps IT efficiently deploy and scale virtual desktops and apps from a single control plane with rapid provisioning, automation, and simplified management.

Horizon technology also leverages best-in-class management capabilities and deep integrations with the VMware technology ecosystem. The Horizon platform delivers a modern approach for desktop and app management that extends from on-premises to the hybrid and multi-cloud. The result is fast and simple virtual desktop and application delivery that extends an optimal experience to all applications with multiple delivery combinations.

In summary, the outcome will deliver:

1. Simple Hybrid-Cloud Management
2. Secure Data and Achieve Compliance
3. Modernize Operations with Cloud Native integrations
4. Improve ROI & TCO

Getting started with VMware Horizon on VMware Cloud on one of the supported public clouds or VMware Horizon Cloud Service on Microsoft Azure can be accomplished in a few steps:

• Find your "Welcome Letter" to access the Horizon Service.
• Log in to Horizon Universal Console for the first time.
• Add additional admins (if different from the person paying for the order) to the Horizon Service.
• Set up the Horizon Connector (if required - we cover this in the "Setup Horizon Cloud Connector" section).

The Horizon Control Plane Services are feature-rich, cloud-based services that use a multi-tenant, cloud-scale architecture and enable administrators to choose where virtual desktops and applications reside.

Example services enabled by the Horizon Control Plane include:

• Cloud Monitoring Service - Monitor user sessions and virtual desktops.  
• Help Desk - Find detailed real-time information about a user's sessions and functionality to troubleshoot issues with their experience.  
• Horizon Image Management Service - Manage golden images for virtual desktops and session or application hosts.  
• VMware Horizon Service Universal Broker - Use the latest cloud-brokering technology from VMware, built specifically for intelligently brokering users to resources in multi-cloud environments from a single URL.  
• Lifecycle Management - Ensures that infrastructure, including updates and patching, is offloaded to the Horizon Cloud instance.
• Application Management - Implement VMware App Volumes in all Horizon pods on all infrastructure platforms.

VMware Horizon for Azure VMware Solution(AVS) delivers a seamlessly integrated hybrid cloud for virtual desktops and applications. It combines the enterprise capabilities of the VMware Software-Defined Data Center (SDDC), delivered as infrastructure as a service (IaaS) on AVS, with the market-leading capabilities of VMware Horizon for a simple, secure, and scalable solution. You can easily address use cases such as on-demand capacity, disaster recovery, and cloud co-location without buying additional data center resources.

For customers who are already familiar with Horizon or have Horizon deployed on-premises, deploying Horizon on Azure VMware Solution lets you leverage a unified architecture and familiar tools. This means that you use the same expertise you know from VMware vSphere and Horizon for operational consistency and leverage the same rich feature set and flexibility you expect. By outsourcing the management of the vSphere platform to Microsoft, you can simplify the management of Horizon deployments.

Azure VMware Solution private clouds use vSphere role-based access control for enhanced security. You can integrate vSphere SSO LDAP capabilities with Azure Active Directory

Click the link if you are interested in taking the Azure VMware Solution - Lightning Lab

VMware Horizon for VMware Cloud on AWS delivers a seamlessly integrated hybrid cloud for virtual desktops and applications. It combines the enterprise capabilities of the VMware Software-Defined Data Center (SDDC), delivered as a service on Amazon Web Services (AWS), with the market-leading capabilities of VMware Horizon for a simple, secure, and scalable solution. You can address use cases such as on-demand capacity, disaster recovery, and cloud co-location without buying additional data center resources. 

For customers who are already familiar with Horizon or have Horizon environment on-premises, deploying Horizon on VMware Cloud on AWS lets you leverage a unified architecture and familiar tools. This means that you use the same expertise you know from VMware vSphere and Horizon for operational consistency and leverage the same rich feature set and flexibility you expect. By outsourcing the management of the SDDC to VMware, you can simplify the operation of Horizon deployments

https://techzone.vmware.com/horizon-control-plane-services-journey

VMware Horizon for Google Cloud VMware Engine (GCVE) delivers a seamlessly integrated hybrid cloud for virtual desktops and applications. It combines the enterprise capabilities of the VMware Software-Defined Data Center (SDDC), delivered as a service on Google Cloud Platform (GCP), with the market-leading capabilities of VMware Horizon for a simple, secure, and scalable solution. You can easily address use cases such as on-demand capacity, disaster recovery, and cloud co-location without buying additional data center resources.

For customers who are already familiar with Horizon or have Horizon deployed on-premises, deploying Horizon on Google Cloud VMware Engine lets you leverage a unified architecture and familiar tools. This means that you use the same expertise you know from VMware vSphere and Horizon for operational consistency and leverage the same rich feature set and flexibility you expect. By outsourcing the management of the vSphere platform to VMware, you can simplify the management of Horizon deployments. For more information about Horizon for Google Cloud VMware Engine, visit Google Cloud VMware Engine.

Follow this link to learn more at TechZone.

You can deploy Horizon on VMware Cloud on Dell EMC to scale Horizon desktops and applications with the simplicity and agility of the public cloud and the security and control of on-premises infrastructure delivered as a service to data center and edge locations. 

