What’s New with VMware Horizon 7
Today, we announced the general availability of VMware Horizon 7. Horizon 7 reinvents desktop and application virtualization with a single platform, purpose-built for the mobile-cloud era. Drawing on the best of mobile and cloud, Horizon 7 radically transforms traditional VDI, giving you unprecedented simplicity, flexibility, speed and scale—all at lower costs.
This is a significant release for our flagship product, with improvements across the board—from scalability and user experience to deep technical innovations and improved policy controls. So, let’s dive straight in and highlight the key technical advances this release delivers.
This is again a ground-breaking release for Horizon and introduces some key new technologies. Over the next few blogs posts, the EUC technical marketing team demo some of these excellent new features. But first, let’s cover some of the headline features.
Instant Clones utilizes vmFork in vSphere 6.0 (update 1) to clone a virtual desktop in memory from an existing running virtual desktop. Desktops can now be provisioned in seconds, rather than minutes. Instant Clones do not rely on additional components, such as View Composer (or an additional DB), so it simplifies deployment and leverages existing vSphere functionality. Instant Clones also do not persist; they are destroyed after use and recreated from the latest desktop image.
Instant Clones are ideal for deploying pools of non-persistent “floating” desktops. Equally, when used with VMware User Environment Manager and VMware App Volumes, Instant Clones can rapidly provision a persistent desktop experience. EUC architect Jim Yanik shows you how to use Instant Clone in the following video:
Smart Policies is another innovation of Horizon 7, leveraging the power of User Environment Manager to give administrators granular control of a user’s desktop experience. A number of key Horizon features can be dynamically enabled, disabled or controlled based on not only who the user is, but on the many different variables available through Horizon: client device, IP address, pool name, etc.
For example, a different PCoIP protocol profile could be set for a user accessing their desktop from a WAN network versus a LAN network. This gives the user the optimal experience based on their location. Similarly, clipboard redirection and other features could be disabled if users are on non-corporate devices or external to the network.
The example above illustrates how dynamic PCoIP profiles can be implemented on logon or reconnect based on a user’s session variables. EUC architect Graeme Gordon gives you a five-minute introduction to Smart Policies in the video below:
Enter stage, Blast Extreme! Blast Extreme is an evolution of a new protocol VMware introduced when we delivered HTML Access for Horizon. Blast started as a TCP-based protocol leveraging JPG/PNG-based codec to deliver a great user experience to a browser.
Blast Extreme brings Blast into feature parity with PCoIP.
As an option, Blast Extreme also leverages the H.264 codec to provide an HD experience to end users. By using H.264, end-user devices can offload the protocol decode to hardware, rather than the CPU. Also on the server side, when combined with an NVIDIA GRID vGPU, the protocol encoding can be offloaded to the server’s GPU. This provides both performance gains and saves CPU utilization. Blast Extreme requires the Horizon client and is supported with the latest 4.0 clients for all supported operating systems (OS). Blast Extreme can be managed via Active Directory GPO where you can set session limits, quality choices, frame rate and more.
Blast Extreme matches and, in certain scenarios, exceeds the performance and bandwidth utilization of PCoIP. When combined with an NVIDIA GRID vGPU, performance/density gains can be considerable for high-performance 3D graphics workloads. The following chart shows the density gains—on average, 18%—when offloading the server-side protocol encode to a GPU.
EUC expert Marilyn Bassanta demos Blast Extreme in the following video:
We will be diving deep into Blast Extreme is a future blog posting, as well, so stay tuned.
Horizon 7 True SSO provides the ability to seamlessly sign onto a virtual desktop a single time using two-factor authentication via Identity Manager or Workspace ONE. True SSO separates authentication and access to Horizon-based desktops and applications.
Previously, users could SSO into a virtual desktop seamlessly via Identity Manager when using active directory (AD) credentials. Now, True SSO supports a wide range of authentication methods, starting with two-factor authentication, such as RSA SecureID. True SSO requires configuration on Identity Manager, an additional enrollment server established in the Horizon 7 environment and a Microsoft Certificate Authority. True SSO can be enabled at the global or pool level with Horizon 7.
Extreme Scale with Cloud Pod Architecture
Cloud Pod Architecture (CPA) allows multiple Horizon 7 instances (or pods) to be connected and aware of user entitlements and sessions in each instance. This ensures users are directed to their home site or an alternative backup site, depending on desktop and/or session availability. CPA has been around now for several releases and allows Horizon to scale to above 10,000 connected sessions, which is the limit per pod.
In Horizon 7, we are now announcing support for up to 50,000 connected sessions across a maximum of 25 instance/pods over up to five sites and 50 connection servers.
In addition to scale enhancements, CPA now also supports an alternative home site and nested AD groups. This allows groups of users to be assigned to a home site and nested AD groups to assigned an alternate home site. This diagram explains how nested AD group support can work. In the event the London home site is not available, for example, users in the London group would be redirected to the Paris site.
There are many exciting new features for Horizon Client, but, alas, there is not enough time in this blog to cover them all. But I do want to highlight two new features: URL Content Redirection and Flash Redirection. Both of these features will improve both the security and user experience for desktop users.
Flash Redirection is an experimental feature today, but allows flash content to be played on an end user device rather than from within the virtual desktop. This saves some bandwidth, reduces CPU impact on the virtual desktop and improves user experience. Flash content is delivered seamlessly to the end-user device, appearing as if it is running within the virtual desktop. The content is actually streamed from the virtual desktop, but rendering occurs on the end-user device rather than on the virtual desktop.
In many scenarios, it may be desirable to redirect web access based on the requested URL. For example, an organization may want to redirect URLs residing outside the corporate intranet (ex: yahoo.com) to the local client browser, while intranet domain URL’s might be serviced via the VDI guest OS browser.
URL Content Redirection can both improve security and reduce unnecessary virtual desktop bandwidth when users browse certain Internet content.
URL Content Redirection works with both virtual desktops and applications delivered via RDSH. Currently, redirection requires Windows OS and Internet Explorer 9 or later. Graeme walks you through URL Content Redirection in the following video:
That wraps our Horizon 7 headline features for now, but check back with the EUC Blog as we explore Instant Clones, Blast Extreme and more!
In the meantime, for more info on Horizon 7, please visit vmware.com/go/horizon.