Horizon 7 Connection Server Post Installation Configuration
Once you have completed installing the Horizon Connection Server, there are many post installation configurations and settings that should be performed, depending upon what the requirements and features you want to evaluate. This section will walk you through many of the post installation settings and configurations. This lab is not how to deploy a production-ready environment, but perfect for a lab/POC to evaluate the entire Horizon suite. We will offer some details and best practices to be considered when building out a deployment.
Launch Google Chrome
- From the desktop Click on the Google Chrome Shortcut to launch Google Chrome.
Horizon Management Console vs Horizon Flex Console
Currently Horizon has 2 management consoles.
- Horizon Console (HTML5)
- Horizon Administrator (Legacy) Flex Console
The reason we still maintain two management consoles is that the new console is not yet to 100% feature parity. As future versions of Horizon are released, the Horizon Console will become standard, and the Flex console will be retired. Currently the only missing components are the Horizon Dashboard, RDSH Load Balancing settings, ThinApp Management, and Security Server Management. Unless you are doing an advanced configuration or production deployment you should only need to use the new Management console. In a POC / Lab you probably would only be using the Flex console for the dashboard to troubleshoot a problem.
In this lab you can open a session tab to both consoles allowing you to compare the legacy Flex console to the new Horizon Console. This lab will focus solely on the new Horizon Management console. Feel free to look around the legacy Flex console and check out the Dashboard.
Open a Horizon Console Session
- In the Chrome address bar type https://horizon-03.corp.local/newadmin
This is the Horizon Management Console, which will be used for the remainder of this module.
Logon to Horizon Console
- Logon with the username administrator
- Use the password VMware1!
- Click Sign In
Open an Additional Chrome Tab
- Click on the Grey tab to open a new Chrome tab.
Open a Horizon Administrator Session (Flex)
- In the Chrome address bar type https://horizon-03.corp.local/admin
This is Horizon Administrator, it is the legacy Flex-based management console, and will be retired in the future.
- Click on the Get Adobe Flash Player button.
- Click Allow on the Run Flash prompt at the top of the browser.
Logon to Horizon Administrator Console
- In the Username box type: administrator
- In the Password box type: VMware1!
- Click Log In.
Horizon Administrator Flex
Click around and take a look at the Horizon Administrator. Most all features in the Horizon Administrator are included in the new HTML 5 based console. We will not be using this console for the lab. Feel free to check back into the legacy client and view the dashboard to see the configuration changes you make during the lab. Both consoles work to perform all lab tasks.
- Click on the Horizon 7 Management tab as shown to switch back to the HTML5 Horizon Manager.
- Click on Edit License.
Horizon License Key
VMware Horizon 7 is available in three editions: Horizon Standard, Horizon Advanced, and Horizon Enterprise. All three editions include all components needed for an end-to end virtual desktop deployment.
VMware Horizon Apps is available in two editions: Horizon Apps Standard and Horizon Apps Advanced. Both editions include all components needed to publish apps in the data center and deliver them to the digital workspace.
Horizon employs a non-enforced Concurrent User or Named User licensing model. Concurrent allows licenses to float across multiple users up to the maximum count, while Named requires a dedicated named user per license that cannot be shared between different users. Both have their benefits and constraints. For a link to the feature comparison of what is included in each edition click here. We will not be licensing this server in the lab.
- In the License Serial Number you would type your product key number and then click OK do not enter anything at this time.
- Click Cancel.
Add vCenter Server
We will be adding a vCenter server to Horizon. Normally this would be a VDI dedicated vCenter server in production. Horizon will make API calls to vCenter performing the requested actions, Create desktop VMs, Delete Desktop VMs etc. It is also used to add full clone VDI desktops to Horizon for brokering connections. Normally a service account with admin permissions to vCenter is used. Specific Privileges needed in vCenter can be found here.
- Click on Servers.
- Click on Add.
vCenter Server Name and Credentials
- In the Server Address box type: vcsa-01a.corp.local
- In the User Name box type: [email protected]
- In the Password box type: VMware1!
- Click Next
Add vCenter Server Composer
- Leave the default composer settings and click Next
Horizon Composer is being deprecated and replaced by Instant Clones for stateless desktops. Instant Clones do not require a dedicated server and SQL database to create and maintain stateless desktops like Composer Linked Clones do.
Add vCenter Server Storage Options
- Leave default storage options and click Next.
Verify vCenter Add Settings
Validate vCenter Add attributes and click Submit to continue.
Validate vCenter Server was Added Successfully
Validate vCenter was added to Horizon successfully as shown above.
Instant Clone Domain Accounts
If you are using Instant Clones (stateless desktops) you will need a service account that has the appropriate permissions in Active Directory. For detailed information on what permissions are necessary please see Create a User Account for Instant-Clone Operations. In this lab we will use the Domain Admins group.
For the required vCenter privileges on the service account please see Privileges Required for the vCenter Server User.
- Click on Instant Clone Domain Accounts.
- Click Add.
Add Instant Clone Domain Service Account
- Click on User Name Box and type: Administrator
- Click on Password Box and type: VMware1!
