Table of Contents - VMwaredocs.hol.vmware.com/HOL-2017/hol-1751-mbl-1_pdf_en.pdfWhat is VMware...

Table of ContentsLab Overview - HOL-1751-MBL-1 - Introduction to Horizon 7: Virtual Desktop and Apps ..2

Lab Guidance .......................................................................................................... 3Module 1 - What's New in Horizon 7 (30 minutes) ............................................................ 9

Introduction........................................................................................................... 10What is VMware Horizon 7? .................................................................................. 11Key Features of VMware Horizon 7........................................................................ 14

Module 2 - Horizon 7 Administration (30 Minutes) .......................................................... 24Horizon 7 Administration....................................................................................... 25

Module 3 - Instant Clones (30 Minutes)........................................................................... 45Introduction of Instant Clones ............................................................................... 46Instant Clone Desktop Pool ................................................................................... 53Connect to Instant Clone Desktops ....................................................................... 70

Module 4 - Just-In-Time Management Platform (30 Minutes) ..........................................92Just-in-Time Management Platform ...................................................................... 93Conclusion........................................................................................................... 110

HOL-1751-MBL-1

HOL-1751-MBL-1

Lab Overview -HOL-1751-MBL-1 -

Introduction to Horizon 7:Virtual Desktop and Apps

HOL-1751-MBL-1

HOL-1751-MBL-1

Lab GuidanceNote: It will take about 30 minutes to complete this lab. The modules areindependent of each other so you can start at the beginning of any moduleand proceed from there. You can use the Table of Contents to access anymodule of your choosing.

The Table of Contents can be accessed in the upper right-hand corner of theLab Manual.

In this lab the attendee can expect to get an overview of the features in Horizon 7.VMware Horizon 7 allows IT to deliver virtual and RDSH hosted desktops and

applications through a single platform to end users. Horizon 7 allows organizations toextend the power of desktop and application virtualization to support workspacemobility while driving greater levels of operational efficiency at lower costs.

HOL-1751-MBL-1 - Virtual Desktop and Apps: Introduction to Horizon 7(30minutes) (Basic) In this module you will be looking at the new features in Horizon 7.Attendee should expect to learn about the new Features in Horizon 7 focusing on whenand how to use Blast, the best use cases for Instant Clone, new enhancements to CloudPod Architecture, and the benefits of Smart Policies, Access Point 2.5 Integration,Desktop Pool Deletion, URL Redirection, True SSO with VMware Identity Manager, URLContent Redirection for Windows Horizon 7, and Horizon 7 for Linux Desktops.

• Module 1- What's New in Horizon 7. This will be an overview of the new featuresin Horizon 7.

• Module 2- Horizon 7 Administration. This will give the attendee a look at the toolsneeded to administer a Horizon 7 environment. We will be looking at thecomponents in Horizon 7, vSphere Web Client, Horizon 7 Admin Tool, HorizonClient and Horizon Agent.

• Module 3- Instant Clones. This will give attendee an introduction to the Instantclone technology and the benefits to be able to deliver and just in time desktop.

• Module 4 - The Just-In-Time Management Platform. Attendee will gain a briefoverview of the solutions for Just in Time Delivery to include AppVolumes, UserEnvironment Manager, and Blast Extreme. More info on this topic can be found inthe other HOL-1751-MBL labs below.

When you have completed this overview lab you can find more information on eachtopic in the 1751 Family of Labs Listed below:

• HOL-1751-MBL-2 - Application Delivery and Management to Virtual andPhysical End Points in Horizon 7 - Attendees should expect to gain anunderstanding of Application Delivery with App Volumes by presenting anAppStack to a VDI desktop, AppStacks in RDSH and Merging AppStacks. Alsounderstand how URL Redirection is used to intercept and redirect a file from avirtual desktop to the client endpoint.

HOL-1751-MBL-1

HOL-1751-MBL-1

• HOL-1751-MBL-3 - Extend the Value of Horizon 7 Suite - Attendee will gainknowledge of the value of the components in the Horizon 7 Suite by learningabout Mirage for physical desktop management, Horizon FLEX to serve BYOusers, the configuration of User Environment Manager for simplified end-userprofile management, Smart Policies to deliver real-time policy-basedmanagement, Desktop Pools and Published Applications with Application pools.

• HOL-1751-MBL-4 - Architecture and Performance of Horizon 7 - Attendeewill go into the architecture and performance of Horizon 7 by looking at VirtualSAN technology for Virtual Desktops, Overview of vRealize Operations for Horizonlooking at Horizon specific dashboards, Working with Instant Clone technology forJust-in-time desktop delivery in Horizon 7, Using the View Planner Tool for sizingVDI deployments, and Optimizing Windows Images with VMware OS OptimizationTool.

• HOL-1751-MBL-5 - End to End Security in Horizon 7 - Attendee will get anoverview of the end to end security features in Horizon 7 with additional choiceand flexibility with Blast Extreme display technology, Access Point for secureremote access, Horizon 7 SSL Certs and VMware Identity Manager for True SSOend-to-end login experience.

• HOL-1751-MBL-6 - Horizon 7 Advanced Concepts- Attendee will gain insightinto the advanced concepts of Horizon 7 with Linux Desktop support, Cloud PodArchitecture enhancements and the architecture of NSX for Horizon.

Lab Captains:

• Brent McCoubrey, Staff Solutions Architect, Canada• Jack McMichael, Specialist Systems Engineer, United States• Peter Schraml, Senior Solutions Architect, Great Britain• Laurel Spadaro, Senior Systems Engineer, United States• Trevor Davis, Senior Systems Engineer, United States

This lab manual can be downloaded from the Hands-on Labs Document site found here:

http://docs.hol.vmware.com

This lab may be available in other languages. To set your language preference and havea localized manual deployed with your lab, you may utilize this document to help guideyou through the process:

http://docs.hol.vmware.com/announcements/nee-default-language.pdf

Location of the Main Console

1. The area in the RED box contains the Main Console. The Lab Manual is on the tabto the Right of the Main Console.

2. A particular lab may have additional consoles found on separate tabs in the upperleft. You will be directed to open another specific console if needed.

3. Your lab starts with 90 minutes on the timer. The lab can not be saved. All yourwork must be done during the lab session. But you can click the EXTEND to

HOL-1751-MBL-1

HOL-1751-MBL-1

http://docs.hol.vmware.com

http://docs.hol.vmware.com/announcements/nee-default-language.pdf

increase your time. If you are at a VMware event, you can extend your lab timetwice, for up to 30 minutes. Each click gives you an additional 15 minutes.Outside of VMware events, you can extend your lab time up to 9 hours and 30

minutes. Each click gives you an additional hour.

Alternate Methods of Keyboard Data Entry

During this module, you will input text into the Main Console. Besides directly typing itin, there are two very helpful methods of entering data which make it easier to entercomplex data.

HOL-1751-MBL-1

HOL-1751-MBL-1

Click and Drag Lab Manual Content Into Console ActiveWindow

You can also click and drag text and Command Line Interface (CLI) commands directlyfrom the Lab Manual into the active window in the Main Console.

Accessing the Online International Keyboard

You can also use the Online International Keyboard found in the Main Console.

1. Click on the Keyboard Icon found on the Windows Quick Launch Task Bar.

<div class="player-unavailable"><h1 class="message">An error occurred.</h1><div class="submessage"><ahref="http://www.youtube.com/watch?v=xS07n6GzGuo" target="_blank">Try watching this video on www.youtube.com</a>, or enableJavaScript if it is disabled in your browser.</div></div>

HOL-1751-MBL-1

HOL-1751-MBL-1

Click once in active console window

In this example, you will use the Online Keyboard to enter the "@" sign used in emailaddresses. The "@" sign is Shift-2 on US keyboard layouts.

1. Click once in the active console window.2. Click on the Shift key.

Click on the @ key

1. Click on the "@" key.

Notice the @ sign entered in the active console window.

Activation Prompt or Watermark

When you first start your lab, you may notice a watermark on the desktop indicatingthat Windows is not activated.

HOL-1751-MBL-1

HOL-1751-MBL-1

One of the major benefits of virtualization is that virtual machines can be moved andrun on any platform. The Hands-on Labs utilizes this benefit and we are able to run thelabs out of multiple datacenters. However, these datacenters may not have identicalprocessors, which triggers a Microsoft activation check through the Internet.

