My
last article was about the Horizon reference architecture and four weeks have already passed since then. My VCAP7-DTM Design exam is scheduled for
October 18 – that’s in five days!
I haven’t opened my books the last three weeks, because I think it’s important to take a break and get some distance of your books and documents, which allows you to understand things better and faster and see connections between things you haven’t seen before. And another reason was my pregnant wife who delivered our beautiful daughter on October 4! 🙂
I started from scratch and repeated reading all my training material and PDF documents.
Infrastructure Assessment
To design a Horizon 7 environment you have to follow a process to work out a VMware EUC solution that meets the customer’s
requirements and follow the VMware design guidelines and use the reference architectures while considering customer constraints. It is very important that all customer business drivers and objectives are clearly defined. Then you will start to
gather and analyze the business and
application requirements and document the design requirements, assumptions, risks and constraints. For example, if you talk about technical requirements with your customer, the following categories should be covered:
- Virtualization infrastructure and data center hardware
- Storage
- Networking
- Security
- Application
- Directory services and GPOs
- Monitoring and performance
- Management
- Profile management
- Peripherals
- Printing
- Backup and recovery (business continuity)
- Endpoints
- Users/Use cases: correlation between hardware, software and user requirements)
- High availability
- Licensing
With the information from the assessment phase, the design work can begin and you create the
conceptual design before you head over to create a logical design.
Advice: Minimize risks and keep things simple!
Horizon Logical Design
The logical design (high level design) follows the conceptual design and defines how to arrange components and features. It is also useful to understand and evaluate the infrastructure design. The easiest and most common way to create a logical design is the use of architecture layers. Each layer contains one or more components and has functional and technical inter-dependencies:
- User Layer
- Self-Service portal
- Authentication
- Application Layer
- Application deployment and type (cloud-based, locally installed, enterprise apps etc.)
- Desktop Layer
- Use cases and type of user
- Scalability and multi-site
- Desktop types and OS
- Virtualization Layer
- Hypervisor
- Compute, network and storage
- Graphics
- Hardware Layer
- Server
- Network and storage
- Management Layer
- Patching
- Monitoring
- Cluster and resources
- Capacity
- Backup
- Security Layer
- Internal and external
- Authentication and authorization
- Policies
- Antivirus etc.
A Horizon logical design could look like this:
If you need to write down use cases and their attributes, here an example:
Attribute | Definition |
Business Unit | Finance |
User Classification | Task Worker |
Time of use | 07:00-18:00, mo-fr |
User device | Thin Client |
Peripherals | None |
Connectivity | LAN |
Persistency | Non-persistent desktop |
Data center | Basel DC1 |
Authentication | Windows Login |
Horizon Block and Pod Design
In
part 4 I covered this topic how to use a repeatable and scalable approach to design a large scale Horizon environment.
Horizon Component Design
To have a complete design you must define the amount and the configuration of Horizon components required for your environment. You have to include certain design recommendations and design the configuration for Horizon components for your use cases. These are some required infrastructure components:
- VMware Identity Manager
- Load Balancing for resiliency and scale
- Database required
- Connection to Active Directory
- SaaS-based implementation recommended
- Approx. 100’000 users per virtual appliance
- vCenter Server
- Up to 10’000 virtual machines per vCenter
- Recommendation: 2’000 desktops per vCenter
- Dedicated vCenter Server instance per resource block
- Database required
- Â Connection Server
- Up to 2’000 sessions per Connection Server (4’000 tested limit)
- Database required
- Install at least one Replica Server for redundancy
- Max. 7 Connection Servers per pod
- Max. 10’000 sessions per pod recommended
- Cloud Pod Architecture
- Max. 175 Connection Servers
- Max. 120’000 sessions
- Max. 5 sites
- View Composer needed?
- Security Server (not recommended anymore, use UAG)
- Should not be member of AD domain
- Load Balancing
- Should be hardened Windows server (placed in DMZ)
- 1:1 mapping with Connection Servers
- Unified Access Gateway (UAG)
- Virtual appliance (placed in DMZ) based on linux (Photon OS)
- Scale-out is independent of Connection Server
- Does not need to be paired with a single Connection Server
- Load Balancing
Pool and Desktop Configuration
- Desktop Configuration
- Specification (OS, apps, RAM, disk, network)
- Operating System Builds (master images)
- Image Optimization (use OSOT)
- Application Deployment
- Pool Configuration
- Map use cases to pools
- Pool Design
- Type
- User Assignment
- User Experience Settings
- Pool Size
- Performance
- AD Groups
- Pool Types
- Automated Desktop Pool
- Manual Desktop Pool
- RDS Desktop Pool
- Desktop Persistence
- Desktop Pool Definition
- Full Clones
- Linked Clones (Composer)
- Instant Clones
- Remote Display Protocol
- Blast (H.264 capable, TCP/UDP)
- PCoIP (UDP)
- RDP (TCP)
- 3D Rendering (Horizon 7.2)
- Nvidia GRID vCPU (shared GPU hardware acceleration)
- Hardware
- Virtual Shared Graphics Acceleration (vSGA)
- Virtual Dedicated Graphics Acceleration (vDGA)
- Soft 3D (Software-accelerated graphics)
- AMD Multiuser GPU using vDGA
- Pool must use PCoIP or Blast
- (Live vMotion of vGPU VMs is supported since Horizon 7.6)
VMware Infrastructure Design
You need to map the Horizon desktop building block and the Horizon management building block to vSphere and identify factors and design decisions to figure out the sizing of the VMware infrastructure.
