در این مطلب به معرفی و امکانات جدید VMware Horizon 7.11 می پردازیم و در انتها نیز لینک دانلود VMware Horizon 7.11.0 Enterprise Edition قرار داده شده است.
یکی از محصولات پرکاربرد شرکت VMware که این روزها در بین مدیران شبکه کشور ما بسیار طرفدار پیدا کرده ، بسته نرم افزاری VMware Horizon است. از این محصول شرکت Vmware برای مجازیسازی Desktop و Application ها می توان استفاده کرده. با استفاده از این نرمافزار شما امکان کنار گذاشتن سیستمهای سختافزاری (کامپبوترها) که برای کاربران مورد استفاده قرار میگیرد را دارید. با اختصاص VDI به هر کاربر و خرید تجهیز مناسب برای این کار دیگر نگران نگهداری از سختافزار، سیستمعامل و نرمافزار کاربران خود نباشید.
ساختار اصلی این سرویس را Connection Server تشکیل میدهد که با استفاده از vCenter فرایند های کنترلی خود را انجام می دهد.
میتوان گفت یکی از ایرادات وارده به این سرویس پر طرفدار کنسول مدیریتی آن است. نبود صفحه وب سازگار با مرورگر های مختلف نقطه منفی است که چنانچه تا به حال از این سرویس استفاده کرده باشید حتما با آن روبرور شدید!
این نسخه بیشتر بابت برطرف کردن خطا های موجود در نسخه قبلی منتشر شده است که در ادامه به آن اشاهر میشود .
What’s New in This Release
VMware Horizon 7 version 7.11 provides the following new features and enhancements. This information is grouped by installable component.
- Product Enhancements
- Horizon Connection Server On-Premises
- Horizon Agent for Linux
- Horizon Agent
- Horizon GPO Bundle
- Horizon Client
- Horizon 7 Cloud Connector
- Horizon 7 Deployed on VMware Cloud on AWS
For information about the issues that are resolved in this release, see Resolved Issues.
The VMware Horizon 7 version 7.11 release includes many new features and enhancements to Horizon Connection Server and Horizon Agent including continuing to build on the feature parity of Horizon Console, the HTML5-based web console that will eventually replace Horizon Administrator, which will be deprecated in early 2020.
- Horizon Console (HTML5-based Web Interface)
There are several enhancements to Horizon Console. These include:
- Horizon Console is now the primary and recommended web interface for Horizon 7. The existing Flash-based Horizon Administrator web interface remains supported but will be deprecated in early 2020. See the Log In to Horizon Console topic in the VMware Horizon Console Administration document.
- Horizon Help Desk Tool is more visibly integrated into Horizon Console. In Horizon Console, click Monitor > Help Desk to open Horizon Help Desk Tool. See the Start Horizon Help Desk Tool in Horizon Console topic in the VMware Horizon Console Administration document.
- You can customize the user name and password labels that appear in the RADIUS two-factor authentication login dialog box. See the Enable Two-Factor Authentication in Horizon Console topic in the VMware Horizon Console Administration document.
- You can configure global client restriction settings to restrict client session connections to desktops and published applications for non-supported Horizon Client versions. See the Global Client Restriction Settings for Client Sessions in Horizon Console topic in the VMware Horizon Console Administration document.
- You can view the CPU and memory consumption for each Connection Server in Horizon Console. See the Monitor Horizon Connection Server Load Status topic in the VMware Horizon Console Administration document.
- The “Manage Composer Desktop Pool Image” privilege is renamed to “Manage Maintenance Operations on Automated Desktops and Farms” privilege. You can use this privilege to perform a push-image operation on an instant-clone desktop pool or farm. See, Object Specific Privileges in the VMware Horizon Console Administration document.
- You can view the published application names associated with a session when you view the session information for a farm. See the Manage Published Desktop and Application Sessions in Horizon Console topic in the VMware Horizon Console Administration document.
- Cloud Pod Architecture
- 12,000 sessions per pod have been validated for Horizon 7 version 7.11.
- To see the global desktop entitlement that contains a specific desktop pool, you can select The name of the global desktop entitlement that contains the desktop pool appears in the Global Entitlement column for that desktop pool on the Desktop Pools page. You can also click a desktop pool name on the Desktop Pools page and view the name of the global desktop entitlement on the in Horizon Console. Summary tab.