Rest assured, VMware and the Hands-on Labs are in full compliance with Microsoftlicensing requirements. The lab that you are using is a self-contained pod and does nothave full access to the Internet, which is required for Windows to verify the activation.Without full access to the Internet, this automated process fails and you see this

watermark.

This cosmetic issue has no effect on your lab.

Look at the lower right portion of the screen

Please check to see that your lab is finished all the startup routines and is ready for youto start. If you see anything other than "Ready", please wait a few minutes. If after 5minutes your lab has not changed to "Ready", please ask for assistance.

HOL-1751-MBL-1

HOL-1751-MBL-1

Module 1 - What's New inHorizon 7 (30 minutes)

HOL-1751-MBL-1

HOL-1751-MBL-1

IntroductionThis Module contains the following lessons:

• What is VMware Horizon 7?• Key Features introduced in Horizon 7. Overview of the key features contained in

Horizon 7.• Conclusion. Location of follow on links.

HOL-1751-MBL-1

HOL-1751-MBL-1

What is VMware Horizon 7?It is helpful to understand what the different products and solutions are so we will firstexplore what VMware Horizon is.

• VMware Horizon® is a family of desktop and application virtualization solutionsdesigned to deliver Windows and online services from any cloud.

• With Horizon, VMware extendsthe power of virtualization—from data centers to devices—to deliver desktopsand applications with great user experience, closed-loop manageability, andhybrid-cloud flexibility.

• VMware Horizon is available for purchase through VMware Horizon 7 for virtualdesktops and applications run from your data center, VMware Horizon® Air™ forvirtual desktops and applications served up as a cloud-hosted service fromoutside of your data center and VMware Horizon.

The Three Flavors of Horizon 7

Horizon 7 is available in three editions:

• Horizon Standard – Simple, powerful VDI with great user experience• Horizon Advanced – Cost-effective delivery of desktops and applications through

a unified workspace• Horizon Enterprise – Desktops and applications delivery with closed-loop

management and automation.

Windows 10 and VMware Horizon 7

VMware Horizon 7 has long had support for Windows 10 as a virtual desktop. More andmore organizations are exploring how to implement Windows 10 in their environments.Horizon 7 can help in several ways.

Simplify management

HOL-1751-MBL-1

HOL-1751-MBL-1

• Deliver standardized, trusted Windows 10 images• Streamline patches and updates• Easily support Win10 alongside older Windows operating systems like Win XP, Win

7 and Win 8

Increase productivity

• Embrace BYOD, enable your workforce with Windows 10 on any device• Eliminate downtime because of lost or damaged endpoints• Leverage highly-available datacenter infrastructure for business continuity

Improve Security

• Keep data safe and secure in the datacenter; eliminate data leakage at theendpoints

• Reduce the attack surface with stateless just-in-time desktops• Deploy networking and security policies that dynamically follows virtual desktops

Boost the bottom line

• Leverage existing endpoint investments to avoid upgrades• Increase utilization of compute, graphics, and storage by pooling and sharing

datacenter resources

Free and easy upgrades to Windows 10 for many home users has increased pressure forenterprise IT to follow suit in the move to Windows 10. In fact, Microsoft had a goal of 1billion deployed Windows 10 devices by mid-2018, with more than 400 million monthlyactive devices running Windows 10 as of mid-2016.

However, many enterpries still have scars from previous manual and decentralizeddesktop OS upgrades e.g. Win XP to Windows 7. Unfortunately, the majority ofcustomers have found that migrating to Windows 10, takes the same amount of time asprevious migrations. VMware can help. Here’s how:

1. Test and certify your apps: Before you roll out the applications that run yourbusiness, test and certify them on virtual desktops to ensure a smooth rolloutwithout any incompatibility surprises.

2. Enable your workforce: Give users a taste of Windows 10 through virtual desktoplabs so they learn before they move - and stay productive.

3. Simplify rollouts: Avoid the cumbersome decentralized upgrades by centrallydelivering Windows 10 desktops and apps to end users instantly.

HOL-1751-MBL-1

HOL-1751-MBL-1

HOL-1751-MBL-1

HOL-1751-MBL-1

Key Features of VMware Horizon 7Horizon 7 allows organizations to extend the power of desktop and applicationvirtualization to support workplace mobility while driving greater levels of operationalefficiency at lower costs.

Horizon 7 Overview

Deliver virtual or published desktops and applications through a single platform tostreamline management, easily entitle end users, and quickly deliver Windows or Linuxdesktops and applications to end users across devices and locations.

Horizon 7 supports a single platform for delivering hosted Windows applications andshared desktop sessions from Windows Server instances using Microsoft RemoteDesktop Services (RDS), virtual desktops and ThinApp packaged applications.

Horizon 7 additionally supports both Windows as well as Linux-based desktops.

HOL-1751-MBL-1

HOL-1751-MBL-1

Instant Clones

Deliver virtual or remote desktops and applications through a single platform tostreamline management, easily entitle end users, and quickly deliver Windows desktopsand applications to end users across devices and locations.

This first-to-market capability from VMware provides a new, dramatically acceleratedmeans to provision fully featured, personalized, customized virtual desktops. WithInstant-Clone Technology built into VMware vSphere®, combined with VMware AppVolumes™ and VMware User Environment Manager™, administrators can rapidly spin updesktops that retain user customization, persona, and user-installed apps from sessionto session, even though the desktop itself is destroyed when the user logs out. Virtualdesktops benefit from the latest OS and application patches automatically appliedbetween user logins, without any disruptive recompose, resulting in the elimination ofpatch maintenance windows. This capability is delivering customers the VDI nirvana offully customized and personalized desktops, built on the economics and security ofstateless, nonpersistent desktops.

HOL-1751-MBL-1

HOL-1751-MBL-1

Cloud Pod Architecture Improvements

With the introduction of Horizon’s Cloud Pod Architecture feature in April of 2014, endusers gained the ability to have their desktops highly available through a single globalnamespace for easy access. Cloud Pod Architecture now scales to support 50,000sessions across up to 10 sites, with 25 pods of infrastructure. Customers can aggregatemultiple pods in either the same data center or different data centers and entitle usersto a desktop in any location. Organizations now benefit from an unprecedented ability toscale, with improved failover performance.

Overview of Improvements

• The Cloud Pod Architecture feature now supports a pod federation of up to 25pods across up to five sites for a scale of 50,000 sessions.

• In the event that resources at a user's home site are exhausted or otherwise notavailable, the user is now automatically directed to available desktops at othersites.

• Home site administration is now fully supported in View Administrator.• The Cloud Pod Architecture feature now allows home site assignments for nested

AD security groups.• VMware Identity Manager is now fully integrated with the Cloud Pod Architecture

feature.

For more information on Cloud Pod Architecture, you can try the following AdvancedTopic lab:

HOL-1751-MBL-1

HOL-1751-MBL-1

http://blogs.vmware.com/euc/2014/04/vmware-horizon-6-introducing-cloud-pod-architecture.html

HOL-1751-MBL-6 Horizon 7 Advanced Topics : Module 3 - Cloud Pod Architecture

Smart Policies

Horizon 7 also introduces a robust suite of security and policy-focused capabilities thathelp customers improve their overall security posture, with a multilayered, defense-in-depth approach that goes from client endpoint to data center to the extended virtualinfrastructure. Smart Policies delivers a real-time, policy-based system with intelligent,contextual, role-based management that is seamlessly integrated.

• Control of the clipboard cut-and-paste, client drive redirection, USB redirection,and virtual printing desktop features through defined policies.

• PCoIP session control through PCoIP profiles.• Conditional policies based on user location, desktop tagging, pool name, and

Horizon Client registry values.

For more information on Smart Policies, you can try the following Extending the Value ofHorizon 7 lab:

HOL-1751-MBL-3 : Module 4 - Smart Policies

VMware Blast Extreme

Adding to PCoIP, VMware now offers customers additional choice and flexibility with newBlast Extreme display technology, purpose built and optimized for the digital workspace.Built on industry-standard H.264 protocol, Blast Extreme supports the broadest range ofclient devices, billions of them, that are already H.264 capable. Customers can choosebetween Blast Extreme, PCoIP, and RDP based on their use cases and client devicechoices. Blast Extreme offers many inherent advantages over PCoIP in addition to clientdevice support. These include the ability to leverage both TCP or UDP network transport,

HOL-1751-MBL-1

HOL-1751-MBL-1

and lower CPU consumption for longer battery life on a range of devices. Additionally,when combined with GPU-based hardware acceleration in the host, such as NVIDIAGRID, VMware has a complete solution that supports graphics performance end to endfor the most visually intensive applications, in any use case.

