Scribd
Upload
334 views82 pages

IE-Lab-VMware VDI V.01

Uploaded by

Freedom Yenesew
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
334 views82 pages

IE-Lab-VMware VDI V.01

Uploaded by

Freedom Yenesew
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 82

Lab Deployment of Master VMware VDI Implementation

Low Level Design

Type of Document:

LOW LEVEL DESIGN

Client Name:

Prepared by:

IE NETWORK SOLUTIONS PLC

Version:

0.1
IE-VMware VDI LLD document

Table of Contents
1. Introduction..............................................................................................................................4

1.1. Document Purpose...........................................................................................................4

1.2. Intended Audience............................................................................................................4

1.3. Scope.................................................................................................................................4

2. VMware Horizon and VDI Over View.......................................................................................4

2.1. Horizon Architecture............................................................................................................6

2.2. Architectural Overview........................................................................................................6

2.3. Components..........................................................................................................................8

3. Installing and Configuring VMWare Horizon 7........................................................................11

3.1. Pre-requisites for VMWare Horizon installation and configuration..................................12

3.2. Installing and Configuring Horizon Composer..................................................................12

3.2.1. Create SQL local server authentication (sa) account...................................................12

3.2.2. Create SQL database....................................................................................................13

3.2.3. Set VM Options for Composer Server.........................................................................15

3.2.4. Create SQL DB ODBC Connection............................................................................15

3.2.5. Installing Composer.....................................................................................................20

3.3. Horizon Connection server.................................................................................................26

3.3.1. VMWare Horizon Connection server installation.......................................................26

3.3.2. Installing second horizon connection server................................................................32

3.4. Configuring Horizon 7........................................................................................................33

3.4.1. Adding admin groups..................................................................................................34

3.4.2. Licensing Horizon.......................................................................................................38

3.4.3. Adding vCenter and connection server........................................................................39

Confidential© 2021
IE-VMware VDI LLD document

3.5. Creating Linked Clone Desktop Pool (Composer).............................................................46

3.5.1. Horizon Agent installation on Windows 10................................................................46

3.5.2. Linked Clone Desktop Pool Creation..........................................................................50

3.5.3. Creating Instant Clone Desktop Pool..........................................................................59

3.6. Horizon Agent installation on Windows 10.......................................................................59

3.6.1. Add Instant clone domain................................................................................................60

3.6.2. Creating instant clone pool..............................................................................................61

3.7. Testing Horizon from Client...............................................................................................67

4. References..................................................................................................................................69

Confidential© 2021
IE-VMware VDI LLD document

1. Introduction
1.1. Document Purpose
IE Network Solution PLC prepares this document for the lab deployment of master VMware-
VDI implementation. This document will be referenced by all the technical team of IE Network
solutions. The objective of this LLD document is the detail explanation of the VMware Virtual
Desktop infrastructure that is implemented in IE-LAB environment.

1.2. Intended Audience


For security and intellectual reasons, this document is prepared to be reviewed only by members
of the technical and management teams of IE Network Solutions plc. Any other party should get
formal permissions from IE Networks, before viewing the contents of this document.

1.3. Scope
The scope of this document will be to detail the Low-level design of deployment of Master
VMware VDI Implementation.

2. VMware Horizon and VDI Over View


VMware Horizon is a modern platform for secure delivery of virtual desktops and apps across
the hybrid cloud, from the market leader in software-defined data center and digital workspaces.
By leveraging unique integration with trusted VMware technology, Horizon helps IT efficiently
deploy and scale virtual desktops and apps from a single control plane with rapid provisioning,
automation, and simplified management to extend the best digital workspace experience to end
users.

Confidential© 2021
IE-VMware VDI LLD document

 Client Devices: laptop, PC, thin client device, Mac, tablet or phone.