- You can configure backup global entitlements. A backup global entitlement delivers remote desktops or published applications when the primary global entitlement fails to start a session because of problems such as insufficient pool capacity or unavailable pods. A backup global entitlement can contain pools from any pod in the pod federation. See the Implementing Backup Global Entitlements topic in the Administering Cloud Pod Architecture in Horizon 7 document.
- Published Desktops and Applications
- Horizon 7 supports Universal Windows Platform (UWP) applications that run on Windows 10 virtual desktop (WVD) hosts or a desktop pool. See the Remote Desktop Services Hosts topic in the Setting Up Published Desktops and Application in Horizon Console document.
- Virtual Desktops
- A progress bar indicates the pending image status of a master virtual machine and snapshot being published for the first time for an instant clone pool.
- True SSO
- You can use a third-party identity provider that uses an Unified Access Gateway appliance with the True SSO feature. See the Setting Up True SSO topic in the Horizon 7 Administration document.
- Load Balancing
- VMware Avi Networks supports load balancing for Connection Server, Unified Access Gateway appliances, and App Volumes Manager.
- Supported Distributions
Horizon Agent for Linux now supports the following operating systems for Linux remote desktops. For more information, see the System Requirements For Horizon 7 for Linux topic in the Setting Up Horizon 7 for Linux Desktops document.
- RHEL 7.7
- CentOS 7.7
- CentOS 8.0
- True SSO on RHEL/CentOS 8 Desktops
The True SSO feature is supported on manual and automated full-clone desktops running the RHEL/CentOS 8 distribution. Instant-clone RHEL 8 desktops do not support True SSO. See the Configure True SSO on RHEL/CentOS 8 Desktops topic in the Setting Up Horizon 7 for Linux Desktops document.
- Remoting Protocols
- A dynamic encoder switch allows you to switch between a video optimized encoder (H.264 4:2:0 or H.264 4:4:4) and a text optimized encoder (Blast Codec or Adaptive). This switch helps maintain crisp text and video with reduced bandwidth usage. See the VMware Blast Extreme topic in the Horizon 7 Architecture Planning document.
- The HW encoder supports five or more monitors.
- Pending messages are batched and sent in larger packets, reducing bandwidth usage for data transmission.
- Remote Experience
- Administrators can use a registry key string or configure the GPO setting VMware AppTap Configuration for applications and processes so that when a user logs off a remote session, the applications and processes that prevent a remote session from ending will be ignored. The GPO setting is listed in the VMware View Agent Configuration ADMX Template Settings topic in the Configuring Remote Desktop Features in Horizon 7 document.
- When preparing a desktop or RDSH image for nested-mode usage, you can install Horizon Agent and Horizon Client in any order.
- Horizon Agent installer supports LSA enabled machines. See the Install Horizon Agent on a Virtual Machine topic in Setting Up Virtual Desktops in Horizon Console document.
- The VMware View Agent Configuration ADMX template file, vdm_agent.admx, contains the following new settings:
- Enable Battery State Redirection
- Enable UWP support on RDSH platforms
- VMware AppTap Configuration
- The VMware Horizon Client Configuration ADMX template file, vdm_client.admx, contains the following new settings:
- Save resolution and DPI to server
For information about new features in Horizon Client 5.3, including HTML Access 5.3, see the release notes on the Horizon Clients Documentation page.
Applicable to VMware Horizon Universal License customers. The Horizon Cloud Connector virtual appliance is a required component for Horizon 7 version 7.6 and later, to support the management of Horizon 7 pods using Horizon Cloud Service.
For a list of Horizon 7 features supported on VMware Cloud on AWS, see the VMware Knowledge Base article 58539.
- Important note about installing VMware View Composer
If you plan to install or upgrade to View Composer 7.2 or later, you must upgrade the Microsoft .NET framework to version 4.6.1. Otherwise, the installation will fail.
- Important note about installing VMware Tools
If you plan to install a version of VMware Tools downloaded from VMware Product Downloads, rather than the default version provided with vSphere, make sure that the VMware Tools version is supported. To determine which VMware Tools versions are supported, go to the VMware Product Interoperability Matrix, select the solution VMware Horizon View and the version, then select VMware Tools (downloadable only).
