As we have already covered, configuring the Horizon Connection Server and the Horizon Composer server (if using Linked Clones) are two of the first essential steps in configuring a VMware Horizon environment. However, getting the Connection Server connected to your VMware vSphere vCenter Server is also a critical part of the process. Making the connection to the vCenter Server allows Horizon to talk to the vSphere environment and allows provisioning virtual machines, etc. Let’s take a quick look at how to connect VMware Horizon 7.7 Connection Server to vCenter Server and see how this is easily accomplished.
VMware Horizon 7.7 Connection Server considerations connecting to vCenter
There are a few things to consider when connecting the VMware Horizon 7.7 Connection Server to vCenter Server. These include:
- User Accounts
Before connecting vCenter Server as well as the Composer Server to a Horizon 7 environment, VMware recommends that you use certificates that are signed by a trusted certificate authority or CA. A few points along these lines from the VMware Horizon 7.7 Installation guide:
- If you install vCenter Server and View Composer on the same Windows Server host, they can use the same TLS certificate, but you must configure the certificate separately for each component.
- When client endpoints connect to a Connection Server instance or security server, they are presented with the server’s TLS server certificate and any intermediate certificates in the trust chain. To trust the server certificate, the client systems must have installed the root certificate of the signing CA.
- When Connection Server communicates with vCenter Server and View Composer, Connection Server is presented with TLS server certificates and intermediate certificates from these servers. To trust the vCenter Server and View Composer servers, the Connection Server computer must have installed the root certificate of the signing CA.
- In the Horizon Administrator dashboard, you can configure Horizon 7 to trust a vCenter Server or View Composer certificate that is untrusted.
- VMware strongly recommends that you configure vCenter Server and View Composer to use TLS certificates that are signed by a CA. Alternatively, you can accept the thumbprint of the default certificate
for vCenter Server or View Composer.
Connect VMware Horizon 7.7 Connection Server to vCenter Server
Let’s take a look at a few screenshots of adding a vCenter Server connection to the Horizon 7.7 Connection Server.
Below, straight from the VMware Horizon 7.7 installation guide, the privileges required of the user that is used to make the vCenter Server connection is shown.
Notice, the VMware Cloud on AWS integration with Horizon 7.7 Connection Server during the Add vCenter Server wizard.
VMware recommends that you use a trusted certificate authority. For my lab purposes I am simply using the self-signed certificates on the boxes. As you can see, this will result in the Invalid Certificate Detected during the wizard when making the vCenter Server connection. You will need to View Certificate and Accept the certificate as shown in the next screen.
After clicking the View Certificate button, you will see the thumbprint for the certificate and be required to Accept the certificate before proceeding.
Next, you will be presented with the configuration of the Composer Server settings. You will have the options:
- Do not use View Composer
- View Composer co-installed with vCenter Server
- Standalone View Composer Server
I am using a standalone Composer Server, so I am moving forward with this option. If you use the standalone option, you need to provide the server address, user name, password, and port (which you can use default here that is populated).
As is the case with the vCenter Server, the composer Server has only a self-signed certificate, so if used, you will see the Invalid Certificate Detected warning here as well. You will have to click the View Certificate and Accept the certificate the same as with the vCenter Server connection.
Viewing the Composer Server certificate and accepting it for use.
Adding the View Composer Domain is the process of making a connection to the Windows Active Directory domain that will house the cloned desktops that are provisioned.
Administrators that have OU Administrator privileges in Active Directory can provision linked-clone desktops without domain administrator privileges. If you change administrator credentials in Active Directory, you must also update the credential information in View Composer.
On the Storage Settings screen, you can confirm VM space reclamation and other storage settings to enhance performance and capacity.
The Add vCenter Server wizard is ready to complete. All of the settings are configured, and we simply need to click Finish on the wizard.
Below, the configured connection has been established to the vCenter Server.
The process to Connect VMware Horizon 7.7 Connection Server to vCenter Server is easily accomplished in the Horizon Administrator console with an easy wizardized process. As mentioned there are several considerations that should be made before making the connection. Make sure to provision the needed certificates for the Horizon environment. As mentioned, VMware recommends as best practice to always use a trusted certificate on the vCenter and Composer servers as this helps to alleviate errors and any other undesirable behavior. In the lab environment here, we have simply used the self-signed certificates to make the connection. As shown, you will need to accept the certificate thumbprints for both the vCenter Server and the Composer server if you are using a standalone Composer server. Additional considerations include the user accounts that are provisioned for the vCenter connection as well as the Active Directory connection. It can be habit to simply use a domain administrator account, however, this is not desirable from a security perspective. The privileges for each are well documented by VMware. Stay tuned for further VMware Horizon 7.7 posts in 2019!