Documente Academic
Documente Profesional
Documente Cultură
This presentation may contain product features that are currently under development.
This overview of new technology represents no commitment from VMware to deliver these
features in any generally available product.
Features are subject to change, and must not be included in contracts, purchase orders, or
sales agreements of any kind.
Technical feasibility and market demand will affect final delivery.
Pricing and packaging for any new technologies or features discussed or presented have not
been determined.
CONFIDENTIAL 2
Speaker Introduction
Who
Graeme Gordon (Senior EUC Architect,
EUC BU, @graemengordon
Why
Horizon 7 introduces lots of key new
technologies. Learn about the technical
detail on the main new features, why they
are relevant and implementation
considerations.
CONFIDENTIAL 3
Session Agenda
1 Instant Clones
2 Smart Policies
3 Blast Extreme
5 Questions
CONFIDENTIAL 4
Instant Clones
Just in Time Desktops
Trade-offs Between Virtual Desktop Types Today
Persistent Non-Persistent
Full VMs / Persistent Linked Clones View Composer Linked Clones
Pros: Pros:
Best user experience Simplified, consistent management
Efficient resource usage
Cons:
- Difficult to manage Cons:
- Potentially inefficient resource usage - Provision and patching time-consuming
- Tradeoffs in user experience
CONFIDENTIAL 6
Evolution: Just-in-Time Desktops
Windows
Windows Windows
CONFIDENTIAL 7
Instant Clones - Overview
Leverages vmFork in vSphere 6.0u1 and above
Running Parent VM is quiesced and forked
Clones customized
Clones share disk and memory of Parent VM for reads
Disk space and memory efficiency
1 clone created per second on average
CONFIDENTIAL 8
Just-in-Time Desktop Features and Support in Horizon 7
CONFIDENTIAL 9
Instant Clones versus View Composer
Composer Instant Clones
Recompose, Refresh, Rebalance Delete and Create new clone
Clone level CBRC CBRC only for Replica
Composer Service No separate service
Composer database No database
Long provisioning maintenance windows New desktops provisioned in seconds after
2000 VMs 4 hours to provision* priming
2000 VMs 40 minutes to provision*
Provisioning operations very IO intensive
Far lower disk IO load for provisioning
High vCenter Calls Clone, multiple power
operations
and reconfigure
Fewer vCenter calls Clone and Power
CONFIDENTIAL 13
Requirements for Instant Clones
Infrastructure
Horizon 7 Broker
Horizon 7 Agent with Instant Clones
vSphere 6.0u1 or higher
Master VM
Virtual Hardware 11
VMXNET3
Windows 7 or Windows 10
On Portgroup with Static Binding (if using DVS)
Ephemeral Binding not supported
CONFIDENTIAL 14
Instant Clone Component Overview
Master VM Disk Linked Clone of Master
Template
Full clone of Template
One per Datastore
Replica
CONFIDENTIAL 15
Initial Pool CreationWalkthrough
1 Template created, powered on and cloned from Master VM
4 Reconfigure replica
8 Snapshot replica
10 Power on Parents
CONFIDENTIAL 16
ClonePrep
Domain Join
MS License Activation
CONFIDENTIAL 17
Desktop Types Revisited Just-in-Time
App Volumes & User Environment Manager
+ + +
Windows User 2
Data/Files Applications 1
User 1
Data/Files
User 2
Windows Windows
Non-Persistent Persistent
Desktops Desktops
CONFIDENTIAL 20
How It Works
Allows or disables desktop features.
Policies can be applied based on a set of conditions:
Users login or group membership
Whether the user is accessing the desktop from a remote
location
A general list of conditions such as any tags associated with
a desktop pool
Can define multiple policies.
Each policy is orderly evaluated and can independently
block or allow feature access.
Policies are re-evaluated each time the desktop is
connected or reconnected and the settings customized
based on the current conditions.
