#VMware #Horizon App Volumes: Hints (for Performance and Packaging)

Two weeks ago I had the pleasure to spent 4 days on problematic Applications within an App Volumes environment of a customer. The best thing that can happen to me as an infrastructure guy is to work on building AppStack with guys who know how to package and therefore troubleshoot those applications. Bringing together the knowledge from multiple domains helped us to fix the problems that we had so far with App Volumes.

Common issues we have been faced with:

  1. During the AppStack provisioning process an Application was not able to get installed
  2. (Crappy) Applications put user-data-files into C:\Windows
  3. Start-Up Performance of applications was really really slow (factor 20x slower)
  4. A mounted AppStack leads to a repair of Office-components

One of the common problems I have seen with App Volumes in the past. The infrastructure can be designed and delivered by an Infrastructure guy -> As soon as we talk about applications. We or more correct the organization that is planning to create AppStacks needs application packaging expertise.

So let’s make it quick. I will give you some hints how some of your problems might get solved.

Read more

Using #VMware’s Unified Access Gateway (UAG) for internal #Horizon 7 connections – Design Discussion

Over the last months I gathered more and more experience about VMware’s secure Linux appliance  that allows secure access to a virtual Desktop (and more) over an unsecure network (e.g.) the Internet: Unified Access Gateway (UAG).

Keep in mind the UAG is not just a replacement for the old Windows based Security Sever, it is also  offering much more functionality (Edge Services for Airwatch / Workspace One, reverse proxy, 2nd-factor authentication integration, etc.).

There might be use cases where we want to design our horizon environment in a way that we use the UAGs not just for external unsecure access, but internally as well.

Examples:

  • Offering access to internal users coming from a not so trust-worthy site/location (including a second-factor authentication for those users). // Access restricted via Firewalls/ACLs
  • Constraints to always use tunneled connections (because of network-simplicity or security constraints).

Read more

Lenzker’s #VMware #Horizon Guide (Implementation): Restrict Internet Access To Specific Users

Sometimes I really love the #vCommunity – Just kidding: I love them all of the time. I was confronted with a scenario where only certain users of a Horizon environment should be allowed to access their own Desktop via the Internet.

In general you have certain options to do some kind of restrictions:

  • Using Tags on the Connection Server and Create Desktop Pools that only allow the usage by Users coming from a tagged Connection Server
  • Using VMware vIDM (Identity Manager) and create conditonal access rules. This will work, but will also create some new overhead to implement vIDM in a high-available fashion.

Fortuneatly the EUC-Champion Slack Community came up with another idea I haven’t really heard about before (The feature was introduced with Horizon 7). Thx Sven and Joe for your help here.

Read more