VCP DTM 2018 Section 1

Objective 1.1 – Describe techniques to prepare environment for Horizon

•  Determine characteristics of required Active Directory domain accounts, groups, permissions, DHCP scopes and trust relationships

You can place Horizon Agent machines, View Composer servers, and users and groups, in the following

Active Directory domains:

• The Connection Server domain
• A different domain that has a two-way trust relationship with the Connection Server domain
• A domain in a different forest than the Connection Server domain that is trusted by the Connection Server domain in a one-way external or realm trust relationship
• A domain in a different forest than the Connection Server domain that is trusted by the Connection Server domain in a one-way or two-way transitive forest trust relationship

Trust Relationships:

To determine which domains it can access, a Connection Server instance traverses trust relationships

beginning with its own domain.

For a small, well-connected set of domains, Connection Server can quickly determine the full list of

domains, but the time that it takes increases as the number of domains increases or as the connectivity

between the domains decreases. The list might also include domains that you would prefer not to offer to

users when they connect to their remote desktops and applications.

You can use the   command to configure domain filtering to limit the domains that a Connection

Server instance searches and that it displays to users. See the Horizon 7 Administration document for

more information.

If a forest trust is configured with name suffix exclusions, the configured exclusions are used to filter the

list of forest child domains. Name suffix exclusion filtering is applied in addition to the filtering that is

specified with the vdmadmin command.

Active Directory Users:

To summarize, when you configure Horizon 7 for the first time, you provide these user accounts in

Horizon Administrator:

• The vCenter Server user allows Horizon 7 and View Composer to perform operations in vCenter Server.
• The standalone View Composer Server user allows Horizon 7 to authenticate to the View Composer service on a standalone machine.
• If you install View Composer on the same machine as vCenter Server, the vCenter Server user performs both of the preceding functions, and you do not use a standalone View Composer Server user.
• The View Composer user for AD operations allows View Composer to perform certain operations in Active Directory.
• The instant clone user for AD operations allows Connection Server to perform certain operations in Active Directory.

DHCP is required for linked clones and instant clones

• Describe Organizational Units (OUs) for machine accounts

Organizational Units should be created for specifically for remote desktops

Clients in kiosk mode should have their own separate OU dedicated to them

In general, create different Ous for each different kind of Server/desktop or users

• Select the appropriate Group Policy Object (GPO) template files

Horizon 7 includes several component-specific group policy administrative (ADMX) template files.

All ADMX files that provide group policy settings for Horizon 7 are available in VMware-Horizon-ExtrasBundle-x.x.x-yyyyyyy.zip, where x.x.x is the version and yyyyyyy is the build number. You can

download the file from the VMware Downloads site at https://my.vmware.com/web/vmware/downloads.

Under Desktop & End-User Computing, select the VMware Horizon 7 download, which includes the ZIP

file.

The Horizon 7 ADMX template files contain both Computer Configuration and User Configuration group policies.

• The Computer Configuration policies set policies that apply to all remote desktops, regardless of who connects to the desktop.
• The User Configuration policies set policies that apply to all users, regardless of the remote desktop or application they connect to. User Configuration policies override equivalent Computer Configuration policies.

From <https://docs.vmware.com/en/VMware-Horizon-7/7.5/horizon-administration/GUID-5B4E2061-E798-4A58-BB58-0B6FCC63DFD8.html>

•  Verify system requirements for installation

Horizon Connection Server Hardware Requirements

Operating System Support for Horizon Connection Server

Standalone View Composer Requirements

From <https://docs.vmware.com/en/VMware-Horizon-7/7.5/horizon-installation/GUID-AF050FEA-5382-4D4A-BB83-24A087FD644B.html>

Objective 1.2 Determine procedures to install Horizon Components

• Prepare Horizon Composer database and connectivity, i.e. ODBC

Without going into the exact steps, as this isn’t a VCAP, these are the step that need to happen.

• For SQL:

• Add View Composer Database to SQL Server
• Set SQL Server DB Permissions Manually with Database Roles

• This involves creating a vcmpuser account, and roles VCMP_ADMIN_ROLE, VCMP_USER_ROLE.
• Creating an ODBC Data Source
• For Oracle

• Add a View Composer Database to Oracle 12c or 11g
• Use a SQL statement to Add View Composer DB to Oracle Instance
• Configure an Oracle Database User for View Compose

• Just a script provided by VMware
• Add an ODBC Data Source to Oracle 12c or 11g

• Understand where to install Horizon Composer in stand alone mode

• Along with the hardware requirements listed above, Composer must have an IP address that does not change
• Determine required firewall rules

From <https://docs.vmware.com/en/VMware-Horizon-7/7.5/horizon-installation/GUID-F8C18B13-FCB9-4A9B-BA91-1B0BE4BA9F31.html>

When using a back-end firewall between security servers and connection server, other ports and protocols must be configured on the firewall to support IPSec

Non-NAT Firewall Requirements to Support IPsec Rules

From <https://docs.vmware.com/en/VMware-Horizon-7/7.5/horizon-installation/GUID-9EA99DA3-A41A-4D8B-9148-3632C326B816.html>

NAT Firewall Requirements to Support IPsec Rules

From <https://docs.vmware.com/en/VMware-Horizon-7/7.5/horizon-installation/GUID-9EA99DA3-A41A-4D8B-9148-3632C326B816.html>

• Configure Horizon to Security server pairing

Before you can install a security server, you must configure a security server pairing password. When you install a security server with the Connection Server installation program, the program prompts you for this password during the installation process.

The security server pairing password is a one-time password that permits a security server to be paired with a Connection Server instance. The password becomes invalid after you provide it to the Connection Server installation program.

There is a timeout period on the password, and if it expires a new pairing password will need to be generated.

From <https://docs.vmware.com/en/VMware-Horizon-7/7.5/horizon-installation/GUID-4EBF39D8-FBA8-4F13-82B6-E400286E203A.html>

• Configure and Deploy Horizon Connection Server, Composer, Access Point, Appliance

When you install Connection Server, you select a type of installation.

Standard installation

Generates a Connection Server instance with a new View LDAP configuration.

Replica installation

Generates a Connection Server instance with a View LDAP configuration that is copied from an existing instance.

Security server installation

Generates a Connection Server instance that adds an additional layer of security between the Internet and your internal network.

Enrollment Server installation

Installs an enrollment server that is required for the True SSO (single sign-on) feature, so that after users log in to VMware Identity Manager, they can connect to a remote desktop or application without having to provide Active Directory credentials. The enrollment server requests the short-lived certificates that are used for authentication.

