Horizon Air 15.3.2 Release Notes

|

Updated on: 14 NOV 2017

VMware Horizon Air | 30 JUL 2015 

Check for additions and updates to these release notes.

Links to release notes for other versions (* indicates DaaS Agent): 15.3.3 | 16.6 | 16.6.1 | 16.6.2* | 16.11 | 16.11.1 | 16.11.2* | 17.1 | 17.1.1 | 17.2

What's in the Release Notes

The release notes cover the following topics:

New Features

This release of Horizon DaaS provides the following new functionality.

New Horizon Air Administration Console 

The 15.3.2 release includes the new Horizon Air administration console. The console provides a streamlined experience and makes your DaaS system faster and easier to use for image management, desktop and application setup, user entitlement, and system status monitoring.

The console is divided into four parts:

  • Monitor – View user and system activities.
  • Assignments – Configure pools of RDSH applications, dedicated and floating VDI desktops, and RDSH session desktops. Assignments are a bundling of desktop model, pool type, image or applications, and user entitlements.
  • Inventory – View desktop model allocation and available capacity, manage images (previously known as gold patterns), and view RDSH application catalog.
  • Settings – Currently under construction. When complete, this module will be used to update account information such as domain registration, active directory, two-factor authentications, and general settings. At this time, you must log into the Enterprise Center console to make settings changes and access any functionality that does not yet exist in the new administration console.

Integration With Access Point Gateway

Beginning in release 15.3.2, customers must upgrade their remote access gateway from the dtRAM appliance to Access Point. Note the following:

  • With this upgrade, you can reduce your firewall open ports to 443, 4172 and 8443. 
  • A certificate for Blast will no longer be required inside the virtual desktop for Access Point connections for remote access.  
  • Desktop certificates are still required for Blast for internal access not via Access Point
  • Access via native RDP (using a Remote Desktop Client) is no longer possible. RDP access is still possible via Horizon (View) Client.
  • dtRAM access is no longer supported in Horizon Air 15.3.2.

For information on setting up Access Point, contact your customer service representative.

HTML Access (Blast) Support for RDSH Applications

Launching RDSH applications is supported in HTML Access 3.4

To enable this functionality:

  1. In the Enterprise Center, select configuration > general.
  2. Select the check box under HTML Access for RDSH Remote Applications and click Save.
  3. Click OK in the informational dialog box to confirm the action.

Note the following:

  • Horizon View Agent 6.1.1 and the View Agent Direct-Connection (VADC) Plug-In 6.1.1 must be installed on the desktops. 

    Note: When you enable HTML Access for RDSH applications in Enterprise Center as described below, users may experience issues connecting to VMs running older versions of the View Agent via Blast.

  • Access Point 2.0 remote access gateway must be deployed (confirm with your Service Provider).
  • This functionality does not work for iOS or Android. 
  • There is currently a known issue with this feature. See item DT-8595 under Known Issues below for more information.

Client Drive Redirection 

Users running View Agent 6.1.1 or later and Horizon Client version 3.4 or later can now share folders and drives on their Windows client systems with remote desktops and applications.

Microsoft Windows 10 Support 

You can use Windows 10 by creating a desktop Windows 8 image and installing the Windows 10 operating system.

System Requirements for Windows 10:

  • Horizon View 6.1.1 is required. 

Known Issues and Limitations for Windows 10

  • Persona Management functionality will not be available initially (a fix for this should be released later in 2015).
  • View RDP launch will not be available initially (a fix for this should be released later in 2015). In the meantime, you can enable it by setting the following regedit value to 0:
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp] "SecurityLayer”=0
  • Known issue regarding sysprep failure (see DT-9064 below)

Floating Desktop Refresh Rate

Floating desktop refresh functionality has been enhanced to enable greater concurrency. This will lead to a substantial increase in speed, particularly when refreshing large desktop pools (or assignments in the new administration console).

JDK Update

The Oracle (Sun) JDK package is updated to 1.6.0_95, which contains fixes for multiple security issues, including those documented in the Oracle Java SE Critical Patch Update Advisory for January 2015. The JDK update includes a fix for CVE-2014-6593.

REST API Changes

Below is a summary of changes to the REST APIs.  For more complete information on new classes and changes to existing classes, see the latest Javadoc or the Horizon DaaS Platform 15.3.2 REST API document.

