VMware Horizon 7 version 7.6
What’s New in This Release
VMware Horizon 7 version 7.6 provides the following new features and enhancements. This information is grouped by installable component.
- Horizon Connection Server
- Horizon Agent for Linux
- Horizon Agent
- Horizon GPO Bundle
- Horizon Client
- Horizon JMP Server
- Horizon 7 Security
For information about the issues that are resolved in this release, see Resolved Issues.
- Horizon Console
- A user can login to Horizon Console with any predefined role or a combination of predefined roles.
- Horizon 7 Subscription Licenses
- You can use VMware Horizon 7 Cloud Connector to manage subscription licenses to a Horizon Cloud node hosted on the VMware Horizon Cloud Service. A subscription license removes the need to keep, retrieve, or manually enter a license key for product activation.
- Cloud Pod Architecture
- With Horizon Client 4.9, if a Windows client device has an RDS per-device CAL, it always presents that license. Windows clients that have earlier Horizon Client versions present a license only if they have a license for the specific pod. For the best handling of RDS licensing in a Cloud Pod Architecture environment, VMware recommends upgrading to the latest client and server software.
- Horizon Administrator
- You can no longer configure RDS Per-Device CAL storage options in Horizon Administrator. RDS Per-Device CALs are now stored only on the client device by default.
- Horizon Clients using IPv4 and Horizon Clients using IPv6 can be handled concurrently on TCP port 8443 and on UDP port 8443
(for BEAT) when connecting to a Unified Access Gateway appliance version 3.3 or later.
- vSphere Support
- vSphere 6.5 U2 is supported.
- True SSO support on the RHEL/CentOS 7 desktops
True single sign-on (SSO) is now supported on RHEL 7 and CentOS desktops.
- Additional supported platforms
Support the the Ubuntu 18.04, RHEL/CentOS 6.10, and RHEL/CentOS 7.5 platforms have been added.
- Instant-clone support for RHEL 7.1 and later versions
You can now create instant-clone floating desktop pool on systems with RHEL 7.1 or later installed.
- Redirecting serial ports from Windows client devices to published desktops and applications
You can now enable the Serial Port Redirection option when you install Horizon Agent on an RDS host to allow end users to redirect serial ports from their client devices to published desktops and applications. Previously, you could only enable this option when you installed Horizon Agent on a virtual desktop. This feature also requires Horizon Client 4.9 for Windows.
- Redirecting geolocation information from Windows client devices to remote desktops and published applications
You can enable the Geolocation Redirection option when you install Horizon Agent on a virtual desktop or RDS host to redirect geolocation information from Windows client devices to virtual desktops, published desktops, or published applications. This feature also requires Horizon Client 4.9 for Windows.
- HTML5 Multimedia Redirection improvements
Live streaming is now supported with the HTML5 Multimedia Redirection feature.
- Clipboard audit feature
You can enable the clipboard audit feature to record information about clipboard data that is copied from the agent machine to the Windows client machine. To enable the clipboard audit feature, you enable the Configure clipboard audit group policy setting for VMware Blast or PCoIP. You can optionally configure the Whether block clipboard redirection to client side when client doesn’t support audit group policy setting to specify whether to block clipboard redirection to clients that do not support the clipboard audit feature. This feature also requires Horizon Client 4.9 for Windows.
- Geolocation Redirection feature
You can configure the Geolocation Redirection feature to redirect geolocation information from Windows client devices to remote desktops and published applications. To configure the Geolocation Redirection feature, you configure the Enable VMware Geolocation Redirection and Enable URL list for VMware Geolocation Redirection group policy settings. For more information, see the Configuring Remote Desktop Features in Horizon 7 document. This feature also requires Horizon Client 4.9 for Windows.
- HTML5 Multimedia Redirection group policy changes
The group policy settings for the HTML5 Multimedia Redirection feature have been moved. For more information, see the “HTML5 Feature Settings” topic in the Configuring Remote Desktop Features in Horizon 7 document.
- Proxy settings in Skype for Business on Windows Clients
The Virtualization Pack for Skype for Business checks for proxy settings on the Horizon Client for Windows system, and uses those settings for media traffic.
- VMware Blast DSCP Marking policy setting
You can establish Differentiated Services Code Point (DSCP) values in outgoing Blast network traffic, as specified by the various individual settings for each network hop.
For information about new features in Horizon Client 4.9, including HTML Access 4.9, see the Horizon Clients Documentation page.
- Horizon JMP Server upgrade installer
You can upgrade to a later version of the Horizon JMP Server using the JMP Server installer.
- Horizon 7 Security Features
- You can configure login deceleration for unauthenticated access to published applications.
- Important note about installing VMware View Composer
If you plan to install or upgrade to View Composer 7.2 or later, you must upgrade the Microsoft .NET framework to version 4.6.1. Otherwise, the installation will fail.
- Important note about installing VMware Tools
If you plan to install a version of VMware Tools downloaded from VMware Product Downloads, rather than the default version provided with vSphere, make sure that the VMware Tools version is supported. To determine which VMware Tools versions are supported, go to the VMware Product Interoperability Matrix, select the solution VMware Horizon View and the version, then select VMware Tools (downloadable only).
