VMware Horizon 7.11

VMware have released a new version of VMware Horizon 7.11, and this release is for now general available from 13th December 2019. This is a major release, so I hope you like this article I put together. VMware have made some huge improvements in this release, which customers/partners are going to benefit from.

HINT – If you are using Nvidia vGPU (on-prem) I highly recommend you upgrade to NVIDIA vGPU 10, when this is released it will be supporting VMware Horizon 7.11. I have in this article also included the new features of Horizon Cloud service for IBM Cloud, AWS, Azure.

One of the great things I saw in this release is that VMware Horizon the new HW encoder supports five or more monitors. Lets dig into what is new.

What is new in VMware Horizon 7.11

VMware Horizon 7.11 provides the following new features and enhancements

  • VMware Horizon Connection Server On-Premises
  • VMware Horizon Agent for Linux
  • VMware Horizon Agent for Windows
  • VMware Dynamic Environment Manager 9.10 (former VUEM)
  • VMware Unified Access Gateway 3.8
  • VMware Horizon Clients 5.3 for Android, Chrome, Linux, iOS, Mac, Windows, UWP, HTML Access

VMware Horizon Cloud services:

  • VMware Horizon Cloud Service 2.2 (Azure, AWS, On-prem)
  • VMware Horizon Cloud Service on IBM Cloud 19.3

VMware Horizon Connection Server On-Premises

The VMware Horizon 7 version 7.11 release includes many new features and enhancements to Horizon Connection Server and Horizon Agent including continuing to build on the feature parity of Horizon Console, the HTML5-based web console that will eventually replace Horizon Administrator, which will be deprecated in early 2020.

  • Horizon Console (HTML5-based Web Interface)
    There are several enhancements to Horizon Console. These include:
    • Horizon Console is now the primary and recommended web interface for Horizon 7. The existing Flash-based Horizon Administrator web interface remains supported but will be deprecated in early 2020. See the Log In to Horizon Console topic in the VMware Horizon Console Administration document.
    • Horizon Help Desk Tool is more visibly integrated into Horizon Console. In Horizon Console, click Monitor > Help Desk to open Horizon Help Desk Tool. See the Start Horizon Help Desk Tool in Horizon Console topic in the VMware Horizon Console Administration document.
    • You can customize the user name and password labels that appear in the RADIUS two-factor authentication login dialog box. See the Enable Two-Factor Authentication in Horizon Console topic in the VMware Horizon Console Administration document.
    • You can configure global client restriction settings to restrict client session connections to desktops and published applications for non-supported Horizon Client versions. See the Global Client Restriction Settings for Client Sessions in Horizon Console topic in the VMware Horizon Console Administration document.
    • You can view the CPU and memory consumption for each Connection Server in Horizon Console. See the Monitor Horizon Connection Server Load Status topic in the VMware Horizon Console Administration document.
    • The “Manage Composer Desktop Pool Image” privilege is renamed to “Manage Maintenance Operations on Automated Desktops and Farms” privilege. You can use this privilege to perform a push-image operation on an instant-clone desktop pool or farm. See, Object Specific Privileges in the VMware Horizon Console Administration document.
    • You can view the published application names associated with a session when you view the session information for a farm. See the Manage Published Desktop and Application Sessions in Horizon Console topic in the VMware Horizon Console Administration document.
  • Cloud Pod Architecture
    • 12,000 sessions per pod have been validated for Horizon 7 version 7.11.
    • To see the global desktop entitlement that contains a specific desktop pool, you can select Inventory > Desktops in Horizon Console. The name of the global desktop entitlement that contains the desktop pool appears in the Global Entitlement column for that desktop pool on the Desktop Pools page. You can also click a desktop pool name on the Desktop Pools page and view the name of the global desktop entitlement on the Summary tab.
    • You can configure backup global entitlements. A backup global entitlement delivers remote desktops or published applications when the primary global entitlement fails to start a session because of problems such as insufficient pool capacity or unavailable pods. A backup global entitlement can contain pools from any pod in the pod federation. See the Implementing Backup Global Entitlements topic in the Administering Cloud Pod Architecture in Horizon 7 document.
  • Published Desktops and Applications
    • Horizon 7 supports Universal Windows Platform (UWP) applications that run on Windows 10 virtual desktop (WVD) hosts or a desktop pool. See the Remote Desktop Services Hosts topic in the Setting Up Published Desktops and Application in Horizon Console document.
  • Virtual Desktops
    • A progress bar indicates the pending image status of a master virtual machine and snapshot being published for the first time for an instant clone pool.
  • True SSO
    • You can use a third-party identity provider that uses an Unified Access Gateway appliance with the True SSO feature. See the Setting Up True SSO topic in the Horizon 7 Administration document.
  • Load Balancing
    • VMware Avi Networks supports load balancing for Connection Server, Unified Access Gateway appliances, and App Volumes Manager.

