مجازی سازی دسکتاپ با VMware Horizon 7

مجازی سازی دسکتاپ با VMware Horizon 7

VMware Horizon 7 announced today is a real (re)evolution of the product. Just-in-time desktops are in! Feature known as Project Fargo (it’s a very lightweight VM because it shares all memory and disk with the original.) or also called vmFork technology which allows to provision desktop from parent desktop in just few seconds…. So in Horizon View 7 there is no more composer, and no more recomposing operations. Desktop admin folks know what this is about… Also Blast get’s enhanced with Blast Extreme allowing up to 4K resolutions on client’s devices.

Identity manager takes over and in this release, where users can authenticate via different credential options and then they just select any windows desktop or application without the need to present AD credentials.

Horizon client 4.0 has been announced, for all platforms (Linux, Windows, Mac, iOS or Android). Details in this post. I have the feeling that VMware has had to throw in some massive development force because the product offering just gets larger and larger with different platforms accessing the Horizon View product. So when you look at all what’s new, it’s just … huge. But let’s get started. This is an exciting day…

Update: Horizon 7 Has been Released !!

VMware Horizon 7 details – What’s New?

Massive scale improvement – Cloud pod architecture can now have up to 10 Horizon PODs across up to 4 sites with a maximum 50 000 destkops. It’s two and a half number increase than in Horizon 6.2.1.

More Flexible entitlements – The cloud pod architecture (CPA) allows site assignment for nested AD security groups.

Better Failover Support – In case the home site resources are exhausted or not available, the user will be automatically redirected to available desktop at other site.

VMware Identity Manager Integration – Identity manager is integrated with CPA, where it will present the destkops or applications available from any CPA Pod.

Instant Clones details – the vmFork technology. Instant Clones leverage VMware vmFork technology

  • A running, powered on desktop (Parent Virtual Machine) is quiesced and cloned.
  • Clones share the disk and memory of the Parent VM for reads – space and memory efficiency
  • The guest OS is customized, joins the domain, and is ready for user login as the desktop fully powers on

Instant clones can be persistent or non-persistent.

The desktop is destroyed at the time of user logoff.  A new, fresh and updated desktop is created and ready for the next user log in.

No need to do maintenance (recompose)

  • Patching the Operating System is as simple as updating the Parent Virtual Machine.  A user automatically gets an updated desktop at next login.  No lengthy recompose operation.
  • Desktops are short-lived and always recreated and automatically optimized for best performance.  No separate rebalance operation is required.
  • No boot storms (desktops Always On)
  • Desktop clones share disk and memory for reads
  • Less load on vCenter
  • No need for SE-Sparse and clone-level CRBC
  • Uses App Volumes and User Environment Manager (UEM) for desktop personalization
  • vmx-11 and higher virtual hardware

VMware Horizon View 7 - Instant Clones

Instant Clones limitations – there are some limitations in the v1.0 release. For example, only floating desktops are supported. No dedicated desktops for now, but v2 shall have it. Also no RDSH or Apps support, only VDI. The scale is up to 2000 desktops with single vCenter, single vLAN only.

  • No Nvidia GRID and there is a limited SVGA options.
  • As a Storage options – there are VSAN or VMFS datastores
  • Desktop personalization using AppVolumes User-Writeable Drives and UEM.

Smart Policies – customization desktops on location and user’s identity in real time (during the session). The desktop is personalized at boot on, but due to the constant monitoring it’s possible to add/remove function on-the-fly by applying a policy.

  • Application blocking
  • Control of PCoIP
  • Policies based on User Identity, location, Desktop tagging
  • Desktop capabilities provide client drive redirection, clipboard cut/pastte, USB, printing…

VMware Horizon Smart Policies

The workflow:

Desktop admin uses UEM console to create policies which are applied to group of desktops. The administrator allows or disables desktop features such as USB, Local Printing, Clipboard access, and Drive Redirection. The policies can be applied based on a set of conditions:

  • The user’s login or group member (e.g. all users in Finance)
  • Whether the user is accessing the desktop from a remote location
  • A general list of conditions such as any tags associated with a desktop pool

The authentication on Horizon 7 is done through VMware Identity Manager which uses different ways of identifying users. Users can select any Windows desktop or app without to present AD credentials.

