VMware Horizon 7 announced today is a real (re)evolution of the product. Just-in-time desktops are in! Feature known as Project Fargo (it’s a very lightweight VM because it shares all memory and disk with the original.) or also called vmFork technology which allows to provision desktop from parent desktop in just few seconds…. So in Horizon View 7 there is no more composer, and no more recomposing operations. Desktop admin folks know what this is about… Also Blast get’s enhanced with Blast Extreme allowing up to 4K resolutions on client’s devices.

Identity manager takes over and in this release, where users can authenticate via different credential options and then they just select any windows desktop or application without the need to present AD credentials.

Horizon client 4.0 has been announced, for all platforms (Linux, Windows, Mac, iOS or Android). Details in this post. I have the feeling that VMware has had to throw in some massive development force because the product offering just gets larger and larger with different platforms accessing the Horizon View product. So when you look at all what’s new, it’s just … huge. But let’s get started. This is an exciting day…

VMware Horizon 7 details – What’s New?

Massive scale improvement – Cloud pod architecture can now have up to 10 Horizon PODs across up to 4 sites with a maximum 50 000 destkops. It’s two and a half number increase than in Horizon 6.2.1.

More Flexible entitlements – The cloud pod architecture (CPA) allows site assignment for nested AD security groups.

Better Failover Support – In case the home site resources are exhausted or not available, the user will be automatically redirected to available desktop at other site.

VMware Identity Manager Integration – Identity manager is integrated with CPA, where it will present the destkops or applications available from any CPA Pod.

Instant Clones details – the vmFork technology. Instant Clones leverage VMware vmFork technology

• A running, powered on desktop (Parent Virtual Machine) is quiesced and cloned.
• Clones share the disk and memory of the Parent VM for reads – space and memory efficiency
• The guest OS is customized, joins the domain, and is ready for user login as the desktop fully powers on

Instant clones can be persistent or non-persistent.

The desktop is destroyed at the time of user logoff.  A new, fresh and updated desktop is created and ready for the next user log in.

No need to do maintenance (recompose)

• Patching the Operating System is as simple as updating the Parent Virtual Machine.  A user automatically gets an updated desktop at next login.  No lengthy recompose operation.
• Desktops are short-lived and always recreated and automatically optimized for best performance.  No separate rebalance operation is required.
• No boot storms (desktops Always On)
• Desktop clones share disk and memory for reads
• Less load on vCenter
• No need for SE-Sparse and clone-level CRBC
• Uses App Volumes and User Environment Manager (UEM) for desktop personalization
• vmx-11 and higher virtual hardware

Instant Clones limitations – there are some limitations in the v1.0 release. For example, only floating desktops are supported. No dedicated desktops for now, but v2 shall have it. Also no RDSH or Apps support, only VDI. The scale is up to 2000 desktops with single vCenter, single vLAN only.

• No Nvidia GRID and there is a limited SVGA options.
• As a Storage options – there are VSAN or VMFS datastores
• Desktop personalization using AppVolumes User-Writeable Drives and UEM.

Smart Policies – customization desktops on location and user’s identity in real time (during the session). The desktop is personalized at boot on, but due to the constant monitoring it’s possible to add/remove function on-the-fly by applying a policy.

• Application blocking
• Control of PCoIP
• Policies based on User Identity, location, Desktop tagging
• Desktop capabilities provide client drive redirection, clipboard cut/pastte, USB, printing…

The workflow:

Desktop admin uses UEM console to create policies which are applied to group of desktops. The administrator allows or disables desktop features such as USB, Local Printing, Clipboard access, and Drive Redirection. The policies can be applied based on a set of conditions:

• The user’s login or group member (e.g. all users in Finance)
• Whether the user is accessing the desktop from a remote location
• A general list of conditions such as any tags associated with a desktop pool

The authentication on Horizon 7 is done through VMware Identity Manager which uses different ways of identifying users. Users can select any Windows desktop or app without to present AD credentials.

The True SSO technology uses SAML for connecting Identify provider’s (IdP) authentication with the user’s UPN for access to AD credentials. True SSO generaes unique, short-time certificate to manage the Windows logon process.

Advantages:

• Separate authentication
• Credentials secured by digital certificate. No paswords.

How it works – Identity manager is able to be configured for use with many authentication methods (SecurID, RADIUS, Biometric) and after user’s authentication, the user selects a desktop or application which he wants to start.

