[Updated 4-Sep-2021]

With an overview of the Horizon lab and the required software downloaded, it is time to go over the VM details.

From Part 1, here is the list of computers built for this lab.

1. Server 2019 domain controllers
2. Server 2019 file server
3. Server 2019 Windows Certificate Authority
4. Server 2019 IGEL management server
5. Server 2019 ControlUp management server
6. Server 2019 for Microsoft SQL Server 2017
7. Windows 10 1909 Enterprise Edition for the Horizon 7 Management PC
8. Windows 10 1909 Enterprise Edition for the physical computer install
9. Server 2019 for the Connection Server
10. Server 2019 for the RDS Server Master Image
11. Windows 10 1909 Enterprise Edition for the Windows 10 Master Image

The first six computers are part of my “permanent” infrastructure and run on XenServer 8.1. I added number seven to the XenServer pool just for this lab, as shown in Figure 1.

Computer eight is a physical computer that doesn’t require a hypervisor.

Computers 9 through 11 eventually are in vCenter.

In my vCenter, as shown in Figure 2, I have the vCenter appliance, an old XenApp 6.5 server (because I don’t want ever to install and update Windows Server 2008 R2 again), a Server 2019, and a Windows 10 1909 template.

• Domain Controllers
  • Active Directory Servers
  • 4 vCPU
  • 8GB RAM
  • Failover Microsoft DHCP
  • Forest/Domain Functional Level Windows Server 2016
• File Server
  • File Servers
  • 2 vCPU
  • 4GB RAM
  • 32GB C drive
  • 200GB data drive
  • ControlUp Monitor server (explained in Part 4)
• Certificate Authority (CA)
  • 2 vCPU
  • 4GB RAM
  • https://www.virtuallyboring.com/setup-microsoft-active-directory-certificate-services-ad-cs/
  • https://docs.centrify.com/en/css/2018-html/#page/Additional_tools_and_topics/Adding_a_trusted_root_certificate_to_the_group_p.4.html
  • https://docs.centrify.com/en/css/2018-html/#page/Additional_tools_and_topics%2FEnabling_auto-enrollment.5.html%23
  • https://docs.centrify.com/en/css/2018-html/#page/Additional_tools_and_topics%2FAssigning_the_certificate_template_to_the_CA.6.html%23
  • SHA256 Enterprise Root CA
  • 35-year validity period
  • Copy of Computer template made. Figures 3 through 14 show the Copy of Computer certificate template, the exported Root and Intermediate certificates, and the GPO settings to automatically enroll domain computers with an SSL certificate.

  • 

  • 

  • 

  • 

  • 

  • 

  • 

  • 

  • 

  • 

  • 

  • 

• IGEL Management Server
  • IGEL UMS Installation Requirements
  • 2 vCPU
  • 8GB RAM
  • 100GB hard drive (to allow space for firmware updates)
• ControlUp Management Server
  • ControlUp System Requirements
  • 4 vCPU
  • 16GB RAM
  • 100GB hard drive
• SQL Server
  • SQL Server 2017: Hardware and software requirements
  • 4 vCPU
  • 8GB RAM
  • 32GB C drive
  • 80GB data drive
  • The Connection Server database user account requires SQL Server and Windows authentication mode
• Horizon 7 Management PC
  • 4 vCPU
  • 8GB RAM
  • 60GB C drive
• Physical Computer
  • A former lab server, but the 10GB NICs don’t work, so I turned it into an “extra” PC
  • 12-core Xeon
  • 64GB RAM
  • 1TB SSD
• Connection Server
  • System Requirements for Horizon Server Components
  • 4 vCPU
  • 10GB RAM (you can get by with 4GB, but I went with 10GB to get rid of the “low memory” warnings)
  • Requires a static IP
  • Requires a vmxnet3 NIC with DirectPath I/O disabled
  • Requires running on vSphere ESXi
• Horizon RDS Server Master Image
  • System Requirements for Horizon Guest Operating Systems
  • 4 vCPU
  • 8GB RAM
  • vmxnet3 NIC with DirectPath I/O disabled
• Horizon Windows 10 Master Image
  • System Requirements for Horizon Guest Operating Systems
  • 2 vCPU
  • 4GB RAM
  • vmxnet3 NIC with DirectPath I/O disabled

These two articles explain why I recommend DirectPath I/O is disabled.

DirectPath I/O

DirectPath I/O option is enabled automatically when a virtual machine with VMXNET3 is created using the vSphere WebClient

Comments from one of my VMware mentors on disabling DirectPath I/O on the vmxnet3 NIC.

This feature mention in the docs is only not usable if the virtual machine is configured with a passthrough PCI device. When the feature is only enabled at the VM configuration level, then the KB does not apply.

Regarding the KB article, it would be good to mention that it’s better to disable it when using DirectPath I/O in the environment (if there is used for DirectPath I/O in the environment at all then keeping it enabled as a feature at the VM level will not have any kind of impact).

I made sure power management on the NIC was disabled for every virtual and physical computer, and Receive Side Scaling was enabled, as shown in Figures 15 and 16. Every computer is domain-joined.

For the two Master Images, I made no image optimizations and implemented no Folder Redirection or Profile Management policies or systems. You are free to do what you need to test in your lab.

You may not have the lab resources I have. Feel free to combine multiple roles on one server if you follow the vendor’s system requirements.

For example:

• Don’t install IGEL UMS on a domain controller
• Don’t install SQL Server on a domain controller
• Please don’t install a Certificate Authority on a domain controller; otherwise, a kitten may die
• The Connection Server must be a dedicated server

Up next: A look at my ControlUp and IGEL management servers