Xtravirt — VMware Horizon - What am I buying?

1.5M ratings
277k ratings

See, that’s what the app is perfect for.

Sounds perfect Wahhhh, I don’t wanna

VMware Horizon - What am I buying?

by Curtis Brown

Once upon a time (in the mid 2000s), VMware decided to delve into the End User Compute market space, taking on the juggernauts of Citrix and Microsoft by releasing VMware Virtual Desktop Manager (VDM). This evolved into VMware View in 2008, and over the following eight years a further re-branding exercise resulted in the release of the VMware Horizon Suite. Our plucky VDI software evolved into VMWare Horizon (with View) then Horizon View with the release of version 6.0, and finally in version 7 ‘Horizon 7’, with the name ‘View’ reserved as a hangover legacy name for the VDM components.

So, as a customer, you’ve decided to invest in VMware Horizon.  These days, Horizon is much more than simply a means to deliver a desktop to a user.  With the modern realisation that the user isn’t really after a desktop (they just want their applications), Horizon is now, more than ever, a suite of products that allow you to deliver applications in a multitude of ways.

This article aims to provide you with a quick primer on these products and how they fit together.  For the sake of simplicity, it will stick to the on-premises offerings, largely as these are still the most common ‘in the wild’, though Cloud based elements, such as AirWatch, are gaining ground.

The Shopping List

Let’s start by exploring the suite from a component level.  The suite comprises the following products*:

Product License Level What does this do

VMware Horizon (

the View component)

Standard

Advanced

Enterprise

Delivers Virtual Desktops as either dedicated VMs or via Remote Desktop Session Hosts (RDSH).

The latter ability is also used to deliver Published Applications (Not in Standard though).

VMware ThinApp Standard

Advanced

Enterprise

This is what is known as Application Virtualisation.  An application is re-packaged in a self-contained executable that can be run on a Windows PC (physical or virtual).  The self-contained nature means that it is essentially sand-boxed – with minimal dependency on the surrounding operating system (required DLLs, configuration etc. are self-contained)

VMware Identity Manager Standard Advanced

Enterprise

This provides user facing authentication and single sign-on (SSO) capabilities as well as an application portal for presenting Virtual Desktops, Remote Applications, ThinApp packages and web-based applications.

The SSO element can be used to provide immediate access to Web based applications if these are capable of SAML-based authentication.

_Beyond Horizon, Identity Manager is available in an Advanced version and as part of AirWatch.  These provide additional features, notably in Mobile Device management including device configuration, remote wipe etc. _

VMware App Volumes Enterprise This product provides the means to deliver defined stacks of applications (AppStacks) to virtual desktops or RDSH servers instantaneously using shared Virtual Disks.

This is quite agnostic – and can be purchased and deployed with other VDI solutions such as Citrix XenDesktop.

VMware User Environment Manager Enterprise This is used to manage user’s Windows Profile – the users environmental and application settings.  The Windows profile is notoriously large and unreliable, especially in a roaming context.  UEM provides a means to streamline and centrally manage the Windows profile, so improving log on times and reliability.

As with App Volumes, this too can be purchased and used outside of Horizon – including with physical devices.  In this context, its central management of settings is particularly useful.

If you’re using Standard or Advanced, the View part of Horizon includes the older Persona Manager product.  This uses a compressed version of the Windows Profile to speed up the delivery of Roaming Profiles to virtual desktops.

VMware Mirage AdvancedEnterprise This provides a layered-image based desktop management solution. Although it can be used in Virtual Machines, it is primarily aimed at the management of physical Windows PCs in a corporate environment.

Its abilities include in place operating system upgrades and the delivery of sets of applications that are layered on top of the base image.  This makes it quite attractive for Windows XP/Vista migrations for example.

VMware FLEX is based on VMware Mirage, combining its technology with that of VMware’s desktop hypervisors – Workstation (for PC) and Fusion (for Apple Mac) – to deliver centrally managed, encrypted offline Virtual Desktops.  This is predominantly intended for BYOD or field staff who require a corporate desktop in a roaming context where connectivity to Horizon might be difficult.  It’s not part of the Horizon Suite and is sold separately.

*the components you’re entitled to depends on the level of licensing you’ve purchased

The Horizon Suite also includes VMware vSphere for Desktops.  This is functionally equivalent to Enterprise Plus in terms of features, but is licensed per desktop.  The idea is that this is used to host the published desktops while the Horizon infrastructure servers are hosted in the corporate server estate.

How it all hangs together…

The following diagram shows how the platform holds together as a single site solution.  This is a somewhat simplified example with no resilient components, firewalls and load balancers and concentrates on Internet based access. image

We can see how our user initially connects from their device to Identity Manager.  The user’s device and location can define how they authenticate – for example, access from the outside might need Two Factor Authentication, whereas an internal user might just need an Active Directory Used ID or password.

Once authenticated, the user can see the applications they are entitled to.  Let’s first look at a Cloud based application such as SalesForce.  If the user selects this, Identity Manager (having already been configured with a SAML relationship to Salesforce), passes the user authentication as a token to the user’s browser accessing the Salesforce application – without them needing to log on a second time.

When considering an application or desktop presented by Horizon View, the request is passed to the Connection Servers.  These will initiate a session to an available desktop (either VDI or RDSH, depending on what is requested) – in the case of VDI desktops, these can be provisioned as Linked Clones using Composer.

As the VDI session is logged on, the App Volumes Agent detects the credentials and App Volumes mounts an entitled AppStack containing the application required.  The user’s Windows Profile is provided via UEM.  For internet-based users, the View session is tunnelled out via the Security Server/Appliance in the DMZ.  Internal users connect directly to their session (though this can be configured to tunnel via the Connection server).

ThinApp packaged applications may well be deployed to the Horizon desktop (possibly inside the App Volumes AppStack), but as an alternative, if the Workspace ONE client is installed, Identity Manager can stream a selected entitled package directly to the user’s Windows laptop/desktop, straight from the Identity Manager Portal (this isn’t shown above).

Alternatively, VMware Horizon Mirage can be used to manage and protect our PCs, whether within the network or outside (via the security gateway in the DMZ).

Closing Thoughts

The Horizon suite has quite a few elements, each delivering different pieces of the puzzle – even in a basic configuration.  However, in concert, the solution is quite seamless to the end user.  The single point of access and authentication becomes Identity Manager, with this presenting all the entitlements desired through a single pane of glass.

 

If you’d like to learn more about VMware Horizon and how to use it to deliver applications to end users, please contact us and we’d be happy to use our wealth of knowledge and experience to assist you.

About the Author

Curtis Brown joined the Xtravirt consulting team in October 2012. His specialist areas include End User Compute solutions and Virtual Infrastructure design and implementation with particular strength in VDI, storage integration, backup and Disaster Recovery design/implementation. He is a VMware vExpert 2017.

desktop horizon view vdi VDM vmware vsphere xtraCBrown

See more posts like this on Tumblr

#desktop #horizon #view #vdi #VDM #vmware #vsphere #xtraCBrown