VMware Horizon 7 version 7.1

Geplaatst op door
Post Views: 132
Print Friendly, PDF & Email

 

Last Updated: 16 March 2017

These release notes include the following topics:

 

What’s New in This Release

VMware Horizon 7 version 7.1 provides the following new features and enhancements:

  • VMware Blast Extreme
    • Extra mouse buttons such as the back and forward buttons on Logitech MX620 are supported.
    • Connections to physical machines that have no monitors attached are supported with NVIDIA graphics cards. This is a technical preview feature for Horizon 7 version 7.1.
    • The Blast Secure Gateway includes Blast Extreme Adaptive Transport (BEAT) networking, which dynamically adjusts to network conditions such as varying speeds and packet loss.

  • URL Content Redirection Enhancements
    • You can configure and manage client-to-agent redirection settings by running vdmutil commands on the Connection Server host. You still configure agent-to-client redirection by using GPOs.
    • Client-to-agent redirection is supported for Mac clients when you configure client-to-agent redirection by running vdmutil commands.
    • If you have a Cloud Pod Architecture environment, you can use vdmutil commands to create global URL content redirection settings, which are visible across the pod federation. With global URL content redirection settings, you can redirect URL links in the client to global resources, such as global desktop entitlements and global application entitlements.
    • The urlRedirection-enUS.admx template file contains settings that enable you to control whether a URL link is opened on the client (agent-to-client redirection) or in a remote desktop or application (client-to-agent redirection).
  • Horizon for Linux 7.1 Desktops Enhancements
    • RHEL 7.3, CentOS 7.3, SLED 12 SP2, and SLES 12 SP2 are now supported.
    • Linux Agent Single Sign Support on Ubuntu 14.04 and Ubuntu 16.04 has been added.
    • The Client Drive Redirection (CDR) feature is now available as a technology preview.
    • The USB Redirection feature is available on Ubuntu 14.04 and Ubuntu 16.04 as a technology preview.
    • The Keyboard Layout and Locale Synchronization feature is supported for Horizon Client for Windows and only for English, French, German, Japanese, Korean, Spanish, Simplified Chinese, and Traditional Chinese locales.
  • Smart Card Authentication
    Administrators can specify multiple Certificate Revocation Lists (CRLs). For more information, see the VMware Knowledge Base (KB) article 2149447, Configuring Multiple Certificate Revocation Lists.
  • Published Desktops and Applications
    • You can create an automated instant-clone farm and schedule maintenance for the instant-clone farm.
    • You can select multiple vLAN networks to create a larger instant-clone desktop pool. Only the static port group is supported.
    • You can configure unauthenticated access for users to access published applications from a Horizon Client without requiring Active Directory credentials.
  • Instant Clones
    • You can use NVIDIA GRID vGPUs with instant-clone desktop pools. Note that configuring PCoIP as the display protocol with NVIDIA GRID vGPU is a technical preview feature.
    • You can select multiple vLAN networks to create a larger instant-clone desktop pool. Only the static port group is supported.
    • You can use the internal VM debug mode to troubleshoot internal virtual machines in an instant-clone desktop pool or in an instant-clone farm.
    • Administrators can perform a restart or reset of the virtual desktops managed by the vCenter Server.
    • You can perform maintenance on instant-clone VMs by putting the ESXi hosts into maintenance mode. Use vSphere Web Client to put the ESXi host into maintenance mode. The ESXi host maintenance operation automatically deletes the parent VMs from that ESXi host.
  • Virtual Desktops
    Administrators can perform a graceful restart of the virtual desktops managed by the vCenter Server.
  • Cloud Pod Architecture Enhancements
    • If you enable the multiple sessions per user policy when you create a global desktop entitlement, users can initiate separate desktop sessions from different client devices.
    • You can configure the restricted global entitlements feature to restrict access to global entitlements based on the Connection Server instance that users initially connect to when they select global entitlements.
  • ADM and ADMX Template Files
    The ADM template files are deprecated and the ADMX template files are added.
  • IPv6 Environment
    Virtual printing is supported for a Windows Client in the IPv6 environment.
  • Horizon PowerCLI
    • You can use Horizon PowerCLI advanced functions to change the icon of a published application.
  • Operating Systems for Instant-Clone Remote Desktops
    The following operating systems are now supported:
    • Windows Server 2008 R2
    • Windows Server 2012 R2
    • Windows Server 2016
  • vSphere Platform
    vSphere Virtual Machine Encryption (in vSphere 6.5) for full clone desktop pools is supported.
  • Access Point
    Beginning with version 2.9, VMware Access Point is renamed to VMware Unified Access Gateway. This change is not yet reflected in the Horizon 7 version 7.1 and Horizon Client 4.4 documentation sets.
  • Horizon Client Information Plug-In
    You can use the Horizon Client Information (HCI) plug-in installer to get client information from both published applications and virtual desktops. The HCI plug-in is available as an ActiveX plug-in and supports Internet Explorer. For more information about the HCI plug-in installer, see the VMware Knowledge Base (KB) article 2149400, Horizon Client Information Plug-In.
  • Information Experience
    The following documents are updated:
    • The Setting Up Desktop and Application Pools in View document is redundant.
    • The Setting Up Published Desktops and Applications in Horizon 7 document is added.
    • The Setting Up Virtual Desktops in Horizon 7 document is added.
    • The Configuring Remote Desktop Features in Horizon 7 document is added.