- If you want to install View Composer silently, see the VMware Knowledge Base (KB) article 2148204, Microsoft Windows Installer Command-Line Options for Horizon Composer.
- This Horizon 7 release includes new configuration requirements that differ from some earlier releases. See the Horizon 7 Upgrades document for upgrade instructions.
- If you intend to upgrade a pre-6.2 installation of Horizon 7, and the Connection Server, security server, or View Composer server uses the self-signed certificate that was installed by default, you must remove the existing self-signed certificate before you perform the upgrade. Connections might not work if the existing self-signed certificates remain in place. During an upgrade, the installer does not replace any existing certificate. Removing the old self-signed certificate ensures that a new certificate is installed. The self-signed certificate in this release has a longer RSA key (2048 bits instead of 1024) and a stronger signature (SHA-256 with RSA instead of SHA-1 with RSA) than in pre-6.2 releases. Note that self-signed certificates are insecure and should be replaced by CA-signed certificates as soon as possible, and that SHA-1 certificates are no longer considered secure and should be replaced by SHA-2 certificates.
Do not remove CA-signed certificates that were installed for production use, as recommended by VMware. CA-signed certificates will continue to work after you upgrade to this release.
- After you have performed a fresh install or upgraded all Connection Server instances to Horizon 7 version 7.2 or later, you cannot downgrade the Connection Server instances to a version earlier than Horizon 7 version 7.2 because the keys used to protect LDAP data have changed. To keep the possibility of downgrading Connection Server instances while planning an upgrade to Horizon 7 version 7.2 or later, you must perform an LDAP backup before starting the upgrade. If you need to downgrade the Connection Server instances, you must downgrade all Connection Server instances and then apply the LDAP backup to the last Connection Server that is downgraded.
- Selecting the Scanner Redirection setup option with Horizon Agent installation can significantly affect the host consolidation ratio. To ensure the optimal host consolidation, make sure that the Scanner Redirection setup option is only selected for those users who need it. (By default, the Scanner Redirection option is not selected when you install Horizon Agent.) For users who need the Scanner Redirection feature, configure a separate desktop pool and select the setup option only in that pool.
- Horizon 7 uses only TLSv1.1 and TLSv1.2. In FIPS mode, it uses only TLSv1.2. You might not be able to connect to vSphere unless you apply vSphere patches. For information about re-enabling TLSv1.0, see Enable TLSv1 on vCenter Connections from Connection Server and Enable TLSv1 on vCenter and ESXi Connections from View Composer in the Horizon 7 Upgrades document.
- FIPS mode is not supported on releases earlier than 6.2. If you enable FIPS mode in Windows and upgrade Horizon Composer or Horizon Agent from a release earlier than Horizon View 6.2 to Horizon 7 version 7.2 or later, the FIPS mode option is not shown. You must do a fresh install instead to install Horizon 7 version 7.2 or later in FIPS mode.
- Linux desktops use port 22443 for the VMware Blast display protocol.
- Starting with Horizon 7 version 7.2, it is possible that the ordering of cipher suites can be enforced by Connection Server. For more information, see the Horizon 7 Security document.
- Starting with Horizon 7 version 7.2, Connection Server must be able to communicate on port 32111 with other Connection Servers in the same pod. If this traffic is blocked during installation or upgrade, installation will not succeed.
- Starting with Horizon 7 version 7.3.2, TLS handshakes on port 443 must complete within 10 seconds, or within 100 seconds if smart card authentication is enabled. In previous releases of Horizon 7, TLS handshakes on port 443 were allowed 100 seconds to complete in all situations. You can adjust the time for TLS handshakes on port 443 by setting the configuration property
handshakeLifetime. Optionally, the client that is responsible for an over-running TLS handshake can be automatically added to a blacklist. New connections from blacklisted clients are delayed for a configurable period before being processed so that connections from other clients take priority. You can enable this feature by setting the configuration property
secureHandshakeDelay. For more information about setting configuration properties, see the Horizon 7 Security document.
- When the Remote Desktop Services role is not present, the Horizon Agent installer prompts you to install Horizon Agent in RDS mode or desktop mode.
