This is the first installment of a “Mini-Series” about VMware Horizon. I recently passed my VCP-DTM (Desktop and Mobility) and a lot of my knowledge came/comes from my home lab. If you are looking to install and play with Horizon this series will get you started!
The connection server is at the center of any Horizon environment. It is responsible for brokering users, provisioning desktops, managing desktop connections and applying policies. In Horizon 7.12 (and previous versions) the connection server is based on a Windows Server Instance. In this guide, I am using Windows Server 2019 GUI that is domain joined.
Step 1: Launch the installer, Accept the EULA, and Chose your install directory (Default is fine)
Step 2: Chose the type of Horizon Role to Install
There are currently four roles that can be installed. Each of them have a specific purpose within the broader VDI infrastructure. Each role needs (and should) be run on a separate virtual machine.
- Connection Server – This is the standard connection server that serves as the main administration point. This is where policies, desktops, entitlements and environment configuration is completed. This is the first role to install when setting up a Greenfield deployment.
- Security Server – Typically deployed in the DMZ, the security server provides a dedicated instance when accessing over the Internet. In newer versions of Horizon this has been replaced by the Unified Access Gateway (UAG).
- Replica Server – This is a second (or more) connection server. With a replica server, the database is replicated from the main connection server. In some instances it may make sense to setup a dedicated replica server to isolate internal and external connections. For larger environments, you will see a load balancer in-front of your connection and replica servers with session tracking enabled.
- Enrollment Server – Leveraged for “TrueSSO” along with VMWare Identity Management (VIM).
During this step, you have the ability to choose between IPV4 and IPV6. If you require HTML5 access to desktops, do not choose IPV6 as it is currently not supported.
Step 3: Configure Firewall Rules
Typically I have the installer configure the Windows firewall automatically but if you are not planning on using certain aspects of the deployment, you may choose to configure them manually.
Step 4: Configure AD Permissions
Depending on our preference, you may choose to entitle Local Groups, Domain Users or Domain Groups to the administration page. In my environment, I have a dedicated group for Horizon Admins.
Step 5: Enable or Disable VMWare CEIP
Step 6: Finalize the Install
Once the install has completed, you should see a new icon on your desktop. This is the link to the admin web page. After clicking it, you should be prompted to login using either a domain account or local account. In newer versions you will have the choice between the Horizon Console (HTML5) interface and the legacy Flex interface. To my knowledge, the Horizon Console is feature complete and is recommend.
In the next post, we will dive into the different types of Desktop Pools and then create an Instant Clone Desktop Pool. Stay Tuned!