Security 

  • CSRF tokens are now required for all POST, PUT, and DELETE methods.
  • SessionID cannot be used any longer to reconnect to an authenticated session. In these cases, the user is now required to log in again. This prevents a user with an expired token from invoking secure REST APIs.

Pools

  • The pool retrieval API now returns three different types of pools (Desktop, Session and Remote App) instead of Desktop only. This will cause issues for clients that expect that method to return only Desktop pools.
  • There is now a hierarchy of pool classes:
    • DtDesktopPool refers to static & dynamic desktop pools.
    • DtSessionPool refers to desktop–only RDSH pools. 
    • DtApplicationSessionPool refers to session pools containing remote applications.  
  • It is now possible to create session pools & application session pools using the API. All applications in a DtApplicationSessionPool are derived from the application catalog which is created when a gold pattern is sealed.  Additionally, session pool size is specified in terms of number of servers & server density.  
  • New methods have been added to facilitate retrieving and assigning users and groups to pools.
  • A new method has been added to assign a static desktop to a selected user from a static pool.

Tenant desktop managers

It is now possible to retrieve all desktop managers associated with a tenant.  Each desktop manager provides access to its list of assigned networks.

Virtual machines

It is now possible to retrieve virtual machines based on a given filter.  All properties that were missing have been added to the DtVirtualMachine class.

Patterns

It is now possible to retrieve patterns based on a given filter. Additionally, methods have been added to the DtPoolManager and DtGoldPattern classes to perform complete gold pattern management.

Feature Settings

Support has been added to retrieve the status of feature settings, including HTML Access (Blast) client selection, pool network mapping, and 3D soft graphics support.

Maintenance Notices

Support has been added to retrieve maintenance notices configured by the Service Provider.

Session statistics

Support has been added for retrieving desktop and application connection session statistics.

Quotas

Support has been added for retrieving all available quotas based on filtered criteria.

Tasks

Support has been added for retrieving tasks based on filtered criteria.

Terms of Service

Support has been added for retrieving the Terms of Service link set by the Service Provider.

Default domain

Support has been added for retrieving the default domain directly from DtPlatform.

User Event Reports

Support has been added for retrieving user event reports including VM names and pool names (which incurs performance overhead) and the related pool IDs.

Domains

It is now possible to search for users and groups in a given domain either from the tenant’s AD cache or directly from the domain itself.

Fixed Defects

The following defects have been fixed in this version:  