For information about the issues that are resolved in this release, see Resolved Issues.

Before You Begin

  • Important note about installing VMware View Composer
    If you plan to install or upgrade View Composer 7.0.2, you must upgrade the Microsoft .NET framework to version 4.6.1. Otherwise, the installation will fail.
  • Important note about installing VMware Tools
    If you plan to install a version of VMware Tools downloaded from VMware Product Downloads, rather than the default version provided with vSphere, make sure that the VMware Tools version is supported. To determine which VMware Tools versions are supported, go to the VMware Product Interoperability Matrix, select the solution VMware Horizon View and the version, then select VMware Tools (downloadable only).
  • If you want to install Horizon Composer silently, see the VMware Knowledge Base (KB) article 2148204, Microsoft Windows Installer Command-Line Options for Horizon Composer.
  • The Horizon 7 release includes new configuration requirements that differ from some earlier releases. See the README document. This short overview can help you to avoid potential pitfalls when you install or upgrade to this release. The View Upgrades document provides upgrade instructions.
  • If you intend to upgrade a pre-6.2 installation of View, and the Connection Server, security server, or View Composer server uses the self-signed certificate that was installed by default, you must remove the existing self-signed certificate before you perform the upgrade. Connections might not work if the existing self-signed certificates remain in place. During an upgrade, the installer does not replace any existing certificate. Removing the old self-signed certificate ensures that a new certificate is installed. The self-signed certificate in this release has a longer RSA key (2048 bits instead of 1024) and a stronger signature (SHA-256 with RSA instead of SHA-1 with RSA) than in pre-6.2 releases. Note that self-signed certificates are insecure and should be replaced by CA-signed certificates as soon as possible, and that SHA-1 certificates are no longer considered secure and should be replaced by SHA-2 certificates.
    Do not remove CA-signed certificates that were installed for production use, as recommended by VMware. CA-signed certificates will continue to work after you upgrade to this release.
  • To take advantage of Horizon 7 features such as Virtual SAN 6.1, GRID vGPU, and Virtual Volumes, install vSphere 6.0 and subsequent patch releases.
  • When you upgrade to this release, upgrade all View Connection Server instances in a pod before you begin upgrading View Agent, as described in the View Upgrades document.
  • The download page in this release includes a Horizon View HTML Access Direct-Connection file that provides web server static content for supporting HTML Access with View Agent Direct-Connection (VADC). For information about setting up HTML Access for VADC, see Setting Up HTML Access in the View Agent Direct-Connection Plug-in Administration document.
  • Selecting the Scanner Redirection setup option with Horizon Agent installation can significantly affect the host consolidation ratio. To ensure the optimal host consolidation, make sure that the Scanner Redirection setup option is only selected for those users who need it. (By default, the Scanner Redirection option is not selected when you install Horizon Agent.) For users who need the Scanner Redirection feature, configure a separate desktop pool and select the setup option only in that pool.
  • Horizon 7 uses only TLSv1.1 and TLSv1.2. In FIPS mode, it uses only TLSv1.2. You might not be able to connect to vSphere unless you apply vSphere patches. For information about re-enabling TLSv1.0, see Enable TLSv1 on vCenter Connections from Connection Server and Enable TLSv1 on vCenter and ESXi Connections from View Composer in the View Upgrade document.
  • FIPS mode is not supported on releases earlier than 6.2. If you enable FIPS mode in Windows and upgrade Horizon Composer or Horizon Agent from a release earlier than Horizon View 6.2 to Horizon 7 version 7.0.3, the FIPS mode option is not shown. You must do a fresh install instead to install Horizon 7.0.3 in FIPS mode.
  • Linux desktops use port 22443 for the VMware Blast display protocol.
  • With Horizon 7.0.1, Linux desktop is switched from unmanaged virtual machine to vCenter managed virtual machine. Horizon Connection Server 7.0.1 and vCenter are mandatory requirements for Linux desktop 7.0.1 deployment.
    For Linux desktop deployment of 7.0.0 and earlier, which are unmanaged virtual machine deployment, there are two options:
    • Upgrade to 7.0.1 and retain the unmanaged virtual machine. This upgrade does not require any configuration modifications in Horizon Connection Server.
    • Upgrade to 7.0.1 and convert to managed virtual machine. This upgrade requires desktop pool creation in Horizon Connection Server. Horizon Connection Server 7.0.1 and vCenter are mandatory requirements.

