Release Notes for VMware Horizon 7 version 7.0.3
What's New in This Release
VMware Horizon 7 version 7.0.3 provides the following new features and enhancements:
Flash Redirection You can compile a black list to ensure that the URLs specified in the list will not be able to redirect Flash content. You must enable the GPO setting FlashMMRUrlListEnableType to use either a white list or black list.
Horizon Agent Policy Settings
The VMwareViewAgentCIT policy setting enables remote connections to Internet Explorer to use the Client's IP address instead of the IP address of the remote desktop machine.
The FlashMMRUrlListEnableType and FlashMMRUrlList policy settings specify and control the white list or black list that enables or disables the list of URLs from using Flash Redirection.
View PowerCLI is deprecated. Horizon PowerCLI replaces View PowerCLI and includes cmdlets that you can use with VMware PowerCLI.
For more information about Horizon PowerCLI cmdlets, read the VMware PowerCLI Cmdlets Reference.
For information on the API specifications to create advanced functions and scripts to use with Horizon PowerCLI, see the View API Reference at the VMware Developer Center
For more information on sample scripts that you can use to create your own Horizon PowerCLI scripts, see the Horizon PowerCLI community on GitHub.
Horizon 7 for Linux desktops enhancements
Audio input support
Ubuntu 16.04 support
Software H.264 Encoder to support multiple monitors
Clipboard redirection support on all distributions
vGPU support with NVIDIA M6 graphics card on RHEL 6.6/6.7/6.8/7.2 Workstation x64
Multiple monitors supported with H.264 hardware decoding The H.264 hardware decoding feature, which previously supported only a single monitor, is now enhanced to support multiple monitors.
Remote Desktop Operating System The following remote desktop operating systems are supported:
Windows 10 version 1607 Long-Term Servicing Branch (LTSB)
Windows Server 2016
View Persona Management
View Persona Management supports guest operating systems that use the "v6" version of the user profile.
You can use the migration tool to migrate the "v2" and "v5" user profiles versions to the "v6" user profile version. The tool is installed with the Persona binary file
Important note about installing VMware View Composer
If you plan to install or upgrade View Composer 7.0.2, you must upgrade the Microsoft .NET framework to version 4.6.1. Otherwise, the installation will fail.
Important note about installing VMware Tools If you plan to install a version of VMware Tools downloaded from VMware Product Downloads, rather than the default version provided with vSphere, make sure that the VMware Tools version is supported. To determine which VMware Tools versions are supported, go to the VMware Product Interoperability Matrix, select the solution VMware Horizon View and the version, then select VMware Tools (downloadable only).
If you want to install Horizon Composer silently, see the VMware Knowledge Base (KB) article 2148204, Microsoft Windows Installer Command-Line Options for Horizon Composer.
The Horizon 7 release includes new configuration requirements that differ from some earlier releases. See the README document. This short overview can help you to avoid potential pitfalls when you install or upgrade to this release. The View Upgrades document provides upgrade instructions.
If you intend to upgrade a pre-6.2 installation of View, and the Connection Server, security server, or View Composer server uses the self-signed certificate that was installed by default, you must remove the existing self-signed certificate before you perform the upgrade. Connections might not work if the existing self-signed certificates remain in place. During an upgrade, the installer does not replace any existing certificate. Removing the old self-signed certificate ensures that a new certificate is installed. The self-signed certificate in this release has a longer RSA key (2048 bits instead of 1024) and a stronger signature (SHA-256 with RSA instead of SHA-1 with RSA) than in pre-6.2 releases. Note that self-signed certificates are insecure and should be replaced by CA-signed certificates as soon as possible, and that SHA-1 certificates are no longer considered secure and should be replaced by SHA-2 certificates. Do not remove CA-signed certificates that were installed for production use, as recommended by VMware. CA-signed certificates will continue to work after you upgrade to this release.
To take advantage of Horizon 7 features such as Virtual SAN 6.1, GRID vGPU, and Virtual Volumes, install vSphere 6.0 and subsequent patch releases.
When you upgrade to this release, upgrade all View Connection Server instances in a pod before you begin upgrading View Agent, as described in the View Upgrades document.
The download page in this release includes a Horizon View HTML Access Direct-Connection file that provides web server static content for supporting HTML Access with View Agent Direct-Connection (VADC). For information about setting up HTML Access for VADC, see Setting Up HTML Access in the View Agent Direct-Connection Plug-in Administration document.
Selecting the Scanner Redirection setup option with Horizon Agent installation can significantly affect the host consolidation ratio. To ensure the optimal host consolidation, make sure that the Scanner Redirection setup option is only selected for those users who need it. (By default, the Scanner Redirection option is not selected when you install Horizon Agent.) For the particular users who need the Scanner Redirection feature, configure a separate desktop pool and select the setup option only in that pool.
