Reviewer's Guide for View in VMware Horizon 7: Instant Clones ...

TECHNICAL WHITE PAPER – AUGUST 2017

REVIEWER’S GUIDE FOR VIEW IN VMWARE HORIZON 7: INSTANT CLONES VMware Horizon 7 version 7.x

REVIEWER’S GUIDE FOR VIEW IN VMWARE HORIZON 7: INSTANT CLONES

Table of Contents Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 JMP – Next-Generation Desktop and Application Delivery Platform. . . . . . . . . . . . . . . . . . . . . . . . . . 3 Purpose of This Guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Intended Audience for This Guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Before You Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Exercise 1: Creating an OU and User Account for Instant Clone Operations. . . . . . . . . . . . . . . . . . . . . . 5 Exercise 2: Adding an Instant-Clone Domain Administrator. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Exercise 3: Deploying an Instant-Clone Desktop Pool. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Exercise 4: Editing Pool Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Exercise 5: Pushing a New Image to an Instant-Clone Desktop Pool . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 All Guides. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Appendix: Terminology Used in This Guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Additional Resources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 About the Author and Contributors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

T E C H N I C A L W H I T E PA P E R | 2


Introduction Welcome to the Reviewer’s Guide for View in VMware Horizon 7: Instant Clones, a comprehensive technical overview of Instant Clone Technology, a new feature of the View component of VMware Horizon® 7. The View component (formerly the product called Horizon View) offers a virtual desktop infrastructure (VDI) and remote applications through Remote Desktop Session Host (RDSH). Desktop and application delivery are done through a single platform, which simplifies desktop administration and operations and enhances the user experience. By centrally maintaining desktops, applications, and data, Horizon 7 uses View to reduce costs, improve security, and increase availability and flexibility for end users. The VMware Instant Clone Technology included in the View component of the Horizon 7 Enterprise Edition improves and accelerates the process of creating cloned virtual desktops as compared to the previous View Composer linked-clone technology. In addition, instant clones require less storage and less expense to manage and update because the desktop is deleted when the user logs out, and a new desktop is created using the latest image on which the instant-clone pool is based.

JMP – Next-Generation Desktop and Application Delivery Platform JMP (pronounced jump), which stands for Just-in-Time Management Platform, represents capabilities in VMware Horizon 7 Enterprise Edition that deliver Just-in-Time Desktops and Apps in a flexible, fast, and personalized manner. JMP is composed of the following VMware technologies: • VMware Instant Clone Technology for fast desktop and RDSH provisioning • VMware App Volumes™ for real-time application delivery • VMware User Environment Manager™ for contextual policy management JMP allows components of a desktop or RDSH server to be decoupled and managed independently in a centralized manner, yet reconstituted on demand to deliver a personalized user workspace when needed. JMP is supported with both on-premises and cloud-based Horizon 7 deployments, providing a unified and consistent management platform regardless of your deployment topology. The JMP approach provides several key benefits, including simplified desktop and RDSH image management, faster delivery and maintenance of applications, and elimination of the need to manage “full persistent” desktops.

Purpose of This Guide This guide is one of a series of guides to help you evaluate the View component of Horizon 7. This guide provides exercises to demonstrate the process of creating instant-clone desktop pools. For more information on the benefits of instant clones, see the white paper VMware Horizon 7 Instant Clone Desktops. For exercises to create instant-clone RDSH server farms, see Publishing Applications with VMware Horizon 7. Note: The exercises in this guide do not include the NVIDIA GRID vGPU feature, which provides high-end, hardware-accelerated graphics support for instant clones. For a video that explains how to configure this feature, see the blog post VMware Horizon 7.1 Technical Deep Dive. For an overview of View in Horizon 7 and information about key features, such as publishing applications and configuring Smart Policies, see the All Guides section. Important: This guide is designed for evaluation purposes only. It uses the minimum required resources for a basic deployment and does not explore all possible features. Do not use this evaluation environment as a template for deploying a production environment. To deploy a production environment, see VMware Horizon 7 Documentation.



Intended Audience for This Guide This guide is intended for IT administrators and product evaluators who want to install Horizon 7 and deploy a VDI environment. Both current and new users can benefit from using this guide. Familiarity with VMware vSphere® and VMware vCenter Server® is assumed. Some familiarity with other technologies is helpful, including networking and storage in a virtual environment, Active Directory, identity management, directory services, Simple Mail Transfer Protocol (SMTP), and RSA SecurID.