Compatibility Notes

  • For the supported guest operating systems for Horizon Agent on single-user machines and RDS hosts, see Supported Operating Systems for Horizon Agent in the View Installation document.
  • If you use Horizon 7 servers with a version of View Agent older than 6.2, you will need to enable TLSv1.0 for PCoIP connections. View Agent versions that are older than 6.2 support the security protocol TLSv1.0 only for PCoIP. Horizon 7 servers, including connection servers and security servers, have TLSv1.0 disabled by default. You can enable TLSv1.0 for PCoIP connections on these servers by following the instructions in VMware Knowledge Base (KB) article 2130798, Configure security protocols for PCoIP for Horizon 6 version 6.2 and later, and Horizon Client 3.5 and later.
  • For the supported Linux guest operating systems for Horizon Agent, see System Requirements for Horizon 7 for Linux in the Setting Up Horizon 7 Version 7.1 for Linux Desktops document.
  • For the supported operating systems for View Connection Server, security server, and View Composer, see System Requirements for Server Components in the View Installation document.
  • Horizon 7 functionality is enhanced by an updated set of Horizon Clients provided with this release. For example, Horizon Client 4.0 or later is required for VMware Blast Extreme connections. See the VMware Horizon Clients Documentation page for information about supported Horizon Clients.
  • The instant clones feature requires vSphere 6.0 Update 1 or later.
  • Windows 7 and Windows 10 are supported for instant clones, but not Windows 8 or Windows 8.1.
  • See the VMware Product Interoperability Matrix for information about the compatibility of Horizon 7 with current and previous versions of vSphere.
  • For the supported Active Directory Domain Services (AD DS) domain functional levels, see Preparing Active Directory in the View Installation document.
  • For more system requirements, such as the supported browsers for View Administrator and View Portal, see the View Installation document.
  • RC4, SSLv3, and TLSv1.0 are disabled by default in View components, in accordance with RFC 7465, “Prohibiting RC4 Cipher Suites,” RFC 7568, “Deprecating Secure Sockets Layer Version 3.0,” PCI-DSS 3.1, “Payment Card Industry (PCI) Data Security Standard”, and SP800-52r1, “Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations.” If you need to re-enable RC4, SSLv3, or TLSv1.0 on a View Connection Server, security server, View Composer, or Horizon Agent machine, see Older Protocols and Ciphers Disabled in View in the View Security document.
  • If a PCoIP Secure Gateway (PSG) has been deployed for PCoIP connections, zero client firmware must be version 4.0 or later.
  • When using Client Drive Redirection (CDR), deploy Horizon Client 3.5 or later and View Agent 6.2 or later to ensure that CDR data is sent over an encrypted virtual channel from an external client device to the PCoIP security server and from the security server to the remote desktop. If you deploy earlier versions of Horizon Client or View Agent, external connections to the PCoIP security server are encrypted, but within the corporate network, the data is sent from the security server to the remote desktop without encryption. You can disable CDR by configuring a Microsoft Remote Desktop Services group policy setting in Active Directory. For details, see Managing Access to Client Drive Redirection in the Configuring Remote Desktop Features in Horizon 7 document.
  • The USB Redirection setup option in the Horizon Agent installer is deselected by default. You must select this option to install the USB redirection feature. For guidance on using USB redirection securely, see Deploying USB Devices in a Secure View Environment in the View Security document.
  • The Global Policy, Multimedia redirection (MMR), defaults to Deny. To use MMR, you must open View Administrator, edit Global Policies, and explicitly set this value to Allow. To control access to MMR, you can enable or disable the Multimedia redirection (MMR) policy globally or for an individual pool or user.
