The following list summarizes the key features supported on Linux desktops in a Horizon 8 environment.

Supported Features

Note:

Where applicable, the following entries identify the subset of Linux distributions that support a given feature. For the complete list of Linux distributions supported for Horizon Agent, see System Requirements for Horizon Agent for Linux.

Active Directory Integration
  • OpenLDAP Pass-through Authentication supports integration with Active Directory for desktops running any Linux distribution supported by Horizon Agent.
    Note: For OpenLDAP Pass-through Authentication, you can perform the configuration in a template virtual machine. No additional steps are required in the cloned virtual machines.
  • System Security Services Daemon (SSSD) Authentication supports offline domain join with Active Directory for instant-cloned desktops running the following Linux distributions.
    • Ubuntu 18.04/20.04/22.04
    • RHEL 7.x/8.x
    • CentOS 7.x
    • SLED/SLES 12.x/15.x
  • PowerBroker Identity Services Open (PBISO) Authentication supports offline domain join with Active Directory for instant-cloned desktops running the following Linux distributions.
    • Ubuntu 18.04/20.04/22.04
    • RHEL 7.x
  • Samba supports offline domain join with Active Directory for instant-cloned desktops running any Linux distribution supported by Horizon Agent. However, VMware recommends using SSSD Authentication for desktops running newer distributions and Samba only for desktops running older distributions, as described in the following note.
    Note:
    • VMware recommends using the SSSD Authentication method (instead of Samba) for desktops running the following Linux distributions.
      • Ubuntu 20.04/22.04
      • RHEL 8.x
      • SLED/SLES 15.x
    • VMware recommends using the Samba method for desktops running the following Linux distributions.
      • Ubuntu 18.04
      • RHEL/CentOS 7.x
      • SLED/SLES 12.x

For more information, see the subtopics under Integrating Linux Desktops with Active Directory.

Application Pools

You can create single-session application pools that run on virtual Linux desktops. Each application in a single-session pool can support a single user session at a time. For more information, see Setting Up Single-Session Linux Desktop and Application Pools.

You can create multi-session application pools based on manual or automated instant-clone farms of Linux host machines. Each application in a multi-session pool can support multiple user sessions at a time. For more information, see Create a Multi-Session Linux Application Pool Manually and Create a Multi-Session Linux Application Pool from a List of Installed Applications.

Audio-in

Linux desktops support audio input redirection from a client host as part of the Real-Time Audio-Video feature. See the entry for "Real-Time Audio-Video" in this article.

Audio input redirection is distinct from the USB redirection feature. You must select the system default audio in device "PulseAudio server (local)" in your application for the audio input.

Audio-out

Linux desktops support audio output redirection. This feature is enabled by default. To deactivate this feature, you must set the RemoteDisplay.allowAudio option to false. When accessed using Chrome and Firefox browsers, VMware Horizon HTML Access provides audio-out support for Linux desktops.

Automated Full-Clone Desktop Pool

You can create automated full-clone desktop pools of single-session Linux desktops.

Client Drive Redirection

When you enable the Client Drive Redirection (CDR) feature, your local system's shared folders and drives become available for you to access. Use the tsclient folder located in your home directory in the remote Linux desktop. To use this feature, you must install the CDR components.

Clipboard Redirection

With the clipboard redirection feature, you can copy and paste a rich text or a plain text between a client host and a remote Linux desktop. You can set the copy/paste direction and the maximum text size using Horizon Agent options. This feature is enabled by default. You can deactivate it during installation.

Desktop Environments

Horizon Agent for Linux supports multiple desktop environments on different Linux distributions. For more information, see the "Desktop Environment" section in System Requirements for Horizon Agent for Linux.

Desktop Pools

You can create single-session virtual desktops based on manual, automated full-clone, or automated instant-clone pools of Linux machines. Each virtual desktop can support a single user session at a time. For more information, see Setting Up Single-Session Linux Desktop and Application Pools.

You can create multi-session published desktops based on manual or automated instant-clone farms of Linux host machines. Each published desktop can support multiple user sessions at a time. For more information, see Setting Up Multi-Session Linux Desktop and Application Pools.

Digital Watermark

You can create a unique digital watermark as a solution for authenticity, content integrity, and ownership protection of your intellectual property. A watermark shows traceable information that can deter people from potentially stealing your data.