 From <https://docs.vmware.com/en/VMware-Horizon-7/7.5/horizon-installation/GUID-5F4A0BDE-4C61-43D6-8A88-524CE93224BF.html>

PreReqs for Connection Server install:

• Do not install Connection Server on systems that have the Windows Terminal Server role installed. You must remove the Windows Terminal Server role from any system on which you install Connection Server.
• Do not install Connection Server on a system that performs any other functions or roles. For example, do not use the same system to host vCenter Server.
• The system on which you install Connection Server must have an IP address that does not change. In an IPv4 environment, configure a static IP address. In an IPv6 environment, machines automatically get IP addresses that do not change.
• To run the Horizon Connection Server installer, you must use a domain user account with Administrator privileges on the system.
• When you install Connection Server, you authorize an Administrators account. You can specify the local Administrators group or a domain user or group account. Horizon 7 assigns full administration rights, including the right to install replicated Connection Server instances, to this account only. If you specify a domain user or group, you must create the account in Active Directory before you run the installer.

From <https://docs.vmware.com/en/VMware-Horizon-7/7.5/horizon-installation/GUID-68621B8E-F018-4BC4-811A-5CF76B55DB2C.html>

Composer Installs:

You can install the View Composer service on the Windows Server computer on which vCenter Server is installed or on a separate Windows Server computer. A standalone View Composer installation works with vCenter Server installed on a Windows Server computer and with the Linux-based vCenter Server Appliance.

The View Composer software cannot coexist on the same virtual or physical machine with any other Horizon 7 software component, including a replica server, security server, Connection Server, Horizon Agent, or Horizon Client.

For enhanced security, we recommend configuring cipher suites to remove known vulnerabilities. For instructions on how to set up a domain policy on cipher suites for Windows machines that run View Composer or Horizon Agent, see Disable Weak Ciphers in SSL/TLS.

Prerequisites

• Verify that your installation satisfies the View Composer requirements described in View Composer Requirements.
• Verify that no other Horizon 7 component, including Connection Server, security server, Horizon Agent, or Horizon Client, is installed on the machine on which you intend to install View Composer.
• Verify that you have a license to install and use View Composer.
• Verify that you have the DSN, domain administrator user name, and password that you provided in the ODBC Data Source Administrator wizard. You enter this information when you install the View Composer service.
• If you plan to configure an SSL certificate signed by a CA for View Composer during the installation, verify that your certificate is imported in the Windows local computer certificate store. See Configuring TLS Certificates for Horizon 7 Servers.
• Verify that no applications that run on the View Composer computer use Windows SSL libraries that require SSL version 2 (SSLv2) provided through the Microsoft Secure Channel (Schannel) security package. The View Composer installer disables SSLv2 on the Microsoft Schannel. Applications such as Tomcat, which uses Java SSL, or Apache, which uses OpenSSL, are not affected by this constraint.
• To run the View Composer installer, you must be a user with administrator privileges on the system.

From <https://docs.vmware.com/en/VMware-Horizon-7/7.5/horizon-installation/GUID-B38AFA2C-81F5-4891-A0BB-1A5A957F1F7C.html> 

Access Points are now called Unified Access Gateways or UAGs. In fact UAGs are the replacements for Horizon Security Servers. Although Security Servers are still being developed and supported. Some of the newer functionality will only support UAG

Deploying UAGs are primarily done through Deploying the OVF Template. Most of the settings in the deployment are related to IP networking.

 https://docs.vmware.com/en/Unified-Access-Gateway/3.3.1/uag-331-deploy-config-guide.pdf

• Explain functionality and dependencies of the following components: Replica Connection server,

Composer, Security server, Access Point, Enrollment Server

The first Horizon Connection Server must be a Standard Server. Subsequent Horizon Connection Servers are Replicas. Once Horizon Connection Server is installed, there is no difference between them.

From <https://www.carlstalhood.com/vmware-horizon-7-connection-server/>

If you’re doing Instant Clones, then you don’t need Horizon Composer. Composer is only needed for the older method of creating Linked Clones. However, Instant Clones requires Horizon Enterprise Edition, so maybe Composer is your only option.

From <https://www.carlstalhood.com/vmware-horizon-7-composer/>

Connection Server

It is the core component which acts as the broker between the Clients and the Virtual Desktops. All the incoming user requests are authenticated with Active Directory and then redirect them to the appropriate Physical or Virtual Desktops. The entire VDI can be managed via Web Portal of the connection server.

Security Server

The Security Server allows the users to connect to their environment which is an internal network from the internet.

Replica Server

View Replica Servers are used to provide High Availability and Load Balancing for the Connection Servers. After the installation of the Replica Server, it replicates all the data from the Connection Servers. VMware View by default does not include an load balancer. You need to use external load balancer to load balance among the Connection Server and Replica Servers.

View Agent

The View Agent is to be installed on the Terminal Servers, Physical Servers and all the Virtual Servers in order for them to be managed by View and will be delivered as Desktops. Features like connection monitoring, Virtual Printing, USB support, and single sign-on will be available only after installing the View Agent.

View Client

The VMware View Client is an client-side software which communicates with Connection Server or Security Server to connect to the Desktops.

View Persona Management

View Persona Management is used to synchronize user profiles dynamically. This feature is similar to the Roaming Profile feature in Windows but with advanced features.

View Composer

The View Composer Server is required if you need to use the Linked Clone Feature.

VMware ThinApp

ThinApp is an application packaging solution which packages the application and can be dynamically attached to the Desktops rather than the traditional method of installing them on the machines. It is similar to portable applications.

 From <http://technorians.com/site/horizon-view-7-0-part-1-horizon-view-components/>

• Customize Access Point Template

Considering the Access Point is being replaced by the UAG, not sure how relevant this is, however:

The General Settings page and Advanced Settings page include the following.

— Unified Access Gateway system configuration and TLS server certificate

— Edge service settings for Horizon, Reverse Proxy, and VMware Tunnel, and Content Gateway (also

called CG)

— Authentication settings for RSA SecurID, RADIUS, X.509 Certificate, and RSA Adaptive

Authentication

— SAML identity provider and service provider settings

— Network settings

— Endpoint Compliance Check Provider settings

— Identity Bridging setting configuration

— Account Settings

Deploying and Configuring VMware Unified Access Gateway

The following options can be accessed from the Support Settings pages.

— Download Unified Access Gateway log files.

— Export Unified Access Gateway settings to retrieve the configuration settings.

— Set the log level settings.

— Import Unified Access Gateway settings to create and update an entire Unified Access Gateway

configuration.

• Differentiate Horizon client access options

I am not exactly sure what is wanted here.

The different options in my mind would be

-HTML Access

-Installed Client

-App Client(Android, IOS)

• Identify prerequisites for Access Point deployment

Hardware Requirements for ESXi Server

The Unified Access Gateway appliance must be deployed on a version of VMware vSphere that is the

same as a version supported for the VMware products and versions you are using.

Note UAG supports all the vSphere versions starting from vSphere 5.5.x.