CONFIDENTIAL 21
Policy Settings
CONFIDENTIAL 22
Policy Settings
CONFIDENTIAL 23
Policy Settings
CONFIDENTIAL 24
Policy Settings
CONFIDENTIAL 25
Policy Settings
CONFIDENTIAL 26
Policy Settings
Bandwidth Profiles
CONFIDENTIAL 27
Visualization
Client Horizon Desktop/
RDSH
Session Connection
Refresh P Functionality:
Triggers o Client Drive
O Redirection
L o USB Redirection
I o ThinPrint
C o Clipboard
User Redirection
Session Y o Bandwidth Profiles
Environment Environment
Variables Manager FlexEngine Agent
Horizon Agent
CONFIDENTIAL 28
Horizon Condition Variables
The default Horizon Condition variables are:
HKLM\Software\VMware, Inc.\
Client Location VMware VDM\SessionData\n\
Launch Tag(s)
Pool name (only for Desktops)
CONFIDENTIAL 29
Session Environment Variables
CONFIDENTIAL 30
Triggered Task to Refresh Horizon Policies
CONFIDENTIAL 31
Blast Extreme
New Protocol
Blast Extreme
Overview
A new protocol option in Horizon 7
Feature and performance parity with PCoIP
PCoIP is NOT going away
Ability to leverage hardware based encode/decode
H.264 codec support
Most devices have H.264 hardware decode support
Hardware H.264 encode with NVIDIA GRID
Proprietary JPG/PNG codec support
Same as used in Blast Extreme HTML / Linux
Supports both TCP and UDP
TCP is default, UDP is optional
Native Horizon Client 4.x required
CONFIDENTIAL 34
Broad Client and Feature Support
Overview Supported Features
Blast supports HTML Access H.264 offload (Decode)
Blast Extreme requires Horizon Client 4.0 or later Windows Media MMR
Flash URL Multicast
Printer Redirection
Greatest flexibility for deployment and access Port Level USB Storage (RDSH)
CONFIDENTIAL 35
Blast Extreme: Encoding & Decoding Technologies
CONFIDENTIAL 36
What is H.264?
Overview
MPEG-4 Part 10, Advanced Video Coding
Video Coding Format
One of the video encoding standards for Blue Ray
Supports lossy compression
Standards based
https://en.wikipedia.org/wiki/H.264/MPEG-4_AVC
CONFIDENTIAL 37
H.264 Codec Overview
H.264 standards based codec
Ability to leverage hardware based encode on GPU
Lossy Compression with high compression ratios
Supports both TCP and UDP
Leverage client side H.264 hardware decode
Benefit
Better for bandwidth challenged environments
AES for lower impact network security
Enable low cost PCs to deliver great user experience
Lower CPU utilization by offloading decode
Better for delivering video
Windows Media offload today for VDI and RDSH
Leverage H.264 transcode for other media formats
CONFIDENTIAL 38
Blast Extreme: NVIDIA GRID Optimized
Overview
Guest OS Guest OS
Blast Extreme delivers exceptional 3D graphics user experience
NVIDIA NVIDIA even on lower cost PCs
Driver Driver
Supports NVIDIA GRID K1, K2, M6 and M60 graphics cards
VM VM Leverage H.264 encoder option on NVIDIA GRID GPUs to lower
CPU consumption and increase scalability.
vGPU vGPU
Benefit
HYPERVISOR vGPU Manager Better frame rate
Higher server scalability
Server Reduced latency
Better bandwidth optimization
CPU GRID Deliver up to 4K resolution displays for workstation environments.
CONFIDENTIAL 39
JPG/PNG Codec
Overview
Proprietary codec, same as HTML Access / Linux
Default codec for Multi-Monitor Support
Default codec for Linux VDI
Supports both TCP and UDP
Benefit
Can be tuned with Group Policy
Lossless compression support
Better for static content delivery
CONFIDENTIAL 40
Adaptation Network Adaptation
TCP is initial default connection
Tries to connect via UDP if enabled
Automatically falls back to TCP if unable to connect on UDP
Codec Adaptation
Use hardware encode with NVIDIA GRID if available
Use software H.264 if client can decode H.264
Use JPG/PNG if client cant decode H.264
Multi-Monitor will default to JPG/PNG
Protocol Adaptation
If a pool is forced to Blast Extreme
Zero client will connect with PCoIP
Pre 4.x Horizon clients will connect with PCoIP/RDP
CONFIDENTIAL 41
Codec Options
Linux VDI Single Display Windows, MacOS, Linux, ioS, Android, Default: JPG/PNG
Chrome
CONFIDENTIAL 42
Networking
Overview
Blast Extreme supports both TCP and UDP
User can choose transport protocol from Client
Defaults to TCP, UDP is optional
UDP disabled on agent by default - enabled via GPO
External Ports 443 (HTTPS) and 8443 (TCP/UDP)
Blast port sharing on 443 (TCP) with Access Point 2.5
Remote experience traffic on VMware Virtual Channel
USB Redirection on TCP Side Channel
MMR/CDR on TCP Side Channel by default
MMR/CDR can be configured to run on VVC
CONFIDENTIAL 43
Other New Platform Features
Horizon 7 introduced many more new features
here are some highlights.
TrueSSO: Access & Authentication
Overview
Certificate User access to Horizon resources through VMware Identity
AD Authority Manager
Single sign-on using a variety of credential options.
Enrollment
Server Once authenticated, users can select any Windows desktop or
application without needing to present AD or Smartcard
credentials.
Connection
Server Uses SAML to connect the Identity Providers (IdP)
Identity
Manager
authentication with the users UPN for access to AD credentials.
Appliance VM /
RDSH True SSO generates a unique, short-lived certificate to manage
the Windows logon process.
