VMworld 2017 is just around the corner.  The premier virtualization conference will be returning to the Mandalay Bay convention center in Las Vegas at the end of August. 

There is one major addition to the EUC content at VMworld this year.  VMware has decided to move the Airwatch Connect conference, which cover’s VMware’s offerings in the mobility management space, from Atlanta and colocate it with VMworld.  So not only do attendees interested in EUC get great expert content on VMware’s Horizon solutions, they’ll get more content on Airwatch, mobility management, identity management, and IoT as well.

My top 10 EUC sessions for 2017 are:

1. ADV1594BU – Beyond the Marketing: VMware Horizon 7.1 Instant Clones Deep Dive – This session, by Jim Yanik and Oswald Chen, is a technical deep dive into how Instant Clone desktops work.  This updated session will cover new features that have been added to Instant Clones since they were released in Horizon 7.  I’m often wary of “deep dive sessions,” but I’ve seen Jim give a similar presentation at various events and he does a great job talking through the Instant Clone technology in a way that all skill levels can understand it.  If you’re interested in VMware EUC, this is the one session you must attend as this technology will be relevant for years to come. 
2. ADV1609BU – Deliver Any App, Any Desktop, Anywhere in the World Using VMware Blast Extreme – Blast Extreme is VMware’s new protocol that was officially introduced in Horizon 7.  Pat Lee and Ramu Panayappan will provide a deep dive into Blast Extreme.  Pat does a good job talking about Blast Extreme and how it works, and attendees will definitely walk away having learned something.
3. ADV1681GU/ADV1607BU – Delivering 3D graphics desktops and applications in the real world with VMware Horizon, BEAT and NVIDIA GRID – VMware’s Kiran Rao and NVIDIA’s Luke Wignall talk about how Blast Extreme utilizes NVIDIA GPUs to provide a better user experience in End-User Computing environments.  This session was actually listed twice in the Content Catalog, so don’t worry if you miss one.
4. ADV1583BU – Delivering Skype for Business with VMware Horizon: All You Need to Know – Official support for Skype for Business GA’d with Horizon 7.2.  This session will dive into how that the new Skype for Business plugin works to provide a better telephony experience in EUC environments.
5. ADV3370BUS – DeX Solutions: How Samsung and VMware are Pioneering Digital Transformation – Samsung DeX is a new cell phone from Samsung that, when placed in a dock, can utilize a keyboard, mouse, and monitor to act as a virtual thin client endpoint while still having all the capabilities of a phone.  DeX has the potential to revolutionize how businesses provide endpoints and cellular phones to users.
6. ADV1655GU – CTOs perspective on the Workspace 2020 and beyond: time to act now! – End-User Computing expert and technology evangelist Ruben Spruijt talks about the future of the end-user workspace and strategies on how to implement next-generation workspace technology.
7. UEM1359BU – Best Practices in Migrating Windows 7 to Windows 10 – Windows 10 migrations are a hot topic, and almost every business will need a Windows 10 strategy.  This session will explore the best practices for migrating to Windows 10 in any type of organization.
8. SAAM1684GU – Ask the Experts: How to Enable Secure Access from Personal/BYO Devices and All Types of Users with Workspace ONE – How do you enable secure remote access to company resources while allowing employees, contractors, and other types of workers to use their personal devices?  This group discussion will cover best practices for using VMware Workspace ONE to provide various levels of secure access to company resources from personal devices based on various context settings.  Unlike most sessions, this is a group discussion.  There are very few slides, and most of the session time will be devoted to allowing attendees to ask questions to the discussion leaders.
9. ADV1588BU – Architecting Horizon 7 and Horizon Apps – A successful EUC environment starts with a solid architecture.  This session covers how to architect an integrated Horizon environment consisting of all components of the Horizon Suite. 
10. vBrownbag TechTalks on EUC – There are three community driven vBrownbag Tech Talks focusing on EUC led by EUC Champions.  These talks are:
1. GPU-Enabled Linux VDI by Tony Foster – Tony will cover how to build GPU-enabled Linux virtual desktops in Horizon and some of the pain points he encountered while implementing this solution at a customer.
2. Windows 10 and VDI – Better Come Prepared – Rob Beekmans and Sven Huisman will cover lessons they’ve learned while implementing Windows 10 in VDI environments.
3. Leveraging User Environment Manager to Remove GPOs – Nigel Hickey will cover how to use VMware UEM as a Group Policy replacement tool.
11. ADV1605PU – Ask the Experts: Practical Tips and Tricks to Help You Succeed in EUC – So this top 10 list will actually have 11 entries, and this one is a bit of shameless self-promotion.  This session is s a repeat of last year’s EUC champions session featuring Earl Gay, VCDX Johan van Amersfoot, moderator Matt Heldstab, and I.  We’re answering your questions about EUC based on our experiences in the trenches.  Last year, we also had some prizes. 

