VMware Horizon 7.3 Installation Manual
View Installation
Modified for Horizon 7 7.3.2
VMware Horizon 7 7.3
View Installation
You can find the most up-to-date technical documentation on the VMware website at:
https://docs.vmware.com/
If you have comments about this documentation, submit your feedback to
docfeedback@vmware.com
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
Copyright © 2011–2017 VMware, Inc. All rights reserved. Copyright and trademark information.
VMware, Inc. 2
Contents
View Installation 6
System Requirements for Server Components 7
1
Horizon Connection Server Requirements 7
View Administrator Requirements 9
View Composer Requirements 10
System Requirements for Guest Operating Systems 13
2
Supported Operating Systems for Horizon Agent 13
Supported Operating Systems for Standalone Horizon Persona Management 14
Remote Display Protocol and Software Support 14
Installing Horizon 7 in an IPv6 Environment 21
3
Setting Up Horizon 7 in an IPv6 Environment 21
Supported vSphere, Database, and Active Directory Versions in an IPv6 Environment 22
Supported Operating Systems for Horizon 7 Servers in an IPv6 Environment 23
Supported Windows Operating Systems for Desktops and RDS Hosts in an IPv6 Environment 23
Supported Clients in an IPv6 Environment 23
Supported Remoting Protocols in an IPv6 Environment 24
Supported Authentication Types in an IPv6 Environment 24
Other Supported Features in an IPv6 Environment 24
Installing Horizon 7 in FIPS Mode 27
4
Overview of Setting Up Horizon 7 in FIPS Mode 27
System Requirements for FIPS Mode 28
Preparing Active Directory 29
5
Configuring Domains and Trust Relationships 30
Creating an OU for Remote Desktops 31
Creating OUs and Groups for Kiosk Mode Client Accounts 31
Creating Groups for Users 32
Creating a User Account for vCenter Server 32
Creating a User Account for a Standalone View Composer Server 32
Create a User Account for View Composer AD Operations 33
Create a User Account for Instant-Clone Operations 34
Configure the Restricted Groups Policy 34
Using Horizon 7 Group Policy Administrative Template Files 35
Prepare Active Directory for Smart Card Authentication 36
VMware, Inc.
3
View Installation
Disable Weak Ciphers in SSL/TLS 39
Installing View Composer 41
6
Prepare a View Composer Database 41
Configuring an SSL Certificate for View Composer 50
Install the View Composer Service 50
Enable TLSv1.0 on vCenter and ESXi Connections from View Composer 53
Configuring Your Infrastructure for View Composer 54
Installing Horizon Connection Server 55
7
Installing the Horizon Connection Server Software 55
Installation Prerequisites for Horizon Connection Server 56
Install Horizon Connection Server with a New Configuration 57
Install a Replicated Instance of Horizon Connection Server 65
Configure a Security Server Pairing Password 72
Install a Security Server 73
Firewall Rules for Horizon Connection Server 81
Reinstall Horizon Connection Server with a Backup Configuration 83
Microsoft Windows Installer Command-Line Options 85
Uninstalling Horizon 7 Components Silently by Using MSI Command-Line Options 87
Configuring SSL Certificates for Horizon 7 Servers 89
8
Understanding SSL Certificates for Horizon 7 Servers 89
Overview of Tasks for Setting Up SSL Certificates 91
Obtaining a Signed SSL Certificate from a CA 92
Configure Horizon Connection Server, Security Server, or View Composer to Use a New SSL
Certificate 94
Configure Client Endpoints to Trust Root and Intermediate Certificates 100
Configuring Certificate Revocation Checking on Server Certificates 103
Configure the PCoIP Secure Gateway to Use a New SSL Certificate 104
Setting Horizon Administrator to Trust a vCenter Server or View Composer Certificate 109
Benefits of Using SSL Certificates Signed by a CA 109
Troubleshooting Certificate Issues on Horizon Connection Server and Security Server 110
Configuring Horizon 7 for the First Time 111
9
Configuring User Accounts for vCenter Server, View Composer, and Instant Clones 111
Configuring Horizon Connection Server for the First Time 116
Configuring Horizon Client Connections 129
Replacing Default Ports for Horizon 7 Services 138
Sizing Windows Server Settings to Support Your Deployment 144
VMware, Inc. 4
View Installation
Configuring Event Reporting 147
10
Add a Database and Database User for Horizon 7 Events 147
Prepare an SQL Server Database for Event Reporting 148
Configure the Event Database 149
Configure Event Logging for Syslog Servers 150
VMware, Inc. 5
View Installation
View Installation explains how to install the VMware Horizon® 7 server and client components.
Intended Audience
This information is intended for anyone who wants to install VMware Horizon 7. The information is written
for experienced Windows or Linux system administrators who are familiar with virtual machine technology
and datacenter operations.
VMware, Inc. 6
System Requirements for Server
Components 1
Hosts that run Horizon 7 server components must meet specific hardware and software requirements.