- ESXi Hosts
- ESXi Host Specifications
- CPU requirements
- Memory requirements
- Storage requirements (specially if using vSAN)
- Host density (max. VMs/desktops per ESXi host)
- vSphere cluster requirements (HA and DRS)
- Storage
- Storage performance and desktop I/O requirements
- Types of disks (SSD, SAS, SATA)
- Dedicated array for VDI
- FC/Network connectivity
- Shared Storage recommended
- vSAN recommended for Horizon desktops
- Datastore sizing
- Storage requirements depending on pool configuration
- E.g. Instant Clones use significantly less storage
Network and Security Design
The network design should be simple, scalable and secure. More secure does not always mean less “user simple” (user experience), but it does less risks and does not imply more complexity.
- Network
- UAG appliance load-balanced in DMZ
- Connection Servers load-balanced inside corporate firewall
- Security Server would be placed in DMZ if no UAG
- Know the key firewall considerations for Horizon 7
- Bandwidth requirements for different types of users
- LAN considerations
- WAN considerations (e.g. latency, WAN optimization)
- Optimization/Policies for display protocols (LAN/WAN)
- vSphere networking requirements
- Separate networks for management, VMs, vMotion etc.
- Physical redundancy
- Use vSphere Distributed Switch
- Security
- Secure your desktops (lockdown, GPOs, UEM)
- Use secure client connections (secure gateways/tunnel)
- Use Unified Access Gateway for remote access (use three NICs)
- View Security Server (if needed)
- User authentication method from internal and external
- Two Factor Authentication for external connections
- Restrict access (tags, AD groups)
- Use NSX for micro segmentation
- Install signed SSL certificates
Session Management
Our objective of a Horizon implementation is to provide better support to users than the physical solution. Session management is an aspect of this. Configuration and different settings on the sessions or client device are essential for a smooth user experience.
- Personalization
- Profile Management (mandatory profiles recommended)
- User User Environment Manager (UEM) for Windows and application settings
- Personalization
- Application Configuration Management
- User Environment Settings
- Application Migration
- Dynamic Configuration
- Just-in-Time Management (JMP) Platform
- App Volumes (real-time application delivery)
- Instant Clones (rapid desktop provisioning)
- User Environment Management (contextual policy management)
- End-User Desktop Maintenance
- Maintaining linked-clone desktops with Composer
- Recompose – Patch and update desktop
- Refresh – Revert OS disk to the base image snapshot
- Rebalance – Management of datastore capacity
- Manage Instant Clones by pushing an image
- User Authentication Method
- Smartcard
- Two Factor Authentication (RSA, RADIUS, SAML, vIDM)
- True SSO (short-lived certificate for Windows login process)
- Enrollment Server required
- ADMX template files for secure remote desktops
- Client Devices
- Thin clients, zero clients, fat clients, tablet and smartphones
- Different Horizon Clients
- Printing
Delivering Applications
The last topic I quickly repeat is about delivering and managing applications. Horizon has different methods of application delivery and the method of application delivery depends on many factors.
- Applications in general
- New or existing applications
- App Lifecycle
- Dependencies and conflicts
- Performance and stability
- Application delivery methods
- RDS-hosted apps
- ThinApp package (containerized applications, isolated from OS)
- Natively installed Windows apps (in master image)
- Citrix published apps
- SaaS
- App Volumes (real-time application delivery with LCM)
- ThinApp
- Isolation modes
- Merged mode (full write access)
- WriteCopy mode (restricted write access)
- Full mode (no read/write access)
- Package format
- EXE
- DAT (when EXE is larger than 200MB)
- MSI
These are the topics you should cover when you prepare for the VCAP7-DTM Design exam. In addition I also read the following documents:
This is my recommendation. Within the last 8 weeks I’ve effectively studied 5 weeks for the exam. I work approx. since 4 months with Horizon products in a pre-sales role, not as a consultant. I will update you after the exam if the experience combined with learning was enough to pass! 🙂
Did I forget anything? Let me know! Jump to
part 12