If you plan to use the vSphere Web client, verify that the client integration plug-in is installed. For more

information, see the vSphere documentation. If you do not install this plug-in before you start the

deployment wizard, the wizard prompts you to install the plug-in. This requires that you close the browser

and exit the wizard.

Note Configure the clock (UTC) on the Unified Access Gateway appliance so that the appliance has the

correct time. For example, open a console window on the Unified Access Gateway virtual machine and

use arrow buttons to select the correct time zone. Also verify that the ESXi host time is synchronized with

the NTP server and verify that VMware Tools, which is running in the appliance virtual machine,

synchronizes the time on the virtual machine with the time on the ESXi host.

Virtual Appliance Requirements

The OVF package for the Unified Access Gateway appliance automatically selects the virtual machine

configuration that the Unified Access Gateway requires. Although you can change these settings,

VMware recommends that you not change the CPU, memory, or disk space to smaller values than the

default OVF settings.

–CPU minimum requirement is 2000 MHz

— Minimum memory of 4GB

Ensure that the data store you use for the appliance has enough free disk space and meets other system

requirements.

— Virtual appliance download size is 1.4 GB

— Thin-provisioned disk minimum requirement is 2.6 GB

— Thick-provisioned disk minimum requirement is 20 GB

The following information is required to deploy the virtual appliance.

— Static IP address (recommended)

— IP address of the DNS server

–Password for the root user

— Password for the admin user

— URL of the server instance of the load balancer that the Unified Access Gateway appliance points to

Objective 1.3 – Determine steps to configure Horizon Components

•  Determine system requirements

• Identify default View Composer port settings

vCenter Server and View Composer

The following table lists network ports for connections from a vCenter Server and a View Composer server, to other Horizon 7 components.

From <https://techzone.vmware.com/resource/network-ports-vmware-horizon-7#section6> 

• Identify the VMware vCenter™ Server host system

• Not sure what it is asking here

• Choose necessary account domain permissions and domain trust relationships

• Identify domain accounts used for QuickPrep

• QuickPrep runs the scripts under the account under which the VMware View Composer Guest Agent Server service is configured to run. By default, this account is Local System. Do not change this log on account. If you do, the linked clones do not start

• Enable Composer from Horizon Administrator and add domain account(s)

 

1. In Horizon Administrator, complete the vCenter Server Information page in the Add vCenter Server wizard.

1. Select View Configuration > Servers.
2. On the vCenter Servers tab, click Add and provide the vCenter Server settings.

• On the View Composer Settings page, if you are not using View Composer, select Do not use View Composer.
  If you select Do not use View Composer, the other View Composer settings become inactive. When you click Next, the Add vCenter Server wizard displays the Storage Settings page. The View Composer Domains page is not displayed.
• If you are using View Composer, select the location of the View Composer host.

 

4. Click Next to display the View Composer Domains page.

From <https://docs.vmware.com/en/VMware-Horizon-7/7.5/horizon-administration/GUID-F20397F5-A0A1-4DF1-A4FB-11F15E94331D.html>

• Configure View Composer Domains

Procedure

1. On the View Composer Domains page, click Add to add the View Composer user for AD operations account information.
2. Type the domain name of the Active Directory domain.
   For example: domain.com
3. Type the domain user name, including the domain name, of the View Composer user.
   For example: domain.com\admin
4. Type the account password.
5. Click OK.
6. To add domain user accounts with privileges in other Active Directory domains in which you deploy linked-clone pools, repeat the preceding steps.
7. Click Next to display the Storage Settings page.

From <https://docs.vmware.com/en/VMware-Horizon-7/7.5/horizon-administration/GUID-35A6A7F3-6C4E-4BE0-8A9B-77B7D8FA1B2D.html> 

• Configure and modify Horizon settings

• Configure the Events database settings

1. In View Administrator, select View Configuration > Event Configuration.
2. In the Event Database section, click Edit, enter the information in the fields provided, and click OK.

3. (Optional) In the Event Settings window, click Edit, change the length of time to show events and the number of days to classify events as new, and click OK.
   These settings pertain to the length of time the events are listed in the View Administrator interface. After this time, the events are only available in the historical database tables.
   The Database Configuration window displays the current configuration of the event database.

4. Select Monitoring > Events to verify that the connection to the event database is successful.
   If the connection is unsuccessful, and error message appears. If you are using SQL Express or if you are using a named instance of SQL Server, you might need to determine the correct port number, as mentioned in the prerequisites.

From <https://docs.vmware.com/en/VMware-Horizon-7/7.1/com.vmware.horizon-view.installation.doc/GUID-E04FDAC2-AD7B-4B09-B6E0-4A541646869B.html>

• Configure the Syslog server

In View Administrator, select View Configuration > Event Configuration.

(Optional) In the Syslog area, to configure View Connection Server to send events to a Syslog server, click Add next to Send to syslog servers, and supply the server name or IP address and the UDP port number.

(Optional) To enable View event log messages to be generated and stored in Syslog format, in log files, select the Log to file: Enable check box.
The log files are retained locally unless you specify a UNC path to a file share.

(Optional) To store the View event log messages on a file share, click Add next to Copy to location, and supply the UNC path to the file share and folder in which to store the log files, along with the user name, domain name, and password of an account that has permission to write to the file share.

From <https://docs.vmware.com/en/VMware-Horizon-7/7.1/com.vmware.horizon-view.installation.doc/GUID-429DBA6E-301C-4578-86FB-093755F64173.html> 

• Enable Horizon View Storage Accelerator

In vSphere 5.1 and later, you can configure ESXi hosts to cache virtual machine disk data. This feature, called View Storage Accelerator, uses the Content Based Read Cache (CBRC) feature in ESXi hosts. View Storage Accelerator improves Horizon 7 performance during I/O storms, which can take place when many virtual machines start up or run anti-virus scans at once. The feature is also beneficial when administrators or users load applications or data frequently. Instead of reading the entire OS or application from the storage system over and over, a host can read common data blocks from cache.

From <https://docs.vmware.com/en/VMware-Horizon-7/7.5/horizon-administration/GUID-77B22AC9-EF9F-4161-9856-88DADEE095DD.html>

1. In Horizon Administrator, complete the Add vCenter Server wizard pages that precede the Storage Settings page.

1. Select View Configuration > Servers.
2. On the vCenter Servers tab, click Add.
3. Complete the vCenter Server Information, View Composer Settings, and View Composer Domains pages.

• On the Storage Settings page, make sure that the Enable View Storage Accelerator check box is selected.
  This check box is selected by default.
• Specify a default host cache size.
  The default cache size applies to all ESXi hosts that are managed by this vCenter Server instance.
  The default value is 1,024MB. The cache size must be between 100MB and 2,048MB.
• To specify a different cache size for an individual ESXi host, select an ESXi host and click Edit cache size.

 

1. In the Host cache dialog box, check Override default host cache size.
2. Type a Host cache size value between 100MB and 2,048MB and click OK.