This section includes the following topics:
n
Horizon Connection Server Requirements
n
View Administrator Requirements
n
View Composer Requirements
Horizon Connection Server Requirements
Horizon Connection Server acts as a broker for client connections by authenticating and then directing
incoming user requests to the appropriate remote desktops and applications. Horizon Connection Server
has specific hardware, operating system, installation, and supporting software requirements.
n
Hardware Requirements for Horizon Connection Server
You must install all Horizon Connection Server installation types, including standard, replica, security
server, and enrollment server installations, on a dedicated physical or virtual machine that meets
specific hardware requirements.
n
Supported Operating Systems for Horizon Connection Server
You must install Horizon Connection Server on a supported Windows Server operating system.
n
Virtualization Software Requirements for Horizon Connection Server
Horizon Connection Server requires certain versions of VMware virtualization software.
n
Network Requirements for Replicated Horizon Connection Server Instances
When installing replicated Horizon Connection Server instances, you must usually configure the
instances in the same physical location and connect them over a high-performance LAN. Otherwise,
latency issues could cause the View LDAP configurations on Horizon Connection Server instances
to become inconsistent. A user could be denied access when connecting to a Horizon Connection
Server instance with an out-of-date configuration.
VMware, Inc.
7
View Installation
Hardware Requirements for Horizon Connection Server
You must install all Horizon Connection Server installation types, including standard, replica, security
server, and enrollment server installations, on a dedicated physical or virtual machine that meets specific
hardware requirements.
Table 1‑1. Horizon Connection Server Hardware Requirements
Hardware Component Required Recommended
Processor Pentium IV 2.0GHz processor or
higher
Network Adapter 100Mpbs NIC 1Gbps NICs
Memory
Windows Server 2008 R2 64-bit
Memory
Windows Server 2012 R2 64-bit
4GB RAM or higher At least 10GB RAM for deployments of 50 or more
4GB RAM or higher At least 10GB RAM for deployments of 50 or more
4 CPUs
remote desktops
remote desktops
These requirements also apply to replica and security server Horizon Connection Server instances that
you install for high availability or external access.
Important The physical or virtual machine that hosts Horizon Connection Server must have an IP
address that does not change. In an IPv4 environment, configure a static IP address. In an IPv6
environment, machines automatically get IP addresses that do not change.
Supported Operating Systems for Horizon Connection Server
You must install Horizon Connection Server on a supported Windows Server operating system.
The following operating systems support all Horizon Connection Server installation types, including
standard, replica, and security server installations.
Table 1‑2. Operating System Support for Horizon Connection Server
Operating System Version Edition
Windows Server 2008 R2 SP1 64-bit Standard
Enterprise
Datacenter
Windows Server 2012 R2 64-bit Standard
Datacenter
Windows Server 2016 64-bit Standard
Datacenter
Note Windows Server 2008 R2 with no service pack is no longer supported.
VMware, Inc. 8
View Installation
Virtualization Software Requirements for Horizon Connection Server
Horizon Connection Server requires certain versions of VMware virtualization software.
If you are using vSphere, you must use a supported version of vSphere ESX/ESXi hosts and vCenter
Server.
For details about which versions of Horizon are compatible with which versions of vCenter Server and
ESXi, see the VMware Product Interoperability Matrix at
http://www.vmware.com/resources/compatibility/sim/interop_matrix.php.
Network Requirements for Replicated Horizon Connection Server Instances
When installing replicated Horizon Connection Server instances, you must usually configure the instances
in the same physical location and connect them over a high-performance LAN. Otherwise, latency issues
could cause the View LDAP configurations on Horizon Connection Server instances to become
inconsistent. A user could be denied access when connecting to a Horizon Connection Server instance
with an out-of-date configuration.
Important To use a group of replicated Connection Server instances across a WAN, MAN (metropolitan
area network), or other non-LAN, in scenarios where a Horizon deployment needs to span datacenters,
you must use the Cloud Pod Architecture feature. You can link together 25 pods to provide a single large
desktop brokering and management environment for five geographically distant sites and provide
desktops and applications for up to 50,000 sessions. For more information, see the Administering Cloud
Pod Architecture in Horizon 7 document.
View Administrator Requirements
Administrators use View Administrator to configure View Connection Server, deploy and manage remote
desktops and applications, control user authentication, initiate and examine system events, and carry out
analytical activities. Client systems that run View Administrator must meet certain requirements.
View Administrator is a Web-based application that is installed when you install View Connection Server.
You can access and use View Administrator with the following Web browsers:
n
Internet Explorer 9 (not recommended)
n
Internet Explorer 10
n
Internet Explorer 11
n
Firefox (latest supported versions)
n
Chrome (latest supported versions)
n
Safari 6 and later releases
n
Microsoft Edge (Windows 10)
VMware, Inc. 9
View Installation
To use View Administrator with your Web browser, you must install Adobe Flash Player 10.1 or later. Your
client system must have access to the Internet to allow Adobe Flash Player to be installed.
The computer on which you launch View Administrator must trust the root and intermediate certificates of
the server that hosts View Connection Server. The supported browsers already contain certificates for all
of the well-known certificate authorities (CAs). If your certificates come from a CA that is not well known,
you must follow the instructions in Configure Client Endpoints to Trust Root and Intermediate Certificates.
To display text properly, View Administrator requires Microsoft-specific fonts. If your Web browser runs on
a non-Windows operating system such as Linux, UNIX, or Mac, make sure that Microsoft-specific fonts
are installed on your computer.
Currently, the Microsoft Web site does not distribute Microsoft fonts, but you can download them from
independent Web sites.
