Our very own Chuck Mills has co-authored a book! VMware Horizon 6 Desktop Virtualization Solutions (a mouthful, right) was released September 2014. Since it’s release there have been a few minor updates and now Horizon 6.2 is available.
Below, Chuck offers an overview of the new and updated features since the initial release. Watch this space for future updates which will be posted as they become available.
Purchase and read about the book here.
UPDATE 6.2: SEPTEMBER 2015
VMware has released Horizon 6.2 and for a dot release has put a lot of new features in their Virtual Desktop product. Here is a list of some of the new features. This keeps you updated if you have the book VMware Horizon 6 Desktop Virtualization Solutions released last year at this time.
RDS Solution Updates
VMware announced RDS functionality to Horizon back in 2014 for the sharing of desktops and applications. Since that time VMware continued to improve the functionality and now with this release of 6.2, there is a several enhancements to point out.
Cloud Pod Architecture
Since the release of VMware Horizon 6 Desktop Virtualization Solutions the enhancements around Cloud Pod Architecture has increased. If you recall in Chapter 12, I showed how to set up up the solution and almost all of it needed the command line and lmvutil commands. With the release 6.1.1 and now 6.2, the View Administrator can used to replace some of the command line functions.
There are several new features in 6.2 that effect Remote Desktop Services (RDS). There is now support for RDS Apps with Cloud Pods. This allows you to create global entitlements for applications and the associated placement. You can extend the entitlement of the application to several application pools within a data center, between data centers and also between sites. This now provides an application solution for Cloud Pods as it has for desktops.
HTML Access for Cloud Pod
Users that like and/or need HTML Access, can use it to connect to their remote desktops and applications that are deployed in a Cloud Pod Architecture.
RDSH Load Balancing
Load balancing and user placement have been improved in Horizon 6.2 to prevent connections to an overloaded server. The areas of improvements are:
- The algorithm: This is used to perform the load balancing and uses Perfmon counters to determine which hosts are ideal for handling the new sessions. The View agent executes a script to collect the performance data, then reports to the connection servers. The report contains a recommendation based on the current performance of the system and creates a placement order to be calculated based on agent’s information.
- Anti-affinity rules: The rules are for the application and will monitor the number instances of an application that is running on an RDSH host. If the number of instances of a particular application is greater than a pre-set value, the user will be connected to another host. Note: The application anti-affinity rules are processed after the server placement is determined and application anti-affinity rules do not apply to RDSH desktop sessions.
Linked-Clone Support and Horizon Composer for RDSH
Horizon 6.2 allows Composer linked-clone support for RDSH server builds. This makes all the benefits of linked-clone desktops available to the server-based solution which includes:
- automated pool builds
- single image management
- application consistency
- system consistency
Prior to this feature you would have needed to build and manage each server manually and that also meant there was no built-in way to managing those server images or the server updates. This also creates a more efficient use of your storage.
File Type Associations for Published Apps
Users can launch an application and work on files without installing the applications on their machines. In this case there is no file type association. This requires the user to log into Horizon, start the application, and then go to the network location to get the file used by the application. Horizon 6.2 allows the user to double-click on a file and have it launch the application from the remote location automatically. To have this occur, a data compression algorithm is used when transferring the file to the remote host. Also, all data is protected with SHA 256 encryption when clients are remotely accessing the application over the Internet.
Horizon Access Point
Let’s start with a quick recap of remote access to a Horizon View environment
Remote access is one of those use cases used to sell a VDI solution. The challenges with the Horizon remote access solution is you need to deploy a Windows machines in the DMZ called a Security Server. The Security server then “tunnels” PCOIP, Blast, and RDP connections into the Horizon View environment.
There are challenges with this configuration. The Security Servers cannot be configured or managed with same GPOs used to manage the rest of your infrastructure and because they sit in the DMZ, they need to be patched often and kept secure. Also the Security Servers has a direct pairing with a Connection Server and if that Connection Server is not available, then any user that makes a connection to that paired Security Server will not be able to authenticate which means no desktop.
Now, let look at the new solution that Horizon 6.2 provides. There is a new method to allow remote access called the Access Point, which is a locked-down virtual appliance. The appliance is based on SUSE Linux Enterprise Edition 11 and should be close with feature parity of the Horizon Security Server. This means no Windows VMs in your DMZ, and better yet, it does not need to be paired with a Connection Server. This provides an easier way to scale your remote access solution without the need to increase the number of Connection Servers.
