• Conversant Group: On average SMBs lose $141,000 per ransomware incident. We keep the bad guys away.

    Learning the Basics of VMware Horizon 7.12 – Part 1 – Introduction

    June 1, 2020

    Blog, VMware

    Recently, my employer asked me to learn Horizon 7 for potential projects. The last time I looked at VMware Horizon (Horizon) was in the summer of 2015 for a vendor project. Horizon has changed a lot, for the better, in the last five years.

    I spent two weeks installing, configuring, breaking, and repeating the process. Along the way, I documented my progress, process, and procedures. As someone who has worked with Citrix products for 30 years, taking the initiative to learn a competing product was not easy. I built and deleted my Horizon 7.12 lab three times in this learning process. Along the way, there were people from the VMware community on Twitter and the vExperts Slack EUC channel who patiently answered my questions and guided me in getting everything in the lab working.

    Note: Every person has their opinion on how a VMware Horizon infrastructure is built and maintained.  I used the minimum number of options and steps so I can build and test quickly. You should follow the processes required for your environment. Never blindly take the information from any website, article, or blog as gospel. You should always follow the policies, processes, and procedures required for your environment. Your users, applications, and requirements are unique to your environment. Therefore, you should always lab, test, and learn BEFORE you put anything into production.

    Horizon allows you to run published resources (desktops and applications) from a centralized location to any user, anywhere in the world, on any device.

    Horizon consists of many pieces of software. For example:

    • App Volumes
    • Composer (for linked clones)
    • Connection Server (for Instant Clones)
    • Dynamic Environment Manager
    • Horizon Agent
    • Horizon Client
    • Persona
    • ThinApp
    • vCenter
    • vRealize Operations Manager
    • vSAN
    • vSphere ESXi
    • Workspace ONE

    For this article series, we are only looking at a small subset of the Horizon software:

    • Connection Server (for Instant Clones)
    • Dynamic Environment Manager
    • Horizon Agent
    • Horizon HTML5 Client (no installation required)
    • vCenter
    • vSphere ESXi

    For this lab, we will only deliver published resources to users on the Local Area Network (LAN).

    These are the assumptions I am making about the reader of this article series.

    All the software used in this article series has free evaluation copies and free evaluation licenses available for download, which is covered in Part 2.

    For VMware product licenses, there is also VMUG Advantage and the EVALExperience. If you would like to try EVALExperience, Paul Braren has a 10% discount code on his site.

    Here is the list of software used for this article series:

    • ControlUp 8.1.5
    • IGEL (pronounced Eagle) Universal Management Suite (UMS) 6.04.120 and firmware 11.03.530
    • Microsoft SQL Server 2017
    • Microsoft Windows 10
    • Microsoft Windows Server 2019
    • VMware Dynamic Environment Manager 9.11
    • VMware Horizon 7.12
    • VMware vCenter 6.7.0.43000
    • VMware vSphere 6.7 U3 with all updates as of 23-May-2020

    For this article series, we will use only Instant Clones and a physical computer. We will not use linked clones, which means no Composer. Because all user access is on the LAN, there is also no Security Server and no Unified Access Gateway.

    Lab Setup

    Computers used:

    1. Server 2019 domain controllers
    2. Server 2019 file server
    3. Server 2019 Windows Certificate Authority
    4. Server 2019 IGEL management server
    5. Server 2019 ControlUp management server
    6. Server 2019 for Microsoft SQL Server 2017
    7. Windows 10 1909 Enterprise Edition for the Horizon 7 Management PC
    8. Windows 10 1909 Enterprise Edition for the physical computer
    9. Server 2019 for the Connection Server
    10. Server 2019 for the RDS Server Master Image
    11. Windows 10 1909 Enterprise Edition for the Windows 10 Master Image

    Since this is a basic lab to test Horizon 7, there is no profile management and no image optimizations. This article series shows what I did to learn the basics of Horizon 7.12 to:

    • Build an RDS Farm
    • Build automated server OS and a desktop OS pools
    • Build a manual physical PC pool
    • Publish applications
    • Access the published resources using the HTML5 client and two IGEL devices
    • Update the images
    • Install and configure DEM
    • Tear the entire lab down once I completed all my testing
    • Test ControlUp integration with Horizon, IGEL, and Synology

    All VMs created and configured in this lab are done manually. In a production environment and in a lab where you continually build/destroy/rebuild, automation is the key. I recommend the Automation Framework from fellow CTP Trond Eirik Haavarstein.

    For profile management and image optimization, there are many blog sites and articles that cover those topics.

    Aaron Parker (aka Stealthpuppy)

    Base Image Script Framework (BIS-F)

    Citrix Optimizer

    Creating an Optimized Windows Image for a VMware Horizon Virtual Desktop

    James Rankin

    VMware OS Optimization Tool

    Many, many more links are available using a simple internet search.

    AD Users and Groups:

    • vmwadmin – domain admin account
    • vmwuser1 – regular user: a member of Domain Users, Remote Desktop Users, H7Users
    • vmwuser2 – regular user: a member of Domain Users, Remote Desktop Users, H7Users
    • vmwuser3 – regular user: a member of Domain Users, Remote Desktop Users, H7Users
    • H7Users – security group that contains vmwuser1/2/3
    • DEMAdmins – Security group -Dynamic Environment Manager (DEM) administrators, includes vmwadmin.
    • DEMUsers – Security group -DEM users, contains vmwuser1/2/3
    • VMWHelpDesk – Security group VMware Help Desk users, contains vmwuser1. Both the Horizon Help Desk and DEM Help Desk tools use this group.
    • VMwAdmins – Security group – contains vmwadmin and for my lab, ctxadmin, because that is the login account for my management VM.
    • Because we are applying Group Policy user settings to OUs that contain only Computers, set a Group Policy to enable Loopback in Replace mode, as shown in Figure 1. Some people prefer Loopback Merge. Use the setting that works for you or required by your IT policy.
    • A GPP is used to put the H7Users group, and others, into the local Remote Desktop Users security group, as shown in Figure 2.
    Figure 1
    Figure 1
    Figure 2
    Figure 2

    OU Structure

    Figures 3 through 8 show the Lab’s OU structure for this, and other, article series.

    Figure 3
    Figure 3
    Figure 4
    Figure 4
    Figure 5
    Figure 5
    Figure 6
    Figure 6
    Figure 7
    Figure 7
    Figure 8
    Figure 8

    Next up: downloading evaluation software.

     







    Conversant Group: On average SMBs lose $141,000 per ransomware incident. We keep the bad guys away.

    About Carl Webster

    Webster is a Sr. Infrastructure Consultant for Conversant Group and specializes in Citrix, Active Directory and Technical Documentation. Webster has been working with Citrix products for many years starting with Multi-User OS/2 in 1990.

    View all posts by Carl Webster

    3 Responses to “Learning the Basics of VMware Horizon 7.12 – Part 1 – Introduction”

    1. Shiraz Says:

      Hello there Carl!
      I must say, that’s a nice detailed article, so far. Are you going to be completing this as a series?

      Reply

      • Carl Webster Says:

        Yes, this is a 16-part series. I will release one Part each business day. Then I’ll do the same for CVAD and Parallels RAS.

        Thanks

        Webster

        Reply

    2. Cristiano Santos Says:

      Hey Carl, great article as usually!

      After all these years working exclusively with Citrix I’m on the same boat with you. I will definitely be watching the progress of your posts regarding Horizon and contributing as much as I can.

      Thanks again for the hard work.

      Cris

      Reply

    Leave a Reply