Before You Begin This guide is part of a series. We recommend that you follow the guides in order. For information about all guides in the series, see All Guides. Before you can perform the exercises in this guide, you must have the following infrastructure components installed and configured: • VMware vSphere 6.0 Update 1 or later, including vCenter Server 6.0 Update 1 or later. VMware vSphere 6.5 or later is recommended. For more information, see VMware vSphere 6 Documentation. • VMware ESXi™ host or hosts configured in the vCenter Server instance • An authentication infrastructure that includes Active Directory, DNS, DHCP, and Certificate Authority setup. • Connection Server, version 7.1 or later, set up as described in the Reviewer’s Guide for View in VMware Horizon 7: Installation and Configuration. • A master image of the virtual machine on which the instant-clone desktops will be based. For instructions, see the Reviewer’s Guide for View in VMware Horizon 7: Preparing Virtual Machines for Desktop Pools.



Exercise 1: Creating an OU and User Account for Instant-Clone Operations Perform the following preliminary tasks so that instant-clone desktops can be automatically joined to a specified domain as they are created: • Create an organizational unit (OU) in Active Directory for instant-clone computer accounts • Create a user account in Active Directory that has the required permissions for creating and deleting instant clones Note: This exercise shows how you would typically create an OU in a production environment and set the minimum required Active Directory domain privileges. However, for a lab environment, you can skip this step and deploy the instant-clone virtual machines (VMs) to the Computers OU and use an administrator account for the instant-clone domain administrator. If you are using a lab environment, go to Exercise 2: Adding an Instant-Clone Domain Administrator. 1. Log in as an administrator to the operating system of the Active Directory Domain Controller. 2. Go to Control Panel > Administrative Tools > Active Directory Users and Computers. 3. Select the target domain.

4. If you do not have a user account that you want to use for the instant-clone domain administrator, select the Users OU, select Action > New > User, and complete the dialog box. 5. To create an OU for the instant-clone desktops, select Action > New > Organizational Unit, and complete the dialog box. This OU is the Active Directory container in which the instant-clone computer accounts are created. After you complete the text box, you can find the OU under the domain.



6. Add the Create Computer Objects, Delete Computer Objects, and Write All Properties permissions to the account on the container for the instant-clone computer accounts. a. Select the OU you created (that is, the container) and select Action > Delegate Control.

b. On the Welcome page of the Delegation of Control wizard, click Next. c. On the Users or Groups page, click Add, and in the Enter the object names to select text box, enter the account that will be used for the instant-clone domain administrator, and click OK.

d. When you are returned to the Users or Groups page, click Next.



e. On the Tasks to Delegate page, select Create a custom task to delegate and click Next.



f. On the Active Directory Object Type page, select the following items and click Next. • Only the following objects in the folder • Computer objects • Create selected objects in this folder • Delete selected objects in this folder



g. On the Permissions page, in the Permissions list, select the following items and click Next. • Create All Child Objects • Delete All Child Objects • Read All Properties • Write All Properties • Reset Password

hese are the required permissions for the user account, including permissions that T are assigned by default. • List Contents • Read All Properties • Write All Properties • Read Permissions • Reset Password • Create Computer Objects • Delete Computer Objects h. On the wizard Completion page, click Finish. You now have a domain administrator account in Active Directory that has the required permissions for creating and deleting instant-clone computer accounts.



Exercise 2: Adding an Instant-Clone Domain Administrator You use Horizon Administrator to specify the user account for joining instant-clone VMs to the Active Directory domain. 1. In the Horizon Administrator console, go to View Configuration > Instant Clone Domain Admins.

T E C H N I C A L W H I T E PA P E R | 1 0


2. Click Add, enter the login name and password for the instant-clone domain administrator account, and click OK.

You can now select the instant-clone domain administrator when you create an instant-clone desktop pool in a later exercise.



Exercise 3: Deploying an Instant-Clone Desktop Pool This exercise assumes that you have added an instant-clone domain administrator and created the master VM image on which to base the instant-clone desktops. Note: Creating the master image is the subject of Reviewer’s Guide for View in VMware Horizon 7: Preparing Virtual Machines for Desktop Pools. 1. Log in to Horizon Administrator, and navigate to Catalog > Desktop Pools. 2. Click Add.

3. In the Add Desktop Pool wizard, select Automated Desktop Pool and click Next.



4. On the User Assignment page, select Floating and click Next.

5. On the vCenter Server page, select Instant clones, select the vCenter Server, and click Next.



6. Complete the Desktop Pool Identification page and click Next. You must add a pool ID. If you do not provide a display name, the pool ID is used for the display name. If you do not specify an access group, the pool is placed in the root access group. For more information, see Configuring Role-Based Delegated Administration in View Administration.