View Composer Requirements
With View Composer, you can deploy multiple linked-clone desktops from a single centralized base
image. View Composer has specific installation and storage requirements.
n
Supported Operating Systems for View Composer
View Composer supports 64-bit operating systems with specific requirements and limitations. You
can install View Composer on the same physical or virtual machine as vCenter Server or on a
separate server.
n
Hardware Requirements for Standalone View Composer
If you install View Composer on a different physical or virtual machine from the one used for
vCenter Server, you must use a dedicated machine that meets specific hardware requirements.
n
Database Requirements for View Composer and the Events Database
View Composer requires an SQL database to store data. The View Composer database must reside
on, or be available to, the View Composer server host. You can optionally set up an Events
database to record information from View Connection Server about View events.
VMware, Inc. 10
View Installation
Supported Operating Systems for View Composer
View Composer supports 64-bit operating systems with specific requirements and limitations. You can
install View Composer on the same physical or virtual machine as vCenter Server or on a separate
server.
Table 1‑3. Operating System Support for View Composer
Operating System Version Edition
Windows Server 2008 R2 SP1 64-bit Standard
Enterprise
Datacenter
Windows Server 2012 R2 64-bit Standard
Datacenter
Windows Server 2016 64-bit Standard
Datacenter
Note Windows Server 2008 R2 with no service pack is no longer supported.
If you plan to install View Composer on a different physical or virtual machine than vCenter Server, see
Hardware Requirements for Standalone View Composer.
Hardware Requirements for Standalone View Composer
If you install View Composer on a different physical or virtual machine from the one used for
vCenter Server, you must use a dedicated machine that meets specific hardware requirements.
A standalone View Composer installation works with vCenter Server installed on a separate Windows
Server machine or with the Linux-based vCenter Server appliance. VMware recommends having a one-
to-one mapping between each View Composer service and vCenter Server instance.
Table 1‑4. View Composer Hardware Requirements
Hardware Component Required Recommended
Processor 1.4 GHz or faster Intel 64 or AMD
64 processor with 2 CPUs
Networking One or more 10/100Mbps network
interface cards (NICs)
Memory 4GB RAM or higher 8GB RAM or higher for deployments of 50 or more
2GHz or faster and 4 CPUs
1Gbps NICs
remote desktops
Disk space 40GB 60GB
Important The physical or virtual machine that hosts View Composer must have an IP address that
does not change. In an IPv4 environment, configure a static IP address. In an IPv6 environment,
machines automatically get IP addresses that do not change.
VMware, Inc. 11
View Installation
Database Requirements for View Composer and the Events Database
View Composer requires an SQL database to store data. The View Composer database must reside on,
or be available to, the View Composer server host. You can optionally set up an Events database to
record information from View Connection Server about View events.
If a database server instance already exists for vCenter Server, View Composer can use that existing
instance if it is a version listed in the VMware Product Interoperability Matrixes at
http://www.vmware.com/resources/compatibility/sim/interop_matrix.php. If a database server instance
does not already exist, you must install one.
View Composer supports a subset of the database servers that vCenter Server supports. If you are
already using vCenter Server with a database server that is not supported by View Composer, continue to
use that database server for vCenter Server and install a separate database server to use for View
Composer.
Important If you create the View Composer database on the same SQL Server instance as
vCenter Server, do not overwrite the vCenter Server database.
For the most up-to-date information about supported databases, see the VMware Product Interoperability
Matrixes at http://www.vmware.com/resources/compatibility/sim/interop_matrix.php. For
Solution/Database Interoperability, after you select the product and version, for the Add Database step,
to see a list of all supported databases, select Any and click Add.
VMware, Inc. 12
System Requirements for Guest
Operating Systems 2
Systems running Horizon Agent or Standalone View Persona Management must meet certain hardware
and software requirements.
This section includes the following topics:
n
Supported Operating Systems for Horizon Agent
n
Supported Operating Systems for Standalone Horizon Persona Management
n
Remote Display Protocol and Software Support
Supported Operating Systems for Horizon Agent
The Horizon Agent component (called View Agent in previous releases) assists with session
management, single sign-on, device redirection, and other features. You must install Horizon Agent on all
virtual machines, physical systems, and RDS hosts.
The types and editions of the supported guest operating system depend on the Windows version. For
updates to the list of supported Windows 10 operating systems, see the VMware Knowledge Base (KB)
article http://kb.vmware.com/kb/2149393. For Windows operating systems other than Windows 10, see
the VMware Knowledge Base (KB) article http://kb.vmware.com/kb/2150295.
To see a list of specific remote experience features supported on Windows operating systems where
Horizon Agent is installed, see the VMware Knowledge Base (KB) article
http://kb.vmware.com/kb/2150305.
To use the Horizon Persona Management setup option with Horizon Agent, you must install Horizon
Agent on Windows 10, Windows 8, Windows 8.1, Windows 7, Windows Server 2012 R2, Windows Server
2008 R2, or Windows Server 2016 virtual machines. This option does not operate on physical computers
or RDS hosts.
You can install the standalone version of Horizon Persona Management on physical computers. See
Supported Operating Systems for Standalone Horizon Persona Management.
Note To use the VMware Blast display protocol, you must install Horizon Agent on a single-session
virtual machine or on an RDS host. The RDS host can be a physical machine or a virtual machine. The
VMware Blast display protocol does not operate on a single-user physical computer.
VMware, Inc.
13
View Installation
For enhanced security, VMware recommends configuring cipher suites to remove known vulnerabilities.
For instructions on how to set up a domain policy on cipher suites for Windows machines that run View
Composer or Horizon Agent, see Disable Weak Ciphers in SSL/TLS.
