VMware Horizon 7 Series – Part 3 – Horizon Configuration

Once we installed our Connection Servers and View composer we need to configure the environment and adding our server to our View 7 deployment.

Licensing

First of all we need to license Horizon 7.

  1. Run the Horizon Administration Console going to https://FQDN/admin or  double-clicking the desktop shortcut if you are on the connection server
  2. If Flash is not installed, you are prompted to install it. This won’t work on Windows Server 2012 unless you have the Desktop Experience feature installed. To avoid this, use Chrome.
  3. Login using a Horizon administrator account.
    1
  4. On the left, under View Configuration, click Product Licensing and Usage.
    2
  5. On the top left of the right pane, click Edit License.
    3
  6. In the Edit License window, enter your license serial number and click OK.
  7. The license expiration is now displayed. Note that only Horizon Advanced and above have Application Remoting (published applications).

Administrators

Now we have to configure Administrators for our environment, so proceed in this way:

  1. On the left, expand View Configuration and click Administrators.
    4
  2. On the right, click Add User or Group near the top.
    5
  3. In the Add Administrator Or Permission page, click Add.
  4. Enter the name of a group that you want to grant permissions to and click Find.
  5. After the group is found, click it to highlight it and click OK.
    6
  6. Then click Next.
  7. Select the role (e.g. Administrators) and click Next.
    7
  8. Select an access group to which the permission will be applied and click Finish. Note: If you intend to integrate with VMware Identity Manager, then only pools in the root Access group will sync with Identity Manager. Other Access Groups won’t work.
    8

vCenter and View Composer

Now we need to add and configure vCenter and View Composer to our horizon deployment.

  1. On the left, expand View Configuration and click Servers.
    9
  2. In the right pane, in the vCenter Servers tab, click Add.
    10
  3. In the Server address field, enter the FQDN of the vCenter server.
  4. In the User Name field, enter the Active Directory account that View will use to login to vCenter as detailed earlier in this post. Also enter the password.
  5. Click Next.
    11
  6. If you see a message regarding invalid certificate, click View Certificate.
  7. Then click Accept.
  8. In the View Composer page, select Standalone View Composer Server. Enter the FQDN of the server and the credentials of an account to access the View Composer server. The service account must be a local administrator on the View Composer Server. Click Next.
    13
  9. If you see an invalid certificate, click View Certificate.
  10. Then click Accept.
  11. In the View Composer Domains page, click Add.
    15
  12. Enter the Full domain name of where the virtual desktop computer objects will be created.
  13. Enter the Active Directory service account credentials that has permission to create computer objects and click OK. Then click Next.
    16
  14. In the Storage page, check the box to Enable View Storage Accelerator and increase the host cache size to 2048.
    1. View Storage Accelerator is required for Instant Clones.
    2. View Storage Accelerator causes digest files to be created thus increasing disk space requirements.
  15. Reclaim VM disk space requires IOPS during its operation. It is not needed for Instant Clones. Click Next.
    17
  16. In the Ready to Complete page, click Finish.
    18

Instant Clone Domain Admins

If you plan to use Instant-Clone to create non-persistent virtual desktops, add an administrator account that can join machines to the domain.

  1. On the left, expand View Configuration and click Instant Clone Domain Admins.
    19
  2. On the right, click Add.
    20
  3. Select the domain.
  4. Enter credentials of a service account that can join machines to the domain. Click OK.
    21

Disable Check Origin

Horizon 7 might not accept your load balanced DNS name unless it’s the same name configured in the Connection Server’s Secure Tunnel configuration. You can change this behavior by disabling Origin Check. There’s a detailed VMware Knowledge Base Article (2144768) that cover this topic.

Disable Secure Tunnel

By default, Horizon Clients connect to virtual desktops by tunneling through a Horizon Connection Server. It would be more efficient for the Horizon Clients to connect directly to the virtual desktops.

  1. In View Administrator, on the left, expand View Configuration and click Servers.
  2. On the right, switch to the Connection Servers tab.
  3. Click the Connection Server and click Edit.
    22
  4. On the General tab, uncheck the box next to HTTP(S) Secure Tunnel. Also, make sure the other Secure Gateways are not enabled. Click OK. Note: if you are using Blast internally then disabling the gateway will cause Blast connections to go directly to the Agent and the Agent certificate is probably not trusted.
    23

Event Database and Syslog

  1. On the left of Horizon Administrator, expand View Configuration and click Event Configuration.
    24
  2. On the right, under Event Database, click Edit.
    25
  3. Enter the name of the SQL server.
  4. Select Microsoft SQL Server as the Database type.
  5. Enter the name of the database.
  6. Enter the SQL credentials (no Windows authentication).
  7. Optionally, enter VE_ (or similar) for the Table prefix. This allows you to use the same Events database for multiple View installations.
  8. Click OK.
    26
  9. The View Administrator now shows it configured. You can change the age of events shown in View Administrator.
    27
  10. To add a syslog server, look on the right side of the page.
    28
  11. You can go to Monitoring > Events to view the events in the database.

Global Settings

  1. On the left, under View Configuration, click Global Settings.
    29
  2. On the right, under Global Settings, in the General section, click Edit.
    30
  3. Set the View Administrator Session Timeout. This applies to administrators and help desk. 4320 minutes (72 hours) is the maximum.
  4. Forcibly disconnect users is an active session timeout. It is not an idle timeout in that it doesn’t care if the user is working or not. The default is 10 hours so consider increasing it. Note: this timer does not log the user out of Windows. Instead it merely disconnects the user and requires the user to logon to Horizon Connection Server again.
  5. Under Client-dependent settings, you can set an idle timeout. This is new in Horizon 6. The idle timeout applies to applications only (not desktops). An additional disconnect timeout is configurable in each pool’s settings.
  6. Enable automatic status updates enables automatic updating of the table displayed in the top-left corner of View Administrator.
  7. Make other changes as desired. Click OK when done.
    31

Global Policies

  1. By default, Multimedia Redirection is disabled. You can enable it by going to Policies > Global Policies.
    32
  2. On the right, click Edit Policies.
    33
  3. Set Multimedia redirection to Allow and click OK. Notice that Multimedia redirection is not encrypted.
    34

Backups

  1. On the left, expand View Configuration and click Servers.
  2. On the right, in the Connection Servers tab you can select a Horizon Connection Server and click Backup Now. Backups can be found in C:\ProgramData\VMware\VDM\backups.
    35
  3. If you Edit the Horizon Connection Server, on the Backup tab you can schedule automatic backups. This also backs up the View Composer database but not the vCenter database.
    36

Leave a Reply

Your email address will not be published. Required fields are marked *