Connection Server is the Core component of Horizon View and this is the first role you have to install .From the same server you will be able to access the Horizon View Administrator Console and manage all the activities. You can configure a group of two or more View Connection Server instances to balance the load or high availability purpose. Connection server is the component which is connecting your VMware Infrastructure and Composer server managing the View Administration.
In this post I will be discussing about Horizon Manger 7.5 Connection Server , Installation and Components .And this one of the post of my Horizon 7.5 Installation Configuration Series .
Connection server is the key component acts as a broker for all client connections .Connections are authenticates through Windows Active Directory and directs the request to the appropriate virtual machine, physical or Windows Terminal Services server.
Below are the management capabilities of Connection Server
- Authenticating users
- Entitling users to specific desktops and pools
- Assigning applications packaged with VMware ThinApp to specific desktops and pools
- Managing local and remote desktop sessions
- Establishing secure connections between users and desktops
- Enabling single sign-on
- Setting and applying policies
Working Scenario of Connection Server
Configuring the View connection server can be done two scenarios based on requirement one is inside network, which allows only for you internal traffic and another access from internet, which is external network.
Internal Network
You can install and configure multiple View Connection Server instances inside firewall network, which only allows traffic internally only. All the Configuration data is stored in an embedded LDAP directory and is replicated among members of the group.
External network
To access from external you have to install and configure View Connection Server as a security server or you may deploy UAG in DMZ network for this requirement. Security server or UAG in the DMZ communicate with View Connection Servers inside your firewall. Security servers and UAG appliances ensure that the only remote desktop and application traffic that can enter the corporate data center is traffic on behalf of a strongly authenticated user.
Security servers offer a subset of functionality and are not required to be in an Active Directory domain and you can install View Connection Server in a Windows Server 2008 or 2012 VM.
Horizon Connection Server has specific hardware, operating system, installation, and supporting software requirements.
Supported Operating Systems
Operating System | Version | Edition |
Windows Server 2008 R2 SP1 | 64-bit | Standard |
Enterprise | ||
Datacenter | ||
Windows Server 2012 R2 | 64-bit | Standard |
Datacenter | ||
Windows Server 2016 | 64-bit | Standard |
Datacenter |
Minimum and Recommended Hardware Configuration
Operating System | Memory | Processor | Network Adapter | Recommended |
Windows Server 2008 R2 64-bit | 4GB or higher | Pentium IV 2.0GHz Processor or higher | 100 Mbps | 4 CPUs , 1 Gbps NIC |
Windows Server 2012 R2 64-bit | 4GB or higher | At least 10GB RAM for deployments of 50 or more remote desktops | ||
Windows Server 2016 | 4GB or higher |
Important Points to be checked before installation
Do not Change Horizon Connection Server IPv4 address, configure a static IP address.
IPv6 environment, machines automatically get IP addresses that do not change.
Windows Server 2008 R2 with no service pack no longer supported.
For replicated Horizon Connection Server instances configure the instances in the same physical location and connect them over a high-performance LAN to avoid the latency issues. If latency is there View LDAP configurations on Horizon Connection Server instances will become inconsistent.
Use the Cloud Pod Architecture feature where you need Horizon deployment to be in span datacenters. You can link together 25 pods to provide a single large desktop brokering and management environment for five geographically distant sites and provide desktops and applications for up to 50,000 sessions.
More Details Refer Cloud Pod Architecture Overview
You must install Adobe Flash Player 10.1 or later to access View Administrator Console from supported Web Browsers
- Supported Web browsers are IE10, IE11, Firefox & Chrome Latest Version , Microsoft Edge (Windows 10), Safari 6 and later releases
The computer on which you launch Horizon Administrator must trust the root and intermediate certificates of the server that hosts Connection Server, Reference
Maximum Connections for Connection Server
Remote Desktop Connections provides information about the tested limits regarding the number of simultaneous connections that a Horizon 7 deployment can accommodate.
Connection Servers per Deployment | Connection Type | Maximum Simultaneous Connections |
1 Connection Server | Direct connection, RDP, Blast Extreme, or PCoIP | 4,000 (tested configuration) |
1 Connection Server | Tunneled connection, RDP | 2,000 (default configuration) |
4,000 (tested configuration) | ||
1 Connection Server | PCoIP Secure Gateway connection | 2,000 (default configuration) |
4,000 (tested configuration) | ||
1 Connection Server | Blast Secure Gateway connection | 2,000 (default configuration) |
4,000 (tested configuration) | ||
1 Connection Server | Unified Access to physical PCs | 2,000 (tested configuration) |
1 Connection Server | Unified Access to RDS hosts | 2,000 (tested configuration) |
7 Connection Servers | Direct connection, RDP, Blast Extreme, or PCoIP | 20,000 (tested configuration) |
Firewall Rules for Horizon Connection Server
Certain ports must be opened on the firewall for Connection Server instances and security servers.