Bonus Session

There is one bonus session that you must put on your schedule.  It’s not EUC-related, but it is put on by two of the smartest people in the business today.  They were also two of my VCDX mentors.  The session is Upgrading to vSphere 6.5 the VCDX Way [SER2318BU] by Rebecca Fitzhugh and Melissa Palmer.  You should seriously check this session out as they’ll provide a roadmap to take your environment up to vSphere 6.5. 

One of the areas where Horizon 6.2 has a lot of improvements is in the User Experience category.  The new version adds new features as well as brings a few older features out of tech preview.

Client Drive Redirection for VDI and RDSH

Client Drive redirection for Windows was in Tech Preview in Horizon 6.1.1.  It officially comes out of Tech Preview in Horizon 6.2, and it is now supported on both Windows and Mac clients.  It is also available as a tech preview for Linux clients.

This feature, when installed on the virtual desktop, allows users to remotely access files and data that might have stored on their local PC.  It utilizes compression and encryption when transferring files from the endpoint into the virtual desktop or server. 

Windows 10 Support

Although Windows 10 was officially supported on vSphere 6 on Day 1, it wasn’t supported in Horizon.  Virtual desktops built on Windows 10 would work, but there limits to what you could do, and other components of the Horizon Suite were not designed to work with or support it.

Horizon 6.2 has full support for Windows 10.  The Horizon Agent and Client are supported.  This includes Smart Card authentication support.

Windows 10 is only supported when running ESXi 5.5 Update 3 or ESXi 6.0 Update 1.

File Type Associations for Published Apps

There are times when I may want to allow a user to launch an application or work with files without installing the required applications on their machines.  In these cases, the user would then have to log into Horizon, launch the application, and then navigate to the network location where the file was stored.

But what if I could register a file handler in Windows that would allow me to double click on that file and have it launch the remote application automatically?  Horizon 6.2 now adds this capability.

In order to improve the user experience when opening files remotely, a data compression algorithm is utilized when transferring the files up to the remote host.  This transfer is also protected with SHA 256 encryption for when clients are remotely accessing the remote application over the Internet.

Mac OSX and IOS Support

Horizon Client 3.5 will be supported on OSX 10.11 and IOS 9.

Biometric Authentication

The Horizon Client for IOS will support biometric authentication.  This feature will allow users to store their credentials in Keychain and utilize their fingerprints to sign into their virtual desktops or published applications.  Administrators can also define polices for who can use this feature from with the Horizon Administrator console.

This feature is only supported with Horizon 6.2 when using Horizon Client 3.5.  The mobile device must also be running IOS 8 or IOS 9.

3D graphics are becoming increasingly important in virtual desktop environments.  While a number of high-end applications and use cases, such as CAD and medical imaging, require 3D graphics, modern applications are increasingly turning to the GPU to offload some processing.  These days, most web browsers, Microsoft Office, and even Windows are utilizing the GPU to assist with rendering and other tasks.

VMware has been slowly adding 3D support to Horizon.  Initially, this was limited to dedicating GPUs to a virtual machine or sharing the GPU through hypervisor-level components.  Horizon 6.1 added  NVIDIA’s vGPU to provide better shared GPU access.

Horizon 6.2 includes a significant number of improvements to virtual 3D acceleration.  In fact, most of the improvements are in this category.

NVIDIA GRID 2.0

NVIDIA announced the next generation of GRID on Sunday afternoon.  For more information, see my write-up on it here.

vDGA for AMD GPUs

AMD/ATI graphics cards were supported on virtual desktops in vSphere 5.x and Horizon 5.x.  This did not carry over to Horizon 6.  AMD support has been reintroduced in Horizon 6.2 for vDGA.

3D Support for RDS Hosted Applications

RDS desktops and published applications will now support both vDGA and vGPU when utilizing supported NVIDIA graphics cards.  3D acceleration is supported on RDSH servers running Windows Server 2008 R2 and Windows Server 2012.

Linux Desktop vSGA and vGPU Support

When Linux desktops were introduced in Horizon 6.1.1, they only supported vDGA for 3D graphics.  This limited Linux to a few specific use cases.

Horizon 6.2 adds significant support for 3D acceleration.  Both vSGA and vGPU are now available when utilizing supported NVIDIA graphics cards.

Linux desktops with vGPU will be able to utilize OpenGL 2.1, 3.x, and 4.x, while desktops with vSGA will be limited to OpenGL 2.1.

4K Resolution Support

4K content is extremely high resolution content, and more 4K content will appear as the displays start to come down in price.  These displays, which have a resolution of 3840×2160, are useful in situations where high resolution imaging is needed.

Horizon 6.2 will support in-guest resolutions up to 3840×2160.  In order to achieve this, Horizon Agent 6.2 is needed in the guest, and the client must be connecting with Horizon Client 3.5.

The guest operating system must be running Windows.  A Windows 7 virtual desktop can support up to three 4K monitors when running on a VM with HW version 11 and with Aero disabled.  Windows 7 machines with Aero enabled, or Windows 8 desktops running on HW version 10 can support a single 4K monitor.

Please note that this is for in-guest display resolutions.  Clients that have a 4K display with High DPI scaling are not supported at this time.

