VMVARE HORIZON

Virtual desktop infrastructure (VDI) products, such as VMware Horizon, enable IT

departments to run virtual machine (VM) desktops and applications in the data center and
remotely deliver these desktops and applications to users as a managed service. This
computer-within-a-computer strategy enables multiple VMs to be run per physical server
core.

For administrators, this means desktop and application management can be simplified and
automated. Admins can quickly create virtual desktops on demand based on location and
profile, and securely deliver desktops as a service from a central location.

End users can access their personalized virtual desktops or remote applications from
company laptops, their home PCs, thin client devices, Macs, tablets, or smartphones.
Horizon is the leading platform for Windows desktop and application virtualization, providing
a consistent user experience across devices and locations while keeping organizations data
compliant and securely stored in the data center.

When VDI solutions first started appearing, about a decade ago, the strategy was to take a
Windows desktop system, virtualize it, and place it in the data center. Unlike this traditional
VDI, Horizon is built on technologies that allow components of a desktop or application to be
decoupled and managed independently in a centralized manner, yet reconstituted on
demand to deliver a personalized user workspace. For example, when the user logs in, a
virtual desktop can assemble itself on the fly by combining an instant clone of a master
image (VM) with a user environment profile and one or more containerized applications that
attach themselves to (but are not installed in) the VM.

In addition, Horizon integrates with VMware Workspace ONE on a common identity

framework to provide a single catalog for accessing Windows applications and desktops, as
well as software-as-a-service (SaaS), web, cloud, and native mobile applications.

If you are not familiar with Horizon you can read more on our Digital Workspace Tech Zone
at

https://techzone.vmware.com/resource/what-horizon-7

WHY CONSIDER HORIZON?

Horizon is a complete solution that delivers, manages, and protects virtual desktops, RDSH-
published desktops, and applications across devices and locations. From provisioning to
management and monitoring, Horizon offers an integrated stack of enterprise-class
technologies that can deploy hundreds of customized desktops and RDSH servers in a few
minutes from centralized single images.

OVERVIEW OF DESKTOP POOLS

With Horizon, you can create desktop pools that include thousands of virtual desktops. You
can deploy desktops that run on virtual machines (VMs) and physical machines. Create one
VM as a Parent image, and Horizon can generate a pool of virtual desktops from that image.
The Parent image is also known as a base image or a golden image.

There are two main types of virtual desktop pools: automated and manual. Automated
desktop pools use a vCenter Server virtual machine template or snapshot to create a pool of
identical virtual machines. Manual desktop pools are a collection of Server virtual machines,
physical computers, or third-party virtual machines. In automated or manual pools, each
machine is available for one user to access remotely at a time.

ADVANTAGES OF DESKTOP POOLS

Horizon offers the ability to create and provision pools of desktops as its basis of centralized
management. If you use a vSphere virtual machine as a desktop source, you can automate
the process of making as many identical virtual desktops as you need. You can set a
minimum and maximum number of virtual desktops to be generated for the pool. Setting
these parameters ensures that you always have enough remote desktops available for
immediate use but not so many that you overuse available resources.

Using pools to manage desktops allows you to apply settings or deploy applications to all
remote desktops in a pool. You can also specify how users are assigned desktops in a pool.

DESKTOP POOLS
 Click to enlarge

With single-user desktops, each virtual machine allows a single end-user connection at a
time. In contrast, with session-based desktops, one RDSH server can accommodate many
concurrent user connections.

We will walk through the process of creating an Instant Clone Desktop Pool. A clone is a
copy of a Parent VM with a unique identity of its own, including a MAC address, UUID, and
other system information. The VMware Instant Clone Technology improves and accelerates
the process of creating cloned VMs over the previous View Composer linked-clone
technology. In addition, instant clones require less storage and less expense to manage and
update because the desktop is deleted when the user logs out, and a new desktop is
created using the latest Parent VM image.

INSTANT CLONE DESKTOP POOL

An instant-clone desktop pool is an automated desktop pool. vCenter Server creates the
desktop VMs based on the settings that you specify when you create the pool. Instant
clones share a virtual disk of the master image and therefore consume less storage than full
VMs. In addition, instant clones share the memory of the master image.

Before you can deploy a pool of desktops, you must create an optimized master image,
which includes installing and configuring a Windows or Linux operating system in a VM,
optimizing the OS, and installing the various VMware agents required for desktop pool
deployment.
You will not be creating the optimized master image in this lab as it has already been set up
for us in the interest of time. For step-by-step instructions, see the guide Creating an
Optimized Windows Image for a VMware Horizon Virtual Desktop.

https://techzone.vmware.com/creating-optimized-windows-image-vmware-horizon-virtual-
desktop

INTRODUCTION
Device management is continuously evolving, and this rapid evolution has directly
impacted the IT administrator experience. VMware Workspace ONE® UEM has
been following every step of this journey, evolving and innovating with every
release, allowing administrators to manage cross-platform devices to enable a true
Digital Workspace experience. To continue that innovation journey, we are
announcing Freestyle Orchestrator.

