Category: Horizon

Omnissa Horizon 2412 is finally GA 🙂

Most of all rebranding is done, the only thing who will be changed in a future release is the ADAM domains : vdi.vmware.int and vdiglobal.vmware.int

What’s New

Horizon Server

• Rebranding to Omnissa.
• Administrators can now configure a custom port for the admin console, moving away from the default port 443.
• Administrators can use Horizon Console or Horizon REST API to move published applications between farms.
• Configure reconnection behavior for published applications launched in nested mode.
• Horizon Connection Server enhances pool management performance by ensuring tasks no longer get stuck and allowing VDIs in maintenance status to resync properly.
• Introduced a new LDAP setting (pae-ic-SysprepDomainJoinEnabled) for customers having multi-site and multi-domain environments s to leverage Microsoft Sysprep guest customization to perform domain join to avoid instant clone customization errors.
• Horizon 2412 now includes the “Required Encryption Assertion” option for SAML Authenticators. The UI has been updated to feature a checkbox in the Add/Edit SAML Authenticator flows.
• vCloud Director Support – Limited Availability.
• Horizon 8 on Amazon WorkSpaces Core now supports FIPS (Federal Information Processing Standard) 140-2 compliant algorithms.
• Monitor Connection Server health & Utilization for cloud-connected POD(s)/Edge(s) in WS1-intelligence Reports and Dashboards.
• Use the Amazon WorkSpaces Windows Server 2019 or 2022 Public BYOP Bundle with Horizon 8.
• Administrators can now specify the idle timeout to automatically suspend a machine when configuring a dedicated Power Optimized pool.
• A Horizon 8 pod residing outside of Amazon can now be configured to use Amazon WorkSpaces Core for desktop compute.
• Horizon 8 on WorkSpaces Core administrators are now able to update the Bundle in use by a Power Optimized pool through the Horizon console.
• Following the divestiture of Omnissa from Broadcom, this release introduces a new license module for term and perpetual licenses. To activate Horizon 8 2412 with a term or perpetual license, customers must install the new Omnissa Horizon license key, which can be obtained from the Customer Connect portal.
• Horizon will now persist the Frame Rate Limiter parameter (pciPassthru0.cfg.frl_config) from snapshot to the instant clones. Administrators can increase this value for graphics intensive applications.
• Horizon 2412 now enhances the Horizon Lifecycle Management APIs by implementing additional pre-checks for installation and upgrade of Horizon Connection Servers.
• Support for Dual IDP Metadata in Horizon Connection Server.
• Beginning with this release, the 15-day grace period for subscription licenses has been discontinued. You must reactivate your subscription license every 90 days to use the full capabilities of Horizon 8.
• Horizon 8 on WorkSpaces Core now supports Manual Farms, Multi-session Hosts, and Published Desktops and Applications with Windows Server 2019 and 2022.
• Administrators can now monitor the local and global schema master (FSMO) availability for Connection Servers before attempting upgrades, and ensure that upgrade tasks no longer get stuck or failed due to schema master unavailability.
• Horizon Connection Server now supports dual IDP metadata files, enabling seamless updates and uninterrupted authentication.

Horizon Agent

• Rebranding to Omnissa.
• Configure the reconnection behavior for published applications launched in nested mode. For more information, see Omnissa Knowledge Base (KB) article 80509.
•  Administrators can use Horizon Console or Horizon REST API to move published applications between farms.
• Administrators now have an option to terminate active sessions while performing restart and shutdown operations on virtual machines.
• Horizon Agent is supported on Windows 11 2024 Update (also known as Windows 11, version 24H2).
• Starting with this release, user domain information is now collected and sent to Omnissa Intelligence when you have enabled the Horizon Agent Monitoring Service (hzMonService) to monitor Horizon Agent on Windows desktops and your deployment is integrated with Horizon Cloud Service – next-gen.
• Starting with this release, additional metrics for Horizon Blast protocol are sent to Omnissa Intelligence when you have enabled the Horizon Agent Monitoring Service (hzMonService) to monitor Horizon Agent on Windows desktops and your deployment is integrated with Horizon Cloud Service – next-gen
• This release adds support for SUSE 15 SP6. Debian 11.11, and Debian 12.7.
• This release drops support for SUSE 15 SP4 and Debian 10.13.
• With improved startup performance, Linux desktops take less time to start up and become available.
• Screen Sharing Support for Chrome and Edge C in Browser Content Redirection.
• Browser Content Redirection From Linux Desktops.
• Hide the Horizon Chrome Client After Launch.
• Individual Application Sharing on Linux Endpoints.