The watermark can be displayed on the following Linux remote sessions:

  • Multi-session applications and applications running on a desktop pool
  • Virtual desktops and multi-session hosts
  • Multiple monitors
  • Primary session in a collaborative session

The watermark feature has the following limitations:

  • Recorded sessions in Zoom or Webex applications do not include the watermark.
  • Screen capture applications and the Print Screen key operated from within the remote desktop do not include the watermark. However, screen capture applications and the Print Screen key operated from the client system do include the watermark.
  • If you use an old client version with the latest agent version, the watermark might not appear in the display.
  • If you use the latest client version with an old agent version, the watermark does not appear in the display.
  • A shadow session in a collaborative session cannot show the watermark.
  • The watermark does not display when the Search, Activities, or Show Applications desktop features are in use.

You can configure the digital watermark using the following methods:

Display Scaling

With the Display Scaling feature enabled, Linux remote desktops support the client display's scale factor. If the DPI (Dots Per Inch) setting on the remote desktop does not match the DPI setting on the client system, the remote session is displayed using a scale factor that matches the client system.

This feature is turned off by default. You can enable it by setting a configuration option as described in Setting Options in Configuration Files on a Linux Desktop.

DPI Synchronization

The DPI Synchronization feature ensures that the DPI setting in a remote session changes to match the DPI setting of the client system when users connect to a Linux remote desktop or published application.

This feature is enabled by default. You can deactivate it by modifying a configuration option as described in Setting Options in Configuration Files on a Linux Desktop.

FIPS 140-2 Mode

The Federal Information Processing Standard (FIPS) 140-2 mode, although not yet validated with the NIST Cryptographic Module Validation Program (CMVP), is available for Linux desktops running a RHEL distribution.

Horizon Agent for Linux implements cryptographic modules that meet FIPS 140-2 compliance. These modules were validated in operational environments listed in CMVP certificate #2839 and #2866, and were ported to this platform. However, the CAVP and CMVP testing requirement to include the new operational environments in VMware's NIST CAVP and CMVP certificates remains to be completed on the product roadmap.

Note:

To support FIPS 140-2 mode, you must use Transport Layer Security (TLS) protocol version 1.2.

For more information, see Command-line Options for Installing Horizon Agent for Linux.

Help Desk Tool

Horizon Help Desk Tool is a Web application that you can use to troubleshoot Linux desktop sessions. You can use Horizon Help Desk Tool to get the status of user sessions and to perform troubleshooting and maintenance operations. See Using Horizon Help Desk Tool in Horizon Console.

Horizon Smart Policies

You can use VMware Dynamic Environment Manager to create Smart Policies that control the behavior of the USB redirection, clipboard redirection, and client drive redirection features on specific remote Linux desktops. See Using Smart Policies.

H.264 Encoder and High Efficiency Video Coding (HEVC)

H.264 and HEVC can improve the Blast Extreme performance for a remote desktop, especially under a low-bandwidth network. HEVC provides higher image quality than H.264 at the same bandwidth.

If the client system has both H.264 and HEVC turned off, Blast Extreme automatically falls back to JPEG/PNG encoding.

The H.264 and HEVC encoders include both hardware support and software encoder support. The hardware support has the following requirements.

  • The vGPU is configured with an NVIDIA graphics card. For more details, see the video codec support matrix on https://developer.nvidia.com.

  • The NVIDIA driver 384 series or later is installed in the NVIDIA graphics card.

When the system meets the preceding requirements, Horizon Agent for Linux uses the hardware encoder. Otherwise, the software encoder is used.

Instant-clone Floating Desktop Pool

You can create instant-clone floating desktop pools of single-session Linux desktops.

For more information, see Create an Instant-Clone Floating Desktop Pool for Linux.

Keyboard Layout and Locale Synchronization

This feature specifies whether to synchronize a client's system locale and current keyboard layout with the Linux desktops. With the setting enabled or not configured, synchronization is allowed. With the setting deactivated, synchronization is not allowed.

Linux desktops support this feature only with Horizon Client for Windows, Mac, and Linux, and only for the English, French, German, Japanese, Korean, Spanish, Simplified Chinese and Traditional Chinese locales.

Lossless PNG

Images and videos generated on a desktop display on the client device in a pixel-exact manner.

Manual Desktop Pool

When configuring a manual desktop pool of single-session Linux desktops, you can select from the following options for machine source:

  • Managed Virtual Machine - Machine source of the vCenter virtual machine. Both new and upgrade deployments support managed virtual machines.

  • Unmanaged Virtual Machine - Machine source of other sources. An unmanaged virtual machine is only supported when the upgrade is from an unmanaged virtual machine deployment.

Note:

To ensure the best possible performance, do not use an unmanaged virtual machine.

Monitor Resolutions and Multiple Monitors

vGPU desktop supports a maximum resolution of 3840x2160 on one, two, three, or four monitors configured in any arrangement.