Supported Operating Systems for Standalone Horizon Persona Management
The standalone Horizon Persona Management software provides persona management for standalone
physical computers and virtual machines that do not have Horizon Agent installed. When users log in,
their profiles are downloaded dynamically from a remote profile repository to their standalone systems.
Note To configure Persona Management for Horizon desktops, install Horizon Agent with the Persona
Management setup option. The standalone Persona Management software is intended for non-Horizon
systems only.
To see a list of operating systems supported for the standalone Horizon Persona Management software,
see the VMware Knowledge Base (KB) article http://kb.vmware.com/kb/2150295.
The standalone Persona Management software is not supported on Microsoft Remote Desktop Services.
Remote Display Protocol and Software Support
Remote display protocols and software provide access to remote desktops and applications. The remote
display protocol used depends on the type of client device, whether you are connecting to a remote
desktop or a remote application, and how the administrator configures the desktop or application pool.
n
PCoIP
PCoIP (PC over IP) provides an optimized desktop experience for the delivery of a remote
application or an entire remote desktop environment, including applications, images, audio, and
video content for a wide range of users on the LAN or across the WAN. PCoIP can compensate for
an increase in latency or a reduction in bandwidth, to ensure that end users can remain productive
regardless of network conditions.
n
Microsoft RDP
Remote Desktop Protocol is the same multichannel protocol many people already use to access
their work computer from their home computer. Microsoft Remote Desktop Connection (RDC) uses
RDP to transmit data.
n
VMware Blast Extreme
Optimized for the mobile cloud, VMware Blast Extreme supports the broadest range of client devices
that are H.264 capable. Of the display protocols, VMware Blast offers the lowest CPU consumption
for longer battery life on mobile devices. VMware Blast Extreme can compensate for an increase in
latency or a reduction in bandwidth and can leverage both TCP and UDP network transports.
VMware, Inc. 14
View Installation
PCoIP
PCoIP (PC over IP) provides an optimized desktop experience for the delivery of a remote application or
an entire remote desktop environment, including applications, images, audio, and video content for a wide
range of users on the LAN or across the WAN. PCoIP can compensate for an increase in latency or a
reduction in bandwidth, to ensure that end users can remain productive regardless of network conditions.
The PCoIP display protocol can be used for remote applications and for remote desktops that use virtual
machines, physical machines that contain Teradici host cards, or shared session desktops on an RDS
host.
PCoIP Features
Key features of PCoIP include the following:
n
Users outside the corporate firewall can use this protocol with your company's virtual private network
(VPN), or users can make secure, encrypted connections to a security server or Access Point
appliance in the corporate DMZ.
n
Advanced Encryption Standard (AES) 128-bit encryption is supported and is turned on by default. You
can, however, change the encryption key cipher to AES-256.
n
Connections to Windows desktops with the Horizon Agent operating system versions listed in
Supported Operating Systems for Horizon Agent are supported.
n
Connections from all types of client devices.
n
Optimization controls for reducing bandwidth usage on the LAN and WAN.
n
32-bit color is supported for virtual displays.
n
ClearType fonts are supported.
n
Audio redirection with dynamic audio quality adjustment for LAN and WAN.
n
Real-Time Audio-Video for using webcams and microphones on some client types.
n
Copy and paste of text and, on some clients, images between the client operating system and a
remote application or desktop. For other client types, only copy and paste of plain text is supported.
You cannot copy and paste system objects such as folders and files between systems.
n
Multiple monitors are supported for some client types. On some clients, you can use up to 4 monitors
with a resolution of up to 2560 x 1600 per display or up to 3 monitors with a resolution of 4K (3840 x
2160) for Windows 7 remote desktops with Aero disabled. Pivot display and autofit are also
supported.
When the 3D feature is enabled, up to 2 monitors are supported with a resolution of up to 1920 x
1200, or one monitor with a resolution of 4K (3840 x 2160).
n
USB redirection is supported for some client types.
n
MMR redirection is supported for some Windows client operating systems and some remote desktop
operating systems (with Horizon Agent installed).
VMware, Inc. 15
View Installation
For information about which desktop operating systems support specific PCoIP features, see "Feature
Support Matrix for Horizon Agent" in the View Architecture Planning document.
For information about which client devices support specific PCoIP features, go to
https://www.vmware.com/support/viewclients/doc/viewclients_pubs.html.
Recommended Guest Operating System Settings
1GB of RAM or more and a dual CPU is recommended for playing in high-definition, full screen mode, or
720p or higher formatted video. To use Virtual Dedicated Graphics Acceleration for graphics-intensive
applications such as CAD applications, 4GB of RAM is required.
Video Quality Requirements
480p-formatted video You can play video at 480p or lower at native resolutions when the remote
desktop has a single virtual CPU. If you want to play the video in high-
definition Flash or in full screen mode, the desktop requires a dual virtual
CPU. Even with a dual virtual CPU desktop, as low as 360p-formatted
video played in full screen mode can lag behind audio, particularly on
Windows clients.
720p-formatted video You can play video at 720p at native resolutions if the remote desktop has a
dual virtual CPU. Performance might be affected if you play videos at 720p
in high definition or in full screen mode.
1080p-formatted video If the remote desktop has a dual virtual CPU, you can play 1080p formatted
video, although the media player might need to be adjusted to a smaller
window size.