Freestyle Orchestrator enables Workspace ONE UEM administrators to create

complex workflows that fit specific requirements with flexibility and speed. Freestyle
workflows can be used to set up resources such as applications, profiles, sensors,
and scripts. These workflows use conditions to apply resources to devices based on
granular criteria.

WHAT PROBLEM DOES FREESTYLE

ORCHESTRATOR SOLVE?
The current method to provision resources (profiles, applications, content, scripts,
and so on) over-the-air based on MDM APIs started with mobile platforms and later
extended to desktops, such as Windows 10, macOS, and Chrome OS. The
management experience on each platform has specific needs; overall,
administrators want to control the provisioning process, such as controlling the
sequence in which resources are deployed on the device and defining conditions
based on the current resource state and external conditions that require specialized
scripts.

There is a lot of complexity behind the scenes to deliver the desired management
experience on desktop platforms. The provisioning process requires knowledge
across Workspace ONE and external tools, such as coding. Freestyle Orchestrator
simplifies this process and allows administrators to define complex workflows in a
very effective way visually.
 DEFINING THE USE CASE
A better understanding of the use case and requirements will help to organize the
resources in Workspace ONE UEM and define the workflow. The workflow becomes
a logical way to achieve a goal, which can evolve as new use cases emerge from
business needs.

Consider a Windows 10 device - Application use cases where you must provision
applications in a specific order or conditions; where certain Applications must be
deployed first, before other applications.

The business requirements look simple; however, when we translate them into
technical requirements, they map to profiles with different types of payloads
(restrictions, certificates, custom settings, and so on), applications, specialized
scripts, conditions to validate the resource state, and more.

The use case in this example translates into the following functional requirements:

 Deploy Zoom Client for Meetings - Automatic for Users

 Deploy Zoom Plugin for Microsoft Outlook - Optional
 Deploy and configure Outlook plugins like Zoom Meetings only when Microsoft Office
AND Zoom Client are installed.

You must configure the Profiles and Applications resources in advance and as per
the following list to be used as part of the workflow:

 Set Applications to on-demand deployment. Resources set as automatic are provisioned

outside the workflow.
 Application resources must contain at least one assignment rule for default policy.
However, resources provisioned by the workflow use the smart group assigned to the
workflow.

If a resource such as an application or a profile is assigned to a device and

configured for automatic deployment, in addition to being assigned to the device as
part of a workflow, the resource will be installed based on whichever command is
processed by the device.

Administrators access the Freestyle Orchestrator Designer through the Workspace

ONE UEM Console

Workspace ONE Intelligent Hub

 VMware Policy Builder: https://www.vmwarepolicybuilder.com

 Configuration Service Provider (CSP) Reference: http://aka.ms/CSPList
  Whats New in MDM Enrollment and
Management: https://docs.microsoft.com/en-us/windows/client-
management/mdm/new-in-windows-mdm-enrollment-management

INTRODUCTION
Workspace ONE Intelligent Hub is VMware's next generation employee engagement
application that allows you to securely access, discover, stay connected, and be
productive from anywhere. It replaces the legacy Agent application and combines
with Hub Services to enhance the identity, application, and enterprise mobility
management capabilities offered by Workspace ONE.

Click to enlarge

Intelligent Hub integrates a unified app catalog, access control, and application
management on iOS, Android, macOS, Windows 10 and via a browser. The
prerequisite for many of the Intelligent Hub features is to activate the Hub Services
component within Workspace ONE Access. After Hub Services activation, you can
customize Intelligent Hub features based on whether your deployment is integrated
with Workspace ONE Access or not.
HUB SERVICES WITHOUT WORKSPACE ONE
ACCESS
Without integrating with Workspace ONE Access, you can configure a Hub Catalog
to allow access to native mobile apps and web apps, create a custom tab, and brand
the Workspace ONE Intelligent Hub app to add your company's logo and color
profile

HUB SERVICES WITH WORKSPACE ONE

ACCESS
When Workspace ONE Access is integrated with Workspace ONE UEM, you can
create a full digital workspace experience for users with additional Hub features,
such as People Search and Notifications, and identity-related features, such as
authentication and single sign-on.

In this lab, you will configure several of the features within Hub Services and view
the result in the browser version of Intelligent Hub.