7. On the Desktop Pool Settings page, leave State set to Enabled, specify VMware Blast as the default display protocol, set HTML Access to Enabled, and click Next. You can use the defaults for all other settings. You can use any display protocol for instant clones, but the new Blast Extreme display protocol is optimized for all types of devices. Because you are enabling HTML Access, you can access your instant-clone desktop from a browser if you do not want to install VMware Horizon Client™ later.

Note: With Horizon 7 version 7.1 or later, you can enable 3D rendering and use NVIDIA GRID vGPUs with instant-clone desktop pools. Because this ability requires you to have specific NVIDIA graphics cards installed in your vSphere hosts, this exercise does not tell you to enable the 3D rendering feature. If you are interested in using this feature, see the blog post When Will VMware Instant Clones Support High-End 3D Graphics?



8. On the Provisioning Settings page, change the following settings and click Next. • Enter a naming pattern for the VMs, as described in the Naming Pattern panel of the UI. For example, for this exercise, you can use Win-10-IC-. This naming pattern helps you identify Windows 10 instant clones in Horizon Administrator. • Set the maximum number of machines to 10 or fewer (for the purposes of this exercise). In a production environment, instant-clone pools have been tested to support up to 2,000 desktops. • Select Provision machines on demand, and use the default minimum of 1.

9. On the Storage Optimization page Select separate datastores for replica and OS disks and click Next. For this exercise, use separate datastores so that you can see the extra settings on the next page. With separate datastores, you can place the replica VM on a solid-state, disk-backed datastore. Solid-state disks have low storage capacity but high read performance, typically supporting 20,000 IOPS. Separate datastores are used in tiered-storage models.



10. On the vCenter Settings page, click Browse next to each text box to make your selections and click Next.

When making your selections, use the following guidelines: • Parent VM – Select the master VM that you created for instant clones in Reviewer’s Guide for View in VMware Horizon 7: Preparing Virtual Machines for Desktop Pools. • Snapshot – Select the snapshot of the master VM that you created. • VM folder location – If you do not have a folder created, select the data center, and click OK. • Linked clone datastores and Replica disk datastores – If you are not using a tiered-storage model, you can select the same datastore for replicas and clones.

Note: With Horizon 7 version 7.1 and later, you can select multiple vLAN networks to create a larger instant-clone desktop pool. Only the static port group is supported. In this screen shot, you see that for the Networks setting, two networks have been selected. The default is to use the same network as the master VM. For a video that explains how to configure this feature, see the blog post VMware Horizon 7.1 Technical Deep Dive.



11. On the Guest Customization page, use the following settings and click Next. • Domain – Select the instant-clone domain administrator that you created. • AD Container – Click Browse and navigate to the OU that you created in Active Directory.

Note: For this exercise, you do not enter scripts. In a production environment, you can specify that a script run immediately after a clone is created. You can also run another script before the clone is powered off. These scripts can invoke any process that can be created with the Windows CreateProcess API, such as cmd, vbscript, exe, and batch-file processes. 12. On the Ready to Complete page, click Finish.

You return to the Catalog > Desktop Pools inventory list. The new pool appears in the list.

13. Double-click the desktop pool to check the deployment status.

In the bottom Machine Status pane, one instant-clone desktop is now available. For this exercise, you selected to provision the desktops on demand, with a minimum of one desktop available.



Exercise 4: Editing Pool Settings After the instant-clone desktop pool is created and the desktop is available, you can edit pool settings to increase the size of the pool. Additional desktops are created almost instantly. For this exercise, you begin on the same window where the previous exercise left off. 1. At the top of the Summary tab for the desktop pool, click Edit to change the number of spare desktops.

2. On the Provisioning Settings tab in the Edit dialog box, in the Desktop Pool Sizing section, set the number of spare machines to 5 and click OK.

You are returned to the Desktop Pools list.



3. In the Desktop Pools list, double-click the desktop pool, and in the Pool Details window, click the Inventory tab to check the individual desktop deployment status.

4. Click the Refresh icon to update the status. When a desktop status changes to Available, it is ready to entitle and use. Because instant clones are provisioned so quickly, the desktops typically become available within a minute.