VMware Horizon Agent for Linux

  • Supported Distributions
    Horizon Agent for Linux now supports the following operating systems for Linux remote desktops. For more information, see the System Requirements For Horizon 7 for Linuxtopic in the Setting Up Horizon 7 for Linux Desktops document.
    • RHEL 7.7
    • CentOS 7.7
    • CentOS 8.0
  • True SSO on RHEL/CentOS 8 Desktops
    The True SSO feature is supported on manual and automated full-clone desktops running the RHEL/CentOS 8 distribution. Instant-clone RHEL 8 desktops do not support True SSO. See the Configure True SSO on RHEL/CentOS 8 Desktops topic in the Setting Up Horizon 7 for Linux Desktops document.

VMware Horizon Agent for Windows

  • Remoting Protocols
    • A dynamic encoder switch allows you to switch between a video optimized encoder (H.264 4:2:0 or H.264 4:4:4) and a text optimized encoder (Blast Codec or Adaptive). This switch helps maintain crisp text and video with reduced bandwidth usage. See the VMware Blast Extreme topic in the Horizon 7 Architecture Planning document.
    • The HW encoder supports five or more monitors.
    • Pending messages are batched and sent in larger packets, reducing bandwidth usage for data transmission.
  • Remote Experience
    • Administrators can use a registry key string or configure the GPO setting VMware AppTap Configuration for applications and processes so that when a user logs off a remote session, the applications and processes that prevent a remote session from ending will be ignored. The GPO setting is listed in the VMware View Agent Configuration ADMX Template Settings topic in the Configuring Remote Desktop Features in Horizon 7 document.
    • When preparing a desktop or RDSH image for nested-mode usage, you can install Horizon Agent and Horizon Client in any order.
    • Horizon Agent installer supports LSA enabled machines. See the Install Horizon Agent on a Virtual Machine topic in Setting Up Virtual Desktops in Horizon Console

VMware Dynamic Environment Manager 9.10

VMware Dynamic Environment Manager (formerly known as VMware User Environment Manager) Whats new in DEM 9.10

    • Roam File Type Associations and Protocols. A new Windows Common Setting, Default applications – File type associations and protocols, is available. With the new setting, you can enable consistent roaming behavior of file type associations for Windows 8 and later and Windows Server 2012 and later. With this feature, file type associations follow users consistently from session to session.
      Notes:
      • If you are upgrading from a previous version and your deployment uses the Easy Start Flex configuration file for default applications and file type associations, create a new configuration file. Ensure that the new configuration file references the new Windows Common Setting Default applications – File type associations and protocols. Then replace the old configuration file with the new.
      • After you select the Default applications – File type associations and protocols option, you can prevent messages from occasionally appearing asking users if they want to “keep using this app” when they attempt to open a file. Use the Group Policy Management Editor as follows. Navigate to the File Explorer folder, for example Computer Configuration > Policies > Administrative Templates > Windows Components > File Explorer. Next, enable the Do not show the ‘new application installed’ notification setting.
    • Computer Environment Settings. VMware Dynamic Environment Manager 9.10 introduces an initial set of computer environment settings that VMware Dynamic Environment Manager applies as end user computers start up. This set of computer environment settings consists of Horizon Smart Policy settings that control the behavior of Flash multi-media redirection, integrated printing, and USB redirection.

