Our very own Chuck Mills has co-authored a book! VMware Horizon 6 Desktop Virtualization Solutions (a mouthful, right) was released September 2014. Since it’s release there have been a few minor updates and now Horizon 6.2 is available.
Below, Chuck offers an overview of the new and updated features since the initial release. Watch this space for future updates which will be posted as they become available.
Purchase and read about the book here.
VMware has released Horizon 6.2 and for a dot release has put a lot of new features in their Virtual Desktop product. Here is a list of some of the new features. This keeps you updated if you have the book VMware Horizon 6 Desktop Virtualization Solutions released last year at this time.
VMware announced RDS functionality to Horizon back in 2014 for the sharing of desktops and applications. Since that time VMware continued to improve the functionality and now with this release of 6.2, there is a several enhancements to point out.
Since the release of VMware Horizon 6 Desktop Virtualization Solutions the enhancements around Cloud Pod Architecture has increased. If you recall in Chapter 12, I showed how to set up up the solution and almost all of it needed the command line and lmvutil commands. With the release 6.1.1 and now 6.2, the View Administrator can used to replace some of the command line functions.
There are several new features in 6.2 that effect Remote Desktop Services (RDS). There is now support for RDS Apps with Cloud Pods. This allows you to create global entitlements for applications and the associated placement. You can extend the entitlement of the application to several application pools within a data center, between data centers and also between sites. This now provides an application solution for Cloud Pods as it has for desktops.
Users that like and/or need HTML Access, can use it to connect to their remote desktops and applications that are deployed in a Cloud Pod Architecture.
Load balancing and user placement have been improved in Horizon 6.2 to prevent connections to an overloaded server. The areas of improvements are:
Horizon 6.2 allows Composer linked-clone support for RDSH server builds. This makes all the benefits of linked-clone desktops available to the server-based solution which includes:
Prior to this feature you would have needed to build and manage each server manually and that also meant there was no built-in way to managing those server images or the server updates. This also creates a more efficient use of your storage.
Users can launch an application and work on files without installing the applications on their machines. In this case there is no file type association. This requires the user to log into Horizon, start the application, and then go to the network location to get the file used by the application. Horizon 6.2 allows the user to double-click on a file and have it launch the application from the remote location automatically. To have this occur, a data compression algorithm is used when transferring the file to the remote host. Also, all data is protected with SHA 256 encryption when clients are remotely accessing the application over the Internet.
Let’s start with a quick recap of remote access to a Horizon View environment
Remote access is one of those use cases used to sell a VDI solution. The challenges with the Horizon remote access solution is you need to deploy a Windows machines in the DMZ called a Security Server. The Security server then “tunnels” PCOIP, Blast, and RDP connections into the Horizon View environment.
There are challenges with this configuration. The Security Servers cannot be configured or managed with same GPOs used to manage the rest of your infrastructure and because they sit in the DMZ, they need to be patched often and kept secure. Also the Security Servers has a direct pairing with a Connection Server and if that Connection Server is not available, then any user that makes a connection to that paired Security Server will not be able to authenticate which means no desktop.
Now, let look at the new solution that Horizon 6.2 provides. There is a new method to allow remote access called the Access Point, which is a locked-down virtual appliance. The appliance is based on SUSE Linux Enterprise Edition 11 and should be close with feature parity of the Horizon Security Server. This means no Windows VMs in your DMZ, and better yet, it does not need to be paired with a Connection Server. This provides an easier way to scale your remote access solution without the need to increase the number of Connection Servers.
This Access Point solution is the future method of remote access for all the Horizon Suite components. Please note that this is a 1.0 release and needs to be tested before you go and start replacing all of your current Security Servers.
Horizon 6.2 improves the licensing console on the View Admin page. This new licensing console shows a portion of the current key in use along with concurrent connections and unique named users that are currently logged in.
The current release of Horizon (before 6.2) requires a two-way trust between domains or forests in order to authenticate and entitle users. This would affect companies involved in mergers and acquisitions. The use cases for a VDI environment might not be possible due to security and other integration issues.
Horizon 6.2 now allows support for 1-way Active Directory trusts. The Users (and groups) from the trusted domains can be given access to Horizon desktops without having the need to create a two-way trust. This is accomplished by a service account with the permissions to authenticate with the trusted domain and the account will be stored in the Horizon LDAP database (all credentials are encrypted).
