ra2 studio - Fotolia
The new features included in VMware Hozion View 7 were met with positive feedback, despite some including requirements that limit its use in different environments. However, it didn't take long for VMware to provide updates for Horizon View with 7.0.1 and 7.0.2 debuting within months of the original release.
Clipboard redirection, settings and filters
Administrators always had the possibility to configure clipboard redirection for PC over IP (PCoIP) sessions. By default users can only copy data via the clipboard from their client machine (e.g., Windows, Mac or Linux) to their virtual desktop. Horizon View 7 introduced a policy setting to configure the redirection of the clipboard from the virtual desktop to the client -- or to disable the feature completely.
This could be important for organizations that work with sensitive data. Users can always take screen captures or a picture, but being able to copy large amounts of raw data could be a feature you might want to disable.
Starting with version 7.0.1 administrators can set a policy setting for the server's clipboard memory size value, in kilobytes. The client also has a value for the clipboard memory size but the effective clipboard memory size value is the lesser of the client and server clipboard memory size values. So when the administrator sets the value to the minimum of 512 kilobytes that's what the user can copy and paste between systems. This does not completely disable the feature but it makes it harder to copy large amounts of data at once.
VMware continued to alter this area with Horizon View 7.0.2. It's now possible to use policies to filter out certain types of data from the clipboards contents when users copy and paste data during PCoIP and VMware Blast sessions. For example, you can filter images out of incoming clipboard data setting to prevent users from copying images to their remote desktops. This feature provides added flexibility when users need to restrict copy and paste operations for security reasons.
Save password feature for Mac and mobile
For Mac Client users and mobile device users, there is a new setting that administrators can configure on their connection servers that allows users to save their password for the Horizon Client -- if they have upgraded their client to version 4.1 or later.
This might be considered a security risk but the feature is disabled by default so as long as you don't enable it server-side, there is nothing to worry about. On the other hand, similar functionality has been available for Windows Client users for a long time with the log on as current user setting.
When users are logged in on Windows they can use the same credentials without an additional login to access their virtual desktop. And now Mac users can do something similar. When they log in -- and the feature has been enabled -- the new checkbox Remember this password becomes available (Figure B). On a mobile device there is another checkbox named Save Password that does the same thing.
To enable this feature for users, a setting must be configured in the Lightweight Directory Access Protocol (LDAP) directory on one of the connection servers. Since it is a global setting it only has to be configured on one connection server; it will then be replicated to all other connection servers.
Use the ADSI Edit tool to access the LDAP directory and modify the attribute clientCredentialCacheTimeout which can be found in CN=Common, OU=Global and OU=Properties. When no value is set, or is set to 0, the feature is disabled. To enable this feature, you can set the number of minutes to retain the credential information, or set a value of -1, meaning that there is no timeout (Figure 3).
Now that we are talking about features involving credentials, here is another one that administrators can use: it is possible to remove the feature on the administrator console to save the administrator name on the console login page.
Improvements for the Blast Extreme protocol
With both Horizon View 7.0.1 and 7.0.2, improvements have been made related to the Blast Extreme protocol. A technical improvement (7.0.1) for Windows Clients, and now also for Mac, Linux and other clients, lost network connections can be reconnected without the loss of the user's session. This has long been available with PCoIP but is now also supported for all clients supporting Blast Extreme. It's a sign that tells us that VMware is working hard to get its protocol up to the same level it has for PCoIP.
With 7.0.2, policy enhancements have been made for Blast Extreme to set image quality levels. As a Horizon View administrator, you have always had the opportunity to configure several policies for the PCoIP protocol, such as for session bandwidth and image quality levels.
With the initial release of Horizon 7 the possibilities for this with the Blast Extreme protocol were limited, but now several new settings have been added. Comparable with PCoIP, you will find settings such as the maximum and minimum bandwidth, frame rate and whether or not the console of the virtual machine should be blanked when an end user has logged in via Horizon View. A full listing of the policies for both protocol and other important Horizon View components can be found in the VMware documentation.
Its's important to know that Blast Extreme comes with support for H.264, which allows the device hardware to perform hardware decoding by thin client vendors. At VMworld 2016, we had the opportunity to talk to several vendors and they all either offered models that contain support for hardware decoding for H.264 or they can offer a software upgrade for their existing models to make it available. A full list of vendors and models can be accessed via the VMware Compatibility Guide.
One final thing to mention is with vRealize Operations Manager 6.3, metrics are available to investigate the usage of the Blast Extreme protocol, such as you were used to with PCoIP.
Linux desktop news
VMware has supported Linux as a guest operating for virtual desktops starting with version 6.2 and has made several improvements along the way, such as 3D support. But some of the more exciting features in Horizon View 7 are single sign-on (SSO) support and automated desktop pools.
For Smart Card authentication with SSO there are some requirements and a few limitations, so check the most recent documentation when investigating this feature. For regular SSO there are also limitations -- for starters it is supported for SUSE Linux Enterprise Desktop 11 SP3 and SP4.
Two possible setups are supported to allow users to use SSO on their desktops. One is integration with OpenLDAP and the other one is the Winbind component of the Samba suite that allows you to integrate Linux with an Active Directory domain. Once computers can be added to your domain automatically this opens the way to the next new feature: automated desktop pools.
Until version 7.0.2 was released all desktops had to be created upfront and then had to be manually added to a desktop pool. Or when you wanted to bulk-create desktops PowerCLI and SSH scripts had to be used to do what we have been able to do for years with Windows desktops.
But now it is possible to use a regular desktop pool for the automatic creation of full clone Linux desktops. When you build a master virtual desktop that is integrated with Active Directory, in one of the ways described before, you can have desktops automatically created just like with Windows desktops. Currently this is for full desktop clones only, not for Linked Clones and Instant Clones.
New features get good reviews in VMware Horizon View 7
Previously known downsides of Horizon View
How to manage mobile authentication methods
Horizon 7.1 introduces VMware Horizon Cloud