      To enable VMware Dynamic Environment Manager 9.10 to apply the new set of Horizon Smart Policy settings, take the following actions.
    • Additional Windows Support.
      • Windows 10 Version 1909 (November 2019 Update)

VMware Unified Access Gateway 3.8

VMware Unified Access Gateway 3.8 provides the following new features and enhancements:

  • Added support for SAML 2.0 third-party identity provider integration for Horizon user authentication
    This feature can be configured for the Horizon SAML authentication and Active Directory password authentication or for the SAML authentication with Horizon True SSO. This feature is supported for Horizon clients and browser-based HTML Access. Third-party identity providers used can be Okta, Ping Identity, and Microsoft Azure Active Directory
  • Added support for the Horizon protocol redirect based on JWT (JSON Web Token) claims.
    This feature is used with the forthcoming Horizon Universal Broker and supports an optimized architecture with Horizon protocol access to desktops and RDS hosted apps that are in a different location to the Horizon broker.
  • Added support for setting Host Redirect Mappings.
    • The HTTP Host Redirect capability can be used to simplify Horizon load balancing affinity requirements in certain multi VIP UAG environments. After a load balancer selects a UAG appliance, an HTTP redirect is returned so that the Horizon Client connects directly to the selected UAG appliance without further need for load balancer affinity.
    • Host Redirect Mappings text box added to Horizon Settings in the UAG Admin UI.
  • Added support in the UAG Admin UI and REST API to include a new field, which provides the countdown in number of days until the date of admin password expiry.
    Password expires in (days) is shown in the  Account Settings page in the UAG Admin UI.
  • Added support for defining allow or deny control for multiple error categories in the OPSWAT endpoint compliance checks for Horizon.
    Show Allowed Status Codes field added to the Endpoint Compliance Check Provider Settings page in the UAG Admin UI.
  • Added support for OPSWAT endpoint compliance checks with Horizon Client on iOS version 5.3.
    This support is in addition to the existing UAG OPSWAT support for Windows and macOS clients.
  • Added support for new customized labels for the RADIUS authentication method user prompts to enhance usability.
    The Horizon RADIUS authentication prompt User name and Passcode label text can be configured on UAG.
  • Added support to display UAG SEG (Secure Email Gateway) Health and Diagnostics from the Admin UI
    Health and Diagnostics screens are provided for SEG under the Edge Service Session Statistics section.
  • When SEG is configured with the local SSL certificate, the corresponding certificate thumbprint is displayed under the SEG edge services settings.
  • Added support for OCSP configuration through PowerShell 
  • Added support for JWT audience restriction in Horizon Edge service.
    The JWT audience restriction is a security feature provided by UAG to these Edge services. UAG administrators can restrict the JWT audiences accessing Horizon and backend applications.
  • SAML Audiences settings added to Horizon and Web Reverse Proxy (with Identity Bridging enabled) Edge services settings in the UAG Admin UI.

Supported versions of Windows 10 on Horizon Agent Including All VDI Clones (Full Clones, Instant Clones, and Linked Clones on Horizon 7)

  • Windows 10 1607 LTSB (Enterprise)
  • Windows 10 1703 CBB, Semi-Annual (Enterprise, Professional, Education)
  • Windows 10 1803
  • Windows 10 1809
  • Windows 10 1903
  • Windows 10 1909

For more additional information please read this knowledge article

VMware Horizon Client 5.3 – new features

VMware Horizon Client 5.3 for Android

What’s New in This Release

  • Multi-monitor mode enhancements on a Chromebook
    When you use Horizon Client for Android on a Chromebook that has an external monitor, Horizon Client attempts to duplicate the display topology configured on the Chromebook in your remote sessions. Previously, the display topology in a remote session was always horizontally arranged and top aligned.
  • HTTP 307 redirect support
    After an HTTP 307 redirect occurs, Horizon Client for Android now shows the original server URL that the user entered. Previously, the URL of the redirected server appeared in the authentication dialog box.
  • RADIUS authentication login page customization
    Beginning with Horizon 7 version 7.11, an administrator can customize the labels on the RADIUS authentication login page that appears in Horizon Client. For more information, see the topics about two-factor authentication in the VMware Horizon Console Administration document.
  • Set Unauthenticated Access in a JSON file
    When Horizon Client for Android is installed on a Chromebook, you can use the enable_unauthenticated_access property in a JSON file to enable or disable the Unauthenticated Access feature. For more information, see Application Settings.
  • Changes to the derived credentials feature
    To use the derived credentials feature, you must now create a group policy object (GPO) in Active Directory that pairs a virtual smart card with the smart card middleware installed on the remote desktop. You then apply the GPO to the organizational unit (OU) that contains the remote desktop. For more information, see Pair a Virtual Smart Card with Smart Card Middleware.
  •  

