In order to deliver virtual desktops to end users, a Horizon environment requires multiple components working together in concert. Most of the components that Horizon relies upon are VMware products, but some of the components, such as the database and Active Directory, are 3rd-party products.
The smallest Horizon environment only requires four components to serve virtual desktops to end users: ESXi, vCenter, a View Connection Server, and Active Directory. The hardware for this type of environment doesn’t need to be anything special, and one server with direct attached storage and enough RAM could support a few users.
All Horizon environments, from the simple one above to a complex multi-site Cloud Pod environment, are built on this foundation. The core of this foundation is the View Connection Server.
Connection Servers are the broker for the environment. They handle desktop provisioning, user authentication and access. They also manage connections to multi-user desktops and published applications. Connection Servers also manage the
There are four types of Connection Server roles, and all four roles have the same requirements. These roles are:
- Standard Connection Server – The first Connection Server installed in the environment.
- Replica Connection Server – Additional Connection Servers that replicate from the standard connection server
- Security Server – A stripped down version of the Connection Server, designed to sit in the DMZ and proxy traffic to the Connection Servers. A Security Server must be “paired” with a Connection Server.
- Enrollment Server – A new role introduced in Horizon 7. The Enrollment Server is used to facilitate the new True SSO feature.
The requirements for a Connection Server are:
- 1 CPU, 4 vCPUs recommended
- Minimum 4GB RAM, 10GB recommended if 50 or more users are connecting
- Windows Server 2008 R2 or Windows Server 2012 R2
- Joined to an Active Directory domain
- Static IP Address
Note: The requirements for the Security Server and Enrollment Server are the same as the requirements for Connection Server. Security Servers do not need to be joined to an Active Directory domain.
Aside from the latest version of the View Connection Server, the requirements are:
ESXi – ESXi is required for hosting the virtual machine The versions of ESXi that are supported by Horizon 7 can be found in the VMware compatibility matrix. ESXi 5.0 Update 1 and newer, excluding ESXi 5.5 vanilla, are currently supported. However, ESXi 6.0 Update 1 and newer are required for Instant Clones.
vCenter Server – The versions of vCenter that are supported by Horizon 7 can be found in the VMware compatibility matrix. vCenter Server 5.0 Update 1 and newer, excluding vCenter 5.5 vanilla, are currently supported, and vCenter 6.0 Update 1 and newer are required to support Instant Clones. The vCenter Server Appliance and the Windows vCenter Server application are supported.
Active Directory – An Active Directory environment is required to handle user authentication to virtual desktops, and the domain must be set to at least the Server 2008 functional level. Group Policy is used for configuring parts of the environment, including desktop settings, roaming profiles, user data redirection, UEM, and the remoting protocol.
Horizon View has a lot of features, and many of those features require additional components to take advantage of them. These components add options like secure remote access, profile management, and linked-clone desktops.
Secure Remote Access – There are a couple of options for providing secure remote access to virtual desktops and published applications. Traditionally, remote access has been provided by the Horizon Security Server. The Security Server is a stripped down version of the connection server that is designed to be deployed into a DMZ. It also requires each server to be paired with a Connection Server.
There are two other remote access options. The first is the Horizon Access Point. The access point comes from the Horizon Air platform, and it was introduced in the on-premises solution in Horizon 6.2.2. The Access Point is a hardened Linux appliance that is designed to be managed like a cloud appliance, and it serves the same function as the Security Server. Unlike the Security Server, the Access Point does not need to be paired with a Connection Server.
Both the Security Server and the Access Point can be load balanced for high availability.
The other remote access option is the Horizon proxy built into the F5 APM module. The APM module combines load balancing and rule-based secure remote access. It can also replace the portal feature in vIDM.
Linked-Clone Desktops – Linked Clones are virtual machines that share a set of parent disks. They are ideal for some virtual desktop environments because they can provide a large number of desktops without having to invest in new storage technologies, and they can reduce the amount of work that IT needs to do to maintain the environment. Linked Clones are enabled by Horizon Composer.
The requirements for Horizon Composer are:
- 2 vCPUs, 4 vCPUs recommended
- 4 GB RAM, 8GB required for deployments of 50 or more desktops
- Windows Server 2008 R2 or Server 2012 R2
- Database server – supported databases include Oracle and Microsoft SQL Server. Please check the compatibility matrix for specific versions and service packs.
- Static IP Address
Horizon Composer also requires a database. The database requirements can be found in the VMware Product Interoperability Matrix. The current requirements include SQL Server 2014 (RTM and SP1), SQL Server 2012 (SP2) and Oracle 12c Release 1.
Networking Requirements – Horizon requires a number of ports to be opened to allow the various components of the infrastructure to communicate. The best source for showing all of the ports required by the various components is the VMware Horizon 7 Network Ports diagram. It’s available in PDF format from here.
Other Components: The Horizon Suite includes a number of tools to provide administrators with a full-fledged ecosystem for managing their virtual end-user computing environments. These tools are App Volumes, User Environment Manager, VMware Identity Manager (vIDM), and vRealize Operations for Horizon. The requirements for these tools will be covered in their respective sections.