- If you want to install View Composer silently, see the VMware Knowledge Base (KB) article 2148204, Microsoft Windows Installer Command-Line Options for Horizon Composer.
- This Horizon 7 release includes new configuration requirements that differ from some earlier releases. See the Horizon 7 Upgrades document for upgrade instructions.
- Horizon 7.5.1 is an Extended Service Branch (ESB) that will receive periodic service pack (SP) updates, which include cumulative, critical bug fixes, and security fixes. See the VMware Knowledge Base (KB) article 52845 FAQ: Horizon 7, App Volumes, UEM Extended Service Branches (ESB) for detailed information of ESB. See the Horizon 7 Upgrades document for upgrading to SPs.
- If you intend to upgrade a pre-6.2 installation of Horizon 7, and the Connection Server, security server, or View Composer server uses the self-signed certificate that was installed by default, you must remove the existing self-signed certificate before you perform the upgrade. Connections might not work if the existing self-signed certificates remain in place. During an upgrade, the installer does not replace any existing certificate. Removing the old self-signed certificate ensures that a new certificate is installed. The self-signed certificate in this release has a longer RSA key (2048 bits instead of 1024) and a stronger signature (SHA-256 with RSA instead of SHA-1 with RSA) than in pre-6.2 releases. Note that self-signed certificates are insecure and should be replaced by CA-signed certificates as soon as possible, and that SHA-1 certificates are no longer considered secure and should be replaced by SHA-2 certificates.
Do not remove CA-signed certificates that were installed for production use, as recommended by VMware. CA-signed certificates will continue to work after you upgrade to this release.
- To take advantage of Horizon 7 features such as Virtual SAN 6.1, GRID vGPU, and Virtual Volumes, install vSphere 6.0 and subsequent patch releases.
- When you upgrade to this release, upgrade all Connection Server instances in a pod before you begin upgrading Horizon Agent, as described in the Horizon 7 Upgrades document.
- After you have performed a fresh install or upgraded all Connection Server instances to Horizon 7 version 7.2 or later, you cannot downgrade the Connection Server instances to a version earlier than Horizon 7 version 7.2 because the keys used to protect LDAP data have changed. To keep the possibility of downgrading Connection Server instances while planning an upgrade to Horizon 7 version 7.2 or later, you must perform an LDAP backup before starting the upgrade. If you need to downgrade the Connection Server instances, you must downgrade all Connection Server instances and then apply the LDAP backup to the last Connection Server that is downgraded.
- The product build number for Horizon Agent in this release does not appear under the “Version” column in the “Add/Remove Programs” panel. To get the product build number, click “VMware Horizon Agent” and view the comments section in the panel below.
- The download page in this release includes a Horizon HTML Access Direct-Connection file that provides web server static content for supporting HTML Access with View Agent Direct-Connection (VADC). For information about setting up HTML Access for VADC, see Setting Up HTML Access in the View Agent Direct-Connection Plug-in Administration document.
- Selecting the Scanner Redirection setup option with Horizon Agent installation can significantly affect the host consolidation ratio. To ensure the optimal host consolidation, make sure that the Scanner Redirection setup option is only selected for those users who need it. (By default, the Scanner Redirection option is not selected when you install Horizon Agent.) For users who need the Scanner Redirection feature, configure a separate desktop pool and select the setup option only in that pool.
- Horizon 7 uses only TLSv1.1 and TLSv1.2. In FIPS mode, it uses only TLSv1.2. You might not be able to connect to vSphere unless you apply vSphere patches. For information about re-enabling TLSv1.0, see Enable TLSv1 on vCenter Connections from Connection Server and Enable TLSv1 on vCenter and ESXi Connections from View Composer in the Horizon 7 Upgrades document.
- FIPS mode is not supported on releases earlier than 6.2. If you enable FIPS mode in Windows and upgrade Horizon Composer or Horizon Agent from a release earlier than Horizon View 6.2 to Horizon 7 version 7.2 or later, the FIPS mode option is not shown. You must do a fresh install instead to install Horizon 7 version 7.2 or later in FIPS mode.
- Linux desktops use port 22443 for the VMware Blast display protocol.
- Starting with Horizon 7 version 7.2, it is possible that the ordering of cipher suites can be enforced by Connection Server. For more information, see the Horizon 7 Security document.
- Starting with Horizon 7 version 7.2, Connection Server must be able to communicate on port 32111 with other Connection Servers in the same pod. If this traffic is blocked during installation or upgrade, installation will not succeed.
- Starting with Horizon 7 version 7.3.2, TLS handshakes on port 443 must complete within 10 seconds, or within 100 seconds if smart card authentication is enabled. In previous releases of Horizon 7, TLS handshakes on port 443 were allowed 100 seconds to complete in all situations. You can adjust the time for TLS handshakes on port 443 by setting the configuration property
handshakeLifetime. Optionally, the client that is responsible for an over-running TLS handshake can be automatically added to a blacklist. New connections from blacklisted clients are delayed for a configurable period before being processed so that connections from other clients take priority. You can enable this feature by setting the configuration property
secureHandshakeDelay. For more information about setting configuration properties, see the Horizon 7 Security document.