The True SSO technology uses SAML for connecting Identify provider’s (IdP) authentication with the user’s UPN for access to AD credentials. True SSO generaes unique, short-time certificate to manage the Windows logon process.

Advantages:

  • Separate authentication
  • Credentials secured by digital certificate. No paswords.

How it works – Identity manager is able to be configured for use with many authentication methods (SecurID, RADIUS, Biometric) and after user’s authentication, the user selects a desktop or application which he wants to start.

True SSO

  • Horizon client is started at the user’s workstation with user’s identity and directed to the Horizon broker
  • Broker validates user’s identity with Identity Manager
  • Via Enrollment service, Horizon requests Microsoft CA to generate a temp certificate for the user
  • Horizon presents the certificate to the Windows OS
  • Windows validates the certificate with AD
  • User is logged onto his/her desktop or to his/her app. Remote session is initiated on the Horizon client.

Horizon Access Point

The hardened appliance get stronger, updated. It’s an alternative to security server. Can be configured for RADIUS or RSA SecurID. Support for smart card identification. User gets identified within the DMZ.

VMware Horizon Access Point

Supports SAML pass-thru where forward third party authentication to Horizon servers.

  • Allows Blast to be used (port 443)
  • Environment is more secure as only authenticated traffic flows on the LAN.
  • Easy to configure and scale, as you can scale Acces point independently of Connection server

AMD Multiuser support with vDGAImprovements in v7

AMD Graphics support for vSGA

  • Enable multiuser GPU solution for Horizon via AMD graphics hardware
  • AMD SR-IOV support (single root I/O virtualization)
  • Native AMD driver support for OpenGL, DirectX and OpenCL acceleration
  • Solidworks, PTC and Siemens ISV certification planned

Advantages and benefits

You can share single GPU with up to 15 users for efficient 3D applications where the native AMD driver is used and which offer 3D and multimedia over vSGA.

  • Workstation performance (2-6 users)
  • Power User ( CAD/CAM/CAE) – 6-10 users
  • Knowledge worker (up to 15 users)

Intel vDGA Graphics Support with Intel Xeon E3Intel vDGA Graphics support with Intel Xeon E3 – Support for CPUs with integrated Iris Pro GPU and compatible with Intel Graphics Virtualization Technologies (Intel GVT-d), with support up to 3 monitors per user.

Flash Redirection

This is in tech preview (supports only server-side fetch of the flash content). It allows to redirect flash content from the server to the client in order to get decoded and rendered locally.

Allows the flash streaming content play more smoothly with lower bandwidth and CPU usage at the server side…

Improved printing Experience

Local and network printing is up to 4x faster.

Windows 10 Improvements

Scan and serial port redirection supported, where the scanner redirection supports TWAIN and WIA stndards on Windows clients. Serial port redirection allows serial port redirection from the client to the server.

URL Content Redirection

Allows to redirect URL from VDI to the local browser. Admin can configure policies to control whether user can access the content with application on the server or the client. Supports HTTP and HTTPs. Can be usefull for customers which needs to separate interrnal browsing from external browsing domains. Allows to secure the environment because content which is potentially dangerous is executed on the client computer instead on the VDI desktop.

Admin can configure GPO which does restrict the content that will be opened in a browser inside VDI over Browser on the client’s PC.

URL Content Redirection

Blast Extreme

Optimized for mobile. All existing Horizon View remote features works with Blast extreme and latest horizon 4 clients. (read bellow about new horizon 4 clients). Blast extreme has lower requirements on bandwidth.