• VMware Blast Extreme is now fully supported on the Horizon platform.◦ Administrators can select the VMware Blast display protocol as the default

or available protocol for pools, farms, and entitlements.◦ End users can select the VMware Blast display protocol when connecting to

remote desktops and applications.

• VMware Blast Extreme features include:◦ TCP and UDP transport support◦ H.264 support for the best performance across more devices◦ Reduced device power consumption for longer battery life◦ NVIDIA GRID acceleration for more graphical workloads per server, better

performance, and a superior remote user experience

Blast Extreme is another protocol option for Horizon 7 and is feature and performanceparity with PCoIP. Native Horizon Client 4.x is required.

For more information on configuring a View Pool for Blast Extreme, you can visit the Endto End Security in Horizon 7 lab:

HOL-1751-MBL-5: Module 2 - Blast Extreme

True SSO

Streamlines the end-to-end login experience. Users logging in and authenticating viaVMware Identity Manager™ would previously be presented with a second login promptto access their Windows desktop, using their AD credentials. True SSO seamlessly

HOL-1751-MBL-1

HOL-1751-MBL-1

bypasses this secondary login request for users who have already authenticated viaIdentity Manager, using a short-lived Horizon virtual certificate, enabling a password-free Windows login that brings them immediately to their desktop, for a secure,simplified, and faster overall experience.

• Supports using either a native Horizon Client or HTML Access.• System health status for True SSO appears in the View Administrator dashboard.• Can be used in a single domain, in a single forest with multiple domains, and in a

multiple-forest, multiple-domain setup.

HOL-1751-MBL-1

HOL-1751-MBL-1

How True SSO Works

How True SSO Works:

1. User authenticates to VMware Identify Manager. The administrator can selectfrom an extensive set of authentication methods (SecurID, RADIUS, Biometric)based on the enterprise policy settings. After authenticated, the user selects adesktop or application to launch.

2. A Horizon client is launched with the user’s identity and directed to the Horizonbroker.

3. The broker validates the user’s identify with Identify Manager.4. Using the Enrollment service, Horizon requests the Microsoft Certificate Authority

to generate a temporary, short-lived certificate on behalf of that user.5. Horizon presents the certificate to the Windows Operating System.6. Windows validates the certificate with Active Directory to validate its authenticity.7. The user is logged onto the Windows desktop or application, and a remote

session is initiated on the Horizon Client.

For more information on VMware Identity Manager, you can visit the End to End Securityin Horizon 7 lab:

HOL-1751-MBL-5: Module 5 - vIDM

HOL-1751-MBL-1

HOL-1751-MBL-1

Access Point 2.5 Integration

Access Point is a virtual appliance primarily designed to allow secure remote accessfrom authorized users connecting from the internet. Access Point provides a unifiedsecurity solution that front ends all of our Horizon products providing better flexibilityand scale, built on a hardened Linux appliance that’s optimized to sit in the customer’sDMZ. Until now, Access Point authentication requests were transparently passed to theconnection server sitting behind it. In the Horizon 7 release we’ve enhanced AccessPoint to handle such authentication natively in-skin, within the appliance, providing amore complete security solution that supports RADIUS, SecurID and SmartCard.

• Smart card authentication is now fully supported.• RSA SecurID and RADIUS authentication have been added.• Smart policies can be used with Access Point.• VMware Blast protocol can now be directed to port 443. Previously, port 8443 was

required.

Note: Access Point 2.6 version serves as a reverse proxy for VMware Identity Manageronly.

For more information on Access Point Deployment, you can visit the End to End Securityin Horizon 7 lab:

HOL-1751-MBL-5: Module 3 - Access Point

HOL-1751-MBL-1

HOL-1751-MBL-1

URL Content Redirection for Windows Horizon Clients

• For specific URLs, you can configure whether, when end users click a link to thatURL in an Internet Explorer browser or an application, or if they type the URL intoan Internet Explorer browser, that link gets opened always on a Windows-basedclient system or always in a remote desktop or application.

• URL links can be links to Web pages, telephone numbers, email addresses, andmore.

• Configured through group policy.

You can explore URL Content Redirection further in the Application Deployment toVirtual and Physical Endpoints Lab:

HOL-1751-MBL-2: Module 4 - URL Redirection

HOL-1751-MBL-1

HOL-1751-MBL-1

56470/c/?data-resolve-url=true&data-manual-id=56470

Linux Desktops

Horizon 7 supports both Windows as well as Linux-based desktops—including RHEL,SLED, Ubuntu, CentOS and NeouKylin operating systems.

• Support for SLED 11 SP3/SP4. However, Single Sign-on is not supported.• Support for HTML Access 4.0.0 on Chrome.• Support for CentOS 7.1 Linux distribution.• Support to check the dependency packages unique to a Linux distribution before

installing Horizon Agent.• Support to use the Subnet option of /etc/vmware/viewagent-custom.conf to

specify the subnet used for Linux desktop connections with multiple subnetsconnected.

Linux Desktop can be explored more in the Horizon 7 Advanced Concepts Lab:

HOL-1751-MBL-6: Module 1 - Presenting a Linux Hosted Desktop with Horizon 7

HOL-1751-MBL-1

HOL-1751-MBL-1

Module 2 - Horizon 7Administration (30

Minutes)

HOL-1751-MBL-1

HOL-1751-MBL-1

Horizon 7 AdministrationThis Module will go over the Administration and components of the Horizon 7environment.

Horizon 7 Solution Overview

We will look at the components that make up the Horizon 7 Environment

HOL-1751-MBL-1

HOL-1751-MBL-1

Horizon 7 Enterprise

These are the core pieces of Horizon 7 Enterprise.

Exploring the Horizon 7 Components

In this lab we will explore some of the components that make up a Horizon Desktopenvironment:

• Horizon Connection Servers• Horizon Administrator Tool• Horizon Client• Horizon Agent

Open Chrome Browser from Windows Quick Launch TaskBar

1. Click on the Chrome Icon on the Windows Quick Launch Task Bar.

HOL-1751-MBL-1

HOL-1751-MBL-1

Open up vSphere Web Client

1. Click on the RegionA vCenter Server in the toolbar.2. Log in using [email protected] with VMware1! password.

HOL-1751-MBL-1

HOL-1751-MBL-1

Horizon 7 Connection Servers

From the vSphere client navigate to the VMs and Templates. You can see the HorizonConnection Servers listed as h7cs-01a and h7cs-01b.

This software service acts as a broker for client connections. View Connection Serverauthenticates users through Windows Active Directory and directs the request to theappropriate virtual machine, physical PC, or Microsoft RDS host.

Inside the corporate firewall, you install and configure a group of two or more ViewConnection Server instances. Their configuration data is stored in an embedded LDAPdirectory and is replicated among members of the group.

Outside the corporate firewall, in the DMZ, you can install and configure ViewConnection Server as a security server, or you can install an Access Point appliance.Security servers and Access Point appliances in the DMZ communicate with ViewConnection Servers inside the corporate firewall.

Log in to the Horizon 7 Administrator Tool

Open another tab in Google Chrome.

1. Click on the Horizon 7 Folder2. Select Horizon 7 Administrator - A3. Username: administrator4. Password: VMware1!5. Click on Log In

HOL-1751-MBL-1

HOL-1751-MBL-1

If you get a "Your connection is not private" message, click on Advanced and then"Proceed to h7cs-01a.corp.local".

Horizon 7 Admin Tool

This Web-based application allows administrators to configure View Connection Server,deploy and manage remote desktops and applications, control user authentication, andtroubleshoot end user issues.

HOL-1751-MBL-1

HOL-1751-MBL-1

When you install a View Connection Server instance, the View Administrator applicationis also installed. This application allows administrators to manage View ConnectionServer instances from anywhere without having to install an application on their localcomputer.

