A few weeks back, VMware announced a release of VMware Horizon 8 2203, their latest update of VMware Horizon, desktop and app virtualization and delivery platform (four last digits mean month and year, that’s how new releases are labeled). As usual, new release has a few interesting options, but Release Notes hardly cover it all. Today we are going to take a look at the seven most handy and interesting enhancements to describe them more broadly.
Let’s Get Started!
Most companies take care of the confidentiality of their documents, especially those a lot of remote users have access to. The same goes for screenshots. In Horizon 8, you can add watermarks to documents while printing for the purposes of confidentiality and protection of intellectual property.
These functions are realized via the new version of Horizon Agent and work for the following scenarios:
- Published apps & virtual desktop pool apps
- Virtual desktops and RDS hosts
- Nested mode
- Multiple monitor mode
- Primary session when users work in a collaborative session mode
Admins can set the following watermark parameters via the group policies:
- Text & color
- Image location
- Border color
The watermark is usually black with the white border color by default.
In Horizon 2203, you can set the watermark within a virtual desktop session. It looks something like this:
The watermarks are also now integrated with VMware Integrated Printing (VIP) Universal Printing Driver (UPD) solutions. There’s also a separate tab in the console now where admins can set text overlaying on the printed documents:
2. VMware Horizon key logger blocker
Lately, a lot of companies have been shifting to remote working, including the use of virtual desktops under the management of corporate policies. This means an inevitable risk of malware attack on the end devices. Precisely, one of those risks is catching a keylogger on the host device of a user. By recording a user’s keyboard interactions and device activity, this software can easily steal passwords or other confidential information.
The very possibility of blocking keyloggers is hardly news because it has already been introduced in Horizon client for Mac 2111. However, it became fully accessible for Windows clients only lately, starting with version 2203. With this option, admins will have centralized access to managing GPO which apply to the VMs that are being accessed. The recording of keyboard interactions from the side of an app is blocked instantly while connecting.
Agent configuration policy is referred to as Key Logger Blocking. When it is enabled in the host system, keylogging malware simply cannot record keyboard activity during the log-in, which is illustrated in this video below:
3. Enhanced security with VMware Horizon Recording
A lot of Horizon admins are well aware of the existence of the Horizon Session Recording utility. It is now called VMware Horizon Recording as a part of Horizon, starting with the 2111 release.
This utility is meant to record user sessions and activity in virtual desktops and apps. Thanks to Session Recoding, a Horizon admin can redirect screen session records for a given period to the central server to play them in the HTML5 console. The session itself is open for downloading as an MP4 file.
The Horizon Session Recording consists of two components:
- Central Recording Repository and its web front-end
- Virtual desktop agent or RDSH host to record a session.
Utility configuration allows following parameters:
- Record local sessions (recording sessions in the local network, not external gateway).
- Record Remote Sessions (recoding external gateway sessions)
- Days to retain
- Upload Chunk Size (MB).
- Minimum Duration (seconds)
- Conversion Delay (time required to convert the recording to MP4).
Take a look at how this works:
4. Horizon Clients: New Features
Here we won’t be listing a one distinct option. Instead, let’s just look at some new capabilities relating directly to virtual desktop infrastructure and apps based on varying platforms and clients:
- Microsoft Teams support is not limited to Windows or Mac but also includes Chrome clients and HTML Access.
- Screen control transfer support for Microsoft Teams: now users can hand over screen control to other users of VDI and RDSH sessions. This option is available for Windows and Mac.
- Shutting down USB redirection only for selected devices (such as webcam or voice recorder) using such parameters as release number, vendor, and product ID. Available on Windows, Linux, Mac, and Chrome.
- Increased performance and decreased channel usage by Blast codec.
- Independence of client and agent versions. Usually, they must correspond to each other to work properly. Now one or two versions difference is acceptable. This gives more space to test the infrastructure while upgrading.
- URL Content Redirection support for Chrome. From now on, you can freely redirect the content from the client machine to the remote desktop or published app (client-to-agent redirection). It works vice versa just as well efficiently (agent-to-client redirection).
5. Windows optimization for virtual environments
Windows OS Optimization Tool for VMware Horizon utility must be well-known to lots of admins. It was already available on VMware Labs. The purpose of this utility is the preparation of the guest OS for deployment and tuning the registry for performance optimization. It is also responsible for shutting down unnecessary services or scheduled tasks.
Starting from the 2111 release, this utility has officially become a part of the VMware Horizon platform. It is responsible for the Standard Image optimization, removing unnecessary stuff from Windows for desktops to work faster. Now it supports Windows 11 and Windows Server 2022.
Before being integrated into Horizon, the whole code was completely ported to be used in production and entirely rewritten according to the VMware standards.
6. Storing users’ profiles with Microsoft OneDrive for Business
VMware Dynamic Environment Manager (DEM) is now integrated with the Microsoft OneDrive for Business services, thereby allowing to store users’ profiles in their own OneDrive storages. It gives enough flexibility to operate the profile directly from the cloud without using the SMB resources of the company.
You’ll need to set the federation of on-premises Active Directory with Azure AD to secure silent authentication with OneDrive for Business. You can select the integration settings with OneDrive via group policies in Group Policy Management Editor.
Check out to this video to find out how you do it:
7. Improved troubleshooting with the Events Filtering feature
Every activity within the Horizon infrastructure goes straight to the database. In Horizon 2111 release, you can pick and choose whatever you need with Horizon Console: customized Time Period, Severity, Module, etc. Now there is no need to make a specified query to access the database. Thanks to the embedded functionality, you can get any info you require in just a few seconds.
Now, this short review has come to an end. In fact, every release has a handful of simple and useful updates, too numerous to list all. So, if you want more details, it is better to check the original Release Notes. Also, new and improved features of Horizon On-Demand Apps haven’t been listed, since we’ve already talked about that (nevertheless, it is still probably the most influential novelty of the latest releases).