VMware Horizon Client 5.3 for Chrome

What’s New in This Release

  • HTTP 307 redirect support
    After an HTTP 307 redirect occurs, Horizon Client for iOS now shows the original server URL that the user entered.  Previously, the URL of the redirected server appeared in the authentication dialog box.
  • RADIUS authentication login page customization
    Beginning with Horizon 7 version 7.11, an administrator can customize the labels on the RADIUS authentication login page that appears in Horizon Client. For more information, see the topics about two-factor authentication in the VMware Horizon Console Administration document.
  • OPSWAT integration support
    You can use OPSWAT integration with Horizon Client for iOS by installing OPSWAT Mobile App on the client device. When OPSWAT Mobile App is installed, Horizon Client for iOS prompts you to share the client device’s ID with OPSWAT. You can use a new Horizon Client for iOS setting to configure whether to share the device ID with OPSWAT. For more information, see Configure Device ID Sharing with OPSWAT.
  • Changes to the derived credentials feature
    To use the derived credentials feature, you must now create a group policy object (GPO) in Active Directory that pairs a virtual smart card with the smart card middleware installed on the remote desktop. You then apply the GPO to the organizational unit (OU) that contains the remote desktop. For more information, see Pair a Virtual Smart Card with Smart Card Middleware.
  • iOS 13.x support
    You can install Horizon Client for iOS on an iOS 13.x client device.

VMware Horizon Client 5.3 for iOS

What’s New in This Release

VMware Horizon Client 5.3 for Mac

What’s New in This Release

  • HTTP 307 redirect support
    After an HTTP 307 redirect occurs, Horizon Client for Mac now shows the original server URL that the user entered. Previously, the URL of the redirected server appeared on both the desktop and application selector page and in the Login dialog box.
  • RADIUS authentication login page customization
    Beginning with Horizon 7 version 7.11, an administrator can customize the labels on the RADIUS authentication login page that appears in Horizon Client. For more information, see the topics about two-factor authentication in the VMware Horizon Console Administration document.

VMware Horizon Client 5.3 for Linux

What’s New in This Release

  • HTTP 307 redirect support
    After an HTTP 307 redirect occurs, Horizon Client for Linux shows the original server URL that the user entered. Previously, the URL of the redirected server appeared in the Login dialog box.
  • RADIUS authentication login page customization
    Beginning with Horizon 7 version 7.11, an administrator can customize the labels on the RADIUS authentication login page that appears in Horizon Client. For more information, see the topics about two-factor authentication in the VMware Horizon Console Administration document.
  • Battery state redirection
    When the Enable Battery State Redirection agent group policy setting is enabled, information about the Linux client system’s battery is redirected to a Windows remote desktop. The information includes the battery’s charging status, percentage of charge, low battery notification, and more. This setting is enabled by default. For more information, see the Configuring Remote Desktop Features in Horizon 7 document.
  • Configuration options for checking the certificate revocation list 
    When the –skipCRLRevocationCheck command-line option is specified or the skipCRLRevocationCheck configuration key is set to “TRUE,” Horizon Client for Linux does not check for the certificate revocation list (CRL) when connecting to a server. CRL checking is enabled by default. For more information, see “Horizon Client Configuration Settings and Command-Line Options.”

VMware Horizon Client 5.3 for Windows

What’s New in This Release

  • Battery state redirection
    When the Enable Battery State Redirection agent group policy setting is enabled, information about the Windows client system’s battery is redirected to a Windows remote desktop. This setting is enabled by default. For more information, see the Configuring Remote Desktop Features in Horizon 7 document.
  • Universal Broker support
    You can use Horizon Client for Windows in a cloud brokering environment.
  • RADIUS authentication login page customization
    Beginning with Horizon 7 version 7.11, an administrator can customize the labels on the RADIUS authentication login page that appears in Horizon Client. For more information, see the topics about two-factor authentication in the VMware Horizon Console Administration document.
  • Save custom display resolution and display scaling settings on the server
    By default, custom display resolution and display scaling settings are stored only on the local client system. An administrator can use the Save resolution and DPI to server client group policy setting to save these settings to the server so that they are always applied, regardless of the client system that you use to log to the remote desktop. For more information, see General Settings for Client GPOs.
  • Windows 10 Version 1909 support
    You can install Horizon Client for Windows on a Windows 10 Version 1909 client system.

