VMware Horizon 7.11

VMware have released a new version of VMware Horizon 7.11, and this release is for now general available from 13th December 2019. This is a major release, so I hope you like this article I put together. VMware have made some huge improvements in this release, which customers/partners are going to benefit from.

HINT – If you are using Nvidia vGPU (on-prem) I highly recommend you upgrade to NVIDIA vGPU 10, when this is released it will be supporting VMware Horizon 7.11. I have in this article also included the new features of Horizon Cloud service for IBM Cloud, AWS, Azure.

One of the great things I saw in this release is that VMware Horizon the new HW encoder supports five or more monitors. Lets dig into what is new.

What is new in VMware Horizon 7.11

VMware Horizon 7.11 provides the following new features and enhancements

VMware Horizon Connection Server On-Premises
VMware Horizon Agent for Linux
VMware Horizon Agent for Windows
VMware Dynamic Environment Manager 9.10 (former VUEM)
VMware Unified Access Gateway 3.8
VMware Horizon Clients 5.3 for Android, Chrome, Linux, iOS, Mac, Windows, UWP, HTML Access

VMware Horizon Cloud services:

VMware Horizon Cloud Service 2.2 (Azure, AWS, On-prem)
VMware Horizon Cloud Service on IBM Cloud 19.3

VMware Horizon Connection Server On-Premises

The VMware Horizon 7 version 7.11 release includes many new features and enhancements to Horizon Connection Server and Horizon Agent including continuing to build on the feature parity of Horizon Console, the HTML5-based web console that will eventually replace Horizon Administrator, which will be deprecated in early 2020.

Horizon Console (HTML5-based Web Interface)
There are several enhancements to Horizon Console. These include:
- Horizon Console is now the primary and recommended web interface for Horizon 7. The existing Flash-based Horizon Administrator web interface remains supported but will be deprecated in early 2020. See the Log In to Horizon Console topic in the VMware Horizon Console Administration document.
- Horizon Help Desk Tool is more visibly integrated into Horizon Console. In Horizon Console, click Monitor > Help Desk to open Horizon Help Desk Tool. See the Start Horizon Help Desk Tool in Horizon Console topic in the VMware Horizon Console Administration document.
- You can customize the user name and password labels that appear in the RADIUS two-factor authentication login dialog box. See the Enable Two-Factor Authentication in Horizon Console topic in the VMware Horizon Console Administration document.
- You can configure global client restriction settings to restrict client session connections to desktops and published applications for non-supported Horizon Client versions. See the Global Client Restriction Settings for Client Sessions in Horizon Console topic in the VMware Horizon Console Administration document.
- You can view the CPU and memory consumption for each Connection Server in Horizon Console. See the Monitor Horizon Connection Server Load Status topic in the VMware Horizon Console Administration document.
- The “Manage Composer Desktop Pool Image” privilege is renamed to “Manage Maintenance Operations on Automated Desktops and Farms” privilege. You can use this privilege to perform a push-image operation on an instant-clone desktop pool or farm. See, Object Specific Privileges in the VMware Horizon Console Administration document.
- You can view the published application names associated with a session when you view the session information for a farm. See the Manage Published Desktop and Application Sessions in Horizon Console topic in the VMware Horizon Console Administration document.
Cloud Pod Architecture
- 12,000 sessions per pod have been validated for Horizon 7 version 7.11.
- To see the global desktop entitlement that contains a specific desktop pool, you can select Inventory > Desktops in Horizon Console. The name of the global desktop entitlement that contains the desktop pool appears in the Global Entitlement column for that desktop pool on the Desktop Pools page. You can also click a desktop pool name on the Desktop Pools page and view the name of the global desktop entitlement on the Summary tab.
- You can configure backup global entitlements. A backup global entitlement delivers remote desktops or published applications when the primary global entitlement fails to start a session because of problems such as insufficient pool capacity or unavailable pods. A backup global entitlement can contain pools from any pod in the pod federation. See the Implementing Backup Global Entitlements topic in the Administering Cloud Pod Architecture in Horizon 7 document.
Published Desktops and Applications
- Horizon 7 supports Universal Windows Platform (UWP) applications that run on Windows 10 virtual desktop (WVD) hosts or a desktop pool. See the Remote Desktop Services Hosts topic in the Setting Up Published Desktops and Application in Horizon Console document.
Virtual Desktops
- A progress bar indicates the pending image status of a master virtual machine and snapshot being published for the first time for an instant clone pool.
True SSO
- You can use a third-party identity provider that uses an Unified Access Gateway appliance with the True SSO feature. See the Setting Up True SSO topic in the Horizon 7 Administration document.
Load Balancing
- VMware Avi Networks supports load balancing for Connection Server, Unified Access Gateway appliances, and App Volumes Manager.

