VMware Horizon 8 (2106)

VMware have released a new version of VMware Horizon 8 (2106), and this release is general available from August 2021. This is a major release, so I hope you like this article I put together. VMware have made some huge improvements in this release, which customers/partners are going to benefit from. HINT – If you are using Nvidia vGPU driver 13 supports VMware Horizon 8 2106. I have in this article also included the new features of Horizon Cloud service for 2106 IBM Cloud, AWS, Azure. Lets dig into what is new.

What is new in VMware Horizon 8 (2106)

VMware Horizon 8 2106 provides the following new features and enhancements

  • VMware Horizon Connection Server
  • VMware Horizon Agent for Linux
  • VMware Horizon Agent for Windows
  • VMware Horizon GPO Bundle
  • VMware Dynamic Environment Manager 2106
  • VMware Unified Access Gateway 2106
  • VMware Horizon Clients 2106 for Android, Linux, iOS, Mac, Windows, HTML Access

VMware Horizon Cloud services 2106

 

Nonoperational Features in This Release

The following features are not operational until the corresponding functionality becomes available in the Horizon Control Plane:

  • In Horizon Console, the Cloud Brokered option in the Add and Edit settings for RDS desktop pools from cloud-managed pods.
  • In Horizon Console, the Cloud Brokered option in the Add and Edit settings for application pools from cloud-managed pods.

VMware Horizon Connection Server On-Premises

The VMware Horizon 8 version 2106 release includes many new features and enhancements.

  • Published Desktops and Applications
  • Virtual Desktops
  • Horizon Console
    • Users belonging to untrusted domains can use SAML authentication, True SSO, and smart card authentication. See Configuring Untrusted Domains.
    • You can now use smart card caching emulation for non-Microsoft Windows client connections. See Using Smart Card Caching Emulation.
    • Role creation and edit now offer two new privileges applicable to access groups. Both new privileges are children of the Manage Machine privilege: See Privileges for Managing Machines and Object-Specific Privileges.
      • Manage Machine Alias and User Assignment – used for machine user assignment and machine alias assignment.
      • Manage Machine Maintenance – used for toggling machines manually to and from maintenance state.
    • When adding a vCenter Server instance, you can now select a deployment type. Deployment type allows you to specify whether your vCenter is in a private data center or in a specific public cloud data center. See Add vCenter Server Instances to VMware Horizon.
  • Security
  • HTML Access
    • HTML Access is now supported in an IPv6 environment.
  • Deployment Architecture
    • You can now deploy Horizon Connection Servers and Horizon Agents in different data centers across WAN, as long as the Horizon Agents are located within 120ms of the Connection Servers. This feature effectively extends a single Horizon pod across multiple locations and enables a single pod to manage virtual desktops and RDS hosts located in data centers that are different from where the Horizon Connection Servers are deployed, and applies to Horizon virtual desktops and RDSH deployed in private data centers as well as in public clouds

VMware Horizon Agent 8 2106 for Linux

  • Operating Systems This release adds support for the following Linux distributions:
    • Red Hat Enterprise Linux (RHEL) Workstation 8.4
    • Red Hat Enterprise Linux (RHEL) Server 8.4
    • CentOS 8.4
  • Printer Redirection This release adds support for Printer Redirection, which allows users to print from a Linux remote desktop to any local or network printer available on their client computer. This feature is supported on Linux desktops running RHEL 7.9, RHEL 8.3, or Ubuntu 20.04. See install_viewagent.sh Command-Line Options.
  • Digital Watermarks With this release, you can add a digital watermark to a Linux remote session, to ensure the authenticity, content integrity, and ownership protection of your intellectual property. You can configure the digital watermark by using configuration options in the /etc/vmware/config file or by using Dynamic Environment Manager environment variables. See Features of Horizon Linux Desktops.
  • Smart Card Redirection on RHEL Desktops with SELinux Enforcing This release supports smart card redirection on Red Hat Enterprise Linux (RHEL) desktops with Security-Enhanced Linux (SELinux) enabled. In previous releases, smart card redirection required SELinux to be disabled on RHEL desktops. See Configure Smart Card Redirection on a RHEL 8.x Virtual Machine.

