Connect VMware Horizon 7.7 Connection Server to vCenter Server

0

As we have already covered, configuring the Horizon Connection Server and the Horizon Composer server (if using Linked Clones) are two of the first essential steps in configuring a VMware Horizon environment. However, getting the Connection Server connected to your VMware vSphere vCenter Server is also a critical part of the process. Making the connection to the vCenter Server allows Horizon to talk to the vSphere environment and allows provisioning virtual machines, etc. Let’s take a quick look at how to connect VMware Horizon 7.7 Connection Server to vCenter Server and see how this is easily accomplished.

VMware Horizon 7.7 Connection Server considerations connecting to vCenter

There are a few things to consider when connecting the VMware Horizon 7.7 Connection Server to vCenter Server. These include:

  • User Accounts
  • Certificates

Before connecting vCenter Server as well as the Composer Server to a Horizon 7 environment, VMware recommends that you use certificates that are signed by a trusted certificate authority or CA. A few points along these lines from the VMware Horizon 7.7 Installation guide:

  • If you install vCenter Server and View Composer on the same Windows Server host, they can use the same TLS certificate, but you must configure the certificate separately for each component.
  • When client endpoints connect to a Connection Server instance or security server, they are presented with the server’s TLS server certificate and any intermediate certificates in the trust chain. To trust the server certificate, the client systems must have installed the root certificate of the signing CA.
  • When Connection Server communicates with vCenter Server and View Composer, Connection Server is presented with TLS server certificates and intermediate certificates from these servers. To trust the vCenter Server and View Composer servers, the Connection Server computer must have installed the root certificate of the signing CA.
  • In the Horizon Administrator dashboard, you can configure Horizon 7 to trust a vCenter Server or View Composer certificate that is  untrusted.
  • VMware strongly recommends that you configure vCenter Server and View Composer to use TLS certificates that are signed by a CA.  Alternatively, you can accept the thumbprint of the default certificate
    for vCenter Server or View Composer.

Connect VMware Horizon 7.7 Connection Server to vCenter Server

Let’s take a look at a few screenshots of adding a vCenter Server connection to the Horizon 7.7 Connection Server.

Beginning-the-process-to-add-a-vCenter-Server-to-the-Horizon-7.7-Connection-Server-environment Connect VMware Horizon 7.7 Connection Server to vCenter Server
Beginning the process to add a vCenter Server to the Horizon 7.7 Connection Server environment

Below, straight from the VMware Horizon 7.7 installation guide, the privileges required of the user that is used to make the vCenter Server connection is shown.

vCenter-Server-privileges-required-for-user-making-vCenter-Server-connection-in-the-Horizon-7.7-Connection-Server Connect VMware Horizon 7.7 Connection Server to vCenter Server
vCenter Server privileges required for user making vCenter Server connection in the Horizon 7.7 Connection Server

Notice, the VMware Cloud on AWS integration with Horizon 7.7 Connection Server during the Add vCenter Server wizard.

The-Add-vCenter-Server-wizard-begins-on-the-Horizon-7.7-Connection-Server Connect VMware Horizon 7.7 Connection Server to vCenter Server
The Add vCenter Server wizard begins on the Horizon 7.7 Connection Server

VMware recommends that you use a trusted certificate authority. For my lab purposes I am simply using the self-signed certificates on the boxes. As you can see, this will result in the Invalid Certificate Detected during the wizard when making the vCenter Server connection. You will need to View Certificate and Accept the certificate as shown in the next screen.

Invalid-certificate-detected-on-the-vCenter-Server-View-Certificate Connect VMware Horizon 7.7 Connection Server to vCenter Server
Invalid certificate detected on the vCenter Server – View Certificate

After clicking the View Certificate button, you will see the thumbprint for the certificate and be required to Accept the certificate before proceeding.

