You create a Virtual Desktop Infrastructure (VDI) workload domain using the SDDC Manager Dashboard. When you create a VDI workload domain, the SDDC Manager deploys the components from the VMware Horizon product that are necessary for the VDI infrastructure to deliver network-based virtual desktops, based on your specifications. You can also create and save VDI workload domain configurations.
When you create and deploy a VDI workload domain, SDDC Manager reserves the necessary hardware capacity and deploys the VMware software stack appropriate to provision the necessary components for a VDI environment. The creation workflow is a two-step process:
- SDDC Manager first runs the VI workload domain creation workflow, to create a virtual infrastructure (VI) environment. For a description of VI workload domains and the VMware SDDC software that makes up a virtual infrastructure environment, see Create a Virtual Infrastructure Workload Domain. The VI workload domain is sized based on the parameters you enter in the VDI workload domain creation wizard, such as the number of virtual desktops, the amount of vCPU and memory, and the persistence type for the desktops.
- Then using that base VI environment, the creation workflow deploys and configures the additional VMware software needed for a VDI environment. The additional VMware software that supports the VDI environment on top of the base virtual infrastructure includes View Connection Server, View Agent, View Administrator, View Composer, and the various client applications used for accessing the virtual desktops. When you specify the App Volumes choice in the configuration wizard, the VMware App Volumes™ software is also configured in the VDI environment and the VMware App Volumes agent is installed in the deployed virtual desktops as part of the VDI environment creation process.
Verify that you meet the following prerequisites before starting the process.
- Your OVA file hardware must be version 11 or later.
- You must provide the ISO image for a 64-bit Windows Server 2012 R2 Volume License (VL) Edition operating system. You will upload the ISO image in one of the wizard's steps. The creation workflow creates a virtual machine and installs this Windows Server operating system into it, and then installs View Connection Server software into the Windows Server operating system.
The Windows Server 2012 R2 VL edition that is supported for use in this release is:
Note: The Essentials and Foundation editions are not supported for use in a VDI workload domain because the View software that underlies the VDI environment does not support those editions.
- You must provide a valid VL license key for that ISO image. You must test this license in advance and enter it carefully. The VDI workload domain deployment process does not check the validity of the key.
Caution: If you enter a key that is not a VL key valid for use for the 64-bit Windows Server 2012 R2 Volume License (VL) Standard Edition or Datacenter Edition ISO, the VDI workload domain creation process will fail part way through and you will have to delete the partially created workload domain.
- When you are using the Deploy Desktops option in the wizard, instead of the Reserve Resources option, you must provide a Windows 7, Windows 8, or Windows 10 operating system in the form of an OVA file and the Windows installation in the OVA must be prepared with specific criteria to ensure that SDDC Manager can successfully deploy and manage the virtual desktops. Ensure your OVA file has been prepared according to the criteria and steps described in Prepare the OVA for the Virtual Desktops.
- When you are selecting the Persistence Type option to have full clones instead of linked clones, the VDI environment creation process does not customize the virtual desktops. This behavior is by design from the View infrastructure software that underlies the VDI infrastructure. In the case of full clones, the desktops that the wizard creates are only copies of the OVA template that you upload in the wizard, and if you want customized full clones, you must implement the customization script in the Windows installation used for the OVA template and customize the virtual desktop the way you want it before generating the OVA file. See Prepare the OVA for the Virtual Desktops.
- In the VDI workload domain creation wizard, you are prompted to enter networking information for a data center network or you can select pre-configured information from a drop-down list. During the VDI workload domain creation workflow, the SDDC Manager places the virtual desktops on this network and configures the network to carry traffic between this Cloud Foundation system and the environment external to the system. Prior to starting the VDI workload domain creation wizard, contact your organization's Data Center Network Administrator to determine the correct vlan ID, subnet, subnet, mask, default gateway, and DNS server information to use for this VDI environment's data center network.