    Multimedia Redirection (MMR) data is sent across the network without application-based encryption and might contain sensitive data, depending on the content being redirected. To ensure that this data cannot be monitored on the network, use MMR only on a secure network.
  • Before you set the level of Transparent Page Sharing (TPS) in View Administrator, VMware recommends that the security implications be understood. For guidance, see the VMware Knowledge Base (KB) article 2080735, Security considerations and disallowing inter-Virtual Machine Transparent Page Sharing.
  • To use View Storage Accelerator in a vSphere 5.5 or later environment, a desktop virtual machine must be 512GB or smaller. View Storage Accelerator is disabled on virtual machines that are larger than 512GB. Virtual machine size is defined by the total VMDK capacity. For example, one VMDK file might be 512GB or a set of VMDK files might total 512GB. This requirement also applies to virtual machines that were created in an earlier vSphere release and upgraded to vSphere 5.5.
  • Horizon 7 does not support vSphere Flash Read Cache (formerly known as vFlash).
  • In Horizon (with View) version 6.0 and later releases, the View PowerCLI cmdlets Get-TerminalServer, Add-TerminalServerPool, and Update-TerminalServerPool have been deprecated.
  • Screen DMA is disabled by default in virtual machines that are created in vSphere 6.0 and later. View requires screen DMA to be enabled. If screen DMA is disabled, users see a black screen when they connect to the remote desktop. When Horizon 7 provisions a desktop pool, it automatically enables screen DMA for all vCenter Server-managed virtual machines in the pool. However, if Horizon Agent is installed in a virtual machine in unmanaged mode (VDM_VC_MANAGED_AGENT=0), screen DMA is not enabled. For information about manually enabling screen DMA, see VMware Knowledge Base (KB) article 2144475, Manually enabling screen DMA in a virtual machine.
  • vGPU enabled instant clone desktop pools are supported for vSphere 2016 and later.
  • Microsoft Windows Server requires a dynamic range of ports to be open between all Connection Servers in the Horizon 7 environment. These ports are required by Microsoft Windows for the normal operation of Remote Procedure Call (RPC) and Active Directory replication. For more information about the dynamic range of ports, see the Microsoft Windows Server documentation.

Supported Windows 10 Operating Systems

For an updated list of supported Windows 10 operating systems, see VMware Knowledge Base (KB) article 2149393, Supported Versions of Windows 10 on Horizon View.
For more information on upgrade requirements for Windows 10 operating systems, see VMware Knowledge Base (KB) article 2148176, Upgrade Requirements for Windows 10 Operating Systems here.

Top of Page

Prior Releases of View

Features that were introduced in prior releases of View are described in the release notes for each release, along with existing known issues.

Resolved Issues

  • Users in a domain configured with a one-way trust cannot update an expired password from Horizon Client.
  • If a user never logs out from a virtual desktop, then Persona Management keeps writing log messages to the same log file and does not rotate the log file. This feature is available only with the ADMX template file.
  • Horizon Agent becomes unavailable with a FATAL error after you disable and stop the Windows Management Instrumentation service and restart the operating system.
  • Horizon Administrator shows a red status for vCenter Server even when the vCenter service is up and running in a cluster of Connection Servers. The incorrect vCenter Server status is displayed after you configure a valid signed SSL certificate for vCenter Server.
  • The “Persona Management process exclusions” policy does not exist in the ViewPMAdv.adm file because this policy serves the same function as the “Excluded Process” policy in the ViewPMAdv.adm file.