3D rendering You can configure remote desktops to use software- or hardware-
accelerated graphics. The software-accelerated graphics feature enables
you to run DirectX 9 and OpenGL 2.1 applications without requiring a
physical graphics processing unit (GPU). The hardware-accelerated
graphics features enable virtual machines to either share the physical
GPUs (graphical processing unit) on a vSphere host or dedicate a physical
GPU to a single virtual machine desktop.
For 3D applications, up to 2 monitors are supported, and the maximum
screen resolution is 1920 x 1200. The guest operating system on the
remote desktops must be Windows 7 or later.
Hardware Requirements for Client Systems
For information about processor and memory requirements, see the "Using VMware Horizon Client"
document for the specific type of desktop or mobile client device. Go to
https://www.vmware.com/support/viewclients/doc/viewclients_pubs.html.
VMware, Inc. 16
View Installation
Microsoft RDP
Remote Desktop Protocol is the same multichannel protocol many people already use to access their
work computer from their home computer. Microsoft Remote Desktop Connection (RDC) uses RDP to
transmit data.
Microsoft RDP is a supported display protocol for remote desktops that use virtual machines, physical
machines, or shared session desktops on an RDS host. (Only the PCoIP display protocol and the
VMware Blast display protocol are supported for remote applications.) Microsoft RDP provides the
following features:
n
RDP 7 has true multiple monitor support, for up to 16 monitors.
n
You can copy and paste text and system objects such as folders and files between the local system
and the remote desktop.
n
32-bit color is supported for virtual displays.
n
RDP supports 128-bit encryption.
n
Users outside the corporate firewall can use this protocol with your company's virtual private network
(VPN), or users can make secure, encrypted connections to a View security server in the corporate
DMZ.
To support TLSv1.1 and TLSv1.2 connections to Windows 7 and Windows Server 2008 R2, you must
apply Microsoft hotfix KB3080079.
Hardware Requirements for Client Systems
For information about processor and memory requirements, see the "Using VMware Horizon Client"
document for the specific type of client system. Go to
https://www.vmware.com/support/viewclients/doc/viewclients_pubs.html.
Note Mobile client 3.x devices use only the PCoIP display protocol. Mobile client 4.x clients use only the
PCoIP display protocol or the VMware Blast display protocol.
VMware Blast Extreme
Optimized for the mobile cloud, VMware Blast Extreme supports the broadest range of client devices that
are H.264 capable. Of the display protocols, VMware Blast offers the lowest CPU consumption for longer
battery life on mobile devices. VMware Blast Extreme can compensate for an increase in latency or a
reduction in bandwidth and can leverage both TCP and UDP network transports.
The VMware Blast display protocol can be used for remote applications and for remote desktops that use
virtual machines or shared-session desktops on an RDS host. The RDS host can be a physical machine
or a virtual machine. The VMware Blast display protocol does not operate on a single-user physical
computer.
VMware, Inc. 17
View Installation
VMware Blast Extreme Features
Key features of VMware Blast Extreme include the following:
n
Users outside the corporate firewall can use this protocol with the corporate virtual private network
(VPN), or users can make secure, encrypted connections to a security server or Access Point
appliance in the corporate DMZ.
n
Advanced Encryption Standard (AES) 128-bit encryption is supported and is turned on by default. You
can, however, change the encryption key cipher to AES-256.
n
Connections to Windows desktops with the Horizon Agent operating system versions listed in
Supported Operating Systems for Horizon Agent are supported.
n
Connections from all types of client devices.
n
Optimization controls for reducing bandwidth usage on the LAN and WAN.
n
Performance counters displayed using PerfMon on Windows agents for Blast session, imaging,
audio, CDR, USB, and virtual printing provide an accurate representation of the current state of the
system that also updates at a constant rate.
n
Network continuity during momentary network loss on Windows clients.
n
32-bit color is supported for virtual displays.
n
ClearType fonts are supported.
n
Audio redirection with dynamic audio quality adjustment for LAN and WAN.
n
Real-Time Audio-Video for using webcams and microphones on some client types.
n
Copy and paste of text and, on some clients, images between the client operating system and a
remote application or desktop. For other client types, only copy and paste of plain text is supported.
You cannot copy and paste system objects such as folders and files between systems.
n
Multiple monitors are supported for some client types. On some clients, you can use up to four
monitors with a resolution of up to 2560 x 1600 per display or up to three monitors with a resolution of
4K (3840 x 2160) for Windows 7 remote desktops with Aero disabled. Pivot display and autofit are
also supported.
When the 3D feature is enabled, up to two monitors are supported with a resolution of up to 1920 x
1200, or one monitor with a resolution of 4K (3840 x 2160).
n
USB redirection is supported for some client types.
n
MMR redirection is supported for some Windows client operating systems and some remote desktop
operating systems (with Horizon Agent installed).
n
Connections to physical machines that have no monitors attached are supported with NVIDIA
graphics cards. For best performance, use a graphics card that supports H.264 encoding. This is a
technical preview feature for Horizon 7 version 7.1.
VMware, Inc. 18
View Installation
If you have an add-in discrete GPU and an embedded GPU, the operating system might default to the
embedded GPU. To fix this problem, you can disable or remove the device in Device Manager. If the
problem persists, you can install the WDDM graphics driver for the embedded GPU, or disable the
embedded GPU in the system BIOS. Refer to your system documentation on how disable the
embedded GPU.
