In this blog, we are focussing our attention on the VMware Virtual Desktop Infrastructure solution also popularly known as Horizon View. We will discuss how to deploy UEM, AppStacks and Thin Apps as we go along the deployment journey. We will invoke a full disaster recovery across to our DR thus moving all the above components to our peer site to verify business continuity.
What’s Horizon View
VMware Horizon View enables users to access virtual desktops and applications through a single UI. Virtual Desktops are delivered by the base product called Horizon View and today we App layering products such as AppStack to deliver applications to end-users.
Horizon View Web Docs
Horizon View Lab Architecture
The below Image shows the high-level architecture of VMware Horizon View Environment in our home lab
Summary of View Deployment
The following are the high-level steps required for our View deployment.
- Verify compatibility matrix
- Build 2 ESXi hosts
- Deploy 2 vCenter ( mgmt and desktop stack ) and connect ESX host to it
- Connect ESX hosts to distributed switch.
- Deploy Connection Server.
- Deploy SQL Server
- Deploy Composer Server
- Deploy Replica Server
- Deploy Security Server
- Deploy Site Recovery Manager
- Replicate VM
- Failover VM
Network Topology of Lab
Our network topology is setup as below
Management VM Sizing Requirements
Since we have deployed it in our lab, we have deployed it with bare minimum settings. Except for Unified Access Gateway and Workspace One, all other Horizon components will need a Microsoft Windows Server Operating System.
Primary Site
| Server | VM | Version | vCPU | Memory GB |
| sf01-dc01 | Domain Controller / CA / File Server / DHCP | NA | 2 | 8 |
| sfo01-m01-vc01 | vCenter1 | 7.0 U1 | 2 | 10 |
| horizon01 | Horizon View Connection Server | 2019 | 2 | 8 |
| jmp01 | Jump Server | 2019 | 2 | 4 |
| repl01 | Horizon View Replica Server | 2019 | 4 | 4 |
| vidm01 | WorkSpace One / Identity Manager | NA | 2 | 4 |
| uag01 | Universal Access Gateway | NA | ||
| sql01 | SQL Server for JMP, Composer, Events DB | 2019 | 4 | 6 |
| rdsh01 | Microsoft RDSH Server | 2019 | 2 | 4 |
Secondary Site
| Server | VM | Version | vCPU | Memory GB |
| sf01-dc02 | Domain Controller / CA / File Server / DHCP | NA | 2 | 8 |
| sfo01-m01-vc02 | vCenter2 | 7.0 U1 | 2 | 10 |
| horizon02 | Horizon View Connection Server | 2019 | 2 | 8 |
| jmp02 | Jump Server | 2019 | 2 | 4 |
| repl02 | Horizon View Replica Server | 2019 | 4 | 4 |
| vidm02 | WorkSpace One / Identity Manager | NA | 2 | 4 |
| uag02 | Universal Access Gateway | NA | ||
| sql02 | SQL Server for JMP, Composer, Events DB | 2019 | 4 | 6 |
| rdsh02 | Microsoft RDSH Server | 2019 | 2 | 4 |
Changes in Horizon View 8
Horizon now follows a naming scheme that involves the month and the year in the version which will make it easier to keep track of when a version is released. The first release of Horizon 8 will be in 2006 followed by the rest.
Linked Clones, Composer, and Persistent Disks are all deprecated in View 8. Instant Clones are the replacement for Linked Clones. These are the changes in View 8
| Deprecated/Removed Features | Replacement |
| Linked Clones and Composer | Instant Clones (Available in all desktop SKUs) |
| Persistent Disks and Persona Management | DEM and Writable Volumes |
| JMP Server | Multicloud Assignments |
| ThinPrint | VMware Integrated Printing |
| Security Server | Unified Access Gateway |
| vRealize Operations for Horizon | Cloud Monitoring Service and ControlUp Entitlement |
VMware Horizon View Software Components
Horizon View Connection Server
The connection server acts as the central management interface for our View Environment. The Connection Server is where we create Desktop pools, applications, user entitlement, etc and allocate them to our end-users. The primary role of a connection server is to connect users to their virtual desktop.
Horizon View Replica Server
Replica server provides HA and load-balancing to the connection server.