 Horizon Connection Server: software service that acts as a broker for client
connections. It authenticates users through Windows Active Directory and directs the
request to the appropriate virtual machine, physical PC, or Microsoft RDS host.
 Horizon Client: the client software for accessing remote desktops and applications.
 VMware Horizon User Web Portal: from a Web browser on a client device, end users
can connect to remote desktops and applications through the browser, automatically start
Horizon Client, or download the Horizon Client installer.
 Horizon Agent: an installed service on all virtual machines, physical systems, and
Microsoft RDS hosts that you use as sources for remote desktops and applications. It
communicates with Horizon Client to provide features such as connection monitoring,
virtual printing, Horizon Persona Management, and access to locally connected USB
devices.
 Horizon Administrator: Web-based application that allows administrators to configure
Horizon Connection Server, deploy and manage remote desktops and applications,
control user authentication, and troubleshoot end-user issues.

Confidential© 2021
IE-VMware VDI LLD document

 View Composer: service that can create a pool of linked clones from a specified parent
virtual machine.
 vCenter Server: this service acts as a central administrator for VMware ESXi servers
that are connected on a network. vCenter Server provides the central point for
configuring, provisioning, and managing virtual machines in the data center.

2.1. Horizon Architecture


VMware Horizon® is a platform for managing and delivering virtualized or hosted desktops and
applications to end users. Horizon allows you to create and broker connections to Windows
virtual desktops, Linux virtual desktops, Remote Desktop Server (RDS)–hosted applications and
desktops, Linux-hosted applications, and Windows physical machines.

Although Horizon Cloud delivers the same resources as Horizon, it uses a different architecture
than is being discussed in this chapter and runs natively on Azure. The architecture of Horizon
Cloud on Microsoft Azure is covered separately in Horizon Cloud on Microsoft Azure
Architecture.

Table 1: Horizon Environment Setup Strategy

Decision A Horizon deployment was designed, deployed, and integrated with the VMware
Workspace ONE® platform.

The environment was designed to be capable of scaling to 8,000 concurrent


connections for users.

Justificatio This strategy allowed the design, deployment, and integration to be validated and
n documented.
 

2.2. Architectural Overview


The core components of Horizon include a VMware Horizon® Client™ authenticating to a
Connection Server, which brokers connections to virtual desktops and apps. The Horizon Client
then forms a protocol session connection to a Horizon Agent running in a virtual desktop, RDSH
server, or physical machine. The protocol session can also be configured to be tunneled via the
Connection Server, although this is not generally recommended as it makes the ongoing session
dependent on the Connection Server.

Confidential© 2021
IE-VMware VDI LLD document

Figure: Horizon Core Components

External access includes the use of VMware Unified Access Gateway™ to provide secure edge
services. The Horizon Client authenticates to a Connection Server through the Unified Access
Gateway. The Horizon Client then forms a protocol session connection, through the gateway
service on the Unified Access Gateway, to a Horizon Agent running in a virtual desktop or
RDSH server. This process is covered in more detail in External Access.

Figure: Horizon Core Components for External Access

2.3. Components
The following figure shows the high-level logical architecture of the Horizon components with
other Horizon components shown for illustrative purposes.

Confidential© 2021
IE-VMware VDI LLD document

Figure 3: Horizon Logical Components

The components and features of Horizon are described in the following table.

Table 2: Components of Horizon

Component Description
Connection The Horizon Connection Server securely brokers and connects users to the Horizon
Server Agent that has been installed in the desktops and RDS Hosts.

The Connection Server authenticates users through Active Directory and directs the
request to the appropriate and entitled resource.
Horizon Agent The Horizon Agent is installed on the guest OS of target VM or system. This agent
allows the machine to be managed by Connection Servers and allows a Horizon
Client to form a protocol session to the machine.

Machines can be virtual desktops, Remote Desktop Session Hosts (RDS Host),
physical desktops PCs.
Horizon Client The Horizon Client is installed on a client device to access a Horizon-managed
system that has the Horizon Agent installed.

You can optionally use a web browser as an HTML client for devices on which
installing client software is not possible.
Unified Access VMware Unified Access Gateway is a virtual appliance that enables secure remote
Gateway access from an external network to a variety of internal resources, including
Horizon-managed resources.