Horizon 7 uses only TLSv1.1 and TLSv1.2. In FIPS mode, it uses only TLSv1.2. You might not be able to connect to vSphere unless you apply vSphere patches. For information about re-enabling TLSv1.0, see Enable TLSv1 on vCenter Connections from Connection Server and Enable TLSv1 on vCenter and ESXi Connections from View Composer in the View Upgrade document.
FIPS mode is not supported on releases earlier than 6.2. If you enable FIPS mode in Windows and upgrade Horizon Composer or Horizon Agent from a release earlier than 6.2 to 7.0.3, the FIPS mode option is not shown. You must do a fresh install instead to install Horizon 7.0.3 in FIPS mode.
Linux desktops use port 22443 for the VMware Blast display protocol.
With Horizon 7.0.1, Linux desktop is switched from unmanaged virtual machine to vCenter managed virtual machine. Horizon Connection Server 7.0.1 and vCenter are mandatory requirements for Linux desktop 7.0.1 deployment. For Linux desktop deployment of 7.0.0 and earlier, which are unmanaged virtual machine deployment, there are two options:
Upgrade to 7.0.1 and retain the unmanaged virtual machine. This upgrade does not require any configuration modifications in Horizon Connection Server.
Upgrade to 7.0.1 and convert to managed virtual machine. This upgrade requires desktop pool creation in Horizon Connection Server. Horizon Connection Server 7.0.1 and vCenter are mandatory requirements.
The View Administrator user interface, View Administrator online help, and Horizon 7 product documentation are available in Japanese, French, German, simplified Chinese, traditional Chinese, and Korean. For the documentation, see the Documentation Center for VMware Horizon 7.
Top of Page
For the supported guest operating systems for Horizon Agent on single-user machines and RDS hosts, see Supported Operating Systems for Horizon Agent in the View Installation document.
If you use Horizon 7 servers with a version of View Agent older than 6.2, you will need to enable TLSv1.0 for PCoIP connections. View Agent versions that are older than 6.2 support the security protocol TLSv1.0 only for PCoIP. Horizon 7 servers, including connection servers and security servers, have TLSv1.0 disabled by default. You can enable TLSv1.0 for PCoIP connections on these servers by following the instructions in VMware Knowledge Base (KB) article 2130798, Configure security protocols for PCoIP for Horizon 6 version 6.2 and later, and Horizon Client 3.5 and later.
For the supported Linux guest operating systems for Horizon Agent, see System Requirements for Horizon 7 for Linux in the Setting Up Horizon 7 for Linux Desktops document.
For the supported operating systems for View Connection Server, security server, and View Composer, see System Requirements for Server Components in the View Installation document.
Horizon 7 functionality is enhanced by an updated set of Horizon Clients provided with this release. For example, Horizon Client 4.0 or later is required for VMware Blast Extreme connections. See the VMware Horizon Clients Documentation page for information about supported Horizon Clients.
The instant clones feature requires vSphere 6.0 Update 1 or later.
Windows 7 and Windows 10 are supported for instant clones, but not Windows 8 or Windows 8.1.
See the VMware Product Interoperability Matrix for information about the compatibility of Horizon 7 with current and previous versions of vSphere.
For the supported Active Directory Domain Services (AD DS) domain functional levels, see Preparing Active Directory in the View Installation document.
For more system requirements, such as the supported browsers for View Administrator and View Portal, see the View Installation document.
RC4, SSLv3, and TLSv1.0 are disabled by default in View components, in accordance with RFC 7465, "Prohibiting RC4 Cipher Suites," RFC 7568, "Deprecating Secure Sockets Layer Version 3.0," PCI-DSS 3.1, "Payment Card Industry (PCI) Data Security Standard", and SP800-52r1, "Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations." If you need to re-enable RC4, SSLv3, or TLSv1.0 on a View Connection Server, security server, View Composer, or Horizon Agent machine, see Older Protocols and Ciphers Disabled in View in the View Security document.
If a PCoIP Secure Gateway (PSG) has been deployed for PCoIP connections, zero client firmware must be version 4.0 or later.
When using Client Drive Redirection (CDR), deploy Horizon Client 3.5 or later and View Agent 6.2 or later to ensure that CDR data is sent over an encrypted virtual channel from an external client device to the PCoIP security server and from the security server to the remote desktop. If you deploy earlier versions of Horizon Client or View Agent, external connections to the PCoIP security server are encrypted, but within the corporate network, the data is sent from the security server to the remote desktop without encryption. You can disable CDR by configuring a Microsoft Remote Desktop Services group policy setting in Active Directory. For details, see Managing Access to Client Drive Redirection in the Setting Up Desktop and Application Pools in View document.