HOL-1751-MBL-1

HOL-1751-MBL-1

Validate Horizon 7 System Health

Once logged into the Horizon View Admin console, you should be seeing the Dashboard.If not, click the Dashboard in the left-side window pane.

Validate all System Health status show as green. Note the RED Connection Server andYellow Event database.

You can click on the RED Connection Server and open up to see which server then Clickon that server H7CS-01A.

1. In the dialog box that open notice the error message.2. You can click OK once complete.3. Explore around the different components of the Administrator Tool.

NOTE: Connection Servers are showing RED due to untrusted Cert. We will fix this in alater lab HOL-1751-MBL-5 Module 4.

HOL-1751-MBL-1

HOL-1751-MBL-1

View Configuration

From the Inventory Panel Open up the View Configuration. From here you can look atthe following components:

• Servers

HOL-1751-MBL-1

HOL-1751-MBL-1

• Instant Clone Domain Admins• Product Licensing and Usage• Global Settings• Registered Machines• Administrators• ThinApp Configuration

Under the Servers you will see the vCenter Servers, Any Security Servers andConnection Servers associated with this configuration.

HOL-1751-MBL-1

HOL-1751-MBL-1

Explore the Desktop pools

From the Horizon Administrator Tool you can explore the Desktop Pools. We havealready configured some desktop pools for you. We can add another desktop pool forthe sales users.

1. In the Inventory panel under the Catalog section, click on Desktop Pools.2. You will notice two pools already set up: RDSH-01ADesktop and win10x64.3. Click Add.

HOL-1751-MBL-1

HOL-1751-MBL-1

Create a new Desktop pool

1. Click on the Manual Desktop Pool and then click Next to continue. A manualdesktop pool provides access sto an existing set of machines.

2. Click on Floating and then click Next to continue. Pool can be dedicated orfloating. In a dedicated pool, each user is assigned to the same machine everytime. In a floating pool users receive a different machine each time.

3. Click on vCenter Virtual Machines and then click on Next to continue.4. Click on the vCenter server vcsa-01a.corp.local and then click Next to

continue.5. For the ID type in Sale and for Display Name type in Sales Pool.6. Click Next7. Click Next on the Desktop pool Settings to take defaults.

HOL-1751-MBL-1

HOL-1751-MBL-1

HOL-1751-MBL-1

HOL-1751-MBL-1

Choose Desktops

1. On the Add vCenter Virtual Machines click on the w7x86-01a desktop.2. Click Add to add that desktop to the manual pool.3. Click on Next to continue.4. Click on Next on the Advanced Storage screen to accept the defaults.5. Look at the configuration and click Finish to complete the Desktop Pool creation.

HOL-1751-MBL-1

HOL-1751-MBL-1

HOL-1751-MBL-1

HOL-1751-MBL-1

Add Entitlement for CEO user

1. Click on the newly created Sales pool.2. Pull down entitlements and click Add Entitlement3. Click on Add in the Entitlement window.4. Search for Name/User name: Contains: CEO5. Click Find to search for the CEO user.6. CEO user info comes up. Select the CEO user7. Click OK8. Click Ok to close window and complete

You can exit out of the Horizon 7 Administrator and close the Chrome browser.

HOL-1751-MBL-1

HOL-1751-MBL-1

HOL-1751-MBL-1

HOL-1751-MBL-1

Horizon Client

The client software for accessing remote desktops and applications can run on a tablet,a phone, a Windows, Linux, or Mac PC or laptop, a thin client, and more.

After logging in, users select from a list of remote desktops and applications that theyare authorized to use. Authorization can require Active Directory credentials, a UPN, asmart card PIN, or an RSA SecurID or other two-factor authentication token.

Double click the VMware Horizon Client icon from the main console desktop.You may need to minimize the Chrome browser in order to see the main consoledesktop.

HOL-1751-MBL-1

HOL-1751-MBL-1

Explore the Horizon Client

Once you open the VMware Horizon Client you will see the Horizon Connection Server.

1. Click on the connection server h7cs-01a.corp.local to open up the log in screen.2. Log in as CEO and password VMware1! then click on Login.3. From here you will see the newly created Sales Pool desktop that the CEO user

is entitled to.

This validates that the pool creation and entitlements have been done correctly. Inorder to have a successful connection, the desktop VM(s) added to the pool need tohave the Horizon Agent installed so that proper communication can be established withthe connection brokers and horizon client to establish a session.

HOL-1751-MBL-1

HOL-1751-MBL-1

Horizon Agent

You install the Horizon Agent service on all virtual machines, physical systems, andMicrosoft RDS hosts that you use as sources for remote desktops and applications. Onvirtual machines, this agent communicates with Horizon Client to provide features suchas connection monitoring, virtual printing, View Persona Management, and access tolocally connected USB devices.

You must install View Agent on virtual machines that are managed by vCenter Server sothat View Connection Server can communicate with them. Install View Agent on all

HOL-1751-MBL-1

HOL-1751-MBL-1

virtual machines that you use as templates for automated desktop pools, parents forlinked-clone desktop pools, and machines in manual desktop pools.

You can install the agent with an option for single sign-on. With single sign-on, users areprompted to log in only when they connect to View Connection Server and are notprompted a second time to connect to a remote desktop or application.

HOL-1751-MBL-1

HOL-1751-MBL-1

Module 3 - Instant Clones(30 Minutes)

HOL-1751-MBL-1

HOL-1751-MBL-1

Introduction of Instant ClonesWhat Is Instant Clone Technology?

Instant Clone Technology is all about delivering VDI desktops just in time. For those ofyou who follow project names, think of vmFork and Project Fargo. Instant CloneTechnology allows administrators to rapidly clone and deploy virtual machines at a rateof about one clone per second on average. Horizon 7 can provision 2000 VirtualDesktops in about 20 minutes.

Instant Clone Technology

Instant Clone Technology (that is, vmFork) uses rapid in-memory cloning of a runningparent virtual machine, and copy-on-write to rapidly deploy the virtual machine (clones).

Copy-on-write, or COW, is an optimization strategy. This means that whenever a taskattempts to make a change to the shared information, it should first create a separate(private) copy of that information to prevent its changes from becoming visible to all theother tasks.

A running parent virtual machine is brought to a quiescent, or quiet, state and thenforked, and the resulting powered-on clones are then customized (receiving unique MACaddresses, UUIDs, and other information). These clones share the disk and memory ofthe parent for Reads and are always ready for logins. After the clone is created, Writesare placed in delta disks. Both memory and disk are copy-on-write, so if a new clonemodifies bits of its memory or disk, a separate copy is made for that virtual machine,thus preserving security and isolation between virtual machines.

HOL-1751-MBL-1

HOL-1751-MBL-1

https://en.wikipedia.org/wiki/Copy-on-write

Review Virtual Desktop Types

Lets review the two types of Virtual Desktops, Persistent and Non-persistent.

Persistent desktops are usually full cloned VMs, and sometimes Linked Clones. Apersistent desktop retains data on the desktop itself between logons and reboots. Thisincludes all data such as user settings, applications, internet bookmarks and so on, anddoes not require other methods of copying data to additional desktops. Additionally auser can have an application installed directly on their desktop which will be retained forthem to use and does not require all users having it on their desktop or virtualizing theapplication.

When using a persistent desktop a user is assigned a single specific desktop that is onlyfor their use. This ensures they can access their desktop with all their settings andinstalled applications. Desktops are created from a master image but not re-createdafter use.

By using persistent desktops the provisioning method used increases the storage usagecompared to non-persistent desktops. As there is a desktop for each user, their settingsand applications, which may be 25-35 GB in size per desktop, increases storage costs.Additionally because the desktops are not re-created from the master image at logoff orfrequently refreshed, the desktop updates and other changes must be managed byanother solution such as Altiris, WSUS or SCCM. This increases management overheadand lowers user density per host.

Non-persistent desktops areusually Linked Clones today. A non-persistent virtualdesktop does not retain any data on the desktop itself after a logoff or reboot. Thisincludes any data such as user settings, application settings, internet bookmarks and soon. Instead this data is retained using other methods such as folder redirection andprofile solutions such as User Environment Manager (UEM) to store user settings in acentral location and applied to any desktop they logon to.

Additionally a non-persistent desktop does not allow a user to install an application andhave it available across other non-persistent desktops a user may log into. If usersrequire that ability, writable volumes with App Volumes would allow that.

