Create a VMware Horizon View self signed certificate with makecert

With the command line Windows utility “makecert.exe” it is possible to create quickly a self-signed (private) certificate that can be used with VMware Horizon View. Makecert is part of the Windows Software Deployment Kit (SDK)for Windows 7 and 8.  Below are the steps outlined to create a self-signed certificate using makecert.

  • The SDK can be downloaded here, link. Install the SDK and choose as feature to install “Windows Software Deployment”.
  • After the installation copy the makecert.* utility to the VMware View Connection server
  • Open a elevated command prompt
  • Create the self-signed root certificate, command: makecert -pe -n “CN=ViewRootCA” -ss root -sr LocalMachine -sky signature -r “ViewRootCA.cer”

image

  • Open certlm.msc and go to “Trusted Root Certification Authorities” and verify if the root certificate generated with makecert.exe exist. The root certificate can copied to all the servers and View Clients. If the clients are domain joined a Group Policy can be used to distribute the root certificate. More information can be found here, link.

image

  • Create a new self-signed certificate, command: makecert -pe -n “CN=viewcon02.beerens.local,cn=viewcon02” -ss my -sr LocalMachine -sky exchange -in “ViewRootCA” -is root -ir LocalMachine -sp “Microsoft RSA SChannel Cryptographic Provider” -sy 12 viewcon02.cer

image

  • The certificate is added to the personal store of the local computer

image

  • Change the Friendly name of the newly created self-signed certificate to: vdm
  • Remove the already existing self-signed certificate

image

  • Restart the VMware View Connection Server service
  • In the System Health dashboard the Connection Server system health gets green

image

What’s new in VMware Horizon 6

VMware Horizon 6 has been today announced. VMware Horizon 6 has five major enhancements:

  • Cloud Pod Architecture.
  • Remote Desktop Session Host (RDS) Hosted Apps
  • Virtual SAN
  • Application Catalog
  • vCops for View 6

Here is an overview picture of the Horizon 6 architecture:

image

 

Cloud Pod Architecture

In version 5 Horizon View supports 10.000 desktops in a Pod.  If you need to to have more or than 10.000 desktops or needed to span a datacenter another Pod was needed.  With the Cloud Pod Architecture the following improvements has been made :

  • Enable Horizon deployments across multiple datacenters
  • New data layer replication across all Horizon Connection Servers (such as pool configurations and user entitlements).
  • Support single namespace for end users with a global URL
  • Global entitlement layer to assign and manage desktops and users

image

Benefits:

  • Scale Horizon View deployments to multiple datacenter above 10.000 desktops
  • Support Active/Active and DR use case of Horizon deployments
  • Support geo-reaming users

 

Maximums of the Cloud Pod Architecture

Description Number
Number of sites (datacenters) 2
Number of Pods 4
Number of users/desktops (sessions) 20.000

 

The Horizon 6 View infrastructure servers supports Windows Server 2012 R2 as Operating System.

 

RDS Hosted Apps

Prior Horizon 6 VMware only offers a VDI desktops. With RDS Hosted Apps in Horizon 6, VMware offers access to applications and full desktops running on Microsoft Remote Desktop Services Hosts with the PCoIP and Blast protocol. The RDS apps are available to the Horizon View broker.

Benefits

  • Windows 2008 and 2012 Microsoft Remote Desktop Services Hosts are supported
  • Seamless local look, feel and interaction for users
  • Works with Windows and Non-Windows devices such as Windows XP, Windows 7 and Windows 8 desktops, laptops and thin clients, iOS and Android tablets and Mac OSX. A client for Linux will be available soon

In the View clients the full desktops and RDSH applications looks as follows:

image

Virtual SAN for Horizon View Desktops

In Horizon View 5.3.1 support for VSAN was added. It was available as separate product. Now in Horizon 6 VSAN is added for free in the Horizon 6 Advanced and Enterprise Edition!

image 

Application Catalog

The Application Catalog offers a unified workspace for applications. One portal to for all applications (Local ThinApps, Citrix XenApp, SAAS and Remote Apps) from different devices.

image

The Application Catalog key themes are:

  • XenApp integration in the Application catalog
  • ThinApp package delivery on any Windows desktop
  • Office 365 and non-SAML web apps
  • Improved resource management & categorization
  • Seamless integration with Horizon View

The application catalog  has multi-forest Active Directory support and can be easily customized by changing logos, login prompt, application launchers, backgrounds etc.

image 

vCops for View 6

vCenter Operations Manager for View 6 has the following new improvements:

  • Horizon 6 support
  • 25K concurrent users per instance
  • Single integrated console for all vCOPs support environments (desktop, server etc)
  • Application & In Guest Metrics. Drill down to the process level for key resource consumption per user and application

image 

Licenses

Horizon 6 has three new editions available:

  • Horizon View Standard Edition: Delivers simple, high-performance VDI-based virtual desktops with a great user experience
  • Horizon Advanced Edition: Offers the lowest cost solution for virtual desktop and application management, optimized storage with VMware Virtual SAN, image management and a unified workspace that supports hosted desktops and applications.
  • Horizon Enterprise Edition: Delivers a cloud-ready solution for virtual desktops and applications with advanced cloud automation and management capabilities for hybrid cloud flexibility.

More information can be found on the pricing page, link .

The Horizon 6 enhancements are a big step for the End-User Computing (EUC) market!

More information:

  • VMware Horizon 6 Technical Overview link
  • Horizon View 6.0 Integration with VMware Virtual SAN link
  • VMware Horizon FAQ link

Install a wildcard certificate on a VMware Horizon View Security Server

On a View Security Server I needed to change the default self signed certificate to a signed wildcard certificate. The customer had a wildcard certificate that didn’t include the private key. A certificate that include the private key is a requirement for a VMware View Security server.

If you have the certificate (*.cer or *.crt) and private key (*.key), convert it to a PCKS#12 (PFX) format before you import the certificate.  To create a certificate that include the private key I used the following steps:

  • Download and install OpenSSL and Visual C++ 2008 Redistributables. Link
  • The install directory of OpenSSL is: C:\OpenSSL-Win64\
  • Place the certificate (*.cer or *.crt) and private key (*.key) file in the C:\OpenSSL-Win64\bin directory directory
  • Open a command prompt and set the environment variable: Set OPENSSL_CONF=c:\OpenSLL-Win64\bin\openssl.cfg
  • Create another environment variable: Set RANDFILE = .rnd
  • Generate a PCKS#12 (PFX) keystore file from the private key and certificate file. Syntax example:  OpenSSL.exe pkcs12 –export -out newcertificatename.pfx –inkey privatekey.key –in certificate.crt

image

  • Enter the password for the certificate

The next step is to Import the certificate on the security server:

  • Open the MMC on the Security Server and add the Certifcates snap-in
  • In the Windows local computer store import the generated P12 certificate
  • Type the password for the private key
  • Make sure the certificate is exportable
  • Change the friendly name to “vdm” and make sure that the friendly name of the self signed certificate is changed to something else
  • Restart the View Connection Security service

image

The new wildcard certificate has a private key and is trusted in the VMware View client and on the View Administrator page.

image image

More information about certificates can be found in the Obtaining SSL Certificates for VMware Horizon View Servers. Link