• On the Storage Settings page, click Next.
• Click Finish to add vCenter Server, View Composer, and Storage Settings to Horizon 7.

 

From <https://docs.vmware.com/en/VMware-Horizon-7/7.5/horizon-administration/GUID-77B22AC9-EF9F-4161-9856-88DADEE095DD.html> 

• Enable disk space reclamation

The following guidelines apply to the space reclamation feature:

• It operates only on space-efficient OS disks in linked clones.
• It does not affect View Composer persistent disks.
• It works only with vSphere 5.1 or later and only on virtual machines that are virtual hardware version 9 or later.
• It does not operate on full-clone desktops.
• It operates on virtual machines with SCSI controllers. IDE controllers are not supported.

Native NFS snapshot technology (VAAI) is not supported in pools that contain virtual machines with space-efficient disks

1. In Horizon Administrator, complete the Add vCenter Server wizard pages that precede the Storage Settings page.

1. Select View Configuration > Servers.
2. On the vCenter Servers tab, click Add.
3. Complete the vCenter Server Information, View Composer Settings, and View Composer Domains pages.

• On the Storage Settings page, make sure that Enable space reclamation is selected.
  Space reclamation is selected by default if you are performing a fresh installation of Horizon 7 5.2 or later. You must select Enable space reclamation if you are upgrading to Horizon 7 5.2 or later from Horizon 7 5.1 or an earlier release.

 

From <https://docs.vmware.com/en/VMware-Horizon-7/7.5/horizon-administration/GUID-F94492D8-AEC4-4AE4-A159-98EA216E2A28.html>

• Configure SSL

If you configure a new SSL certificate after you install View Composer, you must run the SviConfig ReplaceCertificate utility to replace the certificate that is bound to the port used by View Composer. This utility unbinds the existing certificate and binds the new certificate to the port.

About this task

If you install the new certificate on the Windows Server computer before you install View Composer, you do not have to run the SviConfig ReplaceCertificate utility. When you run the View Composer installer, you can select a certificate signed by a CA instead of the default, self-signed certificate. During the installation, the selected certificate is bound to the port used by View Composer.

If you intend to replace an existing certificate or the default, self-signed certificate with a new certificate, you must use the SviConfig ReplaceCertificate utility.

Prerequisites

Verify that the new certificate was imported into the Windows local computer certificate store on the Windows Server computer on which View Composer is installed.

Procedure

1. Stop the View Composer service.
2. Open a command prompt on the Windows Server host where View Composer is installed.
3. Navigate to the SviConfig executable file.
   The file is located with the View Composer application. The default path is C:\Program Files (x86)\VMware\VMware View Composer\sviconfig.exe.
4. Type the SviConfig ReplaceCertificate command.
   For example: 

   sviconfig -operation=ReplaceCertificate
             -delete=false
   where -delete is a required parameter that operates on the certificate that is being replaced. You must specify either -delete=true to delete the old certificate from the Windows local computer certificate store or -delete=false to keep the old certificate in the Windows certificate store.
   The utility displays a numbered list of SSL certificates that are available in the Windows local computer certificate store.

5. To select a certificate, type the number of a certificate and press Enter.
6. Restart the View Composer service to make your changes take effect.

From <https://docs.vmware.com/en/VMware-Horizon-7/7.4/horizon-installation/GUID-5ED2A8AB-0D5F-495F-B2F7-D7C64C7A021E.html> 

• Configure external URL settings

By default, a Connection Server or security server host can be contacted only by tunnel clients that reside within the same network. Tunnel clients that run outside of your network must use a client-resolvable URL to connect to a Connection Server or security server host.

When users connect to remote desktops with the PCoIP display protocol, Horizon Client can make a further connection to the PCoIP Secure Gateway on the Connection Server or security server host. To use the PCoIP Secure Gateway, a client system must have access to an IP address that allows the client to reach the Connection Server or security server host. You specify this IP address in the PCoIP external URL.

A third URL allows users to make secure connections through the Blast Secure Gateway.

The secure tunnel external URL, PCoIP external URL, and Blast external URL must be the addresses that client systems use to reach this host.

Note:

You cannot edit the external URLs for a security server that has not been upgraded to Connection Server 4.5 or later.

Procedure

1. In Horizon Administrator, select View Configuration > Servers.

2. Type the secure tunnel external URL in the External URL text box.
   The URL must contain the protocol, client-resolvable host name and port number.
   For example: https://view.example.com:443
   Note:
   You can use the IP address if you have to access a Connection Server instance or security server when the host name is not resolvable. However, the host that you contact will not match the SSL certificate that is configured for the Connection Server instance or security server, resulting in blocked access or access with reduced security.
3. Type the PCoIP Secure Gateway external URL in the PCoIP External URL text box.
   Specify the PCoIP external URL as an IP address with the port number 4172. Do not include a protocol name.
   For example: 10.20.30.40:4172
   The URL must contain the IP address and port number that a client system can use to reach this security server or Connection Server instance.
4. Type the Blast Secure Gateway external URL in the Blast External URL text box.
   The URL must contain the HTTPS protocol, client-resolvable host name, and port number.
   For example: https://myserver.example.com:8443
   By default, the URL includes the FQDN of the secure tunnel external URL and the default port number, 8443. The URL must contain the FQDN and port number that a client system can use to reach this host.
5. Verify that all addresses in this dialog allow client systems to reach this host.
6. Click OK to save your changes.

From <https://docs.vmware.com/en/VMware-Horizon-7/7.5/horizon-administration/GUID-37AA1915-2D51-48DA-AAD1-605542C24918.html> 

•  Differentiate virtual printing services and architecture

• Configure location==aware printing

Printer Settings for Location-Based Printing

Printer settings for location-based printers are retained after a user logs out or disconnects from the desktop. For example, a user might set a location-based printer to use black and white mode. After the user logs out and logs in to the desktop again, the location-based printer continues to use black and white mode.

To save printer settings across sessions in a published application, the user must select a location-based printer from the application’s print dialog box, right-click the selected printer, and select Printing Preferences. Printer settings are not saved if the user selects a printer and clicks the Preferences button in the application’s print dialog box.

Persistent settings for location-based printers are not supported if the settings are saved in the printer driver’s private space and not in the DEVMODE extended part of the printer driver, as recommended by Microsoft. To support persistent settings, deploy printers that have the settings saved in the DEVMODE part of the printer driver.

• Register the Location-Based Printing Group Policy DLL File
  Before you can configure the group policy setting for location-based printing, you must register the DLL file TPVMGPoACmap.dll. [Read more]
• Configure the Location-Based Printing Group Policy
  To set up location-based printing, you configure the AutoConnect Map Additional Printers for VMware View group policy setting. The group policy setting is a name translation table that maps printers to Horizon desktops. [Read more]
• Location-Based Printing Group Policy Setting Syntax
  You use the AutoConnect Map Additional Printers for VMware View group policy setting to map printers to remote desktops. [Read more]

From <https://docs.vmware.com/en/VMware-Horizon-7/7.6/horizon-remote-desktop-features/GUID-1EB46B6D-EBF7-499E-9AE1-D8253C9FB241.html> 

• Optimize User experience

• Configure the profile store for Persona management

1. Determine whether to use an existing Active Directory user profile path or configure a user profile repository on a network share.

