The 2212 release for Horizon is now available and delivers the much-anticipated Apps on Demand capability for published app deployments, as well as features that increase the efficiency of Horizon, improve the end-user experience, and provide support for Digital Employee Experience Management (DEEM).
Extended Service Branch for Horizon
Horizon 8 2212 is the latest Extended Service Branch (ESB) release, providing customers with planned maintenance updates for the next three years. These planned updates will provide customers with bug and security fixes, offering a reliable, predictable, and stable Horizon platform for those who run Horizon in critical environments. For more information, please see this documentation.
Apps on Demand for published apps
Last year, we introduced Apps on Demand, powered by VMware App Volumes, for VDI and DaaS environments, which gives IT admins the ability to deliver apps to users in a virtual desktop when the user “demands” the app. This feature greatly reduces overall app management time by splitting image management with app management, providing faster login times as all apps don’t need to be attached to the virtual desktop. Instead, apps are only loaded at time of use.
Now with 2212, we’re excited to bring Apps on Demand functionality to published app deployments. This feature, delivered through the integration of Horizon and App Volumes, is enabling IT admins to home in on the concept of a single gold image by separating app deployment to hosted app servers from the underlying OS on those servers. With Apps on Demand, published app servers or hosts can be created dynamically based on which application an end-user launches. IT teams can eliminate the need for dedicated app farm infrastructure, regardless of if published apps are hosted on Horizon Apps, Citrix Virtual Apps, or Microsoft RDSH/terminal services. IT can scale to provide access to more apps by adding more servers with a generic gold image when required, instead of the traditional way of keeping the servers “always on.” The Apps on Demand capability will help IT reduce the effort required to publish apps through simplified management and curtail the hardware expense needed to deploy apps. For more in-depth information on Apps on Demand for published apps, check out this blog.
Import and validate SSL certificates
With the new certificate management feature, admins can import CA-signed certificates, generate certificate signing requests (CSRs), and monitor the health of the connection server certificate right from the Horizon console. We strongly recommend using CA-signed certificates in place of default self-signed certificates in Horizon. Now admins with certificate management privileges can validate and directly import certificates (in PFX or PEM format) into the certificate store on the connection server.
If you are in the process of obtaining a CA-signed certificate, you can now generate and download a CSR file from the Horizon console for your connection server instance. We have also added health monitoring for connection server certificates where admins can get specific information on certificate errors and security configurations, making it easier to troubleshoot certificate-related issues.
IPv6 support for Cloud Pod Architecture
All features in Cloud Pod Architecture (CPA) are fully supported by IPv6. Now customers using or considering moving to IPv6 can deploy in CPA and gain the benefits of building a pod federation, which greatly simplifies operations and provides cross-data center administration, global and flexible user-to-desktop mapping, high-availability desktops, and disaster recovery capabilities.
Increased scalability for non-vSAN storage
For customers running a storage system other than vSAN, the 2212 release increases the number of virtual machines (VMs) that can be supported on a server host from 200 to 500. As server hardware becomes more efficient, adding more CPU power and RAM, Horizon is leveraging this efficiency to support more VMs per host. The increased number of VMs per host makes customer environments more scalable and brings down the cost of virtual desktops. The achievable maximum depends on the workload and specifics of the hardware. See VMware Configuration Maximums for all Horizon configuration maximums.
Expanding full clone desktop capabilities
2212 is expanding the Instant Cloning capability that currently exists for instant clone desktop pools to an automated pool of full clone desktops, which can be applied to any organizational unit (OU) in which the computer accounts are created. This automates the desktop cloning process for any OU, eliminating the need to build computer accounts in the default OU and manually move them after pool creation. The full cloning ability reduces administrative burden and risk as IT admins build and apply desktops to the different OUs.
More RESTful APIs
New REST API capabilities have been added for CEIP, Category folder, Certificate validator, Connection server, Event database, Gateway, GSSAPI Authenticators, Radius Authenticators, SAML Authenticators and License, and IMS parity, providing automation for customer deployments.