The Horizon Administrator and Horizon Console user interface, Horizon Administrator and Horizon Console online help, and Horizon 7 product documentation are available in Japanese, French, German, Spanish, simplified Chinese, traditional Chinese, and Korean. For the documentation, see the Documentation Center for VMware Horizon 7.
- For the supported guest operating systems for Horizon Agent on single-user machines and RDS hosts, see VMware Knowledge Base (KB) article 2150295, Supported Windows Versions for Remote Desktop Systems for Horizon Agent.
- If you use Horizon 7 servers with a version of View Agent older than 6.2, you will need to enable TLSv1.0 for PCoIP connections. View Agent versions that are older than 6.2 support the security protocol TLSv1.0 only for PCoIP. Horizon 7 servers, including connection servers and security servers, have TLSv1.0 disabled by default. You can enable TLSv1.0 for PCoIP connections on these servers by following the instructions in VMware Knowledge Base (KB) article 2130798, Configure security protocols for PCoIP for Horizon 6 version 6.2 and later, and Horizon Client 3.5 and later.
- For the supported Linux guest operating systems for Horizon Agent, see System Requirements for Horizon 7 for Linux in the Setting Up Horizon 7 for Linux Desktops document.
- For the supported operating systems for Connection Server, security server, and View Composer, see System Requirements for Server Components in the Horizon 7 Installation document.
- Horizon 7 functionality is enhanced by an updated set of Horizon Clients provided with this release. For example, Horizon Client 4.0 or later is required for VMware Blast Extreme connections. See the VMware Horizon Clients Documentation page for information about supported Horizon Clients.
- The instant clones feature requires vSphere 6.0 Update 1 or later.
- Windows 7 and Windows 10 are supported for instant clones, but not Windows 8 or Windows 8.1.
- See the VMware Product Interoperability Matrix for information about the compatibility of Horizon 7 with current and previous versions of vSphere.
- For the supported Active Directory Domain Services (AD DS) domain functional levels, see Preparing Active Directory in the Horizon 7 Installation document.
- For more system requirements, such as the supported browsers for Horizon Administrator, see the Horizon 7 Installation document.
- RC4, SSLv3, and TLSv1.0 are disabled by default in Horizon 7 components, in accordance with RFC 7465, “Prohibiting RC4 Cipher Suites,” RFC 7568, “Deprecating Secure Sockets Layer Version 3.0,” PCI-DSS 3.1, “Payment Card Industry (PCI) Data Security Standard”, and SP800-52r1, “Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations.” If you need to re-enable RC4, SSLv3, or TLSv1.0 on a Connection Server, security server, View Composer, or Horizon Agent machine, see Older Protocols and Ciphers Disabled in View in the Horizon 7 Security document.
- If a PCoIP Secure Gateway (PSG) has been deployed for PCoIP connections, zero client firmware must be version 4.0 or later.
- When using Client Drive Redirection (CDR), deploy Horizon Client 3.5 or later and View Agent 6.2 or later to ensure that CDR data is sent over an encrypted virtual channel from an external client device to the PCoIP security server and from the security server to the remote desktop. If you deploy earlier versions of Horizon Client or Horizon Agent, external connections to the PCoIP security server are encrypted, but within the corporate network, the data is sent from the security server to the remote desktop without encryption. You can disable CDR by configuring a Microsoft Remote Desktop Services group policy setting in Active Directory. For details, see Managing Access to Client Drive Redirection in the Configuring Remote Desktop Features in Horizon 7 document.
- The USB Redirection setup option in the Horizon Agent installer is deselected by default. You must select this option to install the USB redirection feature. For guidance on using USB redirection securely, see Deploying USB Devices in a Secure View Environment in the Horizon 7 Security document.
- The Global Policy, Multimedia redirection (MMR), defaults to Deny. To use MMR, you must open Horizon Administrator, edit Global Policies, and explicitly set this value to Allow. To control access to MMR, you can enable or disable the Multimedia redirection (MMR) policy globally or for an individual pool or user. Multimedia Redirection (MMR) data is sent across the network without application-based encryption and might contain sensitive data, depending on the content being redirected. To ensure that this data cannot be monitored on the network, use MMR only on a secure network.
- Before you set the level of Transparent Page Sharing (TPS) in Horizon Administrator, VMware recommends that the security implications be understood. For guidance, see the VMware Knowledge Base (KB) article 2080735, Security considerations and disallowing inter-Virtual Machine Transparent Page Sharing.