• Horizon client is started at the user’s workstation with user’s identity and directed to the Horizon broker
• Broker validates user’s identity with Identity Manager
• Via Enrollment service, Horizon requests Microsoft CA to generate a temp certificate for the user
• Horizon presents the certificate to the Windows OS
• Windows validates the certificate with AD
• User is logged onto his/her desktop or to his/her app. Remote session is initiated on the Horizon client.

Horizon Access Point

The hardened appliance get stronger, updated. It’s an alternative to security server. Can be configured for RADIUS or RSA SecurID. Support for smart card identification. User gets identified within the DMZ.

Supports SAML pass-thru where forward third party authentication to Horizon servers.

• Allows Blast to be used (port 443)
• Environment is more secure as only authenticated traffic flows on the LAN.
• Easy to configure and scale, as you can scale Acces point independently of Connection server

Improvements in v7

AMD Graphics support for vSGA

• Enable multiuser GPU solution for Horizon via AMD graphics hardware
• AMD SR-IOV support (single root I/O virtualization)
• Native AMD driver support for OpenGL, DirectX and OpenCL acceleration
• Solidworks, PTC and Siemens ISV certification planned

Advantages and benefits

You can share single GPU with up to 15 users for efficient 3D applications where the native AMD driver is used and which offer 3D and multimedia over vSGA.

• Workstation performance (2-6 users)
• Power User ( CAD/CAM/CAE) – 6-10 users
• Knowledge worker (up to 15 users)

Intel vDGA Graphics support with Intel Xeon E3 – Support for CPUs with integrated Iris Pro GPU and compatible with Intel Graphics Virtualization Technologies (Intel GVT-d), with support up to 3 monitors per user.

Flash Redirection

This is in tech preview (supports only server-side fetch of the flash content). It allows to redirect flash content from the server to the client in order to get decoded and rendered locally.

Allows the flash streaming content play more smoothly with lower bandwidth and CPU usage at the server side…

Improved printing Experience

Local and network printing is up to 4x faster.

Windows 10 Improvements

Scan and serial port redirection supported, where the scanner redirection supports TWAIN and WIA stndards on Windows clients. Serial port redirection allows serial port redirection from the client to the server.

URL Content Redirection

Allows to redirect URL from VDI to the local browser. Admin can configure policies to control whether user can access the content with application on the server or the client. Supports HTTP and HTTPs. Can be usefull for customers which needs to separate interrnal browsing from external browsing domains. Allows to secure the environment because content which is potentially dangerous is executed on the client computer instead on the VDI desktop.

Admin can configure GPO which does restrict the content that will be opened in a browser inside VDI over Browser on the client’s PC.

Blast Extreme

Optimized for mobile. All existing Horizon View remote features works with Blast extreme and latest horizon 4 clients. (read bellow about new horizon 4 clients). Blast extreme has lower requirements on bandwidth.

Blast extreme is optimized for NVIDIA GRID allowing very good graphics even on lower cost PCs allowing better frame rate, higher server scalability, reduced latency or better bandwidth optimization. Allows up to 4K resolution !!!

• Supports NVIDIA GRID K1, K2, M6 and M60 graphics cards
• H.264 encoder option on NVIDIA GRID GPUs to lower CPU consumption and increase scalability

VMware Horizon Client 4.0

Newly announced horizon clients 4.0 for Windows, Linux, Mac, OSx.. everything…

Horizon Client 4.0 Windows – has full support for PCoIP and Blast Extreme. Hardware acceleration.

• Offers scaled resolution option for high DPI clients which allows better readability
• Auto-share USB drivers with Client Drive Redirection. Has been improved, more easier to use, and has better performance using CDR.
• Up to 4x faster printing via Horizon 7
• Up to 50% more performant over WAN, through security server, for Client drive redirection (CDR) and USB.
• Updated OpenSSL and TLS
• Supported on Windows Server 2012 (untill now it was supported only on W7, W8.1 and W10

VMware Horizon Client MAC – support Blast Extreme and PCoIP

• Works with split view in OS X El Capitan
• Full Screen improvements for one display and All displays
• Open local files with horizon hosted apps (double-click, Open With or Drad-drop files with Horizon Apps)
• Up to 4x faster printing via Horizon 7
• Up to 50% more performant over WAN, through security server, for Client drive redirection (CDR) and USB
• 64 bit client version
• Allows remembering username/domain credentials
• Updated OpenSSL and TLS