Caution Disabling the embedded GPU might cause future loss of access to functionality such as
console access to BIOS setup or NT Boot Loader.
For information about which client devices support specific VMware Blast Extreme features, go to
https://www.vmware.com/support/viewclients/doc/viewclients_pubs.html.
Recommended Guest Operating System Settings
1 GB of RAM or more and a dual CPU is recommended for playing in high-definition, full screen mode, or
720p or higher formatted video. To use Virtual Dedicated Graphics Acceleration for graphics-intensive
applications such as CAD applications, 4 GB of RAM is required.
Video Quality Requirements
480p-formatted video You can play video at 480p or lower at native resolutions when the remote
desktop has a single virtual CPU. If you want to play the video in high-
definition Flash or in full screen mode, the desktop requires a dual virtual
CPU. Even with a dual virtual CPU desktop, as low as 360p-formatted
video played in full screen mode can lag behind audio, particularly on
Windows clients.
720p-formatted video You can play video at 720p at native resolutions if the remote desktop has a
dual virtual CPU. Performance might be affected if you play videos at 720p
in high definition or in full screen mode.
1080p-formatted video If the remote desktop has a dual virtual CPU, you can play 1080p formatted
video, although the media player might need to be adjusted to a smaller
window size.
3D rendering You can configure remote desktops to use software- or hardware-
accelerated graphics. The software-accelerated graphics feature enables
you to run DirectX 9 and OpenGL 2.1 applications without requiring a
physical graphics processing unit (GPU). The hardware-accelerated
graphics features enable virtual machines to either share the physical
GPUs (graphical processing unit) on a vSphere host or dedicate a physical
GPU to a single virtual desktop.
For 3D applications, up to two monitors are supported, and the maximum
screen resolution is 1920 x 1200. The guest operating system on the
remote desktops must be Windows 7 or later.
VMware, Inc. 19
View Installation
Hardware Requirements for Client Systems
For information about processor and memory requirements, see the "Using VMware Horizon Client"
document for the specific type of desktop or mobile client device. Go to
https://www.vmware.com/support/viewclients/doc/viewclients_pubs.html.
VMware, Inc. 20
Installing Horizon 7 in an IPv6
Environment 3
Horizon 7 supports IPv6 as an alternative to IPv4. The environment must be either IPv6 only or IPv4 only.
Horizon 7 does not support a mixed IPv6 and IPv4 environment.
Not all Horizon 7 features that are supported in an IPv4 environment are supported in an IPv6
environment. Horizon 7 does not support upgrading from an IPv4 environment to an IPv6 environment.
Also, Horizon 7 does not support migration between IPv4 and IPv6 environments.
Important To run Horizon 7 in an IPv6 environment, you must specify IPv6 when you install all Horizon 7
components.
This section includes the following topics:
n
Setting Up Horizon 7 in an IPv6 Environment
n
Supported vSphere, Database, and Active Directory Versions in an IPv6 Environment
n
Supported Operating Systems for Horizon 7 Servers in an IPv6 Environment
n
Supported Windows Operating Systems for Desktops and RDS Hosts in an IPv6 Environment
n
Supported Clients in an IPv6 Environment
n
Supported Remoting Protocols in an IPv6 Environment
n
Supported Authentication Types in an IPv6 Environment
n
Other Supported Features in an IPv6 Environment
Setting Up Horizon 7 in an IPv6 Environment
To run Horizon 7 in an IPv6 environment, you must be aware of the requirements and choices that are
specific to IPv6 when you perform certain administrative tasks.
Before you install Horizon 7, you must have a working IPv6 environment. The following Horizon 7
administrative tasks have options that are specific to IPv6.
n
Installing Horizon Connection Server. See Install Horizon Connection Server with a New
Configuration.
n
Installing View Replica Server. See Install a Replicated Instance of Horizon Connection Server.
n
Installing View Security Server. See Install a Security Server.
VMware, Inc.
21
View Installation
n
Configuring the PCoIP External URL. See Configuring External URLs for Secure Gateway and Tunnel
Connections.
n
Setting the PCoIP External URL. See Set the External URLs for an Horizon Connection Server
Instance.
n
Modifying the PCoIP External URL. See Set the External URLs for an Horizon Connection Server
Instance.
n
Installing Horizon Agent. See the Horizon Agent installation topics in the Setting Up Desktop and
Application Pools document.
n
Installing Horizon Client for Windows. See the VMware Horizon Client for Windows document in
https://www.vmware.com/support/viewclients/doc/viewclients_pubs.html. Only Windows clients are
supported.
Note Horizon 7 does not require you to enter an IPv6 address in any administrative tasks. In cases
where you can specify either a fully qualified domain name (FQDN) or an IPv6 address, it is highly
recommended that you specify an FQDN to avoid potential errors.
Supported vSphere, Database, and Active Directory Versions in an IPv6 Environment
In an IPv6 environment, Horizon 7 supports specific vSphere, database server, and Active Directory
versions.
The following vSphere versions are supported in an IPv6 environment.
n
6.5
n
6.0
n
5.5 U2
The following database servers are supported in an IPv6 environment.