2D desktop on VMware vSphere® 6.0 or later supports the following maximum resolutions:

  • 3840x2160 on a single monitor

  • 2560x1600 on three monitors configured in any arrangement

  • 2048x1536 on four monitors configured in any arrangement

  • 2560x1600 on four monitors configured as follows:

    • Two monitors arranged on the bottom and two monitors arranged on the top

    • Four monitors stacked vertically on top of one another.

      The 2560x1600 resolution is not supported on four monitors arranged side by side.

Network Intelligence Support for VMware Blast

VMware Blast supports the Network Intelligence transport. This feature is enabled by default.

When User Datagram Protocol (UDP) is enabled, Blast establishes both Transmission Control Protocol (TCP) and UDP connections. Based on the current network conditions, Blast dynamically selects one of the transports for transmitting data to provide the best user experience. For example, in a local area network, TCP performs better than UDP, and so Blast selects TCP to transport data. Similarly, in a wide area network (WAN), UDP performance is better than TCP and Blast selects the UDP transport in that environment.

If one of the inline components used does not support UDP, Blast establishes a TCP connection only. For example, if your connection is using the Blast Security Gateway component of the Horizon Connection Server, Blast only establishes a TCP connection. Even if both client and agent enabled UDP, the connection uses TCP because Blast Security Gateway does not support UDP. If users are connecting from outside the corporate network, the UDP component requires VMware Unified Access Gateway, which supports UDP.

To establish a UDP-based Blast connection, follow these guidelines:

  • If the client connects to a Linux desktop directly, enable UDP in both the client and agent. UDP is enabled by default in both the client and agent.

  • If the client connects to a Linux desktop using Unified Access Gateway, enable UDP in the client, agent, and Unified Access Gateway.

Real-Time Audio-Video

Real-Time Audio-Video allows users to run Skype, Webex, Google Hangouts, Microsoft Teams, and other online conferencing applications in their remote sessions. With Real-Time Audio-Video, webcam and audio devices that are connected locally to the client system are redirected to the remote sessions.

This feature redirects video and audio data with a significantly lower bandwidth than can be achieved by using USB redirection. To enable Real-Time Audio-Video, you must install both the audio-in and webcam redirection features. For more information, see Install the Real-Time Audio-Video Feature.

Session Collaboration

With the Session Collaboration feature, users can invite other users to join an existing remote Linux desktop session, or you can join a collaborative session when you receive an invitation from another user. For more information, see Configuring Session Collaboration on Linux Desktops.

Single Sign-on

You can configure Active Directory single sign-on (SSO) for Linux desktops.

Smart Card Redirection

Smart card redirection enables users to authenticate into Linux desktops using a smart card reader connected to the local client system. This feature is not supported on desktops running CentOS.

This feature supports Personal Identity Verification (PIV) cards and Common Access Cards (CAC). For more information, see Setting Up Smart Card Redirection.

Screen-capture Blocking

With the screen-capture blocking feature enabled, users cannot take screenshots of their virtual desktop or published application from their endpoint using a Windows or macOS device. This feature is deactivated by default.

You can configure screen-capture blocking using the following methods:

True SSO Support

You can configure the True SSO feature on Linux desktops.

For more information, see Setting Up True SSO for Linux Desktops.

USB Redirection

The USB Redirection feature gives you access to locally attached USB devices from remote Linux desktops. You must install the USB Redirection components and USB VHCI driver kernel module to use the USB feature. Ensure that you have sufficient privileges to use the USB device that you want to redirect.

VMware Integrated Printing

VMware Integrated Printing supports client printer redirection for Linux remote desktops. With client printer redirection, users can print from a Linux remote desktop to any local or network printer available on their client computer. VMware Integrated Printing with client printer redirection is enabled by default when you install Horizon Agent. For more information, see Configure VMware Integrated Printing for Linux Desktops.

VMware Integrated Printing is only supported on Linux desktops running RHEL 7.9, RHEL 8.3 or later, or Ubuntu 20.04/22.04.

3Dconnexion Mouse

To begin using your 3Dconnexion mouse, you must install the appropriate device driver and pair the mouse using the Connect USB Device menu on your Linux desktop.

3D Graphics

Horizon Agent for Linux supports vGPU graphics capabilities on systems configured with certain NVIDIA graphics cards and running certain operating systems.

Note: For information about the NVIDIA graphics cards and Linux distributions that support vGPU capabilities, see https://docs.nvidia.com/grid/latest/product-support-matrix/index.html.

Limitations of Linux Desktops

Linux desktops have the following limitations:

  • Location-based printing is not supported.

  • The VMware HTML Access file transfer feature is not supported.

  • Only the X11 display server protocol is supported. The Wayland protocol is not supported.

Additional limitations apply to multi-session published desktop pools and application pools. For more information, see Considerations for Linux Farms, Published Desktops, and Published Applications.