The USB Redirection setup option in the Horizon Agent installer is deselected by default. You must select this option to install the USB redirection feature. For guidance on using USB redirection securely, see Deploying USB Devices in a Secure View Environment in the View Security document.
The Global Policy, Multimedia redirection (MMR), defaults to Deny. To use MMR, you must open View Administrator, edit Global Policies, and explicitly set this value to Allow. To control access to MMR, you can enable or disable the Multimedia redirection (MMR) policy globally or for an individual pool or user. Multimedia Redirection (MMR) data is sent across the network without application-based encryption and might contain sensitive data, depending on the content being redirected. To ensure that this data cannot be monitored on the network, use MMR only on a secure network.
Before you set the level of Transparent Page Sharing (TPS) in View Administrator, VMware recommends that the security implications be understood. For guidance, see the VMware Knowledge Base (KB) article 2080735, Security considerations and disallowing inter-Virtual Machine Transparent Page Sharing.
To use View Storage Accelerator in a vSphere 5.5 or later environment, a desktop virtual machine must be 512GB or smaller. View Storage Accelerator is disabled on virtual machines that are larger than 512GB. Virtual machine size is defined by the total VMDK capacity. For example, one VMDK file might be 512GB or a set of VMDK files might total 512GB. This requirement also applies to virtual machines that were created in an earlier vSphere release and upgraded to vSphere 5.5.
Horizon 7 does not support vSphere Flash Read Cache (formerly known as vFlash).
In Horizon (with View) version 6.0 and later releases, the View PowerCLI cmdlets Get-TerminalServer, Add-TerminalServerPool, and Update-TerminalServerPool have been deprecated.
Screen DMA is disabled by default in virtual machines that are created in vSphere 6.0 and later. View requires screen DMA to be enabled. If screen DMA is disabled, users see a black screen when they connect to the remote desktop. When Horizon 7 provisions a desktop pool, it automatically enables screen DMA for all vCenter Server-managed virtual machines in the pool. However, if Horizon Agent is installed in a virtual machine in unmanaged mode (VDM_VC_MANAGED_AGENT=0), screen DMA is not enabled. For information about manually enabling screen DMA, see VMware Knowledge Base (KB) article 2144475, Manually enabling screen DMA in a virtual machine.
Supported Windows 10 Operating Systems
Horizon 7 version 7.0.3 supports the following Windows 10 operating systems:
Windows 10 version 1507 (RTM) Long-Term Servicing Branch (LTSB)
Windows 10 version 1511 Current Business Branch (CBB)
Windows 10 version 1607 Long-Term Servicing Branch (LTSB)
Windows 10 version 1607 Current Branch (CB) as a tech preview feature. Note: Microsoft treats the Current Branch as a development pilot branch and can issue periodic updates to this branch.
For more information on upgrade requirements for Windows 10 operating systems, see VMware Knowledge Base (KB) article 2148176, Upgrade Requirements for Windows 10 Operating Systems here.
Top of Page
Prior Releases of View
Features that were introduced in prior releases of View are described in the release notes for each release, along with existing known issues.
When the current user is logged in, the Horizon Client on a Windows 8.1 operating system takes 15 seconds to connect to the Horizon Connection Server.
A remote desktop fails in rare cases because the PCoIP server has an incorrect IPv6 address for an IPv4 environment when the virtual machine is configured for both the IPv6 and IPv4 environments but uses only the IPv4 environment.
When you use the Cloud Pod Architecture feature to access a desktop from another pod, the value of the Security Gateway field does not get populated in the Desktop Pool, Session, and Users and Groups tabs.
View Persona Management does not support any guest operating system that uses the "v6" version of the user profile.
In Horizon 7 version 7.0.x, the Horizon Agent ignores the value for the maximum frame rate registry setting.
Horizon Administrator performance decreases when you browse or import user data disks from the vCenter server to the Horizon Connection Server.
Horizon Administrator fails to enforce the maximum number of virtual machines in a desktop pool when a virtual machine gets stuck in a delete operation.
During a Horizon 7.0.2 Horizon Agent Hot Patch deployment, an internal error message appears when you try to upgrade the remote desktop agent that has USB components installed.
When you upgrade View Agent 6.1.1 to View Agent 6.2.x on an RDS host running on Windows Server 2012 or 2012 R2, the upgrade fails with an "Internal Error 25030" message.
On rare occassions, initializing Cloud Pod Architecture on any Horizon Connection Server in a pod federation fails and the Horizon Administrator displays the error "no Global instance can be found".
There is no alphabetic or any other type of order for the OU and CN structures when you create linked-clone desktop pools in Horizon Administrator.
In the Horizon 7 environment, each client has to wait for two minutes to connect to the desktop, which is in a suspended state