When using a non-persistent desktop a user is not assigned any specific desktop, this isbecause all desktops are identical and created from a single master image. Typically ateach logoff the desktop is recreated from the master image or refreshed. By using non-persistent desktops this provisioning method provides several benefits. Some of thosebenefits are a reduction in storage requirements of around 80% resulting in costsavings, easier maintenance of desktops for updates as only the master images needupdating. Security is increased as a desktop is re-created from the clean master imageonce a user logs off. User settings data is also backed up centrally when folderredirection and a profile management solution is implemented.

HOL-1751-MBL-1

HOL-1751-MBL-1

HOL-1751-MBL-1

HOL-1751-MBL-1

Just-In-Time Management Platform

Just-In-Time Management Platform or JMP (pronounced jump) represents capabilities inVMware Horizon 7 Enterprise Edition that deliver Just-in-Time Desktops and Apps in aflexible, fast, and personalized manner. JMP is composed of the following VMwaretechnologies:

· VMware Instant Clone Technology for fast desktop and RDSH provisioning

· VMware App Volumes for real-time application delivery

· VMware User Environment Manager for contextual policy management

JMP allows components of a desktop or RDSH server to be decoupled and managedindependently in a centralized manner, yet reconstituted on demand to deliver apersonalized user workspace when needed. JMP is supported with both on-premises andcloud-based Horizon 7 deployments, providing a unified and consistent managementplatform regardless of your deployment topology. The JMP approach provides severalkey benefits, including simplified desktop and RDSH image management, faster deliveryand maintenance of applications, and elimination of the need to manage “fullpersistent” desktops.

HOL-1751-MBL-1

HOL-1751-MBL-1

Desktop Types with Just-in-Time Management Platform

Instant Clones by default are a non-persistent desktop type but as you add additionalVMware technologies you can move to a complete persistent experience.

Administrators can quickly provision from a parent virtual machine whenever newdesktops are needed, just in time for a user to log in. With this type of speed, you canreduce the number of spare machines needed. When you factor in VMware App Volumesand the ability to dynamically attach AppStacks with applications assigned to each user,as well as user-specific writable volumes, along with role-based persona andcustomization through VMware User Environment Manager, you now have a fullypersonalized desktop that feels persistent to the end user. However, this desktop iscompletely stateless and built on the attractive economics of non-persistent desktops.

View Composer Clones vs Instant Clones

What Are Some of the Benefits of Instant Clone Technology over View Composer Clones?

At the top of the list of benefits of Instant Clone Technology is simplified deployment andpatching for administrators. Instant clones do not need to be refreshed, recomposed, orrebalanced. When a user logs out of the desktop, that desktop always gets deleted andrecreated as a fresh image from the latest patch. This process creates a staggeredapproach to patching, thus eliminating “boot storms,” reducing storage IOPS, andcreating less of a load on the vCenter Server.

HOL-1751-MBL-1

HOL-1751-MBL-1

Desktop-pool image changes can also be scheduled during the day with no downtimefor the users or for the availability of the desktop pool, so that the View administratorhas full control over when the users receive the latest image. Horizon 7 leverages rollingrefresh operations, so that users can continue to use their existing logged-in desktop,even during an image-update operation. When the user logs out of their desktopsession, a new clone is instantly created using the latest image, and the desktop isimmediately available for log in. However, if you have an urgent patch, you can “force”the users to log out and immediately log in to the latest image.

When a virtual machine is created, Horizon 7 indexes the contents of each virtual diskfile. The indexes are stored in a virtual machine digest file. At runtime, the ESXi hostreads the digest files and caches common blocks of data in memory. To keep the ESXihost cache up to date, Horizon 7 regenerates the digest files at specified intervals andalso when the virtual machine is recomposed. You can modify the regeneration interval.A longer regeneration interval puts less of a load on the system, but digest files tend tobe “dirtier” and therefore CBRC is less useful. In the case of Instant Clone Technology,CBRC is less useful because the clones are short-lived and deleted or reimaged whenthe user logs out. Master virtual machines and replicas still use CBRC, which iscalculated automatically.

SEsparse wipe-and-shrink operations are no longer needed. Typically, VMDKs keepgrowing, and SEsparse wipe-and-shrink sweeps and frees up unused blocks after theyare deleted. This operation is no longer needed because the virtual machines are short-lived. They are either deleted or reimaged after the user logs out.

Unlike View Composer, Instant Clone Technology does not need a database, whichgreatly simplifies the Horizon 7 architecture. This also helps to lower the overall supportcost of the solution, and reduces the complexity of future environment upgrades.

HOL-1751-MBL-1

HOL-1751-MBL-1

HOL-1751-MBL-1

HOL-1751-MBL-1

Instant Clone Desktop PoolAn instant-clone desktop pool is an automated desktop pool. vCenter Server creates thedesktop virtual machines based on the settings that you specify when you create thepool.

Similar to View Composer linked clones, instant clones share a virtual disk of a parentvirtual machine and therefore consume less storage than full virtual machines. Inaddition, instant clones also share the memory of a parent virtual machine. Instantclones are created using the vmFork technology. An instant-clone desktop pool has thefollowing key properties:

• The provisioning of instant clones is significantly faster than View Composerlinked clones.

• Instant clones are always created in a powered-on state, ready for users to log in.Guest customization and AD domain join are completed as part of the initialpower-on workflow.

• When a user logs off, the desktop virtual machine is deleted. New clones arecreated according to the provisioning policy, which can be on demand or up-front.

• With the push image operation, you can recreate the pool from any snapshot ofany parent virtual machine. You can use push image to roll out OS and applicationpatches.

• Clones are automatically rebalanced over available data stores when clones arecreated.

• View storage accelerator is automatically enabled.• Transparent page sharing is automatically enabled.

Because View can create instant clones very quickly, you typically do not need toprovision a large number of desktops up front or have a large number of readydesktops. For this reason, when compared with View Composer linked clones, InstantClones can make the task of managing a large number of desktops easier and alsoreduce the amount of hardware resources that is required.

Module disclaimer: This lab environment is utilizing shared infrastructure andmay not perform as well as a properly designed and scaled productionenvironment would. Observed latency in the Instant Clone process is due tothe the constraints within the lab environment. This module is meant todemonstrate functionality only and should NOT be used to gauge performanceor performance benchmarking.

Module Setup

1. Validate you're on the Main Console desktop2. Launch the InstantClones Maintenance Off script

HOL-1751-MBL-1

HOL-1751-MBL-1

Note: Instant Clones includes administrative tools to allow you to place the Instant Clonepool in to maintenance mode. This will delete any cp-parent or the parent VM that ispowered on and VMfork stuns to create the cloned virtual machines. Since the Hands-On-Labs clones a complete copy of the lab from a powered off state, this script isrequired to allow a new cp-parent.

This script may take a couple of minutes to run in the lab environment. Leavethe command window open until the script is complete and the window closesitself.

Current Restrictions

In Horizon 7.0, instant clones have certain restrictions:

• Single-user desktops only. RDS hosts are not supported.• Floating user assignment only. Users are assigned random desktops from the

pool.• Instant-clone desktops cannot have persistent disks. Users can use VMware App

Volumes to store persistent data.

HOL-1751-MBL-1

HOL-1751-MBL-1

• Virtual Volumes and VAAI (vStorage APIs for Array Integration) native NFSsnapshots are not supported.

• Sysprep is not available for desktop customization.• Windows 7 and Windows 10 are supported but not Windows 8 or Windows 8.1.• Local datastores are not supported.• IPv6 is not supported.• Instant clones cannot reuse pre-existing computer accounts in Active Directory.• Persona Management is not available, but VMware User Environment

Management is supported.• 3D rendering is not available.• You cannot specify a minimum number of ready (provisioned) machines during

instant clone maintenance operations. This feature is not needed because thehigh speed of creating instant clones means that some machines are alwaysavailable even during maintenance operations.

Requirements

Instant clones have the following compatibility requirements:

• vSphere 6.0 Update 1 or later.• Virtual machine version 11 or later.• Horizon 7 or later.

HOL-1751-MBL-1

HOL-1751-MBL-1

Instant Clone Domain Admin

NOTE: No work for you to preform, these Steps are define for your reference. SinceInstant Clones is different than Linked Clones, you need to define the administrator.