VMware Horizon Client 5.3 for Windows 10 UWP

  • No new release.

VMware Horizon Client 5.3 for HTML Access

What’s New in This Release

  • RADIUS authentication login page customization
    Beginning with Horizon 7 version 7.11, an administrator can customize the labels on the RADIUS authentication login page that appears in Horizon Client. For more information, see the topics about two-factor authentication in the VMware Horizon Console Administration document.

Whats new in VMware Horizon Cloud services:

  • VMware Horizon Cloud Service on IBM Cloud 19.3.1
  • VMware Horizon Cloud Service 2.2 (Azure, AWS, On-prem)

VMware Horizon Cloud Service on IBM Cloud 19.3.1

Horizon Agent Installer (HAI) 19.3.1 has been released. HAI 19.3.1 addresses a defect in 19.3.0 Agents that manifests itself during Agent Auto Upgrade from 18.x Agents.

  • The issue only impacts VMs that are upgraded via AAU from 18.x Agents (18.2.x, 18.4).
  • The problem does not exist for 19.3.0 Agents installed/upgraded via the interactive/manual installer, nor does it exist for VMs upgraded via AAU from HAI 19.x.
  • There is no functional difference between 19.3.0 and 19.3.1. The fix only impacts the upgrade path from 18.x agents, so if you are already running 19.3.0 Agents it is not necessary to upgrade to 19.3.1.

What’s New for Horizon Cloud Service

  • Enhancements to a number of existing pre-defined reports. The Desktop Sessions report is renamed Sessions and now contains information about application sessions in addition to desktop sessions. The Session duration is further broken down into Total Session Duration and Session Idle Duration. VDI Applications Sessions is renamed to VDI Applications Usage. User Usage Report now contains pod type and pool related details in addition to information about idle time and total session duration.
  • User Visibility within Horizon provides administrators with visibility into issues affecting their users and helps them identify users who have high resource consumption, from across their deployments, in real-time. Administrators can:
    • Understand how many users are impacted in specific pods and pools
    • Understand the kinds of issues affecting their end users
    • Drill down into session related details of affected users
    • Identify users contributing to heavy consumption of resources

What’s New for Horizon Cloud on Microsoft Azure

  • External Gateways can now be deployed into a separate Microsoft Azure VNet or a separate Microsoft Azure subscription to support advanced deployment configurations of Horizon Cloud on Microsoft Azure.
  • Horizon Cloud on Microsoft Azure extending Microsoft Windows Virtual Desktop (WVD) is now Tech Preview with support for Windows 10 Enterprise multi-session, Windows 7 with Extended Security Updates and FSLogix. For information on how to sign up, please visit vmware.com/go/HCTechPreview
  • Support for SSD disk types for VDI and RDSH Farms and customized OS disk sizes is now available for Horizon Cloud on Microsoft Azure.

What’s New for Cloud-Connected Horizon 7 Pods

  • Enhanced customer post-pod-onboarding experience. The Congratulations screen now guides administrators to launch the Horizon Cloud Administration Console which is used to perform post-onboarding actions such as adding additional administrators (using their My VMware accounts) and enabling or disabling use of the Cloud Monitoring Service (CMS) with the newly onboarded pod.
  • New visual display of the health status of the Horizon 7 Cloud Connector and its sub-components. This display appears in the Horizon 7 Cloud Connector onboarding user interface after pod onboarding with the cloud plane is completed.

Source

VMware Horizon 7.11

VMware Horizon Cloud Services 2.2

VMware Horizon Cloud Service on IBM Cloud 19.3

Other recommended blogpost

Integrating Microsoft Azure MFA with VMware Unified Access Gateway 3.8, blogpost by Sean Massey 

Leave a Reply

Your email address will not be published. Required fields are marked *

Turn on pictures to see the captcha *