VMware Horizon Agent 8 2106 for Windows

  • The HTML5 Multimedia Redirection feature now supports the Microsoft Edge (Chromium) browser. See Install and Configure HTML5 Multimedia Redirection.
  • The Browser Redirection feature now supports the Microsoft Edge (Chromium) browser. See Install and Configure Browser Redirection.
  • The Geolocation Redirection feature now supports the Microsoft Edge (Chromium) browser. See Install and Configure Geolocation Redirection.
  • The USB Redirection feature now supports the Microsoft Edge (Chromium) browser. See Configuring USB Redirection for Google Chrome, Microsoft Edge, and HTML Access Clients.
  • The HTML5 Multimedia Redirection, Browser Redirection, and Geolocation Redirection features on Chrome extensions support the following locales: ES, FR, JP, KR, CN, TW, DE.
  • Media Optimization for Microsoft Teams supports Linux Client. See Configuring Media Optimization for Microsoft Teams.
  • When you configure a different sample rate from the default value for a recording audio device, the sample rate persists after disconnecting from and reconnecting to the session as well after logging off and logging on to the session.
  • VMware Integrated Printing displays the session user name on the client side print queue. This way, the end user can monitor the print job and see who initiated the print job. See Configuring VMware Integrated Printing.
  • You can redirect Microsoft Xbox One controllers that are plugged into a USB port on a Windows client system to virtual desktops. See Configuring Microsoft Xbox One Controller Redirection.
  • The Clipboard Redirection feature enables and disables in session copy/paste functionality. See KB 84165.
  • GPU encoding is enabled during session collaboration on physical machines for Windows 2004 and later if sufficient GPU resource is available for both primary and collaboration sessions.
  • Horizon supports NVIDIA Ampere A40 and A10 GPUs with Blast supporting H.265, H.264, and Graphics offload.
  • Blast Extreme implements High Dynamic Range (HDR) encoding, which expands the range of brightness in a digital image to provide a more realistic depiction of a scene. See VMware Blast Extreme.
  • The Blast Extreme decoder supports 10-bit 4:4:4 video on Intel integrated GPUs.
  • Physical machines support NVIDIA GPUs and encoders. Physical machines can also directly leverage GPU capability available to the Horizon Agent operating system. For a list of tested NVIDIA series, see Manual Pool of Registered Physical Machines.
  • Copy and paste performance has been improved on slow networks.