Before you can create an instant-clone desktop pool, you must add an instant clonedomain administrator to View.

The instant clone domain administrator must have certain Active Directory domainprivileges. For more information, see "Create a User Account for Instant CloneOperations" in the View Installation document.

To create the instant clone domain administrator you need to

1. Expand the View Configuration2. Click on Instant Clone Domain Admins3. Click on Add4. Enter the domain user name and password, then click ok

HOL-1751-MBL-1

HOL-1751-MBL-1

Create an Instant-Clone Desktop Pool

Note: Due to the nature of the Hands-on-Labs you will create a Instant Clone Pool, butwill not save your settings.

1. Double Click the Google Chrome icon to launch.

HOL-1751-MBL-1

HOL-1751-MBL-1

Launch the View Administrator

1. Click on the Horizon 7 bookmark Folder2. Click on the Horizon 7 Administrator - A3. Enter the User name: Administrator4. Enter the Password: VMware1!5. Click Log In

HOL-1751-MBL-1

HOL-1751-MBL-1

Add Desktop Pool

1. Expand Catalog2. Click on Desktop Pools3. Click on Add

HOL-1751-MBL-1

HOL-1751-MBL-1

Desktop Pool Type

1. Choose Automated Desktop Pool2. Click Next

HOL-1751-MBL-1

HOL-1751-MBL-1

Desktop Pool User Floating

1. Choose Floating2. Click on Next

HOL-1751-MBL-1

HOL-1751-MBL-1

Desktop Pool vCenter Server

1. Choose Instant clones2. Click on your vCenter Server3. Click Next

HOL-1751-MBL-1

HOL-1751-MBL-1

Desktop Pool Identification

1. Enter HOL_InstantClone for the ID2. Enter Instant Clone in display name3. Click Next

HOL-1751-MBL-1

HOL-1751-MBL-1

Desktop Pool Settings

Take the defaults for the pool except for

1. Change the default Remote Display Protocol to VMware Blast2. Select No for Allow users to choose protocol3. Check HTML Access Enabled4. Click Next

HOL-1751-MBL-1

HOL-1751-MBL-1

Provision Settings

1. Enter HOL-{n}-w7 for Naming Pattern2. Select 5 for Max number of machines3. Select Provision machines on demand4. Enter 1 of minimum number of machines5. Click Next

This will build a pool of desktops to a maximum of 5 on demand.

HOL-1751-MBL-1

HOL-1751-MBL-1

Storage Optimization

Take the defaults

1. Click Next

HOL-1751-MBL-1

HOL-1751-MBL-1

Desktop Pool vCenter Settings

1. Browse for the Parent VM, W10-IC-GM - Click OK2. Browse for the Snapshot, Ready for Instant Clones - Click OK3. Browse for the VM folder, select RegionA01 - Click OK4. Browse for the Cluster, Instant Clone Cluster - Click OK5. Browse to Instant Clone Cluster for the resource pool - Click OK6. Browse to the datastores and select one7. Click Next

Guest Customization

Instant Clones uses ClonePrep for guest customization.

ClonePrep customizes instant clones when they are created and works similarly to theway QuickPrep customizes View Composer Lined Clones.

ClonePrep joins all instant clones to the Active Directory domain. The clones have thesame computer security identifiers (SIDs) as their parent VM. ClonePrep also preserves

HOL-1751-MBL-1

HOL-1751-MBL-1

the globally unique identifiers (GUIDs) of applications, although some applications mightgenerate a new GUID during customization.

When you add an instant-clone desktop pool, you can specify a script to runimmediately after a clone is created and another script to run before the clone ispowered off.

1. Browse to the Instant Clones OU. Expand corp.local, then expand HorizonDesktops to select: OU=Instant Clones,OU=HorizonDesktops,DC=corp,dc=local

2. Click Next

HOL-1751-MBL-1

HOL-1751-MBL-1

Review the Pool

1. Click Cancel to quit the wizard2. Click OK to quit the wizard

NOTE: You will cancel the pool creation wizard because the pool is already created foryou. These steps were to demonstrate how an Instant Clone pool is created in theHorizon Administrator.

HOL-1751-MBL-1

HOL-1751-MBL-1

Connect to Instant Clone DesktopsYou are going to validate the Instant Clone pool inventory before connecting to adesktop and watch how Instant Clone Technology creates and destroys virtual machinesin seconds.

Horizon 7 Administrator

From the Horizon 7 Administrator

1. Click on the Catalog to expand2. Click on Desktop Pools3. Double Click on Instant_Clones pool

HOL-1751-MBL-1

HOL-1751-MBL-1

Inventory

1. Click on Inventory2. Notice that you only have a single Windows 10 desktop available.3. Minimize the browser

HOL-1751-MBL-1

HOL-1751-MBL-1

Launch Horizon Client

1. Validate you're on the Main Console desktop2. Launch the VMware Horizon Client

HOL-1751-MBL-1

HOL-1751-MBL-1

Logon to Horizon 7

1. Double click the h7cs-01a.corp.local Connection Server

HOL-1751-MBL-1

HOL-1751-MBL-1

Logon to Horizon 7 as CTO

1. Login to Horizon as CTO2. Password is VMware1!3. Click Login

HOL-1751-MBL-1

HOL-1751-MBL-1

Choose the Instant Clone Pool

Double click the Instant Clone desktop pool to connect to a Windows 10 desktop.

HOL-1751-MBL-1

HOL-1751-MBL-1

Instant Clone Desktop

Notice that you are connected as the CTO on IC-1-W10. This is the same desktop as theone from the Inventory.

HOL-1751-MBL-1

HOL-1751-MBL-1

Return to Horizon 7 Administrator

Click on your open browser tab to return to the View Administrator for Horizon 7

HOL-1751-MBL-1

HOL-1751-MBL-1

Review the Inventory

1. You may need to Click the Refresh icon several times2. Review the Instant Clone Pool. You have a second Windows 10 machine,

IC-02-w10. (Please click the refresh icon until the machine shows available)3. Return to the Instant Clone Windows 10 desktop by clicking Instant Clone in the

task bar

HOL-1751-MBL-1

HOL-1751-MBL-1

Return to the Instant Clone Windows 10 Desktop

In this step you will launch the Horizon Client and connect to another Horizon 7resource. Notice that it is possible to install the the Horizon Client in a virtual desktop.

1. Validate you are on the Instant Clone IC-01-W10 desktop2. Double click the Horizon View icon to launch the client

HOL-1751-MBL-1

HOL-1751-MBL-1

Logon to Horizon 7 as COO

1. Login to Horizon as COO2. Password is VMware1!3. Click Login

HOL-1751-MBL-1

HOL-1751-MBL-1

Choose the Instant Clone Pool

Click on the Instant Clone desktop pool to connect to a Windows 10 desktop.

HOL-1751-MBL-1

HOL-1751-MBL-1

Instant Clone Preparing Windows, Return to Inventory

After your desktop starts to logon quickly switch back to the Horizon 7 Administrator toreview the inventory

HOL-1751-MBL-1

HOL-1751-MBL-1

Return to Inventory

After your desktop starts to logon quickly switch back to the Horizon 7 Administrator toreview the inventory

1. If prompted, Click on Allow when prompted for client drive sharing2. Click on your open browser tab to return to the View Administrator for Horizon 7

HOL-1751-MBL-1

HOL-1751-MBL-1

Return to Horizon 7 Administrator

Click on your open browser tab to return to the View Administrator for Horizon 7 if youare not already there.

HOL-1751-MBL-1

HOL-1751-MBL-1

Review the Inventory

1. Click Inventory2. Click Refresh3. Notice that the new Instant Clone is automatically provisioning more desktops4. After you have reviewed please click on the Instant Clone desktop in the task

bar to return to your desktop

Note: Due to the Hands On Lab architecture your Instant Clones may take longer than 1sec. Please hit Refresh several times if needed.