When dealing with the Federal Government, there is certain criteria that must be met. Things like IPv6 compatibility, FIPS cryptographic support, and Common Criteria certification. Right now Horizon 6.1 has support for IPv6 but lacks FIPS support. Horizon 6.2 has introduced support for FIPS on all Horizon Windows components. This also includes FIPS support in Horizon Client 3.5 for Windows. This is an optional mode and is an all or nothing choice. It must be installed from the beginning, meaning you cannot not upgrade a current Horizon installation. The certification for Common Criteria is in progress and is scheduled to be completed in 2016.
3D graphics are becoming increasingly important in virtual desktop environments and VMware continues to add more 3D support to Horizon. Horizon 6.2 includes many improvements to virtual 3D acceleration.
This feature was a Tech Preview in Horizon 6.1.1 and is now supported in Horizon 6.2. It is supported on both Windows and Mac clients. Linux client are now in tech preview. When this is installed on the virtual desktop, it allows users to “remotely” access files stored on their local PC. Compression and encryption is invoked when transferring files from the endpoint into the virtual desktop.
Windows 10 was officially supported on vSphere 6, but wasn’t supported in Horizon 6.1. Horizon 6.2 now has full support for Windows 10. The Horizon Agent and Client are supported along with Smart Card authentication. Note: Windows 10 is only supported when running ESXi 5.5 Update 3 or ESXi 6.0 Update 1.
View Administrator can be used to configure and administer a Cloud Pod Architecture environment. This is in addition to the lmvutil commands (See VMware Horizon 6 Desktop Virtualization Solutions – Chapter 12 page 296). The View Administrator can also be used to review pod health and desktop session information.
The Smart Card support for both remote desktop service (RDS) desktops and Hosted Applications allows users to authenticate to RDS-based desktops and applications using smart cards.
Now, there is support for IPv6 networks. The environment must be configured IPv6 orIPv4 meaning IPv6 is an alternative to IPv4. When installing the View components, you should choose IPv4 unless you have a working IPv6 environment. Only fresh installations are supported in an IPv6 environment. A mixed of IPv6 and IPv4 in the View environment is not supported. If you accidentally configure a mixed environment, the clients will fail to connect to View Connection Server, remote desktops, or applications.
Note: All features that are currently supported in the IPv4 environment are not supported in the IPv6 environment. Refer to the View Installation guide (IPv6 topics) if you plan to run IPv6 in your View environment.
This feature enables the redirection of USB flash drive and hard disks to RDS Hosted Desktops and Applications. The feature is supported on Windows clients and Windows Server 2012 RDS hosts.
The ViewDbChk utility is used to resolve database inconsistencies for Horizon 6. This will resolve inconsistencies in the following databases used to deliver a View solution: View LDAP, View Composer, and vCenter Server. The databases are used to store information about desktop virtual machines. ViewDbChk can automatically identify and also resolve the configuration issues that previously required manual intervention.
The new Enhanced message security mode allows messages to be delivered through secure channels (instead of signing and encrypting individual messages). This new mode provides performance benefits by reducing the load on View Connection Server, Security Servers, virtual desktops, and RDS servers.
This feature allows 3rd-party solutions to be tightly integrated with Horizon 6. It enables the 3rd-party Single Sign On (SSO) providers to access credential information during the login to Horizon 6.
The level of Transparent Page Sharing (TPS) that takes place on the ESXi host is set using the View Administrator. TPS can be set to eliminate redundant copies of memory pages. The levels are set by virtual machine, pool, pod, or global. This feature allows you to decide how broadly to share pages based on the use case and the need to isolate the users’ virtual machines. Using TPS will reduce the total memory consumption in the View environment.
Virtual hardware version 11 is supported by Horizon 6 which is available in vSphere 6.0 or later versions. This hardware version is required for virtual machines that want to use NVIDIA GRID vGPU (see below).
The feature allows a physical graphical processing unit (GPU) installed on the ESXi host (vSphere 6.0) to be shared with multiple virtual desktops. This addresses a wide variety of graphics use cases along with lowing the costs when compared to physical workstations. This solution can be used for lightweight 3D tasks and up to high-end workstation graphics requirements.
The Horizon 6 (version 6.1) servers will work with Windows XP and Windows Vista desktops if you use the View Agent 6.0.2. This older agent will not offer all of the features of the newer 6.1 agent. This means if you install the version of View Agent that ships with Horizon 6 (version 6.1), it will not support Windows XP and Vista desktops.
Virtual Volumes (available with vSphere 6.0) allows vSphere to offload intensive storage operations such as snapshot creation, cloning, and replication. The virtual disks and their derivatives, clones, snapshots, and replicas are mapped directly to virtual volumes on the storage system. The implementation of Virtual Volumes depends on the availability of products by certified storage vendors.
I hope this helps to keep you updated on the Horizon 6 Solution.