- Click OK.
Validate Instant Clone Service Account
Validate the domain corp.local and user account administrator was successfully added.
Horizon Events Database
Although not required, it is a best practice to configure a Horizon Event Database. This tracks most all events in Horizon from logging on and off to pool creation and deployment. It can be very helpful in troubleshooting issues or tracing back root causes. The Event Database is not required but is recommended.
- Click on Event Configuration.
- Click on Edit.
Configure Horizon Event Database Parameters
- For the Database Server box type: appvol-01\SQLEXPRESS.
- For the Database Name box type: HorizonEventsDB2.
- For the User Name type: admin
Configure Horizon Event Database Continued...
- In the Password box type: VMware1!
- In the Confirm Password box type: VMware1!
- In the Table prefix box type VI_
- Click Ok.
Confirm Horizon Events Database Added
The confirmation screen shows the Horizon Event Database is setup properly and functioning.
The Global Settings menu contains a General Settings tab with default settings for the Horizon environment, and also a Security Settings tab to set default security settings. Take a few moments to browse through and see what options are available within these tabs. These settings apply but can be overridden with settings defined at the pool level based on the use case. There are a couple of parameters we recommend changing from the default. First is the Forcibly Disconnect Users. This setting has a default of 600 minutes or 10 hours before it will automatically disconnect end users. This can cause issues for use cases like kiosks and monitoring. We suggest setting to a much higher interval and adjusting at the pool level if deemed necessary. This can avoid and surprise disconnects and or unplanned lost data complaints from end users. The second one is the Horizon View Administrator Session Timeout. The default View Administrator time out is set for 30 minutes. Once 30 minutes have passed you will be required to re-authenticate to the View Administrator Console. This can cause frustration when performing complex administrative tasks, or waiting for a task to complete and a timeout occurs. To avoid this scenario configure the Horizon View Administrator Session Timeout interval to a level you you feel comfortable with.
Note: In production when using a load balancer, the Horizon View Administrator Session Timeout setting will not apply. VMware's best practices state you should not use a load balanced VIP when you administer a Horizon environment but to go directly to a Connection Server by name. Making a direct connection to the Connection Server and by-passing the load balancer will ensure the timeout interval set applies.
- Click Global Settings.
- Click Edit.
Edit View Administrator Session Timeout
Browse around all the settings in this menu to get acquainted with them.
- Change View Administrator Session Timeout from 30 to 300 minutes (5 hours) if desired.
- Change the Forcibly Disconnect Users: from Minutes in the dropdown to Never.
- Click OK.
Horizon Client Download from the Connection Server
Once the Horizon Connection Server is installed, if you open a web browser to the Connection Server URL https://horizon-03.corp.local you will see this screen appear. There are two options for gaining access to the Horizon environment. Option one on the left Install VMware Horizon Client, re-directs your web browser over the internet to the VMware website allowing you to choose and download the appropriate Horizon Client Installer bits. The second option VMware Horizon HTML Access will allow you to connect to Horizon desktop pools and published applications using only a web browser, no installation or plug-ins required. The installed Horizon Client offers better perfromance and features than the HTML5 web client. Allowing end users to go to the internet and choose which client to download and install can cause confusion and frustration. The questions about which client to download which version etc can become overwhelming to some end users. To avoid this confusion and frustration Horizon administrators can download the desired version of the client and store it on the Horizon Connection Server for end user download. This next session will show how to modify the Horizon Connection Server to use the local repository for client downloads instead. This can also be helpful in highly secure air-gapped environments, or places where internet access is less that optimal.
Open a New Chrome Tab to the Connection Server
- In the browser bar type https://horizon-03.corp.local and press enter
Choose Install VMware Horizon Client
- Click on the Install VMware Horizon Client button.
MyVMware Download Portal
The pre-configured link will take you to the myvmware.com client download page. This is where the Horizon Client can be downloaded for end user install. Should internet access be a challenge, the connection would fail and you would need another method to obtain the Horizon Client. At this time we will not download or install the Horizon Client. The purpose of this step is to show what to expect when downloading the Horizon Client from the internet.
Open an RDP Session to Horizon-03
On the desktop click on the Horizon-03.rdp shortcut
Open a Windows Explorer Session
From within the RDP Session to Horizon-03, click on the Folder icon in the taskbar to open a Windows Explorer session.
Navigate to C:\Tools\VMware-Horizon-Client-5.x
- Navigate to This PC-> Local Disk (C:)->Tools
- Right Click on VMware-Horizon-Client-5.x...
- Click Copy.
Create Downloads Folder
- Navigate to This PC-> Local Disk (C:)->Program Files->VMware->VMware View->Server->broker->webapps
- Right Click in white space inside the webapps folder New-> Folder
Name the Folder Downloads
- Name the folder downloads.
Paste The Horizon Client Installer into the Downloads Folder
- Right Click on the downloads folder.
- Click Paste to copy the Horizon Client into the downloads folder
- Close the Explorer window.
You should see a copy of the Horizon-Client being made to the downloads folder.
Open Notepad as Administrator
- Right Click on the Notepad icon in the Task Bar.