  • An error during a clone operation in vCenter could sometimes cause clone tasks to go into a loop and require a dtService restart before the clone task could be retried.  This has been remedied so that errors do not cause the clone operation to get stuck in a loop. (DT-5685)
  • On shared clusters, compute updates by users (for example, partition re-sizing) were being overwritten by the system. This has been remedied so that user changes are no longer lost. (DT-6710)
  • Some logs (slony, heartbeat, and postgres) had not been rotating in the most recent appliance template. This has been remedied so the logs are operating as expected. (DT-6790)
  • In Enterprise Center, users have not been able to create new session pools with RDP or PCoIP if the Blast protocol was not also enabled. This has been remedied and session pools can now be created as expected. (DT-7163)
  • Desktops have not been connecting to pools associated with gold patterns that have been deleted or moved, even though the current status of a gold pattern should not affect the availability of the pools based on it. This issue has been remedied so a pools remains available regardless of the status of the associated gold pattern. (DT-7251)
  • Tenant inventory attempts were hanging for several days when the resource manager did not respond due to an outage. This has been remedied so that the inventory times out after four hours, and then can be attempted again when the resource manager is available. (DT-7263)
  • Users have been unable to update or change their passwords when connecting via PCoIP using the Horizon (View) Client directly.  A continuous prompting of user credentials would appear when this occurred.  This is has been resolved.  User connecting to their desktops via the client will be able to change their passwords.  Users will not be able to change their password via the Desktop Portal and must launch the Horizon (View) Client natively to trigger password change functionality.  Blast connections do not support password change at this time. (DT-7321)
  • Tenant inventory had been taking an unexpectedly long time, sometimes as long as 20-30 minutes, affecting desktop availability for users. This issue has now been remedied and inventories are executing as expected. (DT-7356)
  • Virtual Storage Console (VSC) rapid cloning has sometimes failed with an InvalidLogin SOAP fault exception in the platform. This was happening because the platform was using inactive hypervisor manager (vCenter) resource credentials. This has been remedied by using active credentials from available resource credentials in VSC provisioning. (DT-7562)
  • When remote application or desktop session is reconnected, the session was still being shown as disconnected in the Enterprise Center. This has been remedied so that the correct status for the session appears. (DT-7940)
  • New Zealand time zone [(GMT+12:00) Auckland, Wellington] was not being shown as an option on the Pattern Management or Modify Gold Pattern and Reseal pages in Enterprise Center. This has been remedied so that the correct option now appears (in English only). (DT-8262)
  • Tenant inventory was sometimes being returned empty because the Resource Manager could not communicate with the Service Provider appliance. This was due to either network issues or the Service Provider being offline. This has been remedied so that the inventory runs as expected. (DT-8272)
  • There was an issue around configuring RSA where the sdconf.rec file did not properly replicate between Tenant Appliances. Customers wishing to use RSA had to log into each Tenant Appliance directly and upload the sdconf.rec to each one. This issue has been remedied, and the file now replicates properly. (DT-5931)
  • The DaaS Agent was reporting the incorrect IP to the tenant when Juniper VPN client was installed. This blocked the user from logging into a desktop until the Juniper VPN client was uninstalled.  This issue has been remedied, and users can now log in while Juniper VPN is installed. (DT-5932)
  • When a user connected to a dynamic pool, the user’s session may not have been reflected in the Enterprise Center for up to 5 minutes. This issue has been remedied, and the session now appears in Enterprise Center as expected. (DT-5947)
  • Users connected via PCoIP to Windows Server 2008 R2 desktops (non RDSH) in non-session based pools were receiving repeated logout prompts even when their sessions were active. This issue has remedied in the VMware DaaS Agent and the prompts no longer occur. (DT-6228) 
  • When a user created a compute pool and then added a compute resource to it, the pool was being shown multiple times in the Service Center user interface. This has been remedied so that a single compute pool no longer appears multiple times in Service Center. (DT-7052)
  • Active Directory (AD) searches were timing out in large AD configurations. The following updates were made to improve search speeds:
    • AD search in the Assignment workflow now first searches the AD cache.   If no results are found, then the system automatically initiates a full AD search and informs the user what is happening.
    • Admin now has the option of conducting a full AD search after getting the results from the cache.
    • Global User search now only searches the AD cache.

    (DT-8416)

  • Horizon Air user interface had been performing more slowly when accessed on the slave tenant node as opposed to the master tenant node.  This has been remedied so that there is now no difference in performance. (DT-8553)

Product Support Notices

Protocol Handling in Horizon Air Administration Console

When you set up VMs and applications in the new Horizon Air administration console, you do not need to select the protocols to make available to the end user. Users will automatically be using the best protocol based on the client they are using to access the service.  

Connection via native Microsoft RDP client will not be supported in the next major release as an option for end user access. Between now and the next release, all customers are required to modify their settings to end RDP use. For more information, see http://kb.vmware.com/kb/2110075

Session-Based Pool Changes

In the 15.3.2 release, there are some major changes in the structure and handling of session-based pools. If you have session-based pools and are planning to upgrade to version 15.3.2, see http://kb.vmware.com/kb/2110567

Pool Type Changes

The following changes are being made to pool support in the DaaS platform:

  • Support for VDI Remote Application pools has been removed.  Static and dynamic pools now only support full desktop functionality.
  • Support for shared purpose session-based pools has been removed.  RDS based pools now support Remote Applications or Session based Desktops, but not both. 
  • Support for multiple server size configurations has been removed.  Customers are now limited to one desktop model size for every RDS Server.  This configuration is on a Tenant by Tenant basis.  
  • Support for sharing RDS servers across pools has been removed.  All servers are now restricted to individual pools.

DaaS Agent 15.3.2 Requirement

Once the tenant appliances are upgraded to DaaS Platform 15.3.2, the DaaS Agent 15.3.2 is required in order to create new RDSH Remote Application Pools in the Horizon Air administration console.

Horizon View 6.1.1 Support

View Agent 6.1.1 is now supported and required to take advantage of features such as local drive redirection and HTML remote applications.

dtRAM Support

dtRAM access is no longer supported in Horizon Air 15.3.2. All users are required to upgrade to Access Point. See Integration With Access Point Gateway above for more information.

Known Issues and Workarounds

The following are known issues in this release.