Exercise 5: Pushing a New Image to an Instant-Clone Desktop Pool To manage OS patches and software updates with instant clones, you use the push-image operation. The push-image operation achieves the same goal as the recompose operation for View Composer linked clones. However, the recompose operation is slower and requires you to plan for maintenance windows to perform the operation at off-peak hours. Because the provisioning of instant clones is faster than that of View Composer linked clones, it is not necessary to plan for maintenance windows. Unlike linked clones, instant clones do not need to be recomposed, refreshed, or rebalanced. When a user logs out of the desktop, the desktop is deleted and recreated. This approach to desktop deletion and recreation staggers the patching operation across desktops, eliminates boot storms, reduces storage IOPS, and creates less of a load on the vCenter Server. 1. In vSphere Web Client, log in to vCenter Server, select the virtual machine that you created for deploying the instant-clone pool, and create a new VM snapshot. 2. In Horizon Administrator, go to the Desktop Pools list, and double-click the desktop pool. 3. On the Summary tab, select Push Image > Schedule.



4. On the Image page of the wizard, select the new snapshot that you created and click Next.

he selected snapshot is the image you push to the instant-clone pool. You can also use this T page to navigate to a different VM and select a snapshot.



5. On the Scheduling page of the wizard, leave the start time set to the default so that the push starts after you complete the wizard, and click Next.

The Stop at first error check box is available only if the Stop provisioning on error check box is not selected on the Edit Pool > Provisioning Settings tab. You can also configure whether users are forced to log out. The warning settings shown in the wizard are for display only. To change the warning settings, go to View Configuration > Global Settings.



6. On the Ready to Complete page, click Finish. You are returned to the Summary tab, where the current and pending images for the push operation are displayed in the vCenter Server panel.

7. Click the Inventory tab to monitor which individual desktops are using which image.



Summary This Reviewer’s Guide is one of a series of guides that explore the View component of VMware Horizon 7. This guide walked you through the process of creating an instant-clone desktop pool and updating the pool to use a new master image. Before end users can log in to an instant-clone desktop, you must entitle one or more users to the desktop. Entitled users can log in by using a natively installed Horizon Client or by opening a browser and using HTML Access. For more information, see Reviewer’s Guide for View in VMware Horizon 7: Provisioning Users.

All Guides You can explore many key features and capabilities in the Reviewer’s Guide series for View in Horizon 7: • Overview • Installation and Configuration • Preparing Virtual Machines for Desktop Pools • Instant Clones • Desktop Pools • Publishing Applications with VMware Horizon 7 • Smart Policies • Provisioning Users Note: For information about features that are not covered in these guides, see VMware Horizon 7 Documentation.



Appendix: Terminology Used in This Guide The following terms are used in this guide: Instant clone

A rapidly generated and nonpersistent clone of a powered on virtual machine. An instant clone provides users with a virtual desktop in seconds.

Master virtual machine (VM)

A single desktop source that is used to deploy a group of virtual desktops or virtual machines. A master virtual machine is sometimes referred to as a master image, desktop image, or golden image. In a physical environment, a master virtual machine can be referred to as a disk image file.

Snapshot

A set of files that contain the entire state of a virtual machine— its data, memory, and configuration. If you revert to a snapshot, the current state of the virtual machine is lost, and its saved state is restored. Multiple snapshots are differential, and have a parent and child relationship. The files of a child snapshot contain only changes made to its parent snapshot.

Virtual desktop

The user interface of a virtual machine that has been made available to an end user.

Virtual machine

A software-based computer, running an operating system or application environment, that is located in the data center and backed by the resources of a physical computer.

For more information about terms, see the VMware Technical Publications Glossary.



Additional Resources For more information about the View component of VMware Horizon 7, you can explore the following resources: • VMware Horizon 7 Hands-On Lab • VMware Horizon 7 (which includes the View component) • VMware Horizon 7 Documentation • VMware Horizon Pricing, Packaging, and Licensing • VMware Knowledge Base • VMware Product Evaluation • VMware Product Guide • VMware Product Interoperability Matrixes • What’s New with VMware Horizon 7 (VMware blog post) • White papers • Self-help resources • VMware vSphere and VMware vCenter Server resources ––Product overview –– Product documentation –– White papers and other resources • VMware consultation and support ––VMware Horizon Support Center ––VMware Consulting Professional Services Organization

About the Author and Contributors The Reviewer’s Guide for View in VMware Horizon: Instant Clones was written by Caroline Arakelian, Senior Technical Marketing Manager, End-User-Computing Technical Marketing, VMware, with appreciation and acknowledgement for considerable contributions from the following subject matter experts: • Jim Yanik, Senior Manager, End-User-Computing Technical Marketing, VMware • Graeme Gordon, Senior End-User-Computing Architect, End-User-Computing Technical Marketing, VMware To comment on this paper, contact VMware End-User-Computing Technical Marketing at [email protected].


VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.com

Copyright © 2017 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies. Item No: 5138-VMW-WP-HORIZON72-RG-INSTANTCLONES-USLET-20170814 8/17