2. Create a shared folder on a computer that your users can access from the guest operating systems on their desktops.
   If %username% is not part of the folder path that you configure, Horizon Persona Management appends %username%.%userdomain% to the path.
   For example: \\server.domain.com\VPRepository\%username%.%userdomain%
3. Set access permissions for the shared folders that contain user profiles.
   Caution:
   Make sure that access permissions are configured correctly. The incorrect configuration of access permissions on the shared folder is the most common cause of problems with Horizon Persona Management.

From <https://docs.vmware.com/en/VMware-Horizon-7/7.5/horizon-virtual-desktops/GUID-4D2B6E8D-FF52-4C9E-9F5C-B5BF824CE0ED.html>

• Configure HTML access

• On the Connection Server host, open the portal-links-html-access.properties file with a text editor.
  The location of this file is CommonAppDataFolder\VMware\VDM\portal\portal-links-html-access.properties. For Windows Server 2008 operating systems, the CommonAppDataFolder directory is C:\ProgramData. To display the C:\ProgramData folder in Windows Explorer, you must use the Folder Options dialog box to show hidden folders.
  If the portal-links-html-access.properties file does not exist and the oslinks.properties file does, open the <installation-directory>\VMware\VMware View\Server\broker\webapps\portal\WEB-INF\oslinks.properties file to modify the URLs to use for downloading specific installer files.
  Note:
  Customizations for Horizon 7 5.x and earlier releases resided in the portal-links.properties file, which is located in the same CommonAppDataFolder\VMware\VDM\portal\ directory as the portal-links-html-access.properties file.
• Edit the configuration properties to set them appropriately.
  By default, both the installer icon and the HTML Access icon are enabled and a link points to the client download page on the VMware Web site. To disable an icon, which removes the icon from the Web page, set the property to false.
  Note:
  The oslinks.properties file can only be used to configure the links to the specific installer files. It does not support the other options listed below.

• Option	Property Setting
  Disable HTML Access	enable.webclient=false If this option is set to false but the enable.download option is set to true, the user is taken to a Web page for downloading the native Horizon Client installer. If both options are set to false, the user sees the following message: “Contact your local administrator for instructions on accessing this Connection Server.”
  Disable downloading Horizon Client	enable.download=false If this option is set to false but the enable.webclient option is set to true, the user is taken to the HTML Access login Web page. If both options are set to false, the user sees the following message: “Contact your local administrator for instructions on accessing this Connection Server.”
  Change the URL of the Web page for downloading Horizon Client	link.download=https://url-of-web-server Use this property if you plan to create your own Web page.
  Create links for specific installers	The following examples show full URLs, but you can use relative URLs if you place the installer files in the downloads directory, which is under the C:\Program Files\VMware\VMware View\Server\broker\webapps\ directory on Connection Server, as described in the next step. General link to download installer:  link.download=https://server/downloads 32-bit Windows installer:  link.win32=https://server/downloads/VMware-Horizon-Client-x86-build#.exe 64-bit Windows installer:  link.win64=https://server/downloads/VMware-Horizon-Client-x86_64-build#.exe Windows Phone installer:  link.winmobile=https://server/downloads/VMware-Horizon-Client-build#.appx 32-bit Linux installer:  link.linux32=https://server/downloads/VMware-Horizon-Client-build#.x86.bundle 64-bit Linux installer:  link.linux64=https://server/downloads/VMware-Horizon-Client-build#.x64.bundle Mac OS X installer:  link.mac=https://server/downloads/VMware-Horizon-Client-build#.dmg iOS installer:  link.ios=https://server/downloads/VMware-Horizon-Client-iPhoneOS-build#.ipa Android installer:  link.android=https://server/downloads/VMware-Horizon-Client-AndroidOS-build#.apk Chrome OS installer:  link.chromeos=https://server/downloads/VMware-Horizon-Client-ChromeOS-build#.apk
  Change the URL for the Help link in the login page	link.help By default, this link points to a help system hosted on the VMware Web site. The Help link appears at the bottom of the login page.

• To have users download installers from a location other than the VMware Web site, place the installer files on the HTTP server where the installer files will reside.
  This location must correspond to the URLs you specified in the portal-links-html-access.properties file or the oslinks.properties file from the previous step. For example, to place the files in a downloadsdirectory on the Connection Server host, use the following path: 

  C:\Program Files\VMware\VMware View\Server\broker\webapps\downloads
  The links to the installer files could then use relative URLs with the format /downloads/client-installer-file-name.

• Restart the Horizon Web Component service.

From <https://docs.vmware.com/en/VMware-Horizon-HTML-Access/4.8/html-access-installation/GUID-10FAB7F4-D1AC-455F-8F99-3EDAF316E7AB.html>

• Describe protocol requirements

From <https://docs.vmware.com/en/VMware-Horizon-7/7.5/horizon-architecture-planning/GUID-6C7A534B-085C-4C64-94CE-EA3ABDDDF63F.html>

From <https://docs.vmware.com/en/VMware-Horizon-7/7.5/horizon-administration/GUID-5B4E2061-E798-4A58-BB58-0B6FCC63DFD8.html> 

• Locate ADM template files

Horizon 7 includes several component-specific group policy administrative (ADMX) template files.

All ADMX files that provide group policy settings for Horizon 7 are available in VMware-Horizon-Extras-

Bundle-x.x.x-yyyyyyy.zip, where x.x.x is the version and yyyyyyy is the build number. You can

download the file from the VMware Downloads site at https://my.vmware.com/web/vmware/downloads.

Under Desktop & End-User Computing, select the VMware Horizon 7 download, which includes the ZIP

file.

You can optimize and secure remote desktops by adding the policy settings in these files to a new or

• Explain GPO settings

I believe this is explained in the table above with the ADMX files

• Configure Flash quality and throttling
  1. In Horizon Administrator, select Catalog > Desktop Pools.
  2. Select a desktop pool and click Edit.
  3. On the Desktop Pool Settings tab, select a quality mode from the Adobe Flash quality menu and a throttling mode from the Adobe Flash throttling menu.
  4. Click OK.