Confidential© 2021
IE-VMware VDI LLD document

Component Description
When providing access to internal resources, Unified Access Gateway can be
deployed within the corporate DMZ or internal network, and acts as a reverse proxy
host for connections to your company’s resources. Unified Access Gateway directs
authenticated requests to the appropriate resource and discards any unauthenticated
requests. It also can perform the authentication itself, leveraging an additional layer
of authentication when enabled.
Horizon Console A web application that is part of the Connection Server, allowing administrators to
configure the server, deploy and manage desktops, control user authentication,
initiate and examine system and user events, carry out end-user support, and
perform analytical activities.
VMware Instant VMware technology that provides single-image management with automation
Clone capabilities. You can rapidly create automated pools or farms of instant-clone
Technology desktops or RDSH servers from a golden image VM.

The technology reduces storage costs and streamlines desktop management by


enabling easy updating and patching of hundreds or thousands of images from the
golden image VM.
RDSH servers Microsoft Windows Servers that provide published applications and session-based
remote desktops to end users.
Enrollment Server that delivers True SSO functionality by ensuring a user can single-sign-on to
Server a Horizon resource when launched from Workspace ONE Access™, or through
Unified Access Gateway, regardless of the authentication method.

Horizon Cloud The Horizon Cloud Connector is required to use with Horizon subscription licenses,
Connector services and management features hosted in the Horizon Cloud Service.

The Horizon Cloud Connector is a virtual appliance that connects a Connection


Server in a pod with the Horizon Cloud Service.
vSphere The vSphere product family includes VMware ESXi™ and VMware vCenter
Server®, and it is designed for building and managing virtual infrastructures. The
vCenter Server system provides key administrative and operational functions, such
as provisioning, cloning, and VM management features, which are essential for
VDI.
From a data center perspective, several components and servers must be deployed to create a
functioning Horizon environment to deliver the desired services.

Confidential© 2021
IE-VMware VDI LLD document

Figure: Horizon Logical Architecture

In addition to the core components and features, other products can be used in a Horizon
deployment to enhance and optimize the overall solution:

 Workspace ONE Access – Provides enterprise single sign-on (SSO), securing and
simplifying access to apps with the included identity provider or by integrating with
existing identity providers. It provides application provisioning, a self-service catalog,
conditional access controls, and SSO for SaaS, web, cloud, and native mobile
applications.
 App Volumes Manager – Orchestrates application delivery by managing assignments of
application volumes (packages and writable volumes) to users, groups, and target
computers.

Confidential© 2021
IE-VMware VDI LLD document

 Dynamic Environment Manager – Provides profile management by capturing user


settings for the operating system and applications.
 VMware vSAN™ storage – Delivers high-performance, flash-optimized, hyper-
converged storage using server-attached flash devices or hard disks to provide a flash-
optimized, highly resilient, shared data store.
 VMware NSX-T Data Center – Provides network-based services such as security,
virtualized networking, routing, and switching in a single platform. With micro-
segmentation, you can set application-level security policies based on groupings of
individual workloads, and you can isolate each virtual desktop from all other desktops as
well as protecting the Horizon management servers.
 Microsoft SQL Servers – Microsoft SQL database servers are used to host event
databases used by the Connection Servers.
 Note: VMware NSX-T Data Center is licensed separately from Horizon.

3. Installing and Configuring VMWare Horizon 7


Before we jump into pre-reqs and installation below will help us to understand the component
names:

 VMWare vCenter – vCenter Server allows you to automate and deliver a virtual


infrastructure
 VMWare ESXi – VMware ESXi is a bare metal hypervisor that installs easily on to your
server and partitions it into multiple virtual machines.
 VMWare Horizon Connection Server – This software service acts as a broker for
client connections.
 VMWare Horizon Composer -Horizon View Composer is a feature in Horizon
View that gives administrators the ability to manage pools of desktops that share a
common virtual disk.
 Horizon unified access gateway – Horizon deployments that need secure external access
uses unified gateway
 Horizon Agent – install Horizon Agent on virtual machines (VDI’s) so that Connection
Server can communicate with them.

Confidential© 2021
IE-VMware VDI LLD document

 Horizon Client – VMware Horizon Clients for Windows, Mac, iOS, Linux, Chrome and
Android allow you to connect to your VMware Horizon virtual desktop from your device
of choice.