VMware Horizon 8 2106 GPO Bundle

  • The Enable Split Mks Window group policy setting provides a temporary workaround for display problems encountered when using Horizon Client for Windows 2106 with unified communications (UC) applications such as Cisco WebEx and Zoom.
    • Horizon Client for Windows 2106 introduced a new windows hierarchy that requires the latest version of the UC application to ensure proper display behavior in a multi-monitor setup. When running an older version of a UC application with a multi-monitor setup, client users might see the UC application window display a black screen while the video overlay appears in a different monitor.
    • If your UC vendor has not yet provided an application update that fixes this display problem, you can implement a temporary workaround by disabling the Enable Split Mks Window group policy setting. Disabling this setting turns off the default windows hierarchy and causes windows to be displayed in relation to the bounding box of all monitors in a multi-monitor setup. See Using Group Policy Settings to Configure Horizon Client.
    Note: It is recommended that you only use this workaround as a temporary fix, until you can install the updated version of the UC application that fixes the display problem permanently. After installing the updated UC application, turn on the default windows hierarchy again by enabling the Enable Split Mks Window policy setting from the GPO. For more information, see VMware Knowledge Base (KB) article 85400.
  • The Enable Microsoft Edge (Chromium) Browser for VMware HTML5 Multimedia Redirection group policy setting enables the HTML5 Multimedia Redirection feature for the Microsoft Edge (Chromium) browser. See Install and Configure HTML5 Multimedia Redirection.
  • The Enable VMware Browser Redirection for Microsoft Edge (Chromium) Browser group policy setting enables the Browser Redirection feature for the Microsoft Edge (Chromium) browser. See Install and Configure Browser Redirection.
  • The Enable Edge Browser for VMware HTML5 Multimedia Redirection policy setting is renamed Enable legacy version of Microsoft Edge Browser for VMware HTML5 Multimedia Redirection.
  • The Enable VMware Geolocation Redirection for Microsoft Edge (Chromium) Browser group policy setting enables the Geolocation Redirection feature for the Microsoft Edge (Chromium) browser. See Install and Configure Geolocation Redirection.
  • The Enable VMware Geolocation Redirection for Chrome Browser group policy setting enables the Geolocation Redirection feature for the Chrome browser. See Install and Configure Geolocation Redirection.
  • The Default settings for UPD printers group policy setting allows you to define default settings for UPD printers. See VMware Integrated Printing Policy Settings.
  • The Agent Configuration Policy settings include settings for Remote Desktop Services sessions. See VMware View Agent Configuration ADMX Template Settings.
    • RDS Connection Time Until Disconnect
    • RDS Disconnected Time Until Logoff
    • RDS End Session When Time Limit Reached
    • RDS Idle Time Until Disconnect
  • The Unity Touch and Hosted Apps Policy Settings includes a new policy setting: Redirect legal notice messages as a window. See VMware View Agent Configuration ADMX Template Settings. 
  • The Screen-capture Blocking policy setting determines whether a user can take screenshots of the virtual machine or published application. See VMware View Agent Configuration ADMX Template Settings.
  • The Sample Rate – Recording Audio Device sample rate policy sets the recording audio device sample rate for RDS hosts and published applications. See Real-Time Audio-Video Group Policy Settings.
  • The Unity Filter rule list agent group policy setting now supports the matching of classname values based on regular expression (regex) entries. The policy setting also provides support for the new style characteristic, which lets you apply rules based on Microsoft window styles. See Managing Special Unity Windows.

VMware Dynamic Environment Manager 2106

  • VMware Dynamic Environment Manager integration with VMware Workspace ONE UEM (Unified Endpoint Management).
    • Removes the requirement for a VMware Dynamic Environment Manager configuration Server Message Block (SMB) share
    • Creates a VMware Dynamic Environment Manager config profile file, which contains all the VMware Dynamic Environment Manager configuration settings, using the VMware Dynamic Environment Manager Management Console
    • Stores the VMware Dynamic Environment Manager config profile file in Workspace ONE UEM
    • Delivers the VMware Dynamic Environment Manager configuration to endpoints using Workspace ONE UEM smart groups for flexible targeting
    • Supports integrating an existing VMware Dynamic Environment Manager deployment with Workspace ONE UEM without losing any of your existing VMware Dynamic Environment Manager configuration
    • Supports switching from integration mode, which uses a VMware Dynamic Environment Manager config profile file, back to standalone mode, which uses a VMware Dynamic Environment Manager configuration SMB share, without losing any of your existing VMware Dynamic Environment Manager configuration
Caution: The VMware Dynamic Environment Manager integration with Workspace ONE UEM feature is available with VMware Dynamic Environment Manager 2106. The feature is dependent upon the Workspace ONE UEM release with the corresponding integration feature enabled. You must upgrade both products for the integration to work. However, at this time, the Workspace ONE UEM integration feature is not released. Therefore, only enable integration in VMware Dynamic Environment Manager after Workspace ONE UEM releases this integration feature and you upgrade to that release.

VMware Unified Access Gateway 2106.