Horizon Air Administration Console Issues

  • The Horizon Air administration console may not open in Microsoft Internet Explorer 11. The workaround for this is as follows.
    1. In Internet Explorer, select Tools > Compatibility View Settings.
    2. Uncheck Display intranet sites in Compatibility View

    (DT-6345)

  • When a user that is not part of a registered user group is added to an assignment in the Horizon Air administration console, the following limitations apply:
    • Such users cannot make an RDP connection unless they have been explicitly added to the Remote Desktop Users group on the target desktop(s). 
    • Mappings screen searches in Enterprise Center will not find users who are not part of any registered groups, whether or not they are assigned to any assignments or desktops.

    (DT-6471)

  • The following issues have occurred in the process of adding users to assignments:
    • After a user is removed from a pool, the user may still have a desktop assigned and is able to login to the pool. The assigned desktop has to be removed manually by the administrator. 
    • After a desktop is unassigned from the user, the user may still be shown in the assignment in the user interface. However, the user is not able to log into the assignment anymore. The administrator must either manually assign the user a new desktop or remove the user from the assignment. 
    • The following associations cannot be found using the search function: 
      • When a user is manually assigned to a desktop, the relationship between the user and the assignment cannot be discovered in a search. 
      • If a user is added to an assignment then logs into the assignment, the relationship between the user and the assignment cannot be found in a search.

     (DT-7432)

  • Attempting to access Horizon Air administration console using HTTP results in an error. The system requires that you use HTTPS when accessing the UI. (DT-7560)
  • When a user is unassigned from a desktop, the user may be unable to access that desktop again even though they are shown in the Horizon Air interface as being mapped to an assignment containing the desktop. The workaround is to remove the user from the assignment and then add the user to the assignment again. (DT-7765)
  • When attempting to delete an assignment with zero capacity, you may see an error message asking you to delete desktops or servers first. If you see this error, wait for approximately five minutes and then try the delete again. (DT-7915)
  • Attempting to increase the server count and add applications to a Remote Applications assignment with a current server count of 0 results in an error.  Even when this error message appears, the pool will normally still be altered without issue assuming no other complications. If you receive it check the system to see if your changes were made successfully. (DT-8159)
  • Users are not able to change the image in a Remote Applications assignment when servers have been assigned to it. When server capacity is set to 0, users can change the image as expected. (DT-8163)

Other Issues

  • If a desktop VM has been created with a Windows time that is earlier than the Not Before timestamp in the tenant appliance's certificate, the agent will fail to connect to the tenant appliance because the certificate is not valid. This causes the desktop VM system to not join the domain because the domain join is performed after the agent connects to the tenant appliance. The work-around is to update the time on the desktop VM to a time later than the certificate Not Before time. You can check the value of the Not Before time in the tenant appliance certificate is to run the following command on the tenant appliance:

    openssl x509 -in /usr/local/desktone/cert/appliance.crt -text | grep "Not Before"

    (DT-6069)

  • In Enterprise Center, when you register a domain with default localized German Admin and User groups, the users do not appear as expected. As a workaround, rename these groups using names that do not contain high ASCII characters. (DT-6378)
  • In Enterprise Center, it is possible to map a user to a single dynamic desktop, as opposed to the desktop pool. Avoid mapping users directly to a dynamic desktop. Rather map them to the pool of dynamic desktops. Otherwise you may lose EC/UP access to this desktop, as it will be treated as an unmanaged desktop. (DT-6768)
  • When multiple domains have been defined, the DaaS agent only configures groups in the domain that the VM has joined for View Agent Direct-Connection Users and the Remote Desktop Users group, instead of across all domains as expected. (DT-7842) 
  • When users log off from the HTML Access (Blast) client, they are also logged out of the Desktop Portal. (DT-8593)
  • Attempts to launch applications via HTML Access (Blast) fail with an error when the older version of the HTML Access client is still selected. To prevent this error, verify that the HTML Access for RDSH Remote Applications option is enabled and that the prerequisites have been met as described above under HTML Access (Blast) Support for RDSH Applications. (DT-8595)
  • Chrome OS and Linux users are unable to connect via PCoIP from the Desktop Portal. (DT-8787)
  • Floating assignments are being listed as dedicated desktop assignments in the Horizon Air Administration Console. (DT-9014)
  • Convert to Gold Pattern process may fail with timeout error for Windows operating systems. See VMware KB article for more information: http://kb.vmware.com/kb/2126179  (DT-9064)