Log Off IC-02-W10 desktop

1. From your IC-02-W10 desktop2. Click Options

HOL-1751-MBL-1

HOL-1751-MBL-1

3. Click Disconnect and Log Off4. Click Ok when prompted5. Click the Instant Clone Horizon 7 Client desktop in the taskbar to return to the

desktop

HOL-1751-MBL-1

HOL-1751-MBL-1

Disconnect and Log Off IC-01-W10

1. Click Options2. Click Disconnect and Log Off3. Click Ok when prompted

HOL-1751-MBL-1

HOL-1751-MBL-1

Return to Horizon 7

Click on your open browser tab to return to the Horizon 7 Administrator

HOL-1751-MBL-1

HOL-1751-MBL-1

Elastic Pool

1. Click the Refresh icon2. Notice that you only have 1 desktop available now

Instant Clone Pools can be provisioned using elastic pool settings. They will grow to themaximum number defined in the pool settings but they will also shrink or destroy thevirtual machines when not in use. Since Instant Clones can be created so quickly it is aviable solution to create them as they are needed. This si one of the main buildingblocks of eh Just-In-Time desktop.

Elastic pool provisioning driven by 3 variables:

• Minimum controls minimum # of provisioned and powered-on clones inthe pool. Can be entered when The Provision Machines on Demand radiobutton is selected.

• Maximum controls the maximum # of provisioned and powered-onclones in the pool

• Spare controls the # of spare VMs powered-on as headroom for userlogin

HOL-1751-MBL-1

HOL-1751-MBL-1

Return to the Horizon Client

Click the VMware Horizon Client in the taskbar to return to the client

HOL-1751-MBL-1

HOL-1751-MBL-1

Log Off as CTO

1. Click the Log Off icon2. Click OK

HOL-1751-MBL-1

HOL-1751-MBL-1

Module 4 - Just-In-TimeManagement Platform (30

Minutes)

HOL-1751-MBL-1

HOL-1751-MBL-1

Just-in-Time Management PlatformThe Just-In-Time Management Platform or JMP (pronounced jump) represents capabilitiesin VMware Horizon 7 Enterprise Edition that deliver Just-in-Time Desktops and Apps in aflexible, fast, and personalized manner. JMP is composed of the following VMwaretechnologies:

· VMware Instant Clone Technology for fast desktop and RDSH provisioning

· VMware App Volumes for real-time application delivery

· VMware User Environment Manager for contextual policy management

JMP allows components of a desktop or RDSH server to be decoupled and managedindependently in a centralized manner, yet reconstituted on demand to deliver apersonalized user workspace when needed. JMP is supported with both on-premises andcloud-based Horizon 7 deployments, providing a unified and consistent managementplatform regardless of your deployment topology. The JMP approach provides severalkey benefits, including simplified desktop and RDSH image management, faster deliveryand maintenance of applications, and elimination of the need to manage “fullpersistent” desktops..

App Volumes Manager Overview

In the next steps we will go over the App Volumes Manager.

HOL-1751-MBL-1

HOL-1751-MBL-1

Launch the App Volumes Manager

From the Main Console Desktop, Launch the Chrome Browser.

1. Click on the App Volumes shortcut on the bookmark bar.2. Select App Volumes Manager3. Username: administrator4. Password: VMware1!5. Click on Login

Navigate the features of App Volumes Manager

The dashboard view allows IT administrators to access Utilization metrics as well asreview recent User Logins, Computer Bootups and App Stack Attachments.

HOL-1751-MBL-1

HOL-1751-MBL-1

This dashboard provides the following information:

• The number of user and server licenses in use• User utilization• Most recent user logins• Computer Utilization• Most recent computer logins• AppStack utilization

App Volumes Console - VOLUMES

Moving to the right one section, click on the VOLUMES section.

The Volumes tab is used to create and manage AppStacks and writable volume and formonitoring currently attached volumes

This will show you 5 tabs:

• AppStacks - These are the Read Only volumes containing applications whichmay be assigned to Active Directory User Accounts, Active Directory ComputerAccounts, Active Directory Groups, or OUs. This is done in order to deliverapplications to end users.

HOL-1751-MBL-1

HOL-1751-MBL-1

• Writable Volumes - These are volumes which are writable and assigned one peruser or computer and come in three different flavors: Profile Only, User InstalledApps Only, or Profile Plus User Installed Apps.

• Attachments - This tab lets administrators see all actively attached AppStacksand Writable Volumes.

• Assignments - This tab allows administrators to see all AppStack and WritableVolume assignments defined.

• Applications - Within this tab, administrators can search all AppStacks basedupon applications captured. This can allow administrators to assign theappropriate AppStack based upon applications.

Here you will see several AppStacks that we will be assigning to users in the other 1751labs.

HOL-1751-MBL-1

HOL-1751-MBL-1

Looking at I-T_Apps (x32)

If you click on one of the AppStacks like I-T_Apps (x32) you will see what is containedin that AppStack.

Inside the I-T_Apps (x32) AppStack you see information about that AppStack whichcontains 19 Applications. This is also where you can Assign the AppStack to a user orgroup. You can see that it is not currently assigned to anyone.

You can attach AppStacks to an Active Directory group or user Immediately or upon nextlogin or reboot. This gives the administrator control over delivering applications to theuser as well as updating and removing the same way.

App Volumes Writable Volume

App Volumes also has the ability to attach a Writable Volume to a user for user data anduser installed applications. This Writable volume follows the user. Like AppStacks, aWritable Volume is also a virtual disk, but unlike AppStacks a Writable Volume isconfigured in a one-to-one configuration, and each user has their own assigned WritableVolume.

When an IT administrator assigns a Writable Volume to a user, the first thing the ITadministrator will need to decide is what type of data the user will be able to store inthe Writable Volumes. There are three choices :

• User Profile Data Only

HOL-1751-MBL-1

HOL-1751-MBL-1

• User Installed Applications Only• Both Profile Data and User Installed Applications

It should be noted that App Volumes is not a Profile Management tool, but can be usedalongside any currently used User-Environment Management tool.

1. On the Volumes Tab, Click on Writables.2. You will see that the CEO user already has a Writable Volume assigned to them.3. Click the + sign next to the CEO user's writable volume. Notice the Status is

Enabled and any restrictions on this volume.

This writable volume shows up in Disk Management when the user is logged on but youshould not see any evidence of the attached, active Writable Volume in ExplorerWindow.

User Environment Manager Management ConsoleOverview

VMware User Environment Manager offers personalization and dynamic policyconfiguration across any virtual, physical and cloud-based environment. It is a criticalcomponent of VMware Workspace Environment Management solutions, which supportuser-centric computing and address both end-to-end application and user management.User Environment Manager can simplify end-user profile management by providingorganizations with a single and scalable solution that leverages existing infrastructure.

HOL-1751-MBL-1

HOL-1751-MBL-1

IT can easily map infrastructure (including networks and printer mappings) anddynamically set policies for end users. With this solution, end users can also enjoy apersonalized and consistent experience across devices and locations. Organizationsleveraging User Environment Manager can increase workplace productivity while drivingdown the cost of day-to-day desktop support and operations.

VMware User Environment Manager consists of five functional areas:

1. Application Configuration Management - to configure initial settings withoutrelying on Application default settings

2. User Environment Settings - for settings users need to perform their dailytasks

3. Personalization - decouples and segments user-specific desktop and applicationsettings from the Windows OS system.

4. Application Migration - to "roam" personal application settings of users fromone operating system to another as long as application is storing its configurationin same location.

5. Dynamic Configuration - allows you to combine conditions based on user,location, device characteristics, enabling dynamic adaptation of content andappearance fo the end user desktop.

Launch User Environment Manager Management Console

From the Main Console Desktop you can launch the UEM Management Console.

HOL-1751-MBL-1

HOL-1751-MBL-1

Navigate the features of the User Environment ManagerManagement Console

The VMware User Environment Manager - Management Console which can be installedon any desktop or Terminal Server from which you want to manage the UserEnvironment Manager environment.

1. Click the Personalization Tab2. Expand the Applications Folder3. This is where you define your application configurations and personalizations.

User Environment Tab

The User Environment tab of the Management Console contains all functionality forcreating and managing user environment settings. Note that these settings are appliedat logon and logoff. A subset is also available for use with Application Personalization.

Click on the User Environment Tab

Look at the List of

• ADMX-based settings allows you to leverage the same user based Group PolicyObjects (GPO) that you are familiar with in Active Directory. Group Policy Objects(GPOs) by nature control "Groups" of users, but what if you would like to apply

HOL-1751-MBL-1

HOL-1751-MBL-1

policies to a specific end user or need to create one off conditions of when a GPOwould be applied? That is where ADMX-based settings shines.