From <https://docs.vmware.com/en/VMware-Horizon-7/7.6/horizon-virtual-desktops/GUID-CA203398-B7A5-4B81-9C77-E09F964D37DC.html> 

• Configure 3D rendering capabilities

When you create or edit a desktop pool of virtual machines, you can configure 3D graphics rendering for your desktops. Desktops can take advantage of Virtual Shared Graphics Acceleration (vSGA), Virtual Dedicated Graphics Acceleration (vDGA), or shared GPU hardware acceleration (NVIDIA GRID vGPU). vDGA and NVIDIA GRID vGPU are vSphere features that use physical graphics cards installed on the ESXi hosts and manage the graphics processing unit (GPU) resources among the virtual machines.

End users can take advantage of 3D applications for design, modeling, and multimedia, which typically require GPU hardware to perform well. For users that do not require physical GPU, a software option provides graphics enhancements that can support less demanding applications such as Windows AERO, Microsoft Office, and Google Earth. Following are brief descriptions of the 3D graphics options:

NVIDIA GRID vGPU (shared GPU hardware acceleration)

Available with vSphere 6.0 and later, this feature allows a physical GPU on an ESXi host to be shared among virtual machines. This feature offers flexible hardware-accelerated 3D profiles ranging from lightweight 3D task workers to high-end workstation graphics power users.

AMD Multiuser GPU using vDGA

Available with vSphere 6.0 and later, this feature allows multiple virtual machines to share an AMD GPU by making the GPU appear as multiple PCI passthrough devices. This feature offers flexible hardware-accelerated 3D profiles, ranging from lightweight 3D task workers to high-end workstation graphics power users.

Virtual Dedicated Graphics Acceleration (vDGA)

Available with vSphere 5.5 and later, this feature dedicates a single physical GPU on an ESXi host to a single virtual machine. Use this feature if you require high-end, hardware-accelerated workstation graphics.

Note:

Some Intel vDGA cards require a certain vSphere 6 version. See the VMware Hardware Compatibility List at http://www.vmware.com/resources/compatibility/search.php. Also, for Intel vDGA, the Intel integrated GPU is used rather than discrete GPUs, as is the case with other vendors.

Virtual Shared Graphics Acceleration (vSGA)

Available with vSphere 5.1 and later, this feature allows multiple virtual machines to share the physical GPUs on ESXi hosts. This feature is suitable for mid-range 3D design, modeling, and multimedia applications.

Soft 3D

Software-accelerated graphics, available with vSphere 5.0 and later, allows you to run DirectX 9 and OpenGL 2.1 applications without requiring a physical GPU. Use this feature for less demanding 3D applications such as Windows Aero themes, Microsoft Office 2010, and Google Earth.

Because NVIDIA GRID vGPU, AMD Multiuser GPU using vDGA, and all vDGA solutions use PCI pass-through on the ESXi host, live VMotion is not supported. vSGA and Soft 3D support live VMotion.

In some cases, if an application such as a video game or 3D benchmark forces the desktop to display in full screen resolution, the desktop session can be disconnected. Possible workarounds include setting the application to run in Windowed mode or matching the Horizon 7 session desktop resolution to the default resolution expected by the application.

From <https://docs.vmware.com/en/VMware-Horizon-7/7.3/horizon-virtual-desktops/GUID-CD8B9D0B-36DC-4C48-82D2-FCE10F71D48F.html>

• Configure virtual profile GPOs

Honestly Not Sure how this is different than profiles with persona management

• Secure the Horizon environment

• Import certificates

I believe this is covered above with Configure SSL

• Configure certificate==based authentication

Although there are additional steps, this is the high level. There are also steps to configure trust with endpoints and Gateways:

1. Add the Certificate Snap-In to MMC
   Before you can add certificates to the Windows Certificate Store, you must add the Certificate snap-in to the Microsoft Management Console (MMC) on the Windows Server host on which the Horizon 7server is installed. [Read more]
2. Import a Signed Server Certificate into a Windows Certificate Store
   You must import the TLS server certificate into the Windows local computer certificate store on the Windows Server host on which the Connection Server instance or security server service is installed. [Read more]
3. Modify the Certificate Friendly Name
   To configure a Connection Server instance or security server to recognize and use an TLS certificate, you must modify the certificate Friendly name to vdm. [Read more]
4. Import a Root Certificate and Intermediate Certificates into a Windows Certificate Store
   If the Windows Server host on which Connection Server is installed does not trust the root certificate for the signed TLS server certificate, you must import the root certificate into the Windows local computer certificate store. In addition, if the Connection Server host does not trust the root certificates of the TLS server certificates configured for security server, View Composer, and vCenter Server hosts, you also must import those root certificates. [Read more]
5. Bind a New TLS Certificate to the Port Used by View Composer
   If you configure a new TLS certificate after you install View Composer, you must run the SviConfig ReplaceCertificate utility to replace the certificate that is bound to the port used by View Composer. This utility unbinds the existing certificate and binds the new certificate to the port. [Read more]

From <https://docs.vmware.com/en/VMware-Horizon-7/7.5/horizon-installation/GUID-DB6480BA-3DA6-4891-A2B1-184E1443DF5A.html>

• Identify authentication requirements for RSA, Smart Cards, and RADIUS

For Smart Cards:

1. Obtain the Certificate Authority Certificates
   You must obtain all applicable CA (certificate authority) certificates for all trusted user certificates on the smart cards presented by your users and administrators. These certificates include root certificates and can include intermediate certificates if the user’s smart card certificate was issued by an intermediate certificate authority. [Read more]
2. Obtain the CA Certificate from Windows
   If you have a CA-signed user certificate or a smart card that contains one, and Windows trusts the root certificate, you can export the root certificate from Windows. If the issuer of the user certificate is an intermediate certificate authority, you can export that certificate. [Read more]
3. Add the CA Certificate to a Server Truststore File
   You must add root certificates, intermediate certificates, or both to a server truststore file for all users and administrators that you trust. Connection Server instances and security servers use this information to authenticate smart card users and administrators. [Read more]
4. Modify Horizon Connection Server Configuration Properties
   To enable smart card authentication, you must modify Connection Server configuration properties on your Connection Server or security server host. [Read more]
5. Configure Smart Card Settings in Horizon Administrator
   You can use Horizon Administrator to specify settings to accommodate different smart card authentication scenarios. [Read more]

From <https://docs.vmware.com/en/VMware-Horizon-7/7.6/horizon-administration/GUID-FA1A85D8-07B1-4140-A34B-7F20618083CE.html>

Prereqs for Radius and RSA:

Install and configure the two-factor authentication software, such as the RSA SecurID software or the RADIUS software, on an authentication manager server.

• For RSA SecurID authentication, export the sdconf.rec file for the Connection Server instance from RSA Authentication Manager. See the RSA Authentication Manager documentation.
• For RADIUS authentication, follow the vendor’s configuration documentation. Make a note of the RADIUS server’s host name or IP address, the port number on which it is listening for RADIUS authentication (usually 1812), the authentication type (PAP, CHAP, MS-CHAPv1, or MS-CHAPv2) and the shared secret. You will enter these values in Horizon Administrator. You can enter values for a primary and a secondary RADIUS authenticator.