- Right Click on Notepad again.
- Left Click Run as Administrator.
Open Portal Access File for Editing
- From the Administrator Notepad session Click File.
- Click Open.
- Choose All Files (*.*) on the drop down menu.
Navigate to Portal-Links File
- In the Open Path Browse to This PC ->Local Disk (C:) ->ProgramData->VMware->VDM->portal.
- Click on the portal-links-html-access.properties file.
- Click Open to Open the file.
Modify the Portal-Links File Content
- We will be modifying this line link.win64=https://www.vmware.com/go/viewclients#win64
As you can see you are able to edit this file and control where different operating systems and platforms obtain the Horizon client from. This ensures end users are obtaining the correct version of the Horizon Client for their device. We will only be modifying the 64-bit Windows Client for this lab.
Modify Portal-Links File Continued...
- Modify the link.win64 line as shown to read link.win64=downloads/VMware-Horizon-Client-5.1.0-14045148.exe
- Click Save to save the new configuration file.
- Close out Notepad session click the X.
Restart Horizon Web Component Service
- Right Click on the Windows Start Menu
- Click on Run.
Restart Horizon Web Component Continued...
- Type services.msc in the Open box.
- Click OK.
Restart Horizon Web Component Continued...
- Scroll down until you find the VMware Horizon View Web Component and Right Click on it.
Stop The Horizon Web Component
- On the right click menu, Click the option Stop to stop the VMware Horizon View Web Component Service.
- Wait for the Service Control to change from running to blank as shown. (This means the service has stopped) This may timeout due to limited resources in a lab, refresh the services panel and click Stop again if needed.
Start The Horizon Web Component Service
- Right Click on the VMware Horizon View Web Component Service Click Start to start the service.
- Wait for the Service Control on VMware Horizon View Web Component Service to change from blank to Running as shown. The restarting of the service to running could also time out due to limited lab resources. Please wait a little longer if it times out and then click Start again.
Launch Google Chrome
Click on the Google Chrome desktop shortcut to Launch a Chrome session.
Open Session to Horizon-03
- In the navigation bar type https://horizon-03.corp.local press enter. Sometimes you may have to wait 2 minutes or more for the web services to fully come up and become available. This is due to the restart of the Horizon Web Services Services you performed in the previous steps. It will function once the service completes its startup processes.
Install VMware Client
- Click on Install VMware Horizon Client.
Verify Automatic Download of Horizon Client
- Verify the VMware-Horizon Client automatically downloaded to the desktop as shown in the bar at the bottom of the screen. The Horizon Client is already installed so it's not necessary to run the installer.
Connect to Horizon-03 Management Console Session
- In the address bar type https://horizon-03.corp.local/newadmin
Logon to Horizon Manager
- Username: administrator
- Password: VMware1!
- Click Sign In.
Cloud Pod Architecture
- In Horizon Manager, scroll down to Settings.
- Click Cloud Pod Architecture.
- Click Initialize the Cloud Pod Architecture Feature.
Initialize Cloud Pod Architecture
- Click OK on the Initialize Cloud Pod Architecture Confirmation.
Initialize Cloud Pod Status
- Verify correct server name Horizon-03.
- Watch the Initialize percentage making progress (it takes a little while to move)
- Watch status Disabled until Initialization is completed.
The screen should refresh to Cloud Pod Architecture.
Cloud Pod Architecture Ready Screen
The purpose of having this section on how to initialize Cloud Pod Architecture is to show lab participants that enabling it in a properly configured environment is quite simple and non-disruptive. There are benefits to initializing Cloud Pod Architecture even if you only have a single site with multiple pods. Entitling at the Global entitlement assures that end users see a consistent name when they logon to Horizon regardless of where the desktop is actually being served from (on premises, on premises additional pod, alternate site, or even cloud-based desktop pools can all back the Global Entitlement construct.
Using Cloud Pod within a site can facilitate and simplify active/active clusters with stateless desktops. If you have Pod A and Pod B within your datacenter and want to perform an upgrade of Pod A you can disable the Pools in Pod A backing the Cloud Pod Global Entitlement while desktop pools in Pod B continue to service end users. Once the last user logs off and Pod A is empty you can perform maintenance, upgrades, patching etc while users are all still running in Pod B. Once the maintenance is completed in Pod A, you can re-enable the Pod A Pool back to the CPA Global Entitlement and disable the Pool from Pod B. As users logoff and log back in they will be getting their desktops from Pod A. Once Pod B is emptied out, maintenance and upgrades can be performed. When the maintenance or upgrade is completed, the Pool in Pod B can be re-enabled and start providing desktops in an Active/Active clustered scenario. This setting can provide an impression of almost zero down time to end users.
Note: In properly configured environments, desktops can be served from either on premises pods, alternate site on premises pods, or from Cloud desktops in Azure, VMC on AWS, or IBM. This configuration can provide a consistent desktop experience and DR plan for end users. When building out a Horizon environment, starting out entitling at the Cloud Pod Architecture instead of directly at the pool level can provide you with additional flexibility in the future for DR, expansion, and maintenance.