Connection Server is the Core component of Horizon View and this is the first role you have to install .From the same server you will be able to access the Horizon View Administrator Console and manage all the activities. You can configure a group of two or more View Connection Server instances to balance the load or high availability purpose. Connection server is the component which is connecting your VMware Infrastructure and Composer server managing the View Administration.

In this post I will be discussing about Horizon Manger 7.5 Connection Server , Installation and Components .And this one of the post of my Horizon 7.5 Installation Configuration Series .

Connection server is the key component acts as a broker for all client connections .Connections are authenticates through Windows Active Directory and directs the request to the appropriate virtual machine, physical or Windows Terminal Services server.

Below are the management capabilities of Connection Server

  • Authenticating users
  • Entitling users to specific desktops and pools
  • Assigning applications packaged with VMware ThinApp to specific desktops and pools
  • Managing local and remote desktop sessions
  • Establishing secure connections between users and desktops
  • Enabling single sign-on
  • Setting and applying policies

Working Scenario of Connection Server

Configuring the View connection server can be done two scenarios based on requirement one is inside network, which allows only for you internal traffic and another access from internet, which is external network.

Internal Network

You can install and configure multiple View Connection Server instances inside firewall network, which only allows traffic internally only. All the  Configuration data is stored in an embedded LDAP directory and is replicated among members of the group.

External network

To access from external you have to install and configure View Connection Server as a security server or you may deploy UAG in DMZ network for this requirement. Security server or UAG in the DMZ communicate with View Connection Servers inside your firewall. Security servers and UAG appliances ensure that the only remote desktop and application traffic that can enter the corporate data center is traffic on behalf of a strongly authenticated user.

Security servers offer a subset of functionality and are not required to be in an Active Directory domain and you can install View Connection Server in a Windows Server 2008 or 2012 VM.

Horizon Connection Server has specific hardware, operating system, installation, and supporting software requirements.

Supported Operating Systems

Operating System Version Edition
Windows Server 2008 R2 SP1 64-bit Standard
Enterprise
Datacenter
Windows Server 2012 R2 64-bit Standard
Datacenter
Windows Server 2016 64-bit Standard
Datacenter

Minimum and Recommended Hardware Configuration

Operating System Memory Processor Network Adapter Recommended
Windows Server 2008 R2 64-bit 4GB or higher Pentium IV 2.0GHz Processor or higher 100 Mbps 4 CPUs , 1 Gbps NIC
Windows Server 2012 R2 64-bit 4GB or higher At least 10GB RAM for deployments of 50 or more remote desktops
Windows Server 2016 4GB or higher

Reference

Important Points to be checked before installation

Do not Change Horizon Connection Server IPv4 address, configure a static IP address.

IPv6 environment, machines automatically get IP addresses that do not change.

Windows Server 2008 R2 with no service pack no longer supported.

For replicated Horizon Connection Server instances configure the instances in the same physical location and connect them over a high-performance LAN to avoid the latency issues. If latency is there View LDAP configurations on Horizon Connection Server instances will become inconsistent.

Use the Cloud Pod Architecture feature where you need Horizon deployment to be in span datacenters. You can link together 25 pods to provide a single large desktop brokering and management environment for five geographically distant sites and provide desktops and applications for up to 50,000 sessions.

More Details Refer Cloud Pod Architecture Overview

You must install Adobe Flash Player 10.1 or later to access View Administrator Console from supported Web Browsers

  • Supported Web browsers are IE10, IE11, Firefox & Chrome Latest Version , Microsoft Edge (Windows 10), Safari 6 and later releases

The computer on which you launch Horizon Administrator must trust the root and intermediate certificates of the server that hosts Connection Server, Reference 

Maximum Connections for Connection Server

Remote Desktop Connections provides information about the tested limits regarding the number of simultaneous connections that a Horizon 7 deployment can accommodate.

Connection Servers per Deployment Connection Type Maximum Simultaneous Connections
1 Connection Server Direct connection, RDP, Blast Extreme, or PCoIP 4,000 (tested configuration)
1 Connection Server Tunneled connection, RDP 2,000 (default configuration)
4,000 (tested configuration)
1 Connection Server PCoIP Secure Gateway connection 2,000 (default configuration)
4,000 (tested configuration)
1 Connection Server Blast Secure Gateway connection 2,000 (default configuration)
4,000 (tested configuration)
1 Connection Server Unified Access to physical PCs 2,000 (tested configuration)
1 Connection Server Unified Access to RDS hosts 2,000 (tested configuration)
7 Connection Servers Direct connection, RDP, Blast Extreme, or PCoIP 20,000 (tested configuration)

Reference

Firewall Rules for Horizon Connection Server

Certain ports must be opened on the firewall for Connection Server instances and security servers.