- To use View Storage Accelerator in a vSphere 5.5 or later environment, a desktop virtual machine must be 512GB or smaller. View Storage Accelerator is disabled on virtual machines that are larger than 512GB. Virtual machine size is defined by the total VMDK capacity. For example, one VMDK file might be 512GB or a set of VMDK files might total 512GB. This requirement also applies to virtual machines that were created in an earlier vSphere release and upgraded to vSphere 5.5.
- Horizon 7 does not support vSphere Flash Read Cache (formerly known as vFlash).
- In Horizon (with View) version 6.0 and later releases, the View PowerCLI cmdlets Get-TerminalServer, Add-TerminalServerPool, and Update-TerminalServerPool have been deprecated.
- Screen DMA is disabled by default in virtual machines that are created in vSphere 6.0 and later. View requires screen DMA to be enabled. If screen DMA is disabled, users see a black screen when they connect to the remote desktop. When Horizon 7 provisions a desktop pool, it automatically enables screen DMA for all vCenter Server-managed virtual machines in the pool. However, if Horizon Agent is installed in a virtual machine in unmanaged mode (VDM_VC_MANAGED_AGENT=0), screen DMA is not enabled. For information about manually enabling screen DMA, see VMware Knowledge Base (KB) article 2144475, Manually enabling screen DMA in a virtual machine.
- vGPU enabled instant clone desktop pools are supported for vSphere 2016 and later.
- Microsoft Windows Server requires a dynamic range of ports to be open between all Connection Servers in the Horizon 7 environment. These ports are required by Microsoft Windows for the normal operation of Remote Procedure Call (RPC) and Active Directory replication. For more information about the dynamic range of ports, see the Microsoft Windows Server documentation.
- In Horizon 7 version 7.2 or later, the viewDBChk tool will not have access to vCenter or View Composer credentials and will prompt for this information when needed.
- The forwarding rules for HTTP requests received by Connection Server instances and security servers have changed at this release. If you have defined custom
locked.properties, you should remove them before upgrading. If you wish to disallow administrator connections to certain Connection Server instances, then instead of defining custom
frontMappingentries, add this entry to
frontServiceWhitelist = tunnel|ajp:broker|ajp:portal|ajp:misc|moved:*|file:docrootOn security servers, this entry is applied automatically and does not need to be set in
- Horizon Persona Management is not compatible with User Writable Volumes created with the UIA + Profile template.
- In Horizon 7 version 7.0.3 or later, internal validation checks determine if the instant clone and internal template have valid IP addresses and a network connection. If a virtual machine has a NIC that cannot be assigned an IP address during provisioning, instant-clone provisioning fails.
- For information about the models of NVIDIA GPU cards supported by Horizon 7, see //docs.nvidia.com/grid/9.0/product-support-matrix/index.html.
- AMD v340 graphics cards are supported.
- Real-Time Audio-Video (RTAV) is supported in an IPv6 environment.
- See the VMware Product Interoperability Matrix for information about the compatibility of Horizon 7 with the latest versions of VMware Unified Access Gateway, VMware Identity Manager, VMware App Volumes, VMware User Environment Manager, and VMware Tools.
- JMP Server supports VMware App Volumes 2.14 or later, but not App Volumes 4.0. To use JMP Server, you must install an App Volumes 2.xx version that is 2.14 or later.
- On VMware Cloud on AWS, instant clone desktop pools and desktop pools that contain full virtual machines are limited to 1000 desktops because of an NSX-t limitation on logical switches.
- PCoIP is not supported with RDSH instant clone pools in an IPv6 environment. PCoIP is supported with remote desktops in an IPv6 environment.
- Starting with version 18.2.7, Avi Networks (VMware NSX Advanced Load Balancer) supports load balancing for Connection Server, Unified Access Gateway appliances, and App Volumes Manager.
For an updated list of supported Windows 10 operating systems, see VMware Knowledge Base (KB) article 2149393, Supported Versions of Windows 10 on Horizon 7.
For more information on upgrade requirements for Windows 10 operating systems, see VMware Knowledge Base (KB) article 2148176, Upgrade Requirements for Windows 10 Operating Systems here.