3.1. Pre-requisites for VMWare Horizon installation and configuration


Below are the detailed pre-requisites

 vCenter 6.7/6.5 server with Cluster of ESXi hosts for VDI.


 Create 2 Windows server 2019/2016 for Horizon Connection servers.
 One windows 10 VM for Linked Clone VDI master image on vCenter server and place in
a VM folder.
 Another windows 10 VM for instant Clone VDI master image on vCenter server and
place in a VM folder.
 1 Windows server 2019/2016 for Horizon Composer server.
 All machines renamed and joined to domain.
 vCenter server reachable form Composer and connection servers (fqdn of vCenter)
 DHCP scope for Windows 10 VDI tested and working.
 Service account to install Horizon Connection server and composer (horizon_admin)
 SQL sa account admin to have access to Database for composer DN owner permissions.
 Login credentials of vCenter server with admin access.
 OU for VDI Creation and delegated permissions on domain to service account to create
& Delete computer objects.

3.2. Installing and Configuring Horizon Composer


3.2.1. Create SQL local server authentication (sa) account
Step 1: Login to SQL, Management Studio – Security – Logins – Add new login

Step 2: Create SQL local sa account as shown below. VMWare composer doesn’t support
domain accounts only sql local accounts are supported. (this has to be done manually on all sql
servers in cluster).

Confidential© 2021
IE-VMware VDI LLD document

3.2.2. Create SQL database


Step 3: Right click on databases – New Database

Confidential© 2021
IE-VMware VDI LLD document

Step 4: Provide new database name and click on owner and select the sa account created earlier.

Confidential© 2021
IE-VMware VDI LLD document

3.2.3. Set VM Options for Composer Server


Step 5: Shutdown the composer server VM and select Firmware as EFI and secure boot to
disable as shown below. start vm after that.

3.2.4. Create SQL DB ODBC Connection


Step 6: Login to the composer windows server and Click on windows admin tools – ODBC 64
bit

Confidential© 2021
IE-VMware VDI LLD document

Step 7: Run ODBC data sources 64 bit – system dsn – Click add

Confidential© 2021
IE-VMware VDI LLD document

Step 8: Select SQL

Confidential© 2021
IE-VMware VDI LLD document

Step 9: Provide a name and copy this DSN name in notepad, provide SQL server name and
instance name if you are not using default instance.

Confidential© 2021
IE-VMware VDI LLD document

Step 10: select SQL logins – provide sql user name and password and click next

Confidential© 2021
IE-VMware VDI LLD document

Step 11: Select the database created earlier and click next

Confidential© 2021
IE-VMware VDI LLD document

Step 12: Click finish

Confidential© 2021
IE-VMware VDI LLD document

Step 13: select test

Confidential© 2021
IE-VMware VDI LLD document

Step 14: tests should be successful.

Confidential© 2021
IE-VMware VDI LLD document

3.2.5. Installing Composer


Step 15: verify that you are logged in with valid domain service account.

Confidential© 2021
IE-VMware VDI LLD document

Step 16: Right click and run the composer exe as admin as shown below.

Confidential© 2021
IE-VMware VDI LLD document

Step 17: click next

Confidential© 2021
IE-VMware VDI LLD document

Step 18: accept the agreement and click next

Confidential© 2021
IE-VMware VDI LLD document

Step 19: click next

Confidential© 2021
IE-VMware VDI LLD document

Step 20: Domain accounts are not supported for SQL communication as shown below.

Confidential© 2021
IE-VMware VDI LLD document

Step 21: provide the DSN name created earlier – sql sa account name and password – click next

Step 22 : click next

Confidential© 2021
IE-VMware VDI LLD document

Step 23 : click install

Step 24: click finish once installation is completed.

Confidential© 2021
IE-VMware VDI LLD document

Step 25: click yes to reboot the VM.

3.3. Horizon Connection server


Now will start installing connection server and configure it.

Confidential© 2021
IE-VMware VDI LLD document

3.3.1. VMWare Horizon Connection server installation


Step 26:  Login to the connection server with service account – run the connection server exe as
admin.