This Access Point solution is the future method of remote access for all the Horizon Suite components. Please note that this is a 1.0 release and needs to be tested before you go and start replacing all of your current Security Servers.
Enhanced License Console
Horizon 6.2 improves the licensing console on the View Admin page. This new licensing console shows a portion of the current key in use along with concurrent connections and unique named users that are currently logged in.
One-Way Trust Support
The current release of Horizon (before 6.2) requires a two-way trust between domains or forests in order to authenticate and entitle users. This would affect companies involved in mergers and acquisitions. The use cases for a VDI environment might not be possible due to security and other integration issues.
Horizon 6.2 now allows support for 1-way Active Directory trusts. The Users (and groups) from the trusted domains can be given access to Horizon desktops without having the need to create a two-way trust. This is accomplished by a service account with the permissions to authenticate with the trusted domain and the account will be stored in the Horizon LDAP database (all credentials are encrypted).
FIPS Cryptographic Support and Common Criteria Certification
When dealing with the Federal Government, there is certain criteria that must be met. Things like IPv6 compatibility, FIPS cryptographic support, and Common Criteria certification. Right now Horizon 6.1 has support for IPv6 but lacks FIPS support. Horizon 6.2 has introduced support for FIPS on all Horizon Windows components. This also includes FIPS support in Horizon Client 3.5 for Windows. This is an optional mode and is an all or nothing choice. It must be installed from the beginning, meaning you cannot not upgrade a current Horizon installation. The certification for Common Criteria is in progress and is scheduled to be completed in 2016.
3D graphics are becoming increasingly important in virtual desktop environments and VMware continues to add more 3D support to Horizon. Horizon 6.2 includes many improvements to virtual 3D acceleration.
- NVIDIA GRID 2.0 – NVIDIA announced the next generation of GRID.
- vDGA for AMD GPUs – AMD support has been reintroduced in Horizon 6.2 for vDGA. This was in version 5.x but was not in version 6.1, now it’s back in 6.2.
- 3D Support for RDS Hosted Applications – RDS desktops and published applications support both vDGA and vGPU when using supported NVIDIA graphics cards. RDSH servers running Windows Server 2008 R2 and Windows Server 2012 have 3D acceleration support.
- Linux Desktop vSGA and vGPU Support – before 6.2 Linux desktops only supported vDGA for 3D graphics. Horizon 6.2 adds important support for 3D acceleration and both vSGA and vGPU are available when utilizing the supported NVIDIA graphics cards.
- 4K Resolution Support – 4K content is extremely high resolution which has a resolution of 3840×2160, are used in conditions where high resolution imaging is needed. Horizon 6.2 will support in-guest resolutions up to 3840×2160, but requires Horizon Agent 6.2 on the guest and Horizon Client 3.5. Also, the guest operating system must be Windows.
- A Windows 7 with HW version 11 – virtual desktop can support up to three 4K monitors when running on a VM. Aero must be disabled.
- Windows 7 machines with Aero enabled or Windows 8 desktops with HW version 10 can support a single 4K monitor.
Please note that this is in-guest display resolutions.
Client Drive Redirection for VDI and RDSH
This feature was a Tech Preview in Horizon 6.1.1 and is now supported in Horizon 6.2. It is supported on both Windows and Mac clients. Linux client are now in tech preview. When this is installed on the virtual desktop, it allows users to “remotely” access files stored on their local PC. Compression and encryption is invoked when transferring files from the endpoint into the virtual desktop.
Windows 10 Support
Windows 10 was officially supported on vSphere 6, but wasn’t supported in Horizon 6.1. Horizon 6.2 now has full support for Windows 10. The Horizon Agent and Client are supported along with Smart Card authentication. Note: Windows 10 is only supported when running ESXi 5.5 Update 3 or ESXi 6.0 Update 1.
UPDATE 6.1: JUNE 11, 2015
• Configure Cloud Pod Architecture using the View Administrator (UI)
View Administrator can be used to configure and administer a Cloud Pod Architecture environment. This is in addition to the lmvutil commands (See VMware Horizon 6 Desktop Virtualization Solutions – Chapter 12 page 296). The View Administrator can also be used to review pod health and desktop session information.
•Smart Card for RDS
The Smart Card support for both remote desktop service (RDS) desktops and Hosted Applications allows users to authenticate to RDS-based desktops and applications using smart cards.