From <https://docs.vmware.com/en/VMware-Horizon-7/7.6/horizon-administration/GUID-71458AA2-E2A2-43AC-85D1-35404AF09B79.html>

• Configure SAML authenticator

Prerequisites

• Verify that Workspace ONE, VMware Identity Manager, or a third-party gateway or load balancer is installed and configured. See the installation documentation for that product.
• Verify that the root certificate for the signing CA for the SAML server certificate is installed on the connection server host. VMware does not recommend that you configure SAML authenticators to use self-signed certificates. For information about certificate authentication, see the Horizon 7 Installation document.
• Make a note of the FQDN or IP address of the Workspace ONE server, VMware Identity Manager server, or external-facing load balancer.
• If you are using Workspace ONE or VMware Identity Manager, make a note of the URL of the connector Web interface.
• If you are creating an authenticator for Unified Access Gateway or a third-party appliance that requires you to generate SAML metadata and create a static authenticator, perform the procedure on the device to generate the SAML metadata, and then copy the metadata.

Procedure

1. In Horizon Administrator, select Configuration > Servers.
2. On the Connection Servers tab, select a server instance to associate with the SAML authenticator and click Edit.
3. On the Authentication tab, select a setting from the Delegation of authentication to VMware Horizon (SAML 2.0 Authenticator) drop-down menu to enable or disable the SAML authenticator.

You can configure each Connection Server instance in your deployment to have different SAML authentication settings, depending on your requirements.

4. Click Manage SAML Authenticators and click Add.
5. Configure the SAML authenticator in the Add SAML 2.0 Authenticator dialog box.

6. Click OK to save the SAML authenticator configuration.
   If you provided valid information, you must either accept the self-signed certificate (not recommended) or use a trusted certificate for Horizon 7 and VMware Identity Manager or the third-party device.
   The Manage SAML Authenticators dialog box displays the newly created authenticator.
7. In the System Health section on the Horizon Administrator dashboard, select Other components > SAML 2.0 Authenticators, select the SAML authenticator that you added, and verify the details.
   If the configuration is successful, the authenticator’s health is green. An authenticator’s health can display red if the certificate is untrusted, if VMware Identity Manager is unavailable, or if the metadata URL is invalid. If the certificate is untrusted, you might be able to click Verify to validate and accept the certificate.

From <https://docs.vmware.com/en/VMware-Horizon-7/7.6/horizon-administration/GUID-CC32E0E2-373A-4875-9452-45C2DE55B7E1.html>

• Configure default roles, custom roles, access groups and required permissions for RBAC (role based access control)

This is more of an in-depth topic

https://docs.vmware.com/en/VMware-Horizon-7/7.5/horizon-administration/GUID-42EBC37E-42B0-45E2-BFC9-800E02AE50E7.html

• Enable and configure a multi site/pod deployment

• Configure global entitlements

About this task

A global entitlement contains a list of member users or groups, a list of the pools that can provide desktops or applications for entitled users, and a set of policies. You can add both users and groups, only users, or only groups, to a global entitlement. You can add a particular pool to only one global entitlement.

Prerequisites

• Decide which type of global desktop entitlement to create, the users, groups, and pools to include in the global entitlement, and the scope of the global entitlement. See Entitling Users and Groups in the Pod Federation.
• Decide whether the global entitlement should use home sites. See Using Home Sites.
• Create the desktop or application pools to include in the global entitlement. For information about creating pools, see the Setting Up Virtual Desktops in Horizon 7 and Setting Up Published Desktops and Applications in Horizon 7 documents.
• Decide which users and groups to include in the global entitlement.
• Initialize the Cloud Pod Architecture feature. See Initialize the Cloud Pod Architecture Feature.

Procedure

1. Log in to the Horizon Administrator user interface for any Connection Server instance in the pod federation.
2. In Horizon Administrator, select Catalog > Global Entitlements and click Add.
3. Select the type of global entitlement to add and click Next.

4. Configure the global entitlement.

1. Type a name for the global entitlement in the Name text box.
   The name can contain between 1 and 64 characters. This is the name that appears in the list of available desktops and applications in Horizon Client for an entitled user.

2. (Optional) Type a description of the global entitlement in the Description text box.
   The description can contain between 1 and 1024 characters.

3. If you are configuring a global desktop entitlement, select a user assignment policy.
   The user assignment policy specifies the type of desktop pool that a global desktop entitlement can contain. You can select only one user assignment policy.

4. Select a scope policy for the global entitlement.
   The scope policy specifies where to look for desktops or applications to satisfy a request from the global entitlement. You can select only one scope policy.

5. (Optional) If users have home sites, configure a home site policy for the global entitlement.

6. (Optional) Use the Automatically clean up redundant sessions option to specify whether to automatically clean up redundant sessions.
   Note:
   This option is available only for floating desktop entitlements and global application entitlements.
   Multiple sessions can occur when a pod that contains a session goes offline, the user logs in again and starts another session, and the problem pod comes back online with the original session. When multiple sessions occur, Horizon Client prompts the user to select a session. This option determines what happens to sessions that the user does not select. If you do not select this option, users must manually end their own extra sessions, either by logging off in Horizon Client or by launching the sessions and logging them off.

7. Select the default display protocol for desktops or applications in the global entitlement and specify whether to allow users to override the default display protocol.
8. If you are configuring a global desktop entitlement, select whether to allow users to reset desktops in the global desktop entitlement.
9. Select whether to allow users to use the HTML Access feature to access desktops or applications in the global entitlement.
   With HTML Access, end users can use a Web browser to connect to remote desktops and applications and are not required to install any client software on their local systems.
10. Select whether to allow users to initiate separate desktop sessions from different client devices (multiple sessions per user policy).
    If you enable this setting, users that connect to the global entitlement from different client devices receive different desktop sessions. To reconnect to an existing desktop session, users must use the same device from which that session was initiated. If you do not enable this setting, users are always reconnected to their existing desktop sessions, regardless of the client device that they use. You can enable this setting only for floating desktop entitlements.
    Note:
    If you enable this setting, all of the desktop pools in the global entitlement must also support multiple sessions per user.

5. Click Next and add users or groups to the global entitlement.

1. Click Add, select one or more search criteria, and click Find to filter users or groups based on your search criteria.
   You can select the Unauthenticated Users check box to find and add unauthenticated access users to global application entitlements. You cannot add unauthenticated access users to global desktop entitlements. If you attempt to add an unauthenticated access user to a global desktop entitlement, Horizon Administrator returns an error message.
2. Select the user or group to add to the global entitlement and click OK.
   You can press the Ctrl and Shift keys to select multiple users and groups.

• Click Next, review the global entitlement configuration, and click Finish to create the global entitlement.
  The global entitlement appears on the Global Entitlements page.
• Select the pools that can provide desktops or applications for the users in the global entitlement you created.

