VMware VCA 1V0-701 – VCA-DBT – Horizon

1. Introduction to Horizon 7

So a traditional physical desktop deployment comes with some significant challenges. We’ve got physical computers deployed for each and every one of our employees and managing that many individual systems can really create some hardships. Like how do I manage my image for all of these physical desktops? How do I change that image do when I need to? How do I deploy new software easily. How do I deploy an upgraded operating system easily. How often do I need to actually replace all of those desktops? And what are the challenges that my staff faces when one of those physical desktops has a problem? Are we frequently deleting user profiles? Are we frequently sending staff out to replace physical desktops? Horizon can help eliminate many of those challenges by giving us a desktop virtualization solution. So rather than having a physical desktop at everybody’s desk, what we’ll have instead is some sort of client device.

Could be a thin client, it could be a zero client, it could be a software client running in Windows or Linux or Mac and then on our ESXi host that’s where the desktops will actually resign. Their desktops will run as virtual machines just like any other virtual machine on an ESXi host. And so now we’ve sort of brought those desktops into the data center and we’re unlocking a host of available features and in addition to all of these features we’ve got a very simple physical client at everybody’s desk. So if one of those clients were to break, we could simply have a spare client sitting there that they could unplug the old one, plug in the new one, and be back up and running it on a desktop that works exactly the same as the one that they were on before in a matter of moments, without deploying a helpdesk person. So how do we create their virtual desktops? Well, with desktop Virtualization there’s this concept called a golden image.

This is where you set up an image of exactly what you want your desktops to be like I have the operating system with the very latest patches and updates. I’ve got the base software installed, I’ve got all of my configuration settings, all of my optimization. I’ve gone ahead and tuned this operating system to run as efficiently as it possibly can and then I’ve created a whole bunch of desktops based on it. And then two months later, or a month later, or even a week later, when Windows updates come out, or there’s some new software that we want to bake into our golden image, we can create a new golden image, and we can use it to replace all of the desktops with a new version that encompasses all of those changes.

And if you compare this to the process of doing something like installing a new version of Office on a bunch of physical desktops, this saves you a lot of manpower and a lot of resources. The current version of Horizon View supports something called just in Time Management. So Just In Time Management sort of follows this workflow where a user logs in and what happens is they get something called an Instant Clone desktop. Instant Clones are one of the major features of Just In Time Management, basically meaning they don’t have a desktop just sitting around waiting for them, chewing up resources. Their desktop is created just in time. When they log in it takes about three to 5 seconds for a desktop to be created for them. And then as they log in app volumes are attached so they get a writeable volume that they can save their own persistent data to.

They get all of their applications attached to this desktop based on their identity. Some users will get some applications, other users will get other applications. That’s the other piece of the Just In Time Management platform is app volumes being able to attach those applications to their desktop at the moment that they log in. And then using something like User Environment Manager to apply their persona, to give them their Internet Explorer favorites, to give them their desktop documents, to give them their My Documents folder, to give them all the stuff, the registry settings and application settings that make up that user’s persona. Printers, drive mappings, application settings that’s all encompassed in User Environment Manager. And this is the third piece of Just In Time Management applying all of the appropriate configuration settings when the user logs in and then when the user logs out all of their persona updates are committed. Their desktop is destroyed when they log out and the next time they log in new desktop will be created, their app volumes will be reattached and their persona will be applied using UEM. So this overall approach ensures two things. Number one the user gets a very consistent experience every time they log in.

They get what appears to be the same desktop with all the same personalization and all the same applications. But number two, it’s extremely efficient. We know they’re getting a brand new, fresh, clean desktop every time they log in. That doesn’t have any major problems. We know that we’re not running desktops for them when they don’t need them. So we’re making the best possible use of our physical resources. And at the heart of this entire solution is the View connection server. So here’s my user, my user is sitting at a physical client and it’s the beginning of their workday and they go ahead and they log in and their client is going to connect to a connection server. So here in the middle of the screen you see the View connection server.

So as the user connects to my connection server they will be prompted for their credentials. And there are two reasons for this. Number one, of course our user needs to authenticate. We need to make sure that they’re actually a user. But number two, it’s going to determine which pools are exposed to this user. So if it’s an accounting user, they have no business getting a desktop that belongs to marketing. So we’ll use the View connection server to control entitlements which pools are available to which users. And so let’s assume that the user successfully authenticates against Active directory.

They are entitled to a desktop in the accounting pool. The View connection server then brokers that connection and connects the client to a virtual desktop. And then at that point, my user has successfully established a session between their physical client at their desktop and a virtual desktop running in my data center. And to the users it seems just as if they’re sitting in front of a physical PC. So that’s the heart and soul of View is the connection server. It acts as our connection broker, it does authentication, it does entitlement and it establishes those sessions between the clients and the desktops. And the other thing that it does is it gives us our administrative interface.

2. Horizon 7 Products and Features

And we’ll start with Horizon View. Horizon View, as we learned in the last lesson, is VMware’s desktop virtualization solution. It supports this just in time management platform, including features like Instant Clones where virtual desktops can be created within three to 5 seconds app volumes so that applications can be assigned to your virtual desktop as you log in. Based on your active directory security, group membership and also User Environment Manager, which allows us to manage user personas to make sure that things like the user’s desktop experience their favorites. Their My Documents folder are all provided to them at the time that they log in. Now, beyond View and Desktop virtualization, there are some other products in the Horizon Suite that you should be familiar with. So let’s start with workspace one. Horizon Workspace One is used to manage applications on tablets, smartphones or laptops and gives you a single user interface for both cloud Windows and mobile applications. So here’s how it works. The users have the ability to select whatever device they want. This is a great system for Bring Your Own Device and we will provide them a self service application catalog so that they can go in and simply select the applications that they need. And then we can control who has access to which applications. It supports single sign on and multifactor authentication as well. With Active Directory, it allows us to remotely monitor and manage all of those devices. So now I can handle things like application entitlement and management and monitoring of remote devices from a single unified platform called Workspace One.