VMware Horizon Agent for Linux

Supported Distributions
Horizon Agent for Linux now supports the following operating systems for Linux remote desktops. For more information, see the System Requirements For Horizon 7 for Linuxtopic in the Setting Up Horizon 7 for Linux Desktops document.
- RHEL 7.7
- CentOS 7.7
- CentOS 8.0
True SSO on RHEL/CentOS 8 Desktops
The True SSO feature is supported on manual and automated full-clone desktops running the RHEL/CentOS 8 distribution. Instant-clone RHEL 8 desktops do not support True SSO. See the Configure True SSO on RHEL/CentOS 8 Desktops topic in the Setting Up Horizon 7 for Linux Desktops document.

VMware Horizon Agent for Windows

Remoting Protocols
- A dynamic encoder switch allows you to switch between a video optimized encoder (H.264 4:2:0 or H.264 4:4:4) and a text optimized encoder (Blast Codec or Adaptive). This switch helps maintain crisp text and video with reduced bandwidth usage. See the VMware Blast Extreme topic in the Horizon 7 Architecture Planning document.
- The HW encoder supports five or more monitors.
- Pending messages are batched and sent in larger packets, reducing bandwidth usage for data transmission.
Remote Experience
- Administrators can use a registry key string or configure the GPO setting VMware AppTap Configuration for applications and processes so that when a user logs off a remote session, the applications and processes that prevent a remote session from ending will be ignored. The GPO setting is listed in the VMware View Agent Configuration ADMX Template Settings topic in the Configuring Remote Desktop Features in Horizon 7 document.
- When preparing a desktop or RDSH image for nested-mode usage, you can install Horizon Agent and Horizon Client in any order.
- Horizon Agent installer supports LSA enabled machines. See the Install Horizon Agent on a Virtual Machine topic in Setting Up Virtual Desktops in Horizon Console

VMware Dynamic Environment Manager 9.10

VMware Dynamic Environment Manager (formerly known as VMware User Environment Manager) Whats new in DEM 9.10

- Roam File Type Associations and Protocols. A new Windows Common Setting, Default applications – File type associations and protocols, is available. With the new setting, you can enable consistent roaming behavior of file type associations for Windows 8 and later and Windows Server 2012 and later. With this feature, file type associations follow users consistently from session to session.
  Notes:
  - If you are upgrading from a previous version and your deployment uses the Easy Start Flex configuration file for default applications and file type associations, create a new configuration file. Ensure that the new configuration file references the new Windows Common Setting Default applications – File type associations and protocols. Then replace the old configuration file with the new.
  - After you select the Default applications – File type associations and protocols option, you can prevent messages from occasionally appearing asking users if they want to “keep using this app” when they attempt to open a file. Use the Group Policy Management Editor as follows. Navigate to the File Explorer folder, for example Computer Configuration > Policies > Administrative Templates > Windows Components > File Explorer. Next, enable the Do not show the ‘new application installed’ notification setting.
- Computer Environment Settings. VMware Dynamic Environment Manager 9.10 introduces an initial set of computer environment settings that VMware Dynamic Environment Manager applies as end user computers start up. This set of computer environment settings consists of Horizon Smart Policy settings that control the behavior of Flash multi-media redirection, integrated printing, and USB redirection.
  