•IPv6 Networks Support
Now, there is support for IPv6 networks. The environment must be configured IPv6 orIPv4 meaning IPv6 is an alternative to IPv4. When installing the View components, you should choose IPv4 unless you have a working IPv6 environment. Only fresh installations are supported in an IPv6 environment. A mixed of IPv6 and IPv4 in the View environment is not supported. If you accidentally configure a mixed environment, the clients will fail to connect to View Connection Server, remote desktops, or applications.
Note: All features that are currently supported in the IPv4 environment are not supported in the IPv6 environment. Refer to the View Installation guide (IPv6 topics) if you plan to run IPv6 in your View environment.
• Mass storage on RDS desktops and Hosted Apps using USB Redirection
This feature enables the redirection of USB flash drive and hard disks to RDS Hosted Desktops and Applications. The feature is supported on Windows clients and Windows Server 2012 RDS hosts.
Note: This does NOT support the redirection of other types of USB devices including other types of USB storage devices such as security storage drives and USB CD-ROM.
•Windows Server 2012 R2
- Windows Server 2012 R2 operating system is supported for VDI desktops
- Windows Server 2012 R2 (Data center edition) is supported as the guest operating system for single-user, virtual desktops.
• Resolve Database Inconsistencies
The ViewDbChk utility is used to resolve database inconsistencies for Horizon 6. This will resolve inconsistencies in the following databases used to deliver a View solution: View LDAP, View Composer, and vCenter Server. The databases are used to store information about desktop virtual machines. ViewDbChk can automatically identify and also resolve the configuration issues that previously required manual intervention.
•Enhanced Message Security Mode
The new Enhanced message security mode allows messages to be delivered through secure channels (instead of signing and encrypting individual messages). This new mode provides performance benefits by reducing the load on View Connection Server, Security Servers, virtual desktops, and RDS servers.
Notes: When you perform a fresh installation of version 6.1, the enhanced message security mode will be enabled by default.
If you upgrade to version 6.1, the per-existing message security mode is retained. To enable the enhanced mode after an upgrade, you must change the Global Setting in View Administrator.
Port 4002 must be opened on the back-end firewall to allow security servers to communicate with the Connection Server in the new enhanced message security mode.
Once enhanced message security mode is enabled, you cannot deploy desktops with the View Agent earlier than 6.1.
•3rd-Party SSO Credential Handling
This feature allows 3rd-party solutions to be tightly integrated with Horizon 6. It enables the 3rd-party Single Sign On (SSO) providers to access credential information during the login to Horizon 6.
•vSphere Transparent Page Sharing in Horizon 6
The level of Transparent Page Sharing (TPS) that takes place on the ESXi host is set using the View Administrator. TPS can be set to eliminate redundant copies of memory pages. The levels are set by virtual machine, pool, pod, or global. This feature allows you to decide how broadly to share pages based on the use case and the need to isolate the users’ virtual machines. Using TPS will reduce the total memory consumption in the View environment.
•HTML Access Enhancements
- You now can have 2,000 simultaneous users per security gateway (increased from 350). This is the same as PCoIP native clients.
- Support for Location Based Printing with HTML Access
- 3D desktops support, backed by NVIDIA GRID vGPU technology and vDGA
•Virtual hardware version 11
Virtual hardware version 11 is supported by Horizon 6 which is available in vSphere 6.0 or later versions. This hardware version is required for virtual machines that want to use NVIDIA GRID vGPU (see below).
• GPU hardware acceleration using NVIDIA GRID vGPU
The feature allows a physical graphical processing unit (GPU) installed on the ESXi host (vSphere 6.0) to be shared with multiple virtual desktops. This addresses a wide variety of graphics use cases along with lowing the costs when compared to physical workstations. This solution can be used for lightweight 3D tasks and up to high-end workstation graphics requirements.
•Support of Windows XP and Vista guest OSs as desktop virtual machines
The Horizon 6 (version 6.1) servers will work with Windows XP and Windows Vista desktops if you use the View Agent 6.0.2. This older agent will not offer all of the features of the newer 6.1 agent. This means if you install the version of View Agent that ships with Horizon 6 (version 6.1), it will not support Windows XP and Vista desktops.
•Virtual Volumes Support
Virtual Volumes (available with vSphere 6.0) allows vSphere to offload intensive storage operations such as snapshot creation, cloning, and replication. The virtual disks and their derivatives, clones, snapshots, and replicas are mapped directly to virtual volumes on the storage system. The implementation of Virtual Volumes depends on the availability of products by certified storage vendors.
I hope this helps to keep you updated on the Horizon 6 Solution.