Publishing applications from RDSH servers was one of the big additions to Horizon 6.0.  Horizon 6.2 greatly expands on this feature set, and it offers many new capabilities under the covers to improve the management of the environment.

Cloud Pod Support for Applications

Horizon’s Cloud Pod for multi-datacenter architectures has been expanded to include support for RDSH-published applications.  Users can now be entitled to an application once and access them across Horizon pods and/or datacenters. 

Enhanced RDSH Load Balancing

The load balancing and user placement algorithms have been enhanced in Horizon 6.2 to ensure that users do not get placed on an already overloaded server.  There are two main improvements that enable this:

1. The load balancing algorithm utilizes Perfmon counters to determine which hosts are optimal for starting new sessions.  The View agent runs a script to collect system performance data, and it reports back to the connection servers with a recommendation based on the system’s current performance.  A server placement order is calculated based on the data that the View Agents return.

2. Application anti-affinity rules will look at the number instances of an application that is running on an RDSH host.  If the number of a particular application is higher than a predefined value, user connections will be directed to another host.  Application anti-affinity rules process after the server placement order has been determined.

There are a couple of things to be aware of with the new load balancing algorithms.  First, they only apply to new sessions, so if a user already has a session on an RDSH server, they will be reconnected to that session and be able to launch any application, even if it violates an anti-affinity rule.

Application anti-affinity rules also do not apply to RDSH desktop sessions.

Linked-Clone Support and Horizon Composer for RDSH

If you had wanted to build an RDSH Farm for Horizon 6.0, you would have had to build, deploy, and manage each server manually.  There was no built-in way for managing server images or server updates.  This could also be an inefficient use of storage.

Horizon 6.2 changes this.  Composer now supports linked-clone RDSH servers.  This brings the benefits of linked-clone desktops, such as automated pool builds, single image management, and system and application consistency, to server-based computing.

In order to set up and run VMware Horizon, you need to have a vSphere infrastructure and Windows VMs to run the server components.  Horizon 6.2

Horizon Access Point

One of the challenges of deploying Horizon is that, in order to provide external access, you need to deploy Windows machines into your network’s DMZ.  These servers, called Security Servers, run a subset of the Connection Broker that proxies or tunnels PCOIP, Blast, and RDP connections into your environment.

Horizon Security Servers have their limitations, though.  To start with, they are usually not joined to an Active Directory domain, so they cannot be configured or managed with the Group Policies that manage the rest of your infrastructure.  Because these servers live in the DMZ, they also need to be patched frequently and secured.

Security Servers are also paired directly with a Connection Server.  If the Connection Server is not available, users who connect with that particular security server would not be able to authenticate or connect to a desktop.  This also limits the number of servers you can deploy to a maximum of seven. 

Horizon 6.2 will now include a new method of providing remote access called the Access Point.  The Access Point is a locked-down virtual appliance built on SUSE Linux Enterprise Edition 11 that has feature parity with the Security Server.  It allows you to remove Windows VMs from your DMZ, and it does not need to be paired with a Connection Server, so you can scale out your external access without having to add additional connection servers.

The Access Point will not be dedicated to Horizon View.  It is designed to work with all components of the Horizon Suite – reducing the number of external access components that you need to manage.

One-Way Trust Support

If you work in a multi-domain or federated environment, Horizon View required a two-way trust between domains or forests in order to authenticate and entitle users.

There are a number of environments where two-way trusts aren’t feasible.  Think about companies that routinely undergo mergers, acquisitions, or divestitures.  They have use cases for virtual desktop environments, but a two-way trust between Active Directory environments would pose security and integration challenges.

Horizon 6.2 takes a step towards resolving this by adding support for 1-way Active Directory trusts.  Users and groups from external (trusted) domains can now be granted access to Horizon desktops without having to create a full two-way trust.

In order to fully support one-way forest trusts, Horizon will need to utilize a service account with permissions to authenticate against the trusted domain.  This account is stored in the Horizon LDAP database, and all of its credentials are encrypted.

Secondary credentials are managed by using the vdmadmin command line tool that is installed on Connection Servers.

vSphere 6 Update 1 Support

Horizon 6.2 will support vSphere 6 Update 1 on Day 1.

FIPS and Common Criteria Certification

The US Federal Government has a number of criteria that IT products must meet.  These include things like IPv6 compatibility, FIPS cryptographic support, and Common Criteria certification.

Horizon 6.1 introduced support for IPv6.  Horizon 6.2 expands upon this with support for FIPS on all Horizon Windows components.  FIPS will also be supported in Horizon Client 3.5 for Windows.

FIPS mode is optional, and it can be enabled if it is required.

VMware will also be submitting Horizon 6.2 for Common Criteria certification, and this testing is currently in process.  It should be completed sometime in 2016.

Enhanced License Console

The license console in previous versions of Horizon was not very detailed.  It would give you the current number of active users with a breakdown by virtual machine type.

Horizon 6.2 overhauls the licensing console on the Admin page.  The new licensing console shows part of the key that is in use along with the number of concurrent connections and unique named users that have logged in.