PCoIP & Blast Extreme: Feature Parity

Blast extreme is optimized for NVIDIA GRID allowing very good graphics even on lower cost PCs allowing better frame rate, higher server scalability, reduced latency or better bandwidthBlast Extreme is NVIDIA GRID Optimizedoptimization. Allows up to 4K resolution !!!

  • Supports NVIDIA GRID K1, K2, M6 and M60 graphics cards
  • H.264 encoder option on NVIDIA GRID GPUs to lower CPU consumption and increase scalability

VMware Horizon Client 4.0

Newly announced horizon clients 4.0 for Windows, Linux, Mac, OSx.. everything…

Horizon Client 4.0 Windows – has full support for PCoIP and Blast Extreme. Hardware acceleration.

  • Offers scaled resolution option for high DPI clients which allows better readability
  • Auto-share USB drivers with Client Drive Redirection. Has been improved, more easier to use, and has better performance using CDR.
  • Up to 4x faster printing via Horizon 7
  • Up to 50% more performant over WAN, through security server, for Client drive redirection (CDR) and USB.
  • Updated OpenSSL and TLS
  • Supported on Windows Server 2012 (untill now it was supported only on W7, W8.1 and W10

VMware Horizon Client MAC – support Blast Extreme and PCoIP

Works with Split View in OS X El Capitan

  • Works with split view in OS X El Capitan
  • Full Screen improvements for one display and All displays
  • Open local files with horizon hosted apps (double-click, Open With or Drad-drop files with Horizon Apps)
  • Up to 4x faster printing via Horizon 7
  • Up to 50% more performant over WAN, through security server, for Client drive redirection (CDR) and USB
  • 64 bit client version
  • Allows remembering username/domain credentials
  • Updated OpenSSL and TLS

Linux Client 4.0Linux Client 4.0 – Now supports RHEL 7.2 x64 and Ubuntu 14.04 x64

  • VMware Blast Extreme and PCoIP full support
  • Up to 4x faster printing via Horizon 7
  • Up to 50% more performant over WAN, through security server, for Client drive redirection (CDR) and USB
  • FIPS mode for Blast Extreme, PCoIP and USB

IOS Client 4.0 – can also use split view on iPad Air 2 and iPad Pro

  • Full support for Blast extreme with hardware acceleration
  • Use Apple Pencil as a remote mouse
  • Real-time Audio in to use microphone with desktop & apps
  • Client settings now in client and easier to use
  • Updated OpenSSL and TLS for improved security

Android Client 4.0 – allows accessing the environment via Android Fingerprint (if enabled and if Android 6.0 and higher or Horizon 6.2 with biometric auth. enabled)

  • Support for VMware Blast Extreme and PCoIP, and Blast extreme with hardware acceleration
  • Real-time Audio-In support to use mic with desktop and apps
  • Possibility to access device built-in storage in remote apps and (or) desktop with client drive redirection
  • Updated OpenSSL and TLS

Chrome OS Client 4.0 – support too Blast extreme and PCoIP. Possibility to access Google drive and USB storage in remote apps and desktops with client drive redirection.

HTML Access 4.0 – support now Linux desktops, works with mobile Safari on iOS devices. Also F5 APM (Access Policy Manager (APM) ) is supported.

VMware Horizon for Linux

  • Newly supported SLED 11 SP3 has been added.
  • Allows copy/paste between Linux desktop and Horizon Client (6.2.1)
  • vGPU for RHEL 7.x (6.2.1)
  • SSO enablement for RHEL 6.6 and CentOS 6.6 without smartcard (6.2.1)

Horizon Air Hybrid mode

This mode has been announced as a new platform which allows to run the control plane in the cloud.

  • Desktops and apps reside localy (on-premise)
  • Cloud control plane allows the single-pane management, user profiles, data. Also provides automated service updates for SaaS.

VMware Horizon Air Hybrid-Mode

دیدگاهتان را بنویسید

نشانی ایمیل شما منتشر نخواهد شد. بخش‌های موردنیاز علامت‌گذاری شده‌اند *