Benefits
Separates Authentication from Access
Client
Enhanced security
Device
Supports a wide range of authentication methods
CONFIDENTIAL 46
Cloud Pod Architecture
Scale and Failover Improvements
Overview
Increased scale, allows federation of up to:
25 Horizon Pods
5 sites
50 View Connection servers
50,000 sessions
50K for desktop sessions
20K for RDSH Desktops & App sessions
Benefits
CPU load on agent side reduced.
Network bandwidth reduction.
Smoother video playback
CONFIDENTIAL 48
Client
URL Content Redirection Machine
Horizon
Overview Client
Supports URL schemas such as HTTP, HTTPs, Callto, Mailto Horizon Client
Benefits
Enhanced security RDSH Desktop / App 2
E.g. Open certain content in a secure Published App
Horizon Agent
Reduce impact on datacenter resources.
Offload unwanted content to the client
CONFIDENTIAL 49
Horizon 7 Upgrade Enhancements
Horizon 6.2 Horizon 7
CONFIDENTIAL 50
RDSH Licensing Improvements
New Options
CONFIDENTIAL 51
Enhanced Pool Deletion Protection
Overview
Default behavior:
Pool will be deleted along with all VMs in it.
Enhanced Protection:
Implementing this flag adds an extra layer of
protection.
Attribute = cs-disableNonEmptyPoolDelete
"cn=common,ou=global,ou=properties in "pae-
NameValuePair
You are not able delete a pool without going
through a workflow:
Disable Provisioning on the pool
Delete all VMs within the pool
Pool Deletion will only now be possible
CONFIDENTIAL 52
Enhanced SAML Integration
Feature
Enable Connection Servers to accept multiple
SAML Identity Providers
Enable 3rd Party solutions such as F5 to take
advantage of these new capabilities
Support for Static or Dynamic SAML metadata
Benefit
3rd Party integration with Connection Server
using SAML (IdP)
Separate Authentication from Access SAML
Flexible approach to Authentication
CONFIDENTIAL 53
Resources for Reference (vmLive Recordings and Presentations)
Horizon 7 Platform / Integration + Access Point Link
CONFIDENTIAL 55
We value your
feedback.
Please take the brief
survey
CONFIDENTIAL 56
CONFIDENTIAL
57
vmware.com/go/SalesBriefcase
CONFIDENTIAL 59
VMware End-User Computing Training
Courses More Training Options
VMware Horizon 7: Install, Configure, Manage [V7.0] On Demand Courses
Classroom and Live Online coming soon Self-paced learning
VMware App Volumes: Application and User Profile Meets certification requirements
Management [V2.X] VMware Learning Zone
Classroom, Live Online and Onsite
Cloud-based learning
AirWatch Supplements traditional training
AirWatch Enterprise Mobility: Configure and Manage
AirWatch Enterprise Mobility: Configure and Deploy
Integrated Solutions
AirWatch Enterprise Mobility: Install and Deploy
Desktop and Mobility Certifications
On Premise Solutions
Learn the requirements and more
Benefits
Enhanced security
URL
E.g. Open certain content in a secure Published App
Reduce impact on datacenter resources.
Offload unwanted content to the client
CONFIDENTIAL 62
HTTP, HTTPS Redirection From VDI To RDSH
VDI Desktop 1 RDSH Desktop / App 2
Client Machine
Horizon Agent Horizon Agent
Horizon Client
Horizon Client
CONFIDENTIAL 66
Installation
Install Horizon Agent and Client from command line with the option
/v URL_FILTERING_ENABLED=1
e.g. VMware-viewagent-x86_64-xxx.exe /v URL_FILTERING_ENABLED=1
On the Client to redirect from the Client Agent
On the Agent to redirect from the Agent Client
If both the client and agent are installed on the same machine
Both cannot have the feature enabled.
First one wins.
Benefits
CPU load on agent side reduced.
Network bandwidth reduction.
Smoother video playback
CONFIDENTIAL 70
Flash Redirection Requirements
CONFIDENTIAL 71
Configuration
1. Configure Horizon Agent (desktop)
By default the Agent install does
Install Horizon Agent 7.0 or later not enable Flash redirection
Select the option for Flash Redirection
Install Internet Explorer 9, 10, or 11.
Install Flash Player ActiveX version (if not IE11)
Enable add-on
In Internet Explorer, select Tools > Manage add-ons from the menu bar
Verify that VMware View FlashMMR Server add-on is listed and enabled.
2. Configure Client
Install Horizon Client 4.0 or later.
Install Internet Explorer 9, 10, or 11.
Install Flash Player ActiveX version (if not IE 11).
CONFIDENTIAL 72
Computer Configuration
Use View Agent Configuration GPO Template - vdm_agent.adm
Computer Configuration > Policies > Administrative Templates > Classic Administrative
Templates > VMware View Agent Configuration > VMware FlashMMR
CONFIDENTIAL 75
Internet Explorer Configuration
Whitelist sites need to be added to Internet Explorer's:
Internet Options\ Security\ Trusted Sites\
Compatibility View Setting