What's New with Horizon Workspace:

Technical Deep Dive

Jared Cook, VMware

Ashish Jain, VMware

Andrew Johnson, VMware

EUC4833

#EUC4833

2 2

Agenda

Overview

• Applications

• Data

• Desktop

• Clients

Architecture

• Infrastructure Services

• vApp Overview

• Prerequisites

• Database

• External access

• File Preview Services

• Maintenance and Upgrades

Q&A

3 3

Horizon Workspace 1.5 Overview

4 4

Overview

Benefits

Unified User / Identity Management

Catalog manages Suite Apps & Services:

Apps: web, iOS, Android, Windows

Services: Data (Files), Apps, View

Centralized Entitlement Management

Unified Policies Mgmt for all Suite Modules

(Q2 and enhanced thereafter)

Leverage and Extend existing investments

in AD/identity infrastructure

IT admins have a single place to publish,

entitle and audit all resources.

Admins can efficiently entitle resources

Granular controls enables IT to efficiently

set policies at desired level

Horizon Workspace Management

5 5

Overview

Benefits

Horizon Workspace – Aggregated Resource Catalog

Single catalog to manage all Suite Apps

and Services:

Apps: web, iOS, Android, Windows

Services: Files, Apps, View

End to end application life cycle mgmt from

“app publishing” to “analytics”

IT admins have a single place to publish,

entitle and audit all resources

End users have a single place to get all

their “work apps” regardless of app type

6 6

Overview

Benefits

Horizon Workspace – Web Applications

Access to Global SaaS Catalog

Add custom Web/SaaS apps

Custom integration to application provisioning

Increase security of SaaS apps

Single view of all applications

Reduce Management Effort

Simplify Application Licensing

7 7

Secure Mobile Workspace Management

IT Admin

Android

(Available in limited

markets)

IOS

(Upcoming release)

Challenge

Users want to use a single mobile device

Keep personal data private

IT doesn’t want to be liable for personal content

Protect sensitive corporate data and take control of mobile apps and updates

Solution

A mobile workspace that is completely enterprise-owned and controlled

Ability to provision, manage, and remove corporate data and applications on employees’ devices

Benefit

Complete separation of personal and corporate data—IT is not liable for personal content

Support for corporate security, compliance and privacy policies

Corporate data is encrypted and isolated

Solves Android fragmentation problem

8 8

Horizon Workspace – Data and File Preview

Overview

Benefits

High fidelity mobile/browser doc previews

Internal & external sharing

Document versions, audit trail

Notifications & commenting

Policy enforcement (quota, sharing, file

types, mobile controls)

Personal & team productivity

Share documents in an IT friendly way

Stay up to date effortlessly

IT governs end user usage

v3

v2

v1

Internal External

9 9

Horizon Workspace – ThinApp Integration

Horizon Workspace can integrate with

VMware ThinApp 4.7 and later to:

• Stream or download ThinApp

applications to Windows

domain workstations

• ThinApp must be enabled

for Horizon Workspace

• Point to ThinApp share

(Windows CIFS share)

• Only .exe format is supported

(no MSI format)

10 10

Horizon Workspace – VMware View Integration

Horizon Workspace with Horizon View 5.2:

• Install Horizon View 5.2 with Feature Pack 1

to provide HTML access to View desktops

• Make sure forward and reverse DNS records

exist for Horizon View Servers

• Enable the Horizon View Module

in Horizon Workspace

• Be sure to join or verify the Connector used for

View integration has been added to the domain

• Configure SAML 2.0 authentication

in Horizon View

• Configure Horizon View using the Connector

VA web interface

11 11

Overview

Benefits

Track users, resources (files,

apps, desktops) and usage

Easy access to prepared reports

Support for 3rd party reporting tools to

access data stored in Horizon repository

Easy access to key analysis based

on prepared reports

Leverage existing investments in 3rd party

reporting tools by integrating them with

data stored in Horizon repository

Reporting and Analytics

Smart Analysis to gain key insights

12 12

Horizon Workspace – Client Compatible Matrix

Operating Systems

• WinXP sp3, Win Vista,

Win7 SP1, Win8

• Mac OSX 10.6+

Windows based web browsers

• IE8+ (blast IE9+), Chrome, Firefox

MAC based web browsers

• Safari, Chrome, Firefox

Mobile Devices

• Apple iPad 2+

• Apple iPhone 4+ running iOS 5.0+

• Android 2.2, 2.3, 3.x, 4.x

13 13

Horizon Workspace 1.5 Architecture

14 14

Horizon Workspace – VMware Product Compatibility

VMware Product Horizon Workspace

1.5

Horizon Workspace

1.0

VMware vCenter Server 5.1 U1 ✔ ✔

VMware vCenter Server 5.1

✔ ✔

VMware vCenter Server 5.0 U2

✔ ✔

VMware ESXi 5.1 U1 ✔

VMware ESXi 5.1

✔ ✔

VMware ESXi 5.0 U2

✔ ✔

VMware Horizon View 5.2 ✔ ✔

VMware ThinApp 4.7 ✔ ✔

15 15

Horizon Workspace – Infrastructure Dependencies

• Active Directory – Horizon Workspace requires Active Directory to sync users and groups.

• DNS – All the virtual appliances refer to each other by their hostnames. Both forward and reverse records are required for all the virtual appliances in the Horizon Workspace vApp. Make sure that each machine can search for the Horizon Workspace FQDN.

• SMTP – The Horizon Workspace vApp requires access to a SMTP server. The SMTP server FQDN and port number are needed at installation time.

• NTP – All virtual appliances rely on time synchronization. Enable and configure time sync on the vSphere hosts to point to your enterprise NTP server. Failing to do so can cause time drift between the virtual appliances. Kerberos-enabled connectors sync time to the Primary Domain Controller (PDC) role.

• Load Balancer and Reverse Proxy – This reference architecture uses a software-based load balancer and reverse proxy.

• External Storage – Horizon Workspace vApp supports external NFS volumes for Horizon file sharing..

16 16

Horizon Workspace vApp

Workspace vApp

Configurator

VA

OS (SLES)

tcserver

Management VA

OS (SLES)

App

API

DB tcserver

Data VA

OS (SLES)

App

API

DB LDAP Jetty

App

Connector

VA

OS (SLES)

tcserver

App

Gateway

VA

OS (SLES)

Nginx

Modules

• Central Wizard UI

• Distributes settings

across VAs

• Network, Gateway,

vCenter, SMTP

attributes

• Add / remove modules

• Manage certs, security

• User authentication (RSA SecureID)

• AD secure bind and synchronization

• Set replication schedule

• Sync View pools and ThinApp

• Enables single user-

facing domain

• Routes requests to

correct node

• Reverse proxy

insulates VAs

• Workspace Admin UI

• Application Catalog

• Manage user entitlements

• Workspace Groups

• Reporting

• Stores files

• Controls file sharing policy for

internal and external users

• Manage file preview server

• Serves end user web UI

17 17

Horizon Workspace – POC Checklist

Workspace FQDN for End Users

VA IPs and Hostnames

vCenter IP Pool/Credentials

ESXi - NTP Enabled

Active Directory Information

DNS Forward and Reverse Lookup

• VAs, FQDN, Preview Server, VMware View

External Database (optional)

SMTP Server

NFS Mount Information (optional)

SSL Certificate (optional)

Workspace Download and License Key

18 18

Horizon Workspace – Architecture Diagram

VMware Horizon 1.5 Architecture Diagram

19 19

Horizon Workspace – System Requirements

Virtual Appliance Minimum Recommended

vCPU RAM Disk vCPU RAM Disk

Configurator-va 1 1GB 5GB 1 1GB 5GB

Connector-va

2 4GB 12GB 2 4GB 12GB

Manager-va

2 4GB 4GB 6 8GB 32GB

Gateway-va 1 1GB 9GB 6 32GB 9GB

Data-va 2 4GB 175GB 6 32GB 175GB

20 20

Horizon Workspace – Database Support

Small Deployments – Internal DB

Horizon Service and Horizon Data

Larger Deployments – External

Postgres DB for Horizon Service

Recommended:

VMware vFabric Postgres

21 21

Horizon Workspace – Oracle Database Support

External database support for High Availability and load balancing

Support for both Oracle 11g Enterprise Edition

or VMware vFabric Postrges 9.2.4

Required for production deployments

22 22

Horizon Workspace – External Access

Specify Horizon Workspace FQDN for End Users

Provides link to the Gateway Root CA Certificate

Upload Load Balancer Root CA Certificate

23 23

Horizon Workspace – Gateway-va Diagram

24 24

Horizon Workspace – Data Disk Layout

Contains SLES OS (40GB)

VMFS Datastore

Horizon Data Application root /opt/zimbra

User Files Store /opt/zimbra/store

/

/opt/zimbra/db

/opt/zimbra/index

/opt/zimbra/redolog

/opt/zimbra/log

/opt/zimbra/backup

/opt/zimbra/data

VMDK

VMDK

VMDK

VMDK

VMDK

VMDK

VMDK

VMDK

VMDK

MySQL database

Lucene indexes

Not being used

Main logs directory

Component backup files

tmp folder for processes

NFS

User Files Store

/opt/zimbra/store##

http://kb.vmware.com/kb/2053549

25 25

Horizon Workspace – Data Preview Services

MS Office Preview Server

• Windows 7 Enterprise

or Windows 2008 R2

Standard required

• MS Office 2010 Professional, 64-

bit required

• Install Horizon Data

Preview installer

• Admin account w/ permissions to

create local accounts

• Disable UAC

• Conversion of documents

real-time

26 26

Horizon Workspace – Maintenance and Upgrades

Virtual Appliance Management Infrastructure

(VAMI)

Standard way to update Virtual appliances

GA builds to GA Builds

Resolve – http://vapp-updates.vmware.com

Go to CLI – updatemgr.hzn

27 27

Horizon Workspace – Backup Best Practices

Three Types of Persistently Stored Data

• External Database (vPostgres or Oracle)

• Data Stored in a VMDK (virtual machine disk format)

• Horizon File blobs stored on NAS volumes or on VMDKs

Backing Up Horizon Workspace

1. Create a point-in-time backup of external database

2. Take a point-in-time backup of each VA in the the Horizon Workspace vApp

3. If using external storage take a point-in-time backup of Horizon Data blob store

• If using VMDK, the data blob backup is part of the step 2

DR Restoration Sequence

1. If using NAS, restore blobs from blob backup, if using VMDK go to step 2

2. Restore the Horizon Workspace VAs from the VA backup

3. Restore external database

4. Power on the Horizon Workspace vApp and MS Preview Server

28 28

What’s Next ?

29 29

Horizon Workspace: Manage Data & Application Access

IT manages policies for apps, data & more

Users access workloads across devices

Secure Syncing, Sharing &

Remote Access

Security & Compliance

Anywhere Access

Multi-Device Access

BYOD Mobile Mgmt.

Collaboration

30 30

Secure Single Sign-On access to Web Applications

Secure on-premise document storage, collaboration and

archiving solution

Connect to View desktops, with and without native View clients

Access and delivery of ThinApps

Windows, Mac, iOS and Android as well as Web browser clients

to connect from anywhere

Unified management of endpoints (desktops, apps, policies,

devices

Released March 2013

Workspace 1.0

31 31

Integrated the secure Android workspace into HWS

Oracle database support

Changes to policy framework for consistency and flexibility

Revised iOS apps – Files and Web Apps in two separate apps

Localization to French, German, Japanese, Simplified Chinese

Numerous bug fixes

Released July 2013

What’s new in Horizon Workspace 1.5 ?

32 32

The Horizon Workspace Journey Continues…

Support for XenApp in Application catalog and launcher.

Non Domain support for ThinApps

Android Mobile Enhancements

iOS Enterprise Mobility Management

Enterprise Integration Improvements

…

33 33

Other VMware Activities Related to This Session

HOL:

HOL-MBL-1304

Horizon Workspace - Explore and Deploy

Group Discussions:

EUC1005-GD

Workspace with Rasmus Jensen

THANK YOU

What's New with Horizon Workspace:

Technical Deep Dive

Jared Cook, VMware

Ashish Jain, VMware

Andrew Johnson, VMware

EUC4833

#EUC4833