When you install Connection Server, the installation program can optionally configure the required Windows Firewall rules for you. These rules open the ports that are used by default. If you change the default ports after installation, you must manually configure Windows Firewall to allow Horizon Client devices to connect to Horizon 7 through the updated ports.

The following table lists the default ports that can be opened automatically during installation. Ports are incoming unless otherwise noted.

Protocol Ports Horizon Connection Server Instance Type
JMS TCP 4001 Standard and replica
JMS TCP 4002 Standard and replica
JMSIR TCP 4100 Standard and replica
JMSIR TCP 4101 Standard and replica
AJP13 TCP 8009 Standard and replica
HTTP TCP 80 Standard, replica, and security server
HTTPS TCP 443 Standard, replica, and security server
PCoIP TCP 4172 in; Standard, replica, and security server
UDP 4172 both directions
HTTPS TCP 8443 Standard, replica, and security server.
UDP 8443 After the initial connection to Horizon 7 is made, the Web browser or client device connects to the Blast Secure Gateway on TCP port 8443. The Blast Secure Gateway must be enabled on a security server or View Connection Server instance to allow this second connection to take place.
HTTPS TCP 8472 Standard and replica
For the Cloud Pod Architecture feature: used for interpod communication.
HTTP TCP 22389 Standard and replica
For the Cloud Pod Architecture feature: used for global LDAP replication.
HTTPS TCP 22636 Standard and replica
For the Cloud Pod Architecture feature: used for secure global LDAP replication.

Reference

Connection Server Deployment

The first View component to be installed is the Connection Server , before installing just understand what will be changes happening after installation of the Connection server .

Login to the server and Navigate to Control Panel – > Programs and Features  and check available applications over there

Navigate the Connection Server Software and Launch the Connection Server installer

Click Next

Accept the EULA to continue and Click Next

Change the installation directory if applicable or use the default as shows below and  Click Next

Select the Horizon 7 Standard Server and select the check the box labeled Install HTML Access select your network protocol (IPv4) then click Next

HTML Access – It  uses the Blast Protocol to enable access to your View resources from a compatible web browser

Note: Follow above steps and choose Replica server option if you want to install an additional Connection Server .

Enter a recovery password which protect the data backup of connection server and you need this for recovery time and  Click Next

password reminder – You can mention the hint of the password used there

Next screen will show you required firewall ports details which I have already mentioned on the firewall rule tables

Click Next  to continue 

Note – If these ports are not opened , please check with firewall team and allow these ports and try

To authorize use an Active Directory user  and  Click Next , if it is not configured please create a view admin user .

Use the Check the box if you wish to participate in the User Experience Improvement Program and  Click Next

Click Install to start the installation

Once complete click Finish 

If you want to see the release notes you can select the check box else uncheck

Access the VMware Horizon Administrator Console

You can access the console form the Horizon icon created on the desktop or from a compatible web browser use the FQDN or

IP of Connection Server .

     or    https://FQDN of Connection Server or IP/admin

Administrator Console will be look like below  and next you can configure the License from same window

Before starting the installation of Connection server I have mentioned about checking the components will be  installed

on server , Now check the Programs ad Features to verify which are components are installed  .

You can notify hat there is 3 components installed

  • AD LDS Instance VMwareVDMDS
  • VMware Horizon 7 Connection Server
  • VMware Horizon 7 HTML Access

Already I have mentioned about connection server and HTML Access above  ,  but you may think about component “AD LDS Instance VMwareVDMDS ” , Let find  what is the purpose of this .

AD LDS

VMware View uses AD-LDS to store virtual desktop infrastructure configuration information .On View Connection Servers, AD-LDS is an embedded LDAP directory that is provided as part of the installation

AD LDS is a Lightweight Directory Access Protocol (LDAP) directory service that provides flexible support for directory-enabled applications .AD LDS provides much of the same functionality as Active Directory  Domain Services and it does not require the deployment of domains or domain controllers.

AD DS provides directory services for both the Microsoft Windows Server server operating system and for directory-enabled applications. For the server operating system, AD DS stores critical information about the network infrastructure, users and groups, network services, and so on. AD LDS does not require or rely on Active Directory domains or forests . But with existing AD DS environments  AD LDS will support the use AD DS authentication .

AD LDS Support on Applications

AD-LDS store for View configuration  The AD-LDS service database stored in Active Directory contains configuration data and events/logs. By default, this database resides on View Connection Server.

AD LDS can store “private” directory data, which is relevant only to the application, in a local directory service on connection server . Stored data which is relevant only to the application and which does not have to be widely replicated, is stored solely in the AD LDS directory that is associated with the application. This will reduces replication traffic on the network between domain controllers that serve the server operating system directory.

Suggested Posts

Horizon Manager Composer Server