Visit the VMware Horizon Server API page for a complete list of Horizon APIs.
Smart card bypass privilege
Monitoring solutions, such as VMware vRealize Operations, use Horizon APIs to extract events from the connection server for monitoring and tracking. When smart card authentication mode is set to “Required,” APIs’ credential-based authentication used by monitoring tools would fail, forcing customers to set smart card authentication mode as “Optional,” This would then allow users to authenticate using other means than smart cards, lowering security levels. With the “API smart card bypass” privilege, admins can use credential-based authentication even when a connection server mandates smart card authentication, facilitating credential based API automations and smart card only login via the admin console.
Next, we will turn to the newest features on Horizon clients that enhance the end-user experience.
Smart protocol tuning with Blast Optimizer
A notable new feature is the addition of the Blast Optimizer, which allows IT admins to easily tune the Blast protocol based on their desired tradeoff between user experience and resource utilization. For example, for end users who need high-quality, visually rich experience where bandwidth or CPU utilized is not a concern, admins can turn the dial up by applying the highest Global Policy (GPO) setting. This would automatically set the image quality and frames delivered to the highest value while at the same time increasing the bandwidth slope. Or if a more regular user experience that is resource efficient is required, admins can simply apply a lower setting for the GPO. The Blast Optimizer provides a great way to effectively manage the tradeoff between user experience and backend resources.
PIV-D for iOS-derived credentials
2212 adds support to deliver certificates from PIV-D, providing more flexibility for customers by offering more certificate delivery options. This is especially important for Federal organizations who use smart cards for authentication. With this enhancement, customers can deliver certificates to Android and iOS devices using VMware’s own PIV-D Manager, which works seamlessly with Workspace ONE. Horizon can use the certificates to create a smart card for single sign-on to the Horizon Server and the virtual entitlement. The virtual smart card is also available in the VM to authenticate to web pages or sign documents.
Image enhancement for MAC scanner
Horizon added support for scanner redirection for Mac endpoints in the 2209 release. IT admins can now build on this feature by setting the brightness and contrast right in the VM. When a scanner is attached to a device, it is redirected to the VM where the scanner can be seen in the virtual session. Horizon continues to add support for peripherals that deliver a seamless experience to end users — even when scanning in a virtual session.
Improved collaboration experience for MS Teams, Zoom, and WebEx
Horizon has made it easier to run the Zoom and WebEx optimization plug-in on a Windows client by developing a custom executable install that supports the plug-in. The custom executable makes it easier for end users to install the Zoom and WebEx plug-in that optimizes the end-user experience while using these apps in a virtual session. Additionally MS Teams Optimization will also be enabled by default for end users for a frictionless end-to-end collaboration experience.
Deep telemetry across physical and virtual deployments
Digital Employee Experience Management (DEEM) now supports Horizon and can be activated as an add-on solution. DEEM collects metrics, provides root cause analysis, and remediates issues with workflows, enabling IT admins to gain real-time visibility and actionable insights. For customers opting into DEEM, it will collect metrics for Horizon virtual sessions. Customers can measure and analyze end-user experience information for different deployment types and across different operating systems from a single pane of glass. For more information, you can review DEEM for Horizon documentation.
End of general support for Horizon 7
As a reminder, general support for Horizon 7.13 — the last Horizon 7 release — will end in April 2023. Now is a great time to migrate to Horizon 8. With Horizon 8, you get all the features mentioned in this blog as well as the new features that we continue to develop every quarter to ensure customers are getting the best experience with Horizon. To learn more about what Horizon 8 offers, visit the VMware Horizon Upgrade Center.
Learn more about 2212
This is only a highlight of what is available in Horizon 8 2212! There are many more features that I didn’t cover in this blog, but you can find a deep dive on all these and more in the Horizon 8 2212 Release Notes.