VMware Unified Access Gateway 2106 provides the following new features and enhancements:

  • Added SAML authentication support for the Admin UI administrator login. This is an optional alternative authentication method in addition to the existing password authentication. SAML authentication is delegated to a third-party SAML Identity Provider for administrator login and to control the list of users to whom administrator access is granted.
  • IPv6 support is added for Unified Access Gateway deployments to Amazon AWS EC2.
  • OPSWAT client device compliance checks are normally made at Horizon user login time and at desktop or application launch time. For cases where the on-demand OPSWAT agent is used, Unified Access Gateway now supports the option to omit the login time check so that the check is made only at desktop and application launch time. This option is configurable.
  • Added support for processing a JSON Web Key Set (JWKS) format for dynamically obtaining multiple public keys used for validating JSON Web Tokens received by Unified Access Gateway for Horizon Universal Broker use.
  • Improved support for Horizon Smart Card and device certificate authentication when multiple complex certificate issuer chains are used.
  • Secure Email Gateway logs are now included in the Unified Access Gateway log archive.
  • Minimum length password policy is now enforced when the root password is changed using the Linux “passwd” command. The minimum root password length is configurable.
  • Unified Access Gateway HTTP sessions use a session ID cookie called “ACCESSPOINTSESSIONID”. The value of this now changes after user authentication steps to further defend against session fixation attacks.
  • The password expiry period of admins with the monitoring role was previously always set to the same as for the main admin role. This version allows a different value to be set for admins with the monitoring role.
  • The Admin UI now has a session inactivity timer of 10 minutes by default. This value can be set to a different value at deployment time.
  • Updates to Photon OS package versions and Java versions.
  • User activity for applications accessed through Unified Access Gateway with the Workspace ONE Tunnel application can now be visualized in Workspace ONE Intelligence. Customers can view what applications are being used, which users are most active, and what websites are most visited, to help provide analytic insight into user behaviors and application usage patterns.

Supported versions of Windows 10 on Horizon Agent Including All VDI Clones (Full Clones, Instant Clones, and Linked Clones on Horizon 8 2103)

  • Windows 10 21H1 SAC (Pro, Education, Enterprise) Full support
  • Windows 10 20H2 SAC (Pro,Education,Enterprise) Full support
  • Windows 10 2004 SAC (Pro,Education,Enterprise) Full support
  • Windows 10 1909 SAC (Pro,Education,Enterprise) Full support
  • Windows 10 1903 SAC and earlier (Pro,Education,Enterprise) Not Supported
  • Windows 10 LTSC 2019 (Enterprise) Full support
  • Windows 10 1607 LTSB (Enterprise) Full support

For more additional information please read this knowledge article

VMware Horizon Client 2106 – new features

VMware Horizon Client 2106 for Android

Horizon Client for Android 2106 includes the following new features:

VMware Horizon Client 2106 for ChromeOS

Horizon Client for Chrome 2106 includes the following new features:

  • Copy and paste text between the client and a remote session in multi-monitor mode Clipboard content is synchronized between Horizon Client for Chrome and a remote session when using the multi-monitor feature.
  • DPI synchronization in multi-monitor mode You can enable the Enable DPI scale on extended monitors option to display remote desktops on multiple monitors according to the client system’s DPI setting. See Change the Display Mode for Remote Desktops.
  • Audio play delay control You might be able to improve the delay of audio playback from remote desktops by configuring the delay control option in Horizon Client. See Configure Audio Play Delay Control.

VMware Horizon Client 2106 for iOS

Horizon Client for iOS 2106 includes the following new features:

VMware Horizon Client 2106 for Mac

Horizon Client for Mac 2106 includes the following new features:

  • VMware Blast changes The Allow High Efficiency Video Decoding (HEVC) option is enabled by default. Previously, it was disabled by default. When this option is selected, performance and image quality are improved if the client machine has a GPU that supports HEVC decoding. If this option is selected but the client machine does not have a GPU that supports HEVC decoding, or the agent does not support HEVC encoding, Horizon Client uses H.264 decoding instead if H.264 is selected. Horizon Client uses Blast Codec decoding if H.264 is not selected. See Configure VMware Blast Options.
  • USB device path changes In some cases, USB device paths have changed. For example, if you previously configured Exclude Path=”bus-1/0/0_port-02″, in the 2106 release, you might need to change the value to Exclude Path=”bus-1/0_port-01″. If you use USB filtering properties, check the device paths generated in the Horizon logs for the correct paths and edit the Exclude Path and Include Path properties if necessary. See USB Redirection Properties.
  • VPN MAC addresses are filtered out Horizon Client now reports the MAC address of the user’s local hardware instead of the MAC address of the VPN. See MAC Address Deny List.
  • Touch bar customization added for published applications You can now add, remove, and reorder the touch bar items in published applications. Previously, this feature was supported only for remote desktops. See Using a Touch Bar with Remote Desktops and Published Applications.

VMware Horizon Client 2106 for Linux

VMware Horizon Client for Linux makes it easy to access your remote desktops and published applications from a supported Linux system with the best possible user experience on the Local Area Network (LAN) or across a Wide Area Network (WAN).

  • Support for Ubuntu and Red Hat Enterprise Linux (RHEL) – The Horizon Client installer available from the VMware Downloads site provides support for these operating systems.
  • Unmatched performance – The adaptive capabilities of the VMware Blast and PCoIP display protocols are optimized to deliver the best user experience, even over low-bandwidth and high-latency connections. Your desktop is fast and responsive regardless of where you are.
  • Simple connectivity – Horizon Client for Linux is tightly integrated with VMware Horizon for simple setup and connectivity.
  • Secure from any location – At your desk or away from the office, your data is delivered securely to you wherever you are. Enhanced certificate checking is performed on the client. Horizon Client for Linux also supports optional RADIUS and RSA SecurID authentication.

VMware Horizon Client 2106 for Windows

Horizon Client for Windows 2106 includes the following new features:

  • Modernized user interface The Horizon Client for Windows user interface has a more modern appearance. Some icons are different, some menus and menu items have different names, and some settings are changed from check boxes to toggle switches. The documentation has been updated to reflect the changes to the user interface.
  • Dynamic update of redirected audio output devices When you configure a preferred speaker for a remote desktop, if you select all the available speakers, the devices are updated dynamically during a remote session. If you select a specific speaker, the changes do not take effect in the remote session. See Select a Preferred Speaker for a Remote Desktop.
  • VMware Blast changes The Allow High Efficiency Video Decoding (HEVC) option is enabled by default. Previously, it was disabled by default. When this option is selected, performance and image quality are improved if the client machine has a GPU that supports HEVC decoding. If this option is selected but the client machine does not have a GPU that supports HEVC decoding, or the agent does not support HEVC encoding, Horizon Client uses H.264 decoding instead if H.264 is selected. Horizon Client uses Blast Codec decoding if H.264 is not selected. See Configure VMware Blast Options.
  • USB device path changes In some cases, USB device paths have changed. For example, if you previously configured Exclude Path=”bus-1/0/0_port-02″, in the 2106 release, you might need to change the value to Exclude Path=”bus-1/0_port-01″. If you use USB filtering settings, check the device paths generated in the Horizon logs for the correct paths and edit the Exclude Path and Include Path settings if necessary. See Using Group Policy Settings to Configure Horizon Client.
  • Smart card authentication with the CNG API Horizon Client supports smart card middleware with KSP implemented and a smart card certificate issued with the KSP certificate template. See Smart Card Authentication Requirements.
  • Input method editor (IME) enhancements If you use non-English keyboards and locales, you can use an IME that is installed in the local client system to send non-English characters to a remote desktop. See Use a Local IME with a Remote Desktop.
  • Forever applications Beginning with Horizon 2106, administrators can configure the Bypass Session Timeout setting to make application sessions run forever. Forever applications are exempt from idle session and Horizon server timeouts. If you are using a forever session when a timeout occurs, the session will not end. You must manually close forever sessions when you are finished with them. Application sessions that run forever are not supported for unauthenticated users. For information about the Bypass Session Timeout option, see Setting Up Published Desktops and Applications in Horizon.
  • VPN MAC addresses are filtered out Horizon Client now reports the MAC address of the user’s local hardware instead of the MAC address of the VPN. See MAC Address Deny List.
  • Windows 10 version 21H1 SAC support You can install Horizon Client for Windows 2106 on a Windows system that is running Windows 10 version 21H1 SAC.
  • vmware-view command changes The -logInAsCurrentUser command has changed to -loginAsCurrentUser. See Running Horizon Client From the Command Line.