Database Server Version Edition
SQL Server 2014 SP2 32/64-bit Standard, Enterprise
SQL Server 2012 SP1 32/64-bit Standard, Enterprise
SQL Server 2012 Express 32/64-bit Free
Oracle 11g R2 32/64-bit Standard, Standard Edition One, Enterprise
The following Active Directory versions are supported in an IPv6 environment.
n
Microsoft Active Directory 2008 R2
n
Microsoft Active Directory 2012 R2
VMware, Inc. 22
View Installation
Supported Operating Systems for Horizon 7 Servers in an IPv6 Environment
In an IPv6 environment, you must install Horizon 7 servers on specific Windows Server operating
systems.
Horizon 7 servers include Connection Server instances, replica servers, security servers, and View
Composer instances.
Operating System Edition
Windows Server 2016 Standard, Enterprise
Windows Server 2008 R2 SP1 Standard, Enterprise
Windows Server 2012 R2 Standard
Supported Windows Operating Systems for Desktops and RDS Hosts in an IPv6 Environment
In an IPv6 environment, Horizon 7 supports specific Windows operating systems for desktop machines
and RDS hosts. RDS hosts provide session-based desktops and applications to users.
The types and editions of the supported guest operating system depend on the Windows version. For
updates to the list of supported Windows 10 operating systems, see the VMware Knowledge Base (KB)
article http://kb.vmware.com/kb/2149393. For Windows operating systems other than Windows 10, see
the VMware Knowledge Base (KB) article http://kb.vmware.com/kb/2150295.
To see a list of specific remote experience features supported on Windows operating systems where
Horizon Agent is installed, see the VMware Knowledge Base (KB) article
http://kb.vmware.com/kb/2150305.
Supported Clients in an IPv6 Environment
In an IPv6 environment, Horizon 7 supports clients that run on specific desktop operating systems.
Table 3‑1. Supported Windows Operating Systems
Operating System Version Edition
Windows 7 32/64-bit Home, Professional, Enterprise, Ultimate
Windows 7 SP1 32/64-bit Home, Professional, Enterprise, Ultimate
Windows 8 32/64-bit Enterprise, Professional
Windows 8.1 32/64-bit Enterprise, Professional
Windows 10 32/64-bit Enterprise, Professional
On iOS devices, iOS 9.2 or later is supported with Horizon Client 4.1 or later.
VMware, Inc. 23
View Installation
The following types of clients are not supported.
n
Clients that run on Mac, Android, Linux, or Windows Store
n
iOS 9.1 or earlier
n
PCoIP Zero Client
Supported Remoting Protocols in an IPv6 Environment
In an IPv6 environment, Horizon 7 supports specific remoting protocols.
The following remoting protocols are supported:
n
RDP
n
RDP with Secure Tunnel
n
PCoIP
n
PCoIP through PCoIP Secure Gateway
n
VMware Blast
n
VMware Blast through Blast Secure Gateway
Supported Authentication Types in an IPv6 Environment
In an IPv6 environment, Horizon 7 supports specific authentication types.
The following authentication types are supported:
n
Password authentication using Active Directory
n
Smart Card
n
Single Sign-On
The following authentication types are not supported:
n
SecurID
n
RADIUS
n
SAML
Other Supported Features in an IPv6 Environment
In an IPv6 environment, Horizon 7 supports certain features that are not covered in previous topics.
The following features are supported:
n
Application pools
n
Audio-out
VMware, Inc. 24
View Installation
n
Automated desktop pools of full virtual machines or View Composer linked clones
Note Automated desktop pools of instant clones are not supported.
n
Customer Experience Improvement Program (CEIP)
n
Disk space reclamation
n
Events
n
LDAP backup
n
Manual desktop pools, including vCenter Server virtual machines, physical computers, and virtual
machines not managed by vCenter Server
n
Native NFS snapshots (VAAI)
n
PCoIP
n
PCoIP smart card
n
Persona Management
n
PSG
n
RDS desktop pools
n
RDS Host 3D
n
Role-based administration
n
Single Sign-on, including the Log in as current user feature
n
System health dashboard
n
ThinApp
n
Unity touch
n
USB
n
USB redirection
n
View Composer Agent
n
View Storage Accelerator
n
View Composer database backup
n
Virtual printing
n
VMware audio
n
VMware video
The following features are not supported:
n
Blast UDP
n
Client drive redirection
VMware, Inc. 25
View Installation
n
Client IP Transparency (only 64-bit)
n
Cloud Pod Architecture
n
Flash URL redirection
n
HTML access
n
Log Insight
n
Lync
n
Multimedia redirection (MMR)
n
Real-time audio-video (RTAV)
n
Scanner redirection
n
Serial port redirection
n
Syslog
n
Teradici TERA host card
n
TSMMR
n
Virtual SAN
n
Virtual Volumes
n
vRealize Operations Desktop Agent
VMware, Inc. 26
Installing Horizon 7 in FIPS
Mode 4
Horizon 7 can perform cryptographic operations using FIPS (Federal Information Processing Standard)
140-2 compliant algorithms. You can enable the use of these algorithms by installing Horizon 7 in FIPS
mode.
Not all Horizon 7 features are supported in FIPS mode. Also, Horizon 7 does not support upgrading from
a non-FIPS installation to a FIPS installation.
Note To ensure that Horizon 7 runs in FIPS mode, you must enable FIPS when you install all Horizon 7
components.
This section includes the following topics:
n
Overview of Setting Up Horizon 7 in FIPS Mode
n
System Requirements for FIPS Mode
Overview of Setting Up Horizon 7 in FIPS Mode
To set up Horizon 7 in FIPS mode, you must first enable FIPS mode in the Windows environment. Then
you install all the Horizon 7 components in FIPS mode.