It is built upon the latest VMware software defined data center suite, including industry-leading compute, storage, and network virtualization that is optimized for Dell EMC VxRail hyperconverged infrastructure. It is quick and easy to procure and delivers a cloud-style consumption model for a range of use cases. VMware provides fully automated lifecycle management and monitors the health of the entire SDDC stack around the clock. The combined software, hardware, and services offering enables customers to focus technology resources on initiatives that differentiate the business, instead of spending time on infrastructure management.

To learn more, use this link to take the 30 minute lightning lab: VMware Cloud on Dell EMC Lab.

Horizon Cloud Service provides a single cloud control plane, run by VMware, that enables the central orchestration and management of remote desktops and applications in your Microsoft Azure capacity, in the form of one or multiple subscriptions in Microsoft Azure.

VMware is responsible for hosting the Horizon Cloud Service control plane and providing feature updates and enhancements for a software-as-a-service experience. The Horizon Cloud Service is an application service that runs in multiple Microsoft Azure regions.

The cloud control plane also hosts a common management user interface called the Horizon Cloud Administration Console, or Administration Console for short. The Administration Console runs in industry-standard browsers. It provides you with a single location for management tasks involving user assignments, virtual desktops, RDSH-published desktop sessions, and applications. This service is currently hosted in multiple Azure regions. The Administration Console is accessible from anywhere at any time, providing maximum flexibility.

We have a complete Horizon Cloud on Azure Lab if you wish to learn more. Click HOL-2251-02-ISM - Getting Started with Horizon Cloud on Azure to get started!

The Horizon Cloud Connector is a virtual appliance that connects the existing on-premises Horizon deployments to the Horizon Control Plane, a cloud management console that consists of a set of services that not only provides licensing to Horizon on Premises but simplifies Day 2 management for all your Horizon environments regardless if they are on-premises or in the cloud.

The Cloud Connector is a pure add-on appliance and doesn’t require any changes to the Horizon infrastructure.

• It pairs the Horizon infrastructure with Horizon Control Plane.
• It allows Horizon Control Plane to interact with the infrastructure using the Horizon APIs including the View APIs and the REST APIs.
• It provides a platform to run components as docker images so that optional cloud-based features can be enabled on the existing Horizon infrastructure.
• The lifecycle of the Cloud Connector itself can either be managed fully from the cloud or by the Horizon infrastructure administrator.
• Installs the License Connectivity Broker.

To establish connectivity between Horizon Control Plane and Horizon on-premises deployments, administrators need to complete the pairing of Cloud Connector with Connection Servers. As the result of the process, the Horizon Cloud Connector virtual appliance connects the Connection Server in order to manage the Horizon subscription license and other Horizon Control Plane services mentioned above.

The minimum Connection Server version required to use all Cloud Connector features is 7.10. Horizon Cloud Connector and Connection Server compatibility can be checked at the Compatibility matrix.

You will now setup the Cloud Connector and walk through the steps required to secure communication to the Cloud Connector and accounts.

This part of the lab is presented as a Hands-on Labs Interactive Simulation. This will allow you to experience steps which would be time-consuming or resource intensive to perform in a live environment. In this simulation, you can use the software interface as if you are interacting with a live environment.

1. Click here to open the interactive simulation. It will open in a new browser window or tab.
2. When finished, click the “Return to the lab” link to continue with this lab.

Congratulations on completing  Module 9.

If you are looking for additional information on Horizon, try one of these:

• Click on this link
• Or go to https://www.vmware.com/products/horizon.html
• Or learn more about Anywhere Workspace Solutions

Proceed to any module below which interests you most.

• Module 1 - Virtual Desktop Pools (30 minutes) (Basic) Create and entitle both Windows and Server desktop pools.
• Module 2 - Create an RDSH Farm - Instant Clones (15 minutes) (Basic) Create, provision and load balance RDSH farms.
• Module 3 - Application Pools (15 minutes) (Basic) Create and maintain both RDSH & VM hosted application pools.
• Module 4 - Modern Management of Horizon Desktops (30 minutes) (Advanced) Workspace ONE UEM modern management for VMware Horizon Windows 10
• Module 5 - Integrate Horizon with Workspace ONE Access (60 minutes) (Basic) Workspace ONE Access delivering a secure and comprehensive catalog of apps and desktops from VMware Horizon.
• Module 6 - Single Sign-On with True SSO and Workspace ONE Access (15 minutes) (Basic) Workspace ONE access, TrueSSO, RADIUS and SSO integration with VMware Horizon.
• Module 7 - Dynamic Environment Manager (60 minutes) (Basic) Overview of Dynamic Environment Manager capabilities with focused on key features and integration with Horizon (smart policies).
• Module 8 - App Volumes (60 minutes) (Basic) Explore the new simplified application management workflows of App Volumes 4.
• Module 9 - VMware Horizon Cloud Service (60 minutes) (Basic) Introduction to Horizon Cloud Services and capabilities.

To end your lab click on the END button.  

Interested in learning more about VMware End User Computing (EUC) but don't know where to start? Look no further than https://techzone.vmware.com, your fastest path to understanding, evaluating, and deploying VMware End User Computing products!

Tech Zone focuses on providing practical product guidance, curated activity paths, and technical content to take you from zero to hero!  Our mission at Tech Zone is to provide you with the resources you need to keep leveling up your knowledge no matter where you are in your digital workspace journey.

Interested? Check us out at https://techzone.vmware.com!