Step 27: click next

Confidential© 2021
IE-VMware VDI LLD document

Step 28: accept and click next

Confidential© 2021
IE-VMware VDI LLD document

Step 29: click next

Confidential© 2021
IE-VMware VDI LLD document

Step 30: On primary connection server select standard server, select HTML access and ipv4.

Step 31: next

Confidential© 2021
IE-VMware VDI LLD document

Step 32: provide the recovery password and next

Step 33: configure firewall and click next

Confidential© 2021
IE-VMware VDI LLD document

Step 34: provide the service account and the horizon admin groups

Step 35: un select and click next

Confidential© 2021
IE-VMware VDI LLD document

Step 36 : click install

Step 37: click finish after installation.

Confidential© 2021
IE-VMware VDI LLD document

3.3.2. Installing second horizon connection server


Second server installation steps are very straight forward as primary except below two screens.
Login to second server and run exe as admin – next

Step 38: On second connection server select Replica server, select HTML access and ipv4.

Step 39: on second connection server provide the primary server fqdn and click next and finish.

Confidential© 2021
IE-VMware VDI LLD document

3.4. Configuring Horizon 7


Step 40: On the connection server – open browser (prefer IE or Firefox not chrome) –
https://ip/admin

Login with the service account or the admin account details given during installation. click html
5 and launch

Confidential© 2021
IE-VMware VDI LLD document

Confidential© 2021
IE-VMware VDI LLD document

Step 41: provide the login details and check sign in

Confidential© 2021
IE-VMware VDI LLD document

3.4.1. Adding admin groups


Step 42: Click on settings – administrators – add users and group

Step 43: click add

Confidential© 2021
IE-VMware VDI LLD document

Step 44: provide admin users group name – find and select – ok

Step 45: click next

Confidential© 2021
IE-VMware VDI LLD document

Step 46: select the permissions required and click next

Step 47: select root – finish

Confidential© 2021
IE-VMware VDI LLD document

Step 48: verify that its created.

Confidential© 2021
IE-VMware VDI LLD document

3.4.2. Licensing Horizon


Step 49: Click on settings – product licensing and usage – edit license and paste the license code.

Confidential© 2021
IE-VMware VDI LLD document

3.4.3. Adding vCenter and connection server.


Step 50: Click on Settings – Servers – vCenter Servers – Add

Step 51: Provide Server address, user name and password.

Confidential© 2021
IE-VMware VDI LLD document

Step 52: accept the certificate

Step 53 : Accept

Confidential© 2021
IE-VMware VDI LLD document

Step 54: Click on Standalone composer and provide the composer server details

Step 55:

Step 56: Click view certificate

Confidential© 2021
IE-VMware VDI LLD document

Step 57 : accept

Step 58: Click on add and add the ad domain

Confidential© 2021
IE-VMware VDI LLD document

Step 59: Provide domain name, user name and password.

Step 60: Add domain with service account as shown below.

Confidential© 2021
IE-VMware VDI LLD document

Step 61: next

Step 62: Submit

Confidential© 2021
IE-VMware VDI LLD document

Step 63: Review that vCenter is added.

Step 64: Review that connection server is showing up

Confidential© 2021
IE-VMware VDI LLD document

3.5. Creating Linked Clone Desktop Pool (Composer)


Note that in Horizon we can create two types of pools. Linked clone which uses composer to
provision VDI’s which saves the storage and Instant clone need Horizon Enterprise licenses and
uses only connection server, no composer required and its saves storage.

3.5.1. Horizon Agent installation on Windows 10


Windows 10 machine preparation:

Create a windows 10 master image.

 Use DHCP not static IP


 Join machine to domain
 Install all required apps.

Step 65: Login to windows 10 machine, install horizon agent as shown below – next

Confidential© 2021
IE-VMware VDI LLD document

Step 66: accept and click next

Confidential© 2021
IE-VMware VDI LLD document

Step 67: Select IPV4 and click next

Step 68: Make sure we select View Composer – next

Note: we cannot install both view composer and Instant clone part of the agent.

Confidential© 2021
IE-VMware VDI LLD document

Step 69: Click on install

Step 70: Click finish after install

Confidential© 2021
IE-VMware VDI LLD document

Step 71: reboot the VM.