The option to install Horizon 7 in FIPS mode is available only if FIPS mode is enabled in the Windows
environment. For more information about enabling FIPS mode in Windows, see
https://support.microsoft.com/en-us/kb/811833.
Note Horizon Administrator does not indicate whether Horizon 7 is running in FIPS mode.
To install Horizon 7 in FIPS mode, perform the following administrative tasks.
n
When installing Connection Server, select the FIPS mode option. See Install Horizon Connection
Server with a New Configuration.
n
When installing View Replica Server, select the FIPS mode option. See Install a Replicated Instance
of Horizon Connection Server.
n
Before installing a security server, deselect the global setting Use IPSec for Security Server
Connections in Horizon Administrator and configure IPsec manually. See
http://kb.vmware.com/kb/2000175.
VMware, Inc.
27
View Installation
n
When installing View Security Server, select the FIPS mode option. See Install a Security Server.
n
Disable weak ciphers for View Composer and Horizon Agent machines. See Disable Weak Ciphers in
SSL/TLS.
n
When installing View Composer, select the FIPS mode option. See Chapter 6 Installing View
Composer.
n
When installing Horizon Agent, select the FIPS mode option. See the Horizon Agent installation
topics in the Setting Up Virtual Desktops in Horizon 7 or Setting Up Published Desktops and
Applications in Horizon 7 document.
n
For Windows clients, enable FIPS mode in the client operating system and select the FIPS mode
option when installing Horizon Client for Windows. See the VMware Horizon Client for Windows
Installation and Setup Guide document.
n
For Linux clients, enable FIPS mode in the client operating system. See the VMware Horizon Client
for Linux Installation and Setup Guide document.
System Requirements for FIPS Mode
To support FIPS mode, your Horizon 7 deployment must meet the following requirements.
vSphere
Remote desktop
n
vCenter Server 6.0 or later
n
ESXi 6.0 or later
n
Any Windows platform that has a FIPS certificate. For information, see
"FIPS 140 Validation" on the Microsoft TechNet website.
n
View Agent 6.2 or later or Horizon Agent 7.0 or later, for Windows
platforms only
Horizon Client
n
Any Windows platform that has a FIPS certificate. For information, see
"FIPS 140 Validation" on the Microsoft TechNet website.
n
Horizon Client for Windows 3.5 or later
Cryptographic protocol
n
TLSv1.2
VMware, Inc. 28
Preparing Active Directory 5
Horizon 7 uses your existing Microsoft Active Directory infrastructure for user authentication and
management. You must perform certain tasks to prepare Active Directory for use with Horizon 7.
Horizon 7 supports the following Active Directory Domain Services (AD DS) domain functional levels:
n
Windows Server 2003
n
Windows Server 2008
n
Windows Server 2008 R2
n
Windows Server 2012
n
Windows Server 2012 R2
n
Windows Server 2016
This section includes the following topics:
n
Configuring Domains and Trust Relationships
n
Creating an OU for Remote Desktops
n
Creating OUs and Groups for Kiosk Mode Client Accounts
n
Creating Groups for Users
n
Creating a User Account for vCenter Server
n
Creating a User Account for a Standalone View Composer Server
n
Create a User Account for View Composer AD Operations
n
Create a User Account for Instant-Clone Operations
n
Configure the Restricted Groups Policy
n
Using Horizon 7 Group Policy Administrative Template Files
n
Prepare Active Directory for Smart Card Authentication
n
Disable Weak Ciphers in SSL/TLS
VMware, Inc.
29
View Installation
Configuring Domains and Trust Relationships
You must join each Connection Server host to an Active Directory domain. The host must not be a
domain controller.
Active Directory also manages the Horizon Agent machines, including single-user machines and RDS
hosts, and the users and groups in your Horizon 7 deployment. You can entitle users and groups to
remote desktops and applications, and you can select users and groups to be administrators in View
Administrator.
You can place Horizon Agent machines, View Composer servers, and users and groups, in the following
Active Directory domains:
n
The Connection Server domain
n
A different domain that has a two-way trust relationship with the Connection Server domain
n
A domain in a different forest than the Connection Server domain that is trusted by the Connection
Server domain in a one-way external or realm trust relationship
n
A domain in a different forest than the Connection Server domain that is trusted by the Connection
Server domain in a one-way or two-way transitive forest trust relationship
Users are authenticated using Active Directory against the Connection Server domain and any additional
user domains with which a trust agreement exists.
If your users and groups are in one-way trusted domains, you must provide secondary credentials for the
administrator users in Horizon Administrator. Administrators must have secondary credentials to give
them access to the one-way trusted domains. A one-way trusted domain can be an external domain or a
domain in a transitive forest trust.
Secondary credentials are required only for Horizon Administrator sessions, not for end users' desktop or
application sessions. Only administrator users require secondary credentials.
You can provide secondary credentials by using the vdmadmin -T command.
n
You configure secondary credentials for individual administrator users.
n
For a forest trust, you can configure secondary credentials for the forest root domain. Connection
Server can then enumerate the child domains in the forest trust.
For details, see "Providing Secondary Credentials for Administrators Using the -T Option" in the View
Administration document.
Note Because security servers do not access any authentication repositories, including Active Directory,
they do not need to reside in an Active Directory domain.
VMware, Inc. 30
Loading...