So here you see the VMware product page for Workspace One and this will provide you a basic overview of what Workspace One can do, how you can simplify application access, It management and create a better employee experience. Workspace One gives you endpoint management, it gives you access management, it allows you to manage your applications and virtual desktops. And if we scroll down a little bit deeper into the Workspace One product page, you can see some of the features that it includes and how it can be used to control access management. And here we can see similar to a lot of the product pages with VMware, we have a comparison between the different licensing editions and we have pricing models laid out here for us as well. And if we scroll all the way down, we’re going to see our resources. So a few good resources if you want to learn more about Workspace One would be the Data Sheet and the FAQ. Those are really good starting points to kind of learn a little bit more about Workspace One and what it can possibly do for you.

So that’s some good resources to kind of help get you started. The next product I want to cover is Workspace One Identity Manager, which is going to provide us the identity management service for our mobile users. This allows them to do things like one touch access that will authenticate them to their applications using Biometrics. So that’s a great user experience. They can simply use their fingerprint and they are automatically authenticated to their applications. It controls access to software as a service applications centrally. So instead of having a bunch of different logins for a bunch of different software as a service applications, now we can control access to those SAS applications centrally. And we can even configure conditional access based on networks, security groups, and whether or not multifactor authentication is used.

And the final product that we’re going to talk about in our Horizon suite is Mirage. Mirage is used for image management, for physical desktops. So if you have a bunch of physical desktops out there, we can now do things like deliver applications without impacting user settings. We can do things like backup and restore by taking snapshots of the entire physical machine. And so Horizon Mirage really extends levels of manageability that we typically associate with virtual desktop. It extends some of those image management capabilities out to your physical desktops as well. So why would we consider using Mirage? And what I want to take a look at is the functionality that Mirage provides and the different layers that Mirage leverages. We’re not going to take a real close look at the architecture or all the components involved, but I want you to understand the basics of Mirage, the use case for it, and the different layers that it leverages to accomplish the functionality that we need. So why would we use Mirage? The main reason is we want to manage physical desktops centrally. We can also use Mirage to resolve application compatibility issues, manage mobile users whose computers aren’t typically inside of our physical building. So we need special tools to manage those mobile user computers. And Horizon can also be used to help ease the patching requirements for all of those physical desktops. So let’s take a moment to look at how images are actually handled for View and for Mirage. With Horizon View, we create this one perfect golden image. This is what all of our virtual desktops are going to be based on.

So we go through the process of optimizing it, we go through the process of setting up all the appropriate settings, configurations, maybe hardening it against attack. And then once we’ve done that, we spin up a whole bunch of virtual desktops based on that image. Well, with Mirage, we can leverage that same golden image and we can distribute that image to our physical desktops. So now I’ve got a single image that I am managing for both my virtual desktops and my physical desktops. This is going to make things much easier for things like Windows updates or changes to my image. And so with Mirage, we’re going to be managing many different physical desktops and we’re using different layers to accomplish this. So we’ve got what’s called a driver layer for the specific hardware of these different physical desktops. And we’ve got what we call a base layer, which contains our operating system for these physical desktops.

So these are different layers that Mirage is actually applying to these physical desktops. And so if we think about the process of utilizing Mirage, we’re going to have this desktop base layer. This is based on our golden image. And then on top of that, we’ve got HP drivers, Dell drivers, Acer drivers, whatever type of hardware we have, we can have a specific driver layer for these different models of physical computers that we have out there. So now my base layer, in combination with the appropriate driver layer, can start to give me a foundational image for that physical desktop. And then from there, I’ve got my user personalization layer. So prior to this layer, everybody’s basically getting the same thing. You’re getting the base layer, and everybody on Dell is getting a Dell set of drivers, for example. But now you’ve got your own settings, you’ve got your own specific things that you’ve configured, and that’s part of the user personalization layer. And that’s one of the things that we can back up with Mirage. So if we have to do a restore, we don’t need to restore the entire desktop. We’ve got our desktop base layer that’s shared across many desktops.

We’ve got a driver set. What we really need to restore for a particular user is their User Personalization layer. And then on top of that, to give them the complete image, the appropriate applications are layered on top of this base layer, this driver layer, and this User Personalization layer. So I can deliver different sets of applications as layers to different groups of users. So what you can see here is some of the things that we want to accomplish with View. Like application delivery, like Personalization, like central management of an image. Some of those same deliverables that View gives us, mirage is giving us in the physical desktop environment. Now, I want to conclude this module by showing you the Horizon suite data sheet. And if you just simply Google VMware Horizon Suite Data sheet, you’ll find this document. This is going to give you at a glance some of the different products that are available in the Horizon Suite and how they can be potentially used for your organization.

And here you can see some of the products that we just talked about VMware You, Mirage and Workspace, and it’ll point you to some of the references and resources that you may potentially want to use to learn more. But in order to pass the VMware Certified Associate Exam, this is a great reference. This is a good document to just simply read. It’s only two pages, and it’ll give you a little bit more background into the different products of the.