  To enable VMware Dynamic Environment Manager 9.10 to apply the new set of Horizon Smart Policy settings, take the following actions.
  - Configure the VMware Dynamic Environment Manager Management Console to display the Computer Environment tab.
    See Configuring the VMware Dynamic Environment Manager Management Console.
  - Configure the appropriate NTFS security permissions.
    Note: If you are configuring computer environment settings on an existing VMware Dynamic Environment Manager deployment, additional NTFS permission configuration might be required
    See VMware Dynamic Environment Manager Configuration Share and Profile Archives Share.
  - Configure the appropriate registry settings.
    See FlexEngine Configuration for Computer Environment Settings.
  - Optionally, configure a triggered task for the new Computer Environment refresh action.
    See Configure Triggered Tasks.
  - Configure the new set of Horizon Smart Policies.
    See Configure Horizon Smart Policies for Computer Environment Settings.
- Additional Windows Support.
  - Windows 10 Version 1909 (November 2019 Update)

VMware Unified Access Gateway 3.8

VMware Unified Access Gateway 3.8 provides the following new features and enhancements:

Added support for SAML 2.0 third-party identity provider integration for Horizon user authentication
This feature can be configured for the Horizon SAML authentication and Active Directory password authentication or for the SAML authentication with Horizon True SSO. This feature is supported for Horizon clients and browser-based HTML Access. Third-party identity providers used can be Okta, Ping Identity, and Microsoft Azure Active Directory
Added support for the Horizon protocol redirect based on JWT (JSON Web Token) claims.
This feature is used with the forthcoming Horizon Universal Broker and supports an optimized architecture with Horizon protocol access to desktops and RDS hosted apps that are in a different location to the Horizon broker.
Added support for setting Host Redirect Mappings.
- The HTTP Host Redirect capability can be used to simplify Horizon load balancing affinity requirements in certain multi VIP UAG environments. After a load balancer selects a UAG appliance, an HTTP redirect is returned so that the Horizon Client connects directly to the selected UAG appliance without further need for load balancer affinity.
- Host Redirect Mappings text box added to Horizon Settings in the UAG Admin UI.
Added support in the UAG Admin UI and REST API to include a new field, which provides the countdown in number of days until the date of admin password expiry.
Password expires in (days) is shown in the Account Settings page in the UAG Admin UI.
Added support for defining allow or deny control for multiple error categories in the OPSWAT endpoint compliance checks for Horizon.
Show Allowed Status Codes field added to the Endpoint Compliance Check Provider Settings page in the UAG Admin UI.
Added support for OPSWAT endpoint compliance checks with Horizon Client on iOS version 5.3.
This support is in addition to the existing UAG OPSWAT support for Windows and macOS clients.
Added support for new customized labels for the RADIUS authentication method user prompts to enhance usability.
The Horizon RADIUS authentication prompt User name and Passcode label text can be configured on UAG.
Added support to display UAG SEG (Secure Email Gateway) Health and Diagnostics from the Admin UI
Health and Diagnostics screens are provided for SEG under the Edge Service Session Statistics section.
When SEG is configured with the local SSL certificate, the corresponding certificate thumbprint is displayed under the SEG edge services settings.
Added support for OCSP configuration through PowerShell
Added support for JWT audience restriction in Horizon Edge service.
The JWT audience restriction is a security feature provided by UAG to these Edge services. UAG administrators can restrict the JWT audiences accessing Horizon and backend applications.
SAML Audiences settings added to Horizon and Web Reverse Proxy (with Identity Bridging enabled) Edge services settings in the UAG Admin UI.

Supported versions of Windows 10 on Horizon Agent Including All VDI Clones (Full Clones, Instant Clones, and Linked Clones on Horizon 7)

Windows 10 1607 LTSB (Enterprise)
Windows 10 1703 CBB, Semi-Annual (Enterprise, Professional, Education)
Windows 10 1803
Windows 10 1809
Windows 10 1903
Windows 10 1909

For more additional information please read this knowledge article

VMware Horizon Client 5.3 – new features