Linux Client 4.0 – Now supports RHEL 7.2 x64 and Ubuntu 14.04 x64

• VMware Blast Extreme and PCoIP full support
• Up to 4x faster printing via Horizon 7
• Up to 50% more performant over WAN, through security server, for Client drive redirection (CDR) and USB
• FIPS mode for Blast Extreme, PCoIP and USB

IOS Client 4.0 – can also use split view on iPad Air 2 and iPad Pro

• Full support for Blast extreme with hardware acceleration
• Use Apple Pencil as a remote mouse
• Real-time Audio in to use microphone with desktop & apps
• Client settings now in client and easier to use
• Updated OpenSSL and TLS for improved security

Android Client 4.0 – allows accessing the environment via Android Fingerprint (if enabled and if Android 6.0 and higher or Horizon 6.2 with biometric auth. enabled)

• Support for VMware Blast Extreme and PCoIP, and Blast extreme with hardware acceleration
• Real-time Audio-In support to use mic with desktop and apps
• Possibility to access device built-in storage in remote apps and (or) desktop with client drive redirection
• Updated OpenSSL and TLS

Chrome OS Client 4.0 – support too Blast extreme and PCoIP. Possibility to access Google drive and USB storage in remote apps and desktops with client drive redirection.

HTML Access 4.0 – support now Linux desktops, works with mobile Safari on iOS devices. Also F5 APM (Access Policy Manager (APM) ) is supported.

VMware Horizon for Linux

• Newly supported SLED 11 SP3 has been added.
• Allows copy/paste between Linux desktop and Horizon Client (6.2.1)
• vGPU for RHEL 7.x (6.2.1)
• SSO enablement for RHEL 6.6 and CentOS 6.6 without smartcard (6.2.1)

Horizon Air Hybrid mode

This mode has been announced as a new platform which allows to run the control plane in the cloud.

• Desktops and apps reside localy (on-premise)
• Cloud control plane allows the single-pane management, user profiles, data. Also provides automated service updates for SaaS.

VMware Announcements Today:

• VMware Workspace One Announced
• VMware Horizon 7 Details – Instant Clones, Blast Extreme ++ (this post)
• VMware VSAN 6.2 Announced – Inline dedupe, Erasure Coding, QoS ++

Thoughts:

VMware certainly brought many innovations to life in this major release of Horizon 7. This is certainly one of the biggest releases of Horizon so far. Perhaps because there is not much to invent in the core hypervisor or virtualization technologies, except new VSAN 6.2 features annouced, but VSAN is storage…

While few years back we could assist on really innovative releases of vSphere, since vSphere 5.5 the rhythm of acceleration has lowered a bit. But not everything is working as it should with vSphere web client not satisfying many customers because of it’s slowness, browser integration plugins gotchas and legacy Flash requirements.

What’s New in Release 2.10?

• Windows 10 Support: Classic Windows 10 applications can be delivered through AppStacks to Windows 10 virtual desktops. End-users can install classic Windows applications on Writable Volumes when they are logged in to Windows 10 virtual desktops. Installation of universal applications is not supported on AppStacks and Writable Volumes. App Store applications are not supported.
• Enabling vMotion: The AVM_PROTECT_VOLUMES=”1″ environment variable can be set on the App Volumes Manager to enable vMotion and to provide protection against accidental deletion of volumes when all ESX hosts are of version 6.0 Update 1a and 5.5 Update 4. vMotion of Storage is not supported.
• vSphere 6 Update 1 support: This release of App Volumes includes support for vSphere 6 Update 1.
• Horizon 6.2 support: This release of App Volumes supports Horizon 6.2.
• Storage Group management: An option to mark a storage as Not Attachable is now available. App Volumes Manager will ignore this storage while mounting volumes.
• Expand existing writable volumes: Size of an existing writable volume can be expanded through the App Volumes Manager. This change will take effect after the next user login.
• App Volumes templates: All App Volumes templates are now created with the volume attribute set to NODEFAULTDRIVELETTER to ensure they are not automatically assigned a letter by the Windows MountVol utility.

Today at VMworld 2015, VMware announces the Horizon 6.2 release and the updates that will be available later this week. That’s right my fellow EUC nerds, we will not have to wait long to take advantage of these new little goodies. As great of an EUC story that VMware has built already, they have had multiple little things that plagued them when being compared to Citrix for certain customer requirements. This new release is going to help with several of these items and hopefully we won’t have to wait long for more to be released.

RDS Application Updates

Ever since VMware added the RDS functionality to Horizon in 2014 for shared desktops and application presentation I have been excited about the possibilities. They have improved on functionality in short bursts in the last 12 months, but even with that at times it felt like they were not closing gaps fast enough.