VMware Horizon Client 2106 for HTML Access

HTML Access 2106 includes the following new features:

VMware Horizon Cloud Service on IBM Cloud 21.1.0

  • Tenant Auto Agent Update (AAU) has been enhanced to upgrade persistent desktop assignments and golden images using different Horizon Agent Installer (HAI) versions, based on OS type and version.
  • Tenant Auto Agent Update (AAU) has undergone several enhancements for stability and functionality, including the ability to roll back the agent update for a desktop if that was enabled beforehand.
  • Support for VMware Instant Clone Smart Provisioning, where the provisioning mode (A or B) depends on environmental factors like pool size and image size. has been added. For more information, see https://techzone.vmware.com/?share=video2745.

What’s New for Horizon Cloud Service

What’s New August 10, 2021 (v2108, v2.0, v21.06, v21.2)

VMware Horizon Cloud Service on Microsoft Azure 2108 | pod manifest 2955.x | VMware Horizon Cloud Connector 2.0.x | VMware Horizon Universal Broker Plugin Installer 21.06 | VMware Horizon Agents Installer (HAI) 21.2.x | Unless otherwise noted in the documentation, this HAI version is built into manifest 2955.x. Running the Import VM wizard in a pod of 2955.x will install the agents from this HAI version. This HAI version is also supported for manual installation for imported VMs in pods of manifest 2955.x. For pods at earlier manifests, the Import VM from Marketplace wizard uses the HAI version that was built into their respective pod manifests. Note: When downloading the latest binaries for the Horizon Cloud Connector, Horizon Universal Broker Plugin Installer, and HAI from VMware Customer Connect, look for the July 15, 2021 release date. The versions of the relevant binaries are located in the downloads pages with that date. If you are a current customer that has existing cloud-connected pods prior to this date, additional detail is provided in the August 2021 section of the documentation topic For Current Customers with Existing Cloud-Connected Pods – About the Latest Horizon Cloud Release.

  • Integration with the VMware Workspace ONE® Assist for Horizon® product enables Horizon Cloud administrators to launch remote support sessions directly from the Help Desk Tool from the Horizon Universal Console. With this feature, administrators can assist employees with virtual desktop sessions and issues, with remote view and control capabilities. Because Workspace ONE Assist for Horizon is part of the VMware Workspace ONE UEM product line, the documentation about Workspace ONE Assist for Horizon can be found within the document titled Workspace ONE Assist for Horizon and Horizon Cloud located within the set of Workspace ONE UEM Product Documentation.
  • For Horizon Cloud pods in Microsoft Azure, a change related to the set of operations that the service principal should be allowed to perform. Two additional operations are added to the set of operations that the service principal needs to use in your subscription, as described in Operations Required by Horizon Cloud in Your Microsoft Azure Subscriptions. These two additional operations are to support an upcoming feature by which the service can reduce the time it takes for a new pod deployment and for a pod upgrade by using pre-configured images in the Microsoft Azure Marketplace. When your service principal uses a custom role, that role will need the ability to perform these two additional operations.
  • A new pod manifest version for Horizon Cloud pods in Microsoft Azure includes platform code improvements for performance and reliability.

Source

Leave a Reply

Your email address will not be published. Required fields are marked *

Turn on pictures to see the captcha *