[Updated 4-Sep-2021]

Recently, my employer asked me to learn Horizon 7 for potential projects. The last time I looked at VMware Horizon (Horizon) was in the summer of 2015 for a vendor project. Horizon has changed a lot, for the better, in the last five years.

I spent two weeks installing, configuring, breaking, and repeating the process. Along the way, I documented my progress, process, and procedures. As someone who has worked with Citrix products for 30 years, taking the initiative to learn a competing product was not easy. I built and deleted my Horizon 7.12 lab three times in this learning process. Along the way, there were people from the VMware community on Twitter and the vExperts Slack EUC channel who patiently answered my questions and guided me in getting everything in the lab working.

Note: Every person has their opinion on how a VMware Horizon infrastructure is built and maintained.  I used the minimum number of options and steps so I can build and test quickly. You should follow the processes required for your environment. Never blindly take the information from any website, article, or blog as gospel. You should always follow the policies, processes, and procedures required for your environment. Your users, applications, and requirements are unique to your environment. Therefore, you should always lab, test, and learn BEFORE you put anything into production.

Horizon allows you to run published resources (desktops and applications) from a centralized location to any user, anywhere in the world, on any device.

Horizon consists of many pieces of software. For example:

• App Volumes
• Composer (for linked clones)
• Connection Server (for Instant Clones)
• Dynamic Environment Manager
• Horizon Agent
• Horizon Client
• Persona
• ThinApp
• vCenter
• vRealize Operations Manager
• vSAN
• vSphere ESXi
• Workspace ONE

For this article series, we are only looking at a small subset of the Horizon software:

• Connection Server (for Instant Clones)
• Dynamic Environment Manager
• Horizon Agent
• Horizon HTML5 Client (no installation required)
• vCenter
• vSphere ESXi

We will only deliver published resources to users on the Local Area Network (LAN) for this lab.

These are the assumptions I am making about the reader of this article series.

• You are familiar with basic vSphere and vCenter concepts.
  • https://www.carlwebster.com/06-building-websters-lab-install-the-vmware-vcenter-server-appliance/
• You know how to upload ISO files to a datastore.
  • https://www.carlwebster.com/07-building-websters-lab-creating-the-vsphere-distributed-switch/
• You know how to create Virtual Machines (VM) and edit their settings.
  • • https://docs.vmware.com/en/VMware-vSphere/6.7/vsphere-esxi-vcenter-server-67-virtual-machine-admin-guide.pdf
• Since Horizon requires vCenter and vCenter requires a functioning VMware vSphere environment (datacenter, cluster, networking, and storage), you can access a VMware environment.
• You are familiar with basic Active Directory (AD) concepts.
  • You know how to create Organizational Units (OU), security groups, and users.
  • You know how to add users and computers to security groups.
  • https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/adac/introduction-to-active-directory-administrative-center-enhancements–level-100-
  • You know how to create folders on a file server.
• You know how to set Share and NTFS permissions.
  • https://docs.microsoft.com/en-us/iis/web-hosting/configuring-servers-in-the-windows-web-platform/configuring-share-and-ntfs-permissions
• You know how to create and edit Group Policies (GPOs).
  • https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn789193(v=ws.11)
• You know how to access the internet using a browser to download software.
• You know how to work with SSL certificates.

All the software used in this article series has free evaluation copies and free evaluation licenses available for download, which I cover in Part 2.

For VMware product licenses, there is also VMUG Advantage and the EVALExperience. If you would like to try EVALExperience, Paul Braren has a 10% discount code on his site.

Here is the list of software used for this article series:

• ControlUp 8.1.5
• IGEL (pronounced Eagle) Universal Management Suite (UMS) 6.04.120 and firmware 11.03.530
• Microsoft SQL Server 2017
• Microsoft Windows 10
• Microsoft Windows Server 2019
• VMware Dynamic Environment Manager 9.11
• VMware Horizon 7.12
• VMware vCenter 6.7.0.43000
• VMware vSphere 6.7 U3 with all updates as of 23-May-2020

For this article series, we will use only Instant Clones and a physical computer. We will not use linked clones, which means no Composer. Because all user access is on the LAN, there is no Security Server and no Unified Access Gateway.

Lab Setup

Computers used:

1. Server 2019 domain controllers
2. Server 2019 file server
3. Server 2019 Windows Certificate Authority
4. Server 2019 IGEL management server
5. Server 2019 ControlUp management server
6. Server 2019 for Microsoft SQL Server 2017
7. Windows 10 1909 Enterprise Edition for the Horizon 7 Management PC
8. Windows 10 1909 Enterprise Edition for the physical computer
9. Server 2019 for the Connection Server
10. Server 2019 for the RDS Server Master Image
11. Windows 10 1909 Enterprise Edition for the Windows 10 Master Image

Since this is a basic lab to test Horizon 7, there are no profile management and image optimizations. This article series shows what I did to learn the basics of Horizon 7.12 to:

• Build an RDS Farm
• Build automated server OS and desktop OS pools
• Build a manual physical PC pool
• Publish applications
• Access the published resources using the HTML5 client and two IGEL devices
• Update the images
• Install and configure DEM
• Tear the entire lab down once I completed all my testing
• Test ControlUp integration with Horizon, IGEL, and Synology

All VMs created and configured in this lab are done manually. Automation is the key in a production environment and in a lab where you continually build/destroy/rebuild. I recommend the Automation Framework from fellow CTP Trond Eirik Haavarstein.

For profile management and image optimization, there are many blog sites and articles that cover those topics.

Aaron Parker (aka Stealthpuppy)

Base Image Script Framework (BIS-F)

Citrix Optimizer

Creating an Optimized Windows Image for a VMware Horizon Virtual Desktop

James Rankin

VMware OS Optimization Tool

Many more links are available using a simple internet search.

AD Users and Groups:

• vmwadmin – domain admin account
• vmwuser1 – regular user: a member of Domain Users, Remote Desktop Users, H7Users
• vmwuser2 – regular user: a member of Domain Users, Remote Desktop Users, H7Users
• vmwuser3 – regular user: a member of Domain Users, Remote Desktop Users, H7Users
• H7Users – security group that contains vmwuser1/2/3
• DEMAdmins – Security group -Dynamic Environment Manager (DEM) administrators, includes vmwadmin.
• DEMUsers – Security group -DEM users, contains vmwuser1/2/3
• VMWHelpDesk – Security group VMware Help Desk users, contains vmwuser1. Both the Horizon Help Desk and DEM Help Desk tools use this group.
• VMwAdmins – Security group – contains vmwadmin and for my lab, ctxadmin, because that is the login account for my management VM.
• Because we are applying Group Policy user settings to OUs containing only Computers, set a Group Policy to enable Loopback in Replace mode, as shown in Figure 1. Some people prefer Loopback Merge. Use the setting that works for you or your IT policy requires.
• A GPP is used to put the H7Users group and others into the local Remote Desktop Users security group, as shown in Figure 2.

OU Structure

Figures 3 through 8 show the Lab’s OU structure for this article series.

Next up: downloading evaluation software.