The Horizon 6.2 announcement today is going to close several of what most would can required gaps.

RDS Apps with Cloud Pod

I have to admit I’m not a big supported of the Cloud Pod architecture that is offered from VMware as a multi-site architecture, but the face that it was only for desktops in the past was silly. In the 6.2 update the Cloud Pod offering now supports global entitlements for applications and the associated placement and load balancing that has been available for desktops.

HTML Access for Cloud Pod

This is another item that many customers had not yet bumped into since the use of HTML as the primary access has been low. I am seeing a big interest in using HTML as the primary access method lately and will keep growing as the demand to use various endpoints increases. You will not get the same cloud pod experience when point a browser to the global URL as you did with the Horizon client in the past.

RDS Load Balancing

This is another spot where the initial method used in the first release was very basic and while it worked just did not offer customers the options that were available from Citrix. I’m happy to see this update as it will allow customers the ability to create intelligent session placement based on different values. I think that this type of update was pushed into the product by the recent hires that VMware made of people with Citrix experience.

Linked Clones for RDS Servers

With this update you will now be able to use the linked clone functionality to build and maintain RDSH hosts for application and shared desktop functions. This was another gap that was missing in the VMware story. As great as features that Horizon has and with App Volumes added to the product offering, VMware still had a bad operational story for customers that wanted to build large application farms. With this update VMware now has a competitive story for customers comparing to Citrix XenApp with PVS.

I am personally excited for this feature and look to spend more time exploring and thinking about how it can be utilized in customer desgins.

Security Updates

Between the base security updates that I touch on at the end of this post and the points below that are of more interest, it’s clear that VMware is listening to customers. Next up I think that VMware needs to focus on improving the security policy control around their products to make them more flexible to handle customer requirements.

Access Point

This is something that has been LONG overdue and I’m so happy that it’s finally here. No more Windows based security servers in the DMZ and no more edge access method that was different for every product that VMware released. Today I am happy to say that VMware will finally have a single edge based method for accessing all of their EUC services and it’s based on a Linux virtual appliance that can be scaled out.

One Way Trusts

This has been a complaint of a few customers over time, and it looks like this constraint is gone also. Horizon will now be able to work with one day domain trust configurations.

GPU Updates

There are a number of GPU related updates in this version and I’ve been seeing a lot of interest in this area recently with customers. In what is being called vGPU 2.0 is support for the new NVIDIA generation of cards based on the Maxwell chips. I also hear that there will be a NVIDIA GPU option for blades soon and look forward to what that may offer to designs.

AMD GPU Support

Not sure if this is worth getting excited about yet since it’s just vDGA and not vGPU yet. But the good news is that we are seeing non-NVIDIA support for GPU’s. This will really get exciting when they start to support the mid-grade GPU cards that can lower the cost for the base use cases that need limited GPU power.

GPU for RDS Apps

Yes you heard me right, the GPU love is coming to hosted applications also. No longer will you only be able to offer GPU enabled workloads in a virtual desktop. While this may not be the main use case, there are certainly circumstances where the workload is better presented as an application than a desktp.

Linux GPU Support

Starting to feel a little bit like Oprah, everyone gets GPU support. The GPU features are coming to Linux desktops also in the way of vGPU and vSGA.

Horizon Feature Updates

Now on to the more core feature updates in Horizon 6.2. In the previous version, we got our first look at client drive redirection, but it was only for Windows clients. This update brings the features to VDI and RDS with support for both Windows and Mac clients, with Linux in tech preview.

File Type Association

This was another one of those, Citrix can do it why cannot you items. Glad to see this get added is the ability to associate file types with published applications. This will allow the user to use the proper published application to open the file on their desktop without being force to open the app the find the file.

4K Resolution Support

This is pretty self explanatory, there is now support for 4K monitor resolutions. As people invest in larger monitors and GPU enabled designs become more common, the need for higher displays will become common.

Other Updates

There are a number of other updates that are included in Horizon 6.2 that are less exciting to the masses that I will quickly summarize here. There were a number of security updates that make the platform Fed ready for more secure government regulated designs. There is now fully support for Windows 10 and Skype for business.