When you install Connection Server, the installation program can optionally configure the required Windows Firewall rules for you. These rules open the ports that are used by default. If you change the default ports after installation, you must manually configure Windows Firewall to allow Horizon Client devices to connect to Horizon 7 through the updated ports.
The following table lists the default ports that can be opened automatically during installation. Ports are incoming unless otherwise noted.
Protocol | Ports | Horizon Connection Server Instance Type |
JMS | TCP 4001 | Standard and replica |
JMS | TCP 4002 | Standard and replica |
JMSIR | TCP 4100 | Standard and replica |
JMSIR | TCP 4101 | Standard and replica |
AJP13 | TCP 8009 | Standard and replica |
HTTP | TCP 80 | Standard, replica, and security server |
HTTPS | TCP 443 | Standard, replica, and security server |
PCoIP | TCP 4172 in; | Standard, replica, and security server |
UDP 4172 both directions | ||
HTTPS | TCP 8443 | Standard, replica, and security server. |
UDP 8443 | After the initial connection to Horizon 7 is made, the Web browser or client device connects to the Blast Secure Gateway on TCP port 8443. The Blast Secure Gateway must be enabled on a security server or View Connection Server instance to allow this second connection to take place. | |
HTTPS | TCP 8472 | Standard and replica |
For the Cloud Pod Architecture feature: used for interpod communication. | ||
HTTP | TCP 22389 | Standard and replica |
For the Cloud Pod Architecture feature: used for global LDAP replication. | ||
HTTPS | TCP 22636 | Standard and replica |
For the Cloud Pod Architecture feature: used for secure global LDAP replication. |
Connection Server Deployment
The first View component to be installed is the Connection Server , before installing just understand what will be changes happening after installation of the Connection server .
Login to the server and Navigate to Control Panel – > Programs and Features and check available applications over there
Navigate the Connection Server Software and Launch the Connection Server installer
Click Next
Accept the EULA to continue and Click Next
Change the installation directory if applicable or use the default as shows below and Click Next
Select the Horizon 7 Standard Server and select the check the box labeled Install HTML Access select your network protocol (IPv4) then click Next
HTML Access – It uses the Blast Protocol to enable access to your View resources from a compatible web browser
Note: Follow above steps and choose Replica server option if you want to install an additional Connection Server .
Enter a recovery password which protect the data backup of connection server and you need this for recovery time and Click Next
password reminder – You can mention the hint of the password used there
Next screen will show you required firewall ports details which I have already mentioned on the firewall rule tables
Click Next to continue
Note – If these ports are not opened , please check with firewall team and allow these ports and try
To authorize use an Active Directory user and Click Next , if it is not configured please create a view admin user .
Use the Check the box if you wish to participate in the User Experience Improvement Program and Click Next
Click Install to start the installation
Once complete click Finish
If you want to see the release notes you can select the check box else uncheck
Access the VMware Horizon Administrator Console
You can access the console form the Horizon icon created on the desktop or from a compatible web browser use the FQDN or
IP of Connection Server .
or https://FQDN of Connection Server or IP/admin
Administrator Console will be look like below and next you can configure the License from same window
Before starting the installation of Connection server I have mentioned about checking the components will be installed
on server , Now check the Programs ad Features to verify which are components are installed .
You can notify hat there is 3 components installed
- AD LDS Instance VMwareVDMDS
- VMware Horizon 7 Connection Server
- VMware Horizon 7 HTML Access
Already I have mentioned about connection server and HTML Access above , but you may think about component “AD LDS Instance VMwareVDMDS ” , Let find what is the purpose of this .
AD LDS
VMware View uses AD-LDS to store virtual desktop infrastructure configuration information .On View Connection Servers, AD-LDS is an embedded LDAP directory that is provided as part of the installation
AD LDS is a Lightweight Directory Access Protocol (LDAP) directory service that provides flexible support for directory-enabled applications .AD LDS provides much of the same functionality as Active Directory Domain Services and it does not require the deployment of domains or domain controllers.
AD DS provides directory services for both the Microsoft Windows Server server operating system and for directory-enabled applications. For the server operating system, AD DS stores critical information about the network infrastructure, users and groups, network services, and so on. AD LDS does not require or rely on Active Directory domains or forests . But with existing AD DS environments AD LDS will support the use AD DS authentication .
AD LDS Support on Applications
AD-LDS store for View configuration The AD-LDS service database stored in Active Directory contains configuration data and events/logs. By default, this database resides on View Connection Server.
AD LDS can store “private” directory data, which is relevant only to the application, in a local directory service on connection server . Stored data which is relevant only to the application and which does not have to be widely replicated, is stored solely in the AD LDS directory that is associated with the application. This will reduces replication traffic on the network between domain controllers that serve the server operating system directory.
Suggested Posts