Step 72 : Shutdown the VM after reboot and take snapshot.

Confidential© 2021
IE-VMware VDI LLD document

3.5.2. Linked Clone Desktop Pool Creation


As master image is ready will create the linked clone desktop pool and add users

Step 73: Click on inventory – Desktops – Add

Step 74: select automated as we don’t want static assignment.

Step 75: select View Composer linked Clones

Confidential© 2021
IE-VMware VDI LLD document

Step 76: Select Floating

Step 77: Provide disposable files disk size.

Confidential© 2021
IE-VMware VDI LLD document

Step 78: Next

Step 79: Provide Name and display name of VDI

Confidential© 2021
IE-VMware VDI LLD document

Step 80: Provide VDI naming convention vmw-vdi-{n:fixed=3}

Confidential© 2021
IE-VMware VDI LLD document

Step 81 : select master image – snapshot , folder , resource pool and data store details.

Step 82: next

Confidential© 2021
IE-VMware VDI LLD document

Step 83: Next

Step 84: next

Confidential© 2021
IE-VMware VDI LLD document

Step 85: select the domain and the OU for creating VDI machines names.

Step 86: click on entitle users and submit.

Confidential© 2021
IE-VMware VDI LLD document

Step 87: Click add

Step 88: provide user group to access these VDI’s and find

Confidential© 2021
IE-VMware VDI LLD document

Step 89: ok

Confidential© 2021
IE-VMware VDI LLD document

Step 90: Notice that VM’s are created in vCenter

Confidential© 2021
IE-VMware VDI LLD document

3.5.3. Creating Instant Clone Desktop Pool


Instant clone need Horizon Enterprise licenses and uses only connection server, no composer
required. This type of provisioning has its advantages and it takes more storage space.

3.6. Horizon Agent installation on Windows 10


Windows 10 machine preparation:

 Create a windows 10 master image.


 Use DHCP not static IP
 Join machine to domain
 Install all required apps.

Step 91: Login to windows 10 machine, install horizon agent by following defaults as above
except for below step.

For instant clone – un select view composer and select instant clone.

Step 92: Once installation is completed, reboot the VM – shut down and take snapshot as below.

Confidential© 2021
IE-VMware VDI LLD document

3.6.1. Add Instant clone domain


Step 93: Add Instant clone domain – Click on settings – Instant clone domains – add

Step 94: Provide the details and click ok.

Confidential© 2021
IE-VMware VDI LLD document

3.6.2. Creating instant clone pool


Step 95: Click on desktops – add – Click on instant clone and next

Step 96: floating

Confidential© 2021
IE-VMware VDI LLD document

Step 97: next

Step 98: provide name and display name (ID for admins and Display names for end users)

Confidential© 2021
IE-VMware VDI LLD document

Step 99: provide naming convention and next

Confidential© 2021
IE-VMware VDI LLD document

Step 100: Provide all details for Master image, snapshot and vCenter cluster details.

Confidential© 2021
IE-VMware VDI LLD document

Step 101: next

Step 102 : next

Confidential© 2021
IE-VMware VDI LLD document

Step 103:  select domain and OU

Step 104: click entitle and submit

Confidential© 2021
IE-VMware VDI LLD document

Step 105 : Click add and add the users group.

Step 106 : Once completed – VM’s will show in vCenter as shown below.

Confidential© 2021
IE-VMware VDI LLD document

3.7. Testing Horizon from Client


On the end user PC install Horizon client, reboot the machine

Step 107: Open Horizon agent on end user pc – click add server.

Confidential© 2021
IE-VMware VDI LLD document

Step 108: provide connection server url or LB URL.

Step 109: provide login details

Step 110: once logged in click on the VDI to launch

Confidential© 2021
IE-VMware VDI LLD document

4. References
1. https://techzone.vmware.com/resource/horizon-architecture#components

2. https://sivasankar.org/2019/2952/installing-and-configuring-vmware-horizon-7-x

3. https://www.carlstalhood.com/vmware-horizon-7-composer

4. https://www.carlstalhood.com/detailed-change-log

Confidential© 2021

You might also like