What’s New in This Release of Horizon 6

VMware Horizon 6 version 6.1 provides the following new features and enhancements:

• NVIDIA GRID vGPU (shared GPU hardware acceleration)
  Available with vSphere 6.0 and later, this feature allows a physical GPU (graphical processing unit) on an ESXi host to be shared among multiple virtual desktops. With this new capability, Horizon 6 enables a wide variety of graphics use cases at significantly lower costs compared to physical workstations or previous releases of Horizon. The use cases enabled range from lightweight 3D task workers to high-end workstation graphics power users.
• Smart Card for RDS desktops and Hosted Apps
  This feature enables users to authenticate to RDS-based desktops and RDS-based applications using smart cards.
• Support for IPv6 networks
  Horizon 6 supports IPv6 networks in addition to IPv4 networks. The Horizon environment must be operated in either an IPv6 or IPv4 configuration; a mixed mode of operation is not supported. This release supports key components such as Horizon 6 servers, Horizon 6 VDI desktops and RDS hosts, and Horizon Client for Windows, as well as many Horizon 6 features. Not all Horizon 6 features that are supported in an IPv4 environment are supported in an IPv6 environment.
• Support for Virtual SAN 6.0
  The Virtual SAN feature available with vSphere 6.0 and later releases contains many performance improvements over the feature that was available with vSphere 5.5 Update 1. With vSphere 6.0, this feature also has broader HCL (hardware compatibility) support. Leveraging the new capabilities of Virtual SAN 6.0, Horizon 6 is able to double the number of virtual machines that can run per ESXi host and deliver cost reductions and improved performance for virtual desktop workloads.
• Support for Virtual Volumes
  Available with vSphere 6.0 and later releases, the Virtual Volumes feature allows vSphere to offload intensive storage operations such as snapshot creation, cloning, and replication. With this feature, virtual disks and their derivatives, clones, snapshots, and replicas are mapped directly to virtual volumes on the storage system. Implementation of Virtual Volumes depends on the availability of certified storage vendors.
• View Administrator (UI) support for configuring Cloud Pod Architecture
  Administrators can use View Administrator (in addition to the lmvutil command) to configure and administer a Cloud Pod Architecture environment. Customers can also use View Administrator to view pod health and desktop session information.
• USB Redirection of mass storage on RDS desktops and Hosted Apps
  This feature enables users to redirect their USB flash drive and hard disks to RDS Hosted Desktops and Applications. USB redirection of other types of USB devices, and other types of USB storage devices such as security storage drives and USB CD-ROM, is not supported. This feature is supported on Windows clients and Windows Server 2012 RDS hosts.
• Windows Server 2012 R2 operating system support for VDI desktops
  Windows Server 2012 R2 (Datacenter edition) is now supported as a guest operating system for single-user, VDI desktops.
• 3rd-Party SSO credential handling
  This feature enables 3rd-party SSO providers to access credential information when SSO is performed during a login to Horizon 6, allowing the 3rd-party solutions to be tightly integrated with Horizon 6.
• Enhanced Message Security Mode
  With the new Enhanced message security mode, instead of signing and encrypting individual messages, messages are delivered through secure channels, bringing performance benefits by reducing the load on View Connection Server instances, security servers, virtual desktops, and RDS servers. Enhanced message security mode is enabled by default on new installations.
• vSphere Transparent Page Sharing in Horizon 6
  In View Administrator, you can set the level of Transparent Page Sharing (TPS) that takes place on the ESXi host. The ESXi host can be set to eliminate redundant copies of memory pages at a virtual machine, pool, pod, or global level. This feature lets you determine how broadly to share pages (and hence reduce total memory consumption) based on the use case and the need to isolate users’ virtual machines.
• Virtual hardware version 11 graphics memory configuration
  Horizon 6 now supports virtual hardware version 11, available in vSphere 6.0 or later versions. This feature is required for virtual machines that use NVIDIA GRID vGPU.
• ViewDbChk utility to resolve database inconsistencies for Horizon 6 virtual machines
  Administrators can resolve inconsistencies in the databases (View LDAP, View Composer, and vCenter Server) that store information about desktop virtual machines. The utility can automatically identify and resolve configuration issues that previously could require manual intervention.
• Supportability of Windows XP and Windows Vista guest operating systems as desktop virtual machines
  The versions of View Agent that ship with Horizon 6 (version 6.1) and later releases do not support Windows XP and Windows Vista desktops. The Horizon 6 (version 6.1) servers will work with Windows XP and Windows Vista desktops if you continue to use the older View Agent 6.0.2. The older agent, of course, does not offer all of the features of the new agent. For more details, see Retiring Old OSes: XP, Vista, Mac OS X 10.6 & 10.7.