 

1. Log in to the Horizon Administrator user interface for any Connection Server instance in the pod that contains the pool to add to the global entitlement.
2. In Horizon Administrator, select Catalog > Global Entitlements.
3. Double-click the global entitlement.
4. On the Local Pools tab, click Add, select the pools to add, and click Add.
   You can press the Ctrl and Shift keys to select multiple pools.
   Pools that are already associated with a global entitlement, or that do not meet the criteria for the policies you selected for the global entitlement, are not displayed. For example, if you enabled the HTML Access policy, you cannot select pools that do not allow HTML Access.
   Important:
   If you add multiple application pools to a global application entitlement, you must add the same application. For example, do not add Calculator and Microsoft Office PowerPoint to the same global application entitlement. If you add different applications to the same global application entitlement, entitled users might receive different applications at different times.
5. Repeat these steps on a Connection Server instance in each pod that contains a pool to add to the global entitlement.

Results

The Cloud Pod Architecture feature stores the global entitlement in the Global Data Layer, which replicates the global entitlement on every pod in the pod federation. When an entitled user uses Horizon Clientto connect to a Connection Server instance in the pod federation, the global entitlement name appears in the list of available desktops and applications.

Note:

If a Horizon administrator changes the pool-level display protocol or protocol override policy after a desktop pool is associated with a global desktop entitlement, users can receive a desktop launch error when they select the global desktop entitlement. If a Horizon administrator changes the pool-level virtual machine reset policy after a desktop pool is associated with the global desktop entitlement, users can receive an error if they try to reset the desktop.

From <https://docs.vmware.com/en/VMware-Horizon-7/7.1/com.vmware.horizon-view.cloudpodarchitecture.doc/GUID-B94E389D-B3F6-48CD-B74F-186E090F1061.html>

• Configure home sites

Prerequisites

• Decide whether to assign home sites to users or groups in your Cloud Pod Architecture environment. See Using Home Sites.
• Group the pods in your pod federation into sites. See Create and Configure a Site.
• Global entitlements do not use home sites by default. When creating a global entitlement, you must select the Use home site option to cause Horizon to use a user’s home site when allocating desktops from that global entitlement. See Create and Configure a Global Entitlement.
• Initialize the Cloud Pod Architecture feature. See Initialize the Cloud Pod Architecture Feature.

Procedure

1. Log in to the Horizon Administrator user interface for any Connection Server instance in the pod federation.
2. In Horizon Administrator, select Users and Groups and click the Home Site tab.
3. On the Home Site tab, click Add.
4. Select one or more search criteria and click Find to filter the users or groups based on your search criteria.
   You can select the Unauthenticated Users check box to find unauthenticated access users in the pod federation.
5. Select a user or group and click Next.
6. Select the home site to assign to the user or group from the Home Site drop-down menu and click Finish.

From <https://docs.vmware.com/en/VMware-Horizon-7/7.1/com.vmware.horizon-view.cloudpodarchitecture.doc/GUID-11BECE9B-CCE1-406E-BC88-4B122314E2CF.html>

• Configure user entitlements

About this task

User and group entitlements to Horizon Cloud resources are set in the Horizon Cloud tenant administrative interface and cannot be modified from the VMware Identity Manager administration console.

Prerequisites

To see the latest information, sync Horizon Cloud desktops and applications. You can force a sync by selecting Catalog > Manage Desktop Applications > Horizon Cloud to go to the Horizon Air Resources page, and clicking Sync Now.

Procedure

1. Log in to the VMware Identity Manager administration console.
2. View user and group entitlements to Horizon Cloud desktops and applications.

From <https://docs.vmware.com/en/VMware-Identity-Manager/2.9.1/com.vmware.wsp-resource_29/GUID-842852C3-B6E4-4CFB-A2CD-B9B9F8DAC6A1.html>  

Objective 1.4 – Analyze End User Requirements for Display Protocol Performance Knowledge

• Customize GPO settings requirements

• Minimize bandwidth

With Smart Policies, you can use the Bandwidth profile policy setting to configure a bandwidth profile for PCoIP or Blast sessions on remote desktops.

Bandwidth Profiles

From <https://docs.vmware.com/en/VMware-Horizon-7/7.4/horizon-remote-desktop-features/GUID-8AA01007-091F-4E44-B7C6-A48748631947.html>

• Optimize video performance and Reduce Audio Bandwidth

I combined the above two for a particular reason. In general these are both going to be handled by Registry settings. I think having an idea about the different settings that affect performance and bandwidth are probably sufficient. Here are a couple links where the various settings are mentioned.

https://docs.vmware.com/en/VMware-Horizon-7/7.5/horizon-remote-desktop-features/GUID-0AD7962F-22DC-4FC1-B31B-D48946BF1D47.html

https://docs.vmware.com/en/VMware-Horizon-7/7.5/horizon-remote-desktop-features/GUID-220442CF-EA01-470E-A381-1BED9BC0B81C.html

https://docs.vmware.com/en/VMware-Horizon-7/7.5/horizon-remote-desktop-features/GUID-6C22A209-AFC1-47EF-9DFF-39AFB38D655D.html

• Verify 3rd party performance tool integration

• Determine appropriate components needed for best performance

Objective 1.5 – Diagnose and solve issues related to connectivity between Horizon Server Components

• Collect and Review the Horizon logs and View Agent logs

From <https://docs.vmware.com/en/VMware-Horizon-7/7.3/horizon-security/GUID-79A2A422-AF18-41BC-B15F-0117DBB10CCC.html>

• Determine the Horizon configuration, pool level, farm level, user and group entitlements
• Troubleshoot issues related to account permissions

• Active Directory
• vCenter
• SQL
• Quickprep

• Verify trust relationships
• Troubleshoot issues between Horizon Server components

 

• Communication between components
• Replication of connection servers
• ODBC connections for Composer Database
• Video driver versions
• Component compatibility

Troubleshooting is always a weird thing to study for on tests. But there is a certain approach I have used to “troubleshooting” sections like this on other tests. That is to think about what kind of questions they can ask you.

This is sort of a different thing to think about so let me give an example.

It would be pretty much impossible for them to ask a question about troubleshooting a corrupted DB, or troubleshooting that one of your colleagues installed an particular AV product that broke everything.

If we approach it from what they Can reasonable ask about regarding information it comes down to a couple of things. What are things stated in the documents which would be reasons why a product wouldn’t work?

It pretty much just comes down to a few things:

• Prereqs and Requirements for a program

• If something isn’t working or not working properly, there is a decent chance it is missing one of the requirements listed in these documents

• Permissions
• Again, if a specific user or application does not have permissions to affect what it needs to, then things are going to not work correctly.

• Ports/Networking
• Lastly, if applications are not able to communicate properly, they will not work properly

With these things in mind while studying, I believe it is easy to pick out items that may be of more importance during an exam.