Horizon View Security Server
This server gets deployed in our DMZ zone allowing our external users to securely access our View environment. This server won’t be joined to our Active Directory domain. A pairing connection is maintained between the Security server and our internal Connection server thus when an external user requests for session access to our VDI Stack, the security server will contact with paired Connection Server and enable session connection to the end-user, thus end-user never talks to the Connection Server directly. We will deploy two of these servers in our environment – One in Prod and another one in our DR
This means an external user will launch the horizon client and the time he will connect to the security server which is actually paired in the background to our internal connection server. They are then connected to an internal network once authenticated. Security server is a mini version of your connection server except it sits in the DMZ where the external user authenticates
Horizon View Enrollment Server or True SSO
Horizon View Enrollment or true SSO server sits between the connection server and our CA and requests temporary certificates from the certificate store. It allows users to connect to Microsoft environment without ever needing them to enter their AD account credentials. This is achieved in the backend by integrating the service with VMware Identity manager.
Horizon View Composer
A truly valuable feature on View Environment is the use of Composer Server for our VM deployment which is used to create Linked Clone and Instant Clone desktops. Whilst a connection server can do a basic full clone desktop deployment that would consume a lot of storage space, linked-clone/ instant clone can offer up to 80 % reduction in our data storage requirements however we require faster storage for this deployment model as the base disk (snapshot) is being read constantly as IOPS will go through the roof. As of Horizon View 8, the composer server is no longer required and not supported. Instant Clones are the replacement for Linked Clones.
Horizon View Agent
View agent is deployed on all desktops being provisioned by View. The agent Is responsible for enabling the use of that VDI desktop providing extra features such as Virtual Printing, USB support, and single sign-on. It enables Horizon View to use it as a resource.
These are the agents available for horizon view
- Horizon Agent for Windows
- Horizon Agent for iOS
- Horizon Agent for Mac
- Horizon Agent for Linux
- Horizon Agent for Chrome OS
Horizon View Client
View Client can be deployed on any pc and it just establishes a connection to our Horizon view connection server.
Horizon View Persona Management
Horizon View Persona Management, one of the add on features used to manage user profile settings, with just-in-time retrieval of user profile data, file share or the use of an existing folder redirection structure. Persona management is very useful for floating desktop pools, simply we can call it a roaming profile.
VMware ThinApp
ThinApp is an application packaging solution from VMware. ThinApp licenses are included with the Horizon View license and can be used on both physical and virtual desktops, therefore providing a mechanism to deliver applications across all of our desktop models.
VMware App Volumes
The main goal of AppVolumes is to simplify the lifecycle management of apps by separating them from the actual desktop VM base build from the applications required to be provisioned on the desktop for our end users. App Volumes provides the just in time delivery of apps by attaching applications to users desktops by connecting vmdk ( virtual disks ) of a particular application they need. Applications thus are delivered in separate containers called App Stacks. Once implemented, we don’t need to update desktop pools to patch a particular app version as that is handled as a separate entity using AppStack
UAG (Unified Access Gateway) or Access Point
VMware Unified Access Gateway is an appliance-based version of the Security server and this is the way to go forward.
UEM (User Environment Manager / WorkSpace One )
VMware Workspace ONE UEM is a single solution to manage all device types on all platforms It incorporates modern device management, application management, and security etc in its Ui. This product now replaces the Personna management
Microsoft RDS Server
Horizon View has support for Microsoft RDS as a means of delivering hosted desktop sessions rather than full virtual desktop machines desktops.
Methods of Provisioning Desktop VM in View 8.0
- Full Clone Desktops – A clone is a copy of your build. and is a new VM with its separate UUID. Each desktop created thus is a full blown virtual machine deployed from a template.
- Instant Clone Desktops – Instant Clone desktops are new to Horizon 7 and above, and they are built off of the VMfork technology Instant Clones are essentially a rapid clone of a running virtual machine with extremely fast customization.
- Remote Desktop Pools – This is special pool created if you wish to use Micrsoft RDSH. Horizon View can manage a RDSH Farm.
Types of Desktop Assignments in View 8
Desktops can be assigned to users either as a dedicated or a floating desktop
- Dedicated Assignment – As the name suggest the desktop will be allocated to a user when they first login and remains their own throughout the life of that VM so these are reserved VM’s for a user. The user retains all their apps, docs and settings.
- Floating Assignment – On the other hand, from a pool of VM’s a user gets any desktop that he can use temporarily. Once they logout the VM is assigned back to the pool for another user to log in thus there is no reservation for a particular VM.The user won’t retain all their apps, docs and settings. Desktops are refreshed at log off sonxt user gets a new desktop.