• Application blocking lets you control the folders from which applications can bestarted. If a user attempts to run an application from another folder, the launch ofthat application is blocked. When combined with the power of conditions, you canbe very specific on who and when an application is blocked.

• Drive Mappings allows you to define the users network share access based onspecific conditions.

• Environment Variables - you can define an environment variable based onspecific conditions.

• File Type Associations allows you to define default applications based on a filesextension. For example you could define PPTX extenstions to open in OpenOffice.

• Files and Folders allows you to copy data based on specific conditions. AnExample is a Welcome message or a local folder for an application.

• Folder Redirection will leverage standard Microsoft folder redirection technique,but when combined with conditions you can create a dynamic policy that allowsspecific folders to be redirected.

• Horizon Policies - Horizon 7 is the introduction of Policy-Managed ClientFeatures, which brings contextually aware, fine-grained control of client-sidefeatures, for a more robust security posture with improved IT manageability. NowIT can selectively enable or disable features like clipboard redirection, USB,printing, and client drive redirection. You can now use policy to ensure that, forinstance, a desktop login from a network location considered unsecure, results indisabling of security sensitive features like cut/paste or USB drive access. All ofthis can be enforced based on role, evaluated at logon/logoff, disconnect/reconnect and at pre-determined refresh intervals for consistent application ofpolicy across the entirety of the user experience.

• Logon Tasks are exactly what it sounds like. These are tasks that you can defineduring logon but with conditions and finite control.

• Printer Mappings is one of the most powerful and useful policies whenmanaging desktops. You can control Printer Mappings based on location, groupmembership, type of device they are connecting from or countless combinations.

• Shortcuts management is a key component to the users environment. You cancreate your own Program Folder and place any shortcut in that folder and you canbuild conditions to allow for dynamic shortcuts.

• Triggered Tasks allows dynamic refresh of specific components and can betriggered from a Lock workstation, Unlock workstation, Disconnect session, andReconnect session.

• Windows display language can dynamically change based on yourinternational needs.

• Windows Policy Settings are a subset of commonly used Group Policies Object(GPO) for quick assignments

HOL-1751-MBL-1

HOL-1751-MBL-1

Blast Extreme Protocol Overview

The VMware Blast display protocol can be used for remote applications and for remotedesktops that use virtual machines or shared-session desktops on an RDS host.

We will review how to enable Blast Extreme for Desktops and Applications as well ashow to select the protocol as an end user, if allowed.

HOL-1751-MBL-1

HOL-1751-MBL-1

Log in to the Horizon 7 Administrator Tool

Open another tab in Google Chrome

1. Select Horizon 7 Folder2. Select Horizon 7 Administrator - A3. Username: administrator4. Password: VMware1!5. Select Log In

If you get a "Your connection is not private" message, click on Advanced and then"Proceed to h7cs-01a.corp.local".

HOL-1751-MBL-1

HOL-1751-MBL-1

HOL-1751-MBL-1

HOL-1751-MBL-1

Blast Protocol Choice

We are going to look at the Desktop Pool and the Default Display protocol. Since BlastExtreme is native to Horizon 7 you will only need to modify the remote display protocol.

1. Expand the Catalog and Click on the the Desktop Pools.2. Select the win10x64 Desktop pool by clicking on the line by Display name to

select it.3. Click Edit

HOL-1751-MBL-1

HOL-1751-MBL-1

Remote Display Protocol

We are just going to look at the remote display protocol and not make changes.

1. Click on the Desktop Pool Settings tab2. Scroll down to the Remote Display Protocol and click on pull down next to

Default display protocol. Options are Microsoft RDP, PCoIP or VMware Blast.Choose VMware Blast.

3. Click OK

Minimize the Horizon 7 Administrator

NOTE: To enable Blast Extreme for Application Pools you need to modify the remotedisplay protocol for the RDS Farm.

HOL-1751-MBL-1

HOL-1751-MBL-1

Connecting using VMware Blast Extreme

1. From the Main Console, launch the VMware Horizon Client2. Select h7cs-01a.corp.local3. Log in as CEO with password VMware1!4. Click on Login

HOL-1751-MBL-1

HOL-1751-MBL-1

Connect to Windows 10 x64 Desktop pool

1. Right Click on the Windows 10 x64 Desktop Pool2. Notice that the display protocol is now VMware Blast.3. Click Launch to connect to the desktop.

Disconnect and Log off from the Windows 10 x64 Desktop when you are ready.

Conclusion

These features we discussed in this section include App Volumes, User EnvironmentManager and the Instant Clone technology in Horizon 7. When combined, thesesolutions allow IT organizations to deliver purpose built desktops to their end users.These dynamically built desktops have the same look and feel that end users areaccustomed to, track their desktop customizations and can dynamically haveapplications assigned to them.

For more info on the technologies in this lab please visit the other labs in the 1751family:

HOL-1751-MBL-2 - App Volumes

HOL-1751-MBL-1

HOL-1751-MBL-1

56470?data-resolve-url=true&data-manual-id=56470

HOL-1751-MBL-3 Module 3 - User Environment Manager

HOL-1751-MBL-1

HOL-1751-MBL-1

ConclusionIn this module you learned about Horizon 7 and the new features.

HOL-1751-MBL-1

HOL-1751-MBL-1

You've finished HOL-1751-MBL-1 Lab.

Congratulations on completing HOL-1751-MBL-1 Lab.

If you are looking for additional information on Horizon 7, try one of these:

• Click on this link• Or go to http://www.vmware.com/products/horizon-view/features.html• Or use your smart device to scan the QRC Code.

Proceed to any of the Horizon 7 Labs below which interests you most but be sure to endthis lab.

• HOL-1751-MBL-2 - Application Delivery and Management to Virtual andPhysical End Points in Horizon 7 - Attendees should expect to gain anunderstanding of Application Delivery with App Volumes by presenting anAppStack to a VDI desktop, AppStacks in RDSH and Merging AppStacks. Alsounderstand how URL Redirection is used to intercep and redirect a file from avirtual desktop to the client endpoint.

• HOL-1751-MBL-3 - Extend the Value of Horizon 7 Suite - Attendee will gainknowledge of the value of the components in the Horizon 7 Suite by learningabout Mirage for physical desktop management, Horizon FLEX to serve BYOusers, the configuration of User Environment Manager for simplified end-userprofile management, Smart Policies to deliver real-time policy-basedmanagement, Desktop Pools and Published Applications with Application pools.

• HOL-1751-MBL-4 - Architecture and Performance of Horizon 7 - Attendeewill go into the architecture and performance of Horizon 7 by looking at VirtualSAN technology for Virtual Desktops, Overview of vRealize Operations for Horizonlooking at Horizon specific dashboards, Working with Instant Clone technology forJust-in-time desktop delivery in Horizon 7 and Using the View Planner Tool forsizing VDI deployments.

• HOL-1751-MBL-5 - End to End Security in Horizon 7- Attendee will get anoverview of the end to end security features in Horizon 7 with additional choiceand flexibilty with Blast Extreme display technology, Access Point for secureremote access, Horizon 7 SSL Certs and VMware Identity Manager for True SSOend-to-end login experience.

• HOL-1751-MBL-6 - Horizon 7 Advanced Concepts - Attendee will gain insightinto the advanced concepts of Horizon 7 with Linux Desktop support and thearchitecture of NSX for Horizon.

HOL-1751-MBL-1

HOL-1751-MBL-1

http://www.vmware.com/products/horizon-view/features.html

http://www.vmware.com/products/horizon-view/features.html

How to End Lab

To end your lab click on the EXIT button.

HOL-1751-MBL-1

HOL-1751-MBL-1

ConclusionThank you for participating in the VMware Hands-on Labs. Be sure to visithttp://hol.vmware.com/ to continue your lab experience online.

Lab SKU: HOL-1751-MBL-1

Version: 20170510-081444

HOL-1751-MBL-1

HOL-1751-MBL-1

http://hol.vmware.com/

Table of Contents - VMwaredocs.hol.vmware.com/HOL-2017/hol-1751-mbl-1_pdf_en.pdfWhat is VMware...

Documents

Transcript of Table of Contents - VMwaredocs.hol.vmware.com/HOL-2017/hol-1751-mbl-1_pdf_en.pdfWhat is VMware...