Viewing-the-certificate-information-on-the-vCenter-Server-and-Accepting-the-self-signed-certificate-on-the-Horizon-7.7-Connection-Server Connect VMware Horizon 7.7 Connection Server to vCenter Server
Viewing the certificate information on the vCenter Server and Accepting the self-signed certificate on the Horizon 7.7 Connection Server

Next, you will be presented with the configuration of the Composer Server settings. You will have the options:

  • Do not use View Composer
  • View Composer co-installed with vCenter Server
  • Standalone View Composer Server

I am using a standalone Composer Server, so I am moving forward with this option. If you use the standalone option, you need to provide the server address, user name, password, and port (which you can use default here that is populated).

Configuring-the-View-Composer-settings-in-the-Add-vCenter-Server-wizard-on-the-Horizon-7.7-Connection-Server Connect VMware Horizon 7.7 Connection Server to vCenter Server
Configuring the View Composer settings in the Add vCenter Server wizard on the Horizon 7.7 Connection Server

As is the case with the vCenter Server, the composer Server has only a self-signed certificate, so if used, you will see the Invalid Certificate Detected warning here as well. You will have to click the View Certificate and Accept the certificate the same as with the vCenter Server connection.

Invalid-certificate-detected-on-the-Horizon-7.7-Composer-Server Connect VMware Horizon 7.7 Connection Server to vCenter Server
Invalid certificate detected on the Horizon 7.7 Composer Server

Viewing the Composer Server certificate and accepting it for use.

Accepting-the-self-signed-certificate-on-the-Horizon-7.7-Composer-Server Connect VMware Horizon 7.7 Connection Server to vCenter Server
Accepting the self-signed certificate on the Horizon 7.7 Composer Server

Adding the View Composer Domain is the process of making a connection to the Windows Active Directory domain that will house the cloned desktops that are provisioned.

Adding-the-View-Composer-Windows-domain Connect VMware Horizon 7.7 Connection Server to vCenter Server
Adding the View Composer Windows domain

Administrators that have OU Administrator privileges in Active Directory can provision linked-clone desktops without domain administrator privileges. If you change administrator credentials in Active Directory, you must also update the credential information in View Composer.

Domain-credentials-used-to-connect-to-the-Windows-Active-Directory-domain Connect VMware Horizon 7.7 Connection Server to vCenter Server
Domain credentials used to connect to the Windows Active Directory domain

On the Storage Settings screen, you can confirm VM space reclamation and other storage settings to enhance performance and capacity.

Configuring-the-storage-settings-in-the-add-vCenter-Server-wizard Connect VMware Horizon 7.7 Connection Server to vCenter Server
Configuring the storage settings in the add vCenter Server wizard

The Add vCenter Server wizard is ready to complete. All of the settings are configured, and we simply need to click Finish on the wizard.

Ready-to-complete-the-Add-vCenter-Server-wizard Connect VMware Horizon 7.7 Connection Server to vCenter Server
Ready to complete the Add vCenter Server wizard

Below, the configured connection has been established to the vCenter Server.

The-connection-to-the-vCenter-Server-from-Horizon-7.7-Connection-Server-has-been-established Connect VMware Horizon 7.7 Connection Server to vCenter Server
The connection to the vCenter Server from Horizon 7.7 Connection Server has been established

Takeaways

The process to Connect VMware Horizon 7.7 Connection Server to vCenter Server is easily accomplished in the Horizon Administrator console with an easy wizardized process. As mentioned there are several considerations that should be made before making the connection. Make sure to provision the needed certificates for the Horizon environment. As mentioned, VMware recommends as best practice to always use a trusted certificate on the vCenter and Composer servers as this helps to alleviate errors and any other undesirable behavior. In the lab environment here, we have simply used the self-signed certificates to make the connection. As shown, you will need to accept the certificate thumbprints for both the vCenter Server and the Composer server if you are using a standalone Composer server. Additional considerations include the user accounts that are provisioned for the vCenter connection as well as the Active Directory connection. It can be habit to simply use a domain administrator account, however, this is not desirable from a security perspective. The privileges for each are well documented by VMware. Stay tuned for further VMware Horizon 7.7 posts in 2019!