Horizon Server, Agent

• Release Note Link

https://docs.omnissa.com/bundle/horizon8-rnV2412/page/Horizon8-ReleaseNotes.html

• Documentation Link

https://docs.omnissa.com/category/Horizon_8

• Download Link

https://customerconnect.omnissa.com/downloads/info/slug/desktop_end_user_computing/omnissa_horizon/2412

Some time it happens that Connection Server Monitoring Service appears to be failed (but it worked before) and we see a lot of restart attempts.

There’s many reason for this to happen (like proxy error etc..) but I personally first try this workaround and it worked all the times :

1 – SSH to Horizon Cloud Connector using ccadmin and then do a su – to login as root
2 – Go to /opt/container-data/data/csms/store/keep
3 – Do a copy of csms-config.json to csms-config.json.bak
4 – Edit csms-config.json

# su -
# cd /opt/container-data/data/csms/store/keep
# cp csms-config.json csms-config.json.bak
# vi csms-config.json

5 – change cmsTenantConfig to : null and set lifeCycle to : “PAIR”

{
  "baseConfig" : {
    "version" : "1",
    "csmsIdentity" : "038eeb6a-159c-4ee5-89d0-xxxxxxxxxxxx",
    "salt" : "df3e8624-2478-4d6f-bd94-xxxxxxxxxxxxx",
    "keyLength" : 128
  },
  "cmsTenantConfig" : null,
  "applianceConfig" : {
    "podType" : "VIEW",
    "podCapacityType" : "GENERAL",
    "podId" : "4cfd1101-1f73-4691-aa39-xxxxxxxxxxxx",
    "podName" : "Cluster-HZN-01",
    "podLocationJson" : "{\"p\":[43.29695,5.38107],\"id\":\"b32f5cf4-7413-4877-92c4-xxxxxxxxxxxxx\",\"n\":\"Marseille, France\"}"
  },
  "lifeCycleConfig" : {
    "lifeCycle" : "PAIR",
    "lastUpdateTimestamp" : 1668683604710
  }
}

6 – restart csms :

# kubectl get pod -n cms-system
NAME                   READY   STATUS    RESTARTS   AGE
csms-79df9554f-jcprn   1/1     Running   0          27m
# kubectl delete pods -n cms-system csms-79df9554f-jcprn

After a few minutes, it should be green again… if not open a ticket 🙂

Well, this procedure is in the documentation, but I put it here so I can access it more quickly.

You need to do this when you have to use SmartCard or Certificate through UAG as an example.

Procedure

1. Start the ADSI Edit utility on your Connection Server host.
2. In the console tree, select Connect to.
3. In the Select or type a Distinguished Name or Naming Context text box, type the distinguished name DC=vdi, DC=vmware, DC=int.
4. In the Computer pane, select or type localhost:389 or the fully qualified domain name (FQDN) of the Connection Server host followed by port 389.For example: localhost:389 or mycomputer.example.com:389
5. Expand the ADSI Edit tree, expand OU=Properties, select OU=Global, and double-click CN=Common in the right pane.
6. In the Properties dialog box, edit the pae-NameValuePair attribute to add the following values:.

• cs-samlencryptionkeyvaliditydays=number-of-days
• cs-samlsigningkeyvaliditydays=number-of-days

In this example, number-of-days is the number of days that can elapse before a remote Connection Server stops accepting SAML assertions. After this period of time, the process of exchanging SAML metadata must be repeated

One year ago I posted a feature request for one of my customer who require to deploy Instant Clone VM on many Active Directory domain without Trust Relationship within each other and with the domain used by the Horizon Connection Server, so what was my surprise when I received the Announcing General Availability of Horizon Enterprise 2103 and saw this feature is now available 🙂