Month: February 2020

Home / Month: February 2020

Hi readers,

In this part of the series, we will be deploying the VMware Horizon Unitied Access Gateway Appliance. It’s similar to the old Horizon Security server, and I myself mainly use it so I can connect to my Horizon connection server from a public IP address. (from my /24 block)

First what we do is download and deploy the UAG OVA template. In my set-up, a normal deployment will suffice and two NICs are enough. One is for the internal LAN, and one is for the external network.

Continue to go through the steps and turn the VM on, then after a while browse to the IP of the appliance on port 9443 followed by logging in with the admin account and password you provided during installation.

When we log in we get a screen, on this screen we click on select under manual.
Enable “Edge Service Settings” and click on the gear at Horizon Settings, then enable Horizon and copy the settings below. PCOIP URL should be the public IP address of the UAG. Blast and Tunnel External URL should be the public FQDN of the UAG.

Next we log into the Connection Server. Click on Servers under Settings and then click on Connection Servers. Click on your Connection Server and then edit.

We want to disable Secure Tunnel, PCoIP Secure Gateway and Blast Secure Gateway, as our UAG will handling doing this.

We can also let the UAG appear under gateways in the dashboard. To do this, we log into the UAG and click on select under manual again (if you have logged out already). Then we click on the gear at System Configuration under Advanced Settings. Change the UAG name to something friendly. We will need it later.

Back to the Horizon 7 Console, we expand Settings and then click on Servers. Click on Gateway and click Register. In here, fill in the friendly name you gave the UAG in the previous step.

Now the UAG shows in the dashboard.

In order the access the HTML UI through the UAG, we need to either disable Origin Checks on the Connection Server, or configure the Connection Server’s with the UAG addresses. You only have to do one of them, but both is followed by restarting the “VMware Horizon View Connection Server” service. (Disable origin checks is showed below.)

One final thing that I want to do is change the TLS and chiper settings: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA should give you good security and good results. You can change this under the UAG Admin page, then under Advanced Settings followed by System Configuration.

Finally, I want to configure a trusted SSL certificate for the internet facing side. We can do this under “TLS Server Certificate Settings” under Advanced Settings in the UAG Admin panel. You will have to upload the private key file and the full chain certificate file along with choosing what interface to apply it to. In my case I selected Internet interface.

This covers this part of the Horizon 7.11 series. In the next part, we will be creating a Windows 10 Desktop image.

I hope that this was useful for you and see you in the next post.

Hi readers,

In this third part of the series, we will be deploying the Connection Server., the base of the Horizon package.

First, we will need a server or virtual machine running Windows Server 2012 or higher. The OS requirement is simple (source):

Operating System Version Edition
Windows Server 2008 R2 SP1 64-bit Standard Enterprise Datacenter
Windows Server 2012 R2 64-bit Standard Datacenter
Windows Server 2016 64-bit Standard Datacenter
Windows Server 2019 64-bit Standard Datacenter

The following hardware requirements apply (source):

Hardware Component Required Recommended
Processor Pentium IV 2.0GHz processor or higher 4 CPUs
Network Adapter 100Mpbs NIC 1Gbps NICs
Memory Windows Server 2008 R2 64-bit 4GB RAM or higher At least 10GB RAM for deployments of 50 or more remote desktops
Memory Windows Server 2012 R2 64-bit 4GB RAM or higher At least 10GB RAM for deployments of 50 or more remote desktops

Here I have installed a Windows Server 2016 VM. We mount the Connection Server ISO and start the installation .exe file. We accept the license agreements, and install the Horizon 7 Standard Server. In my case, I want to use HTML Access so I use that too.

Next we fill in the data recovery password. Be sure to keep it somewhere safe. Then I choose to let the installer update Windows Firewall to open some ports. Followed by authorizing as a Domain Admin.

After the installation, we can access the console through this link:

It will ask for a license. Fill in your license or your trial license.

Here I added a vCenter so I can use it in the next part.

If you would like more information or have any questions, feel free to contact me. There’s also a nice TechZone article that goes a bit more in-depth in the process of this.

See you in the next part!

Hello readers,

Welcome to part two of the Horizon 7.11 deployment series. In this short post, we will go over what we will deploy in this series, what it is and in what part it will be deployed.

We will deploy the following:

  • Active Directory. (An ADDS server for our domain. This is a requirement that I will not go over. On request I may make a post about this.)
  • Horizon Connection Server. (This Connection Server will be the brain of our Horizon deployment. It will handle assignments, allocation, and management of desktops and RDSH servers.) – This will be deployed in Part 3.
  • Optional: Unified Access Gateway. (For my deployment, I want to be able to connect to a public IP from my /24 block, and access the Connection Server this way. Previously the Security Server was used for this.) – This will be deployed in Part 4.
  • Optional: a Remote Desktop Session Host. With this, one of the use cases is to allow users to connect to applications on the RDSH host. (I will just use this to experiment.) This will be deployed in Part 6.

In part 4, I will be going over a TechZone article and show you how to create a Windows 10 image that can be cloned easily to fit your deployment. For now, I will not go over View Composer. However, later in the series I will, once I’ve deployed a copy of this set-up as a lab. However, due to SSD space issues this may take a while. I may try to balance it in HDDs, but I have to be careful to avoid this insanity.

Currently busy with making the screenshots and writing the posts, they will be coming soon. I’ll see you in the next post.

Hi readers,

This post is the first part of a VMware Horizon 7.11 Deployment series. In this first part, we will look into what Horizon is, what it is used for and why you should use it.

As VMware puts it out, which is a great explanation of what Horizon 8 is for; VMware Horizon 7: “simplifies the management and delivery of virtual desktops and apps on-premises, in the cloud, or in a hybrid or multi-cloud configuration through a single platform to end-users. By leveraging complete workspace environment management and optimized for the software-defined data center, Horizon 7 helps IT control, manage, and protect all of the Windows resources end users want, at the speed they expect, with the efficiency business demands.

The main use case is for VDI. What is VDI? VDI is Virtual Desktop Infrastructure. This means that, for example, employees in your company can connect to a Windows virtual machine which has their corporate applications on it from anywhere where there is an internet connection. From your laptop, tablet, computer, smartphone, Mac, thin client devices and more. This also works with just applications. The two above is just a bit of what VMware Horizon 7 offers, though this is one of the most popular use-cases.

Why would you choose VMware Horizon 7? If you already a vSphere Stack, it integrates very well into this. For example, it leverages the capabilities of VMware vCenter server to easily clone Windows desktops VMs from a template, on an on-demand basis for your employees. After this, further restrictions such as policies can be applied.

Here is another example of why to use Horizon 7:

  • For example, a user starts writing a report on the branch office PC, and suddenly the power goes out in their building. The user can pick up where they left off at home on their MacBook or iPad because their virtual desktop resides in the data center.
  • In fact, if a user does not happen to have a device of their own at the moment, they can borrow one and use the Horizon 7 HTML Access web client. The web client does not require installing any software on the client device.
  • VMs can reside on high-availability clusters of VMware vSphere servers.

Here is an amazing VMware Tech Zone blog post, which describes it very well as well. Here is a nice picture of Horizon 7 features:

Features of VMware Horizon 7

As you can see, this is many more features compared to most other VDI applications.

In the next part, we will be deploying the requirements for VMware Horizon 7.

I hope that this was useful and see you in the next post.