Your Data Center Network administrator must ensure that the settings for the data center network provide for secure traffic and is routable outside the Cloud Foundation system. Your Data Center Network administrator must also ensure that this Cloud Foundation system's public management network is able to communicate with that secure data center network. Otherwise, the VDI workload domain creation workflow will fail. Your Cloud Foundation system's management network must be able to communicate with that secure data center network to provision and manage the VDI environment. This management network's information is specified during the Cloud Foundation bring-up process. By the time you are creating VDI workload domains, the management network is already configured.
As you proceed through the VDI workload domain creation wizard, instead of entering new data center networking information, you can select from one of the existing unused data center configurations previously entered using the SDDC Manager Dashboard. To see the existing data center network configurations and any workload domains they are already associated with, use the Settings page's Data Center screen. See Data Center Screen.
To review the details of already configured networks, navigate to Download button in the IP Allocations area to download a CSV file containing the details.and use the
- Additionally, when you are selecting the Connect from anywhere option, the data center network must be securely routable to your company's demilitarized zone (DMZ), which will be used for creating a network in the Cloud Foundation. When you select the Connect from anywhere option, you are specifying that users can access their virtual desktops over the Internet using their View clients. When the VDI environment is configured and ready for use, those View clients must be proxied through View Security servers that are placed within your company's demilitarized zone (DMZ) so that the View clients can reach the routable network in your Cloud Foundation system and the virtual desktops within.
- If you plan to use the External option for the Active Directory configuration, you must:
- Have the information for your organization's Microsoft Active Directory domain and whether it requires use of secure LDAP (LDAPS). With the External option, your existing Active Directory infrastructure is used for the VDI infrastructure's Active Directory requirements.
- Verify that your DHCP is installed and reachable by broadcast from the Data Center network configuration you select in the wizard. The virtual desktops must be able to reach that DHCP.
- Have the following items set up in your Active Directory in advance:
- An Organizational Unit (OU) in your Active Directory where the VDI infrastructure's servers will be created.
- An Organizational Unit (OU) where the virtual desktops will be created. This OU can be the same as the OU for the VDI infrastructure's servers.
- A user account with read-write access to those two OUs.
- A user account that will be used to add View Composer servers in the VDI infrastructure. This View Service account is a user account that is used to authenticate when accessing View Composer servers from View Connection servers. This user account must have the permissions required by the VMware Horizon software components that provision the VDI infrastructure. The key permissions needed are Create Computer Objects, Delete Computer Objects, and Write All Properties permissions, including permissions that are assigned by default (List Contents, Read All Properties, Read Permissions, Reset Password). For more details about the account requirements on the user account for View Composer AD operations, see the relatedVMware Horizon version 7.2 documentation at https://docs.vmware.com/en/VMware-Horizon-7/7.2/com.vmware.horizon-view.installation.doc/GUID-3446495C-FEC8-425C-AFF8-A6CAABA5E973.html.
- If you plan to use the Implement App Volumes option and the Active Directory External option together, you must create a group in your Active Directory whose members will be the App Volumes administrator accounts. This group must be created in your Active Directory in advance of running the VDI workload domain creation process. You enter this group name in the wizard.
- If you plan to the Implement App Volumes option and the Active Directory Internal option together, the process creates a group named AppVolumesAdmins automatically in the auto-generated Active Directory. However no members are added. As a result, when the VDI workload domain creation process is completed, you must log in to the created Active Directory using the Active Directory administrator account and add members to the AppVolumesAdmins group. Until you add members to the AppVolumesAdmins group, no one will be able to log in to App Volumes.
What to do next
- If you selected the Implement App Volumes option and the Active Directory External option together, and your Active Directory domain controllers are configured with TLS certificates for secure LDAP connections, you should configure the deployed App Volumes Manager instance to use secure connection port 636.
- If you selected the Implement App Volumes option and the Active Directory Internal option together, you must log in to the created Active Directory using the Active Directory administrator account and add members to the AppVolumesAdmins group. The process creates a group named AppVolumesAdmins automatically in the auto-generated Active Directory, but does not add members to the group. Until you add members to the AppVolumesAdmins group, no one will be able to log in to App Volumes.
- If you selected to have full clones and the Active Directory Internal option together, you must manually join the created full clones to the created internal Active Directory domain.