To install Horizon Agent for Linux, you must meet certain requirements for the Linux operating system, Linux virtual machine, VMware Horizon 8 system components, and VMware vSphere platform.
Supported Linux Distributions for Horizon Agent
The following table lists the Linux operating systems that have been tested and are supported for Horizon Agent.
| Linux Distribution | Architecture |
|---|---|
| Ubuntu 20.04 and 22.04 | x64 |
| Debian 10.13, 11.5, 11.6. and 11.7 | x64 |
| Red Hat Enterprise Linux (RHEL) Workstation 7.9, 8.6, 8.7, 8.8, 9.0, 9.1, and 9.2 | x64 |
| Red Hat Enterprise Linux (RHEL) Server 7.9, 8.6, 8.7, 8.8, 9.0, 9.1, and 9.2 | x64 |
| Rocky Linux 8.8 and 9.2 | x64 |
| CentOS 7.9 | x64 |
| SUSE Linux Enterprise Desktop (SLED) 15 SP3 and 15 SP4 | x64 |
| SUSE Linux Enterprise Server (SLES) 15 SP3 and 15 SP4 | x64 |
Note:
Horizon Agent has dependency packages on some Linux distributions. See
Install Dependency Packages for Horizon Agent for more information.
Some features are supported on a limited subset of Linux operating systems. For more information, see the section of this document that discusses the specific feature.
The install_viewagent.sh installation script provides a --force parameter that forces the installation of Horizon Agent on Linux distributions not listed in the test support matrix. See Command-line Options for Installing Horizon Agent for Linux.
Required Platform and Software Versions
To install and use Horizon Agent for Linux, your deployment must meet certain requirements for the vSphere platform, Horizon Connection Server, and Horizon Client software.
| Platform and Software | Supported Versions |
|---|---|
| vSphere platform version |
|
| VMware Horizon 8 environment |
|
| Horizon Client software |
|
Ports Used by Linux Desktops
To enable connection sessions, Linux desktops must support incoming TCP connections from Horizon Client devices, Unified Access Gateway, and Horizon Connection Server.
On Ubuntu and Debian distributions, the iptables firewall is configured by default with an input policy of ACCEPT.
On RHEL, Rocky Linux, and CentOS distributions, where possible, the Horizon Agent installer script configures the iptables firewall with an input policy of ACCEPT. To ensure support of incoming connections, verify that iptables has an input policy of ACCEPT for new connections through the Blast port, 22443.
When you enable Blast Secure Gateway (BSG), client connections are directed from a Horizon Client device through the BSG on the Horizon Connection Server to the Linux desktop. When you do not enable BSG, connections are made directly from the Horizon Client device to the Linux desktop.
For detailed information on the ports used by Horizon Agent on Linux desktops, see the Horizon Security document and the Network Ports in VMware Horizon guide.
Verify the Linux Account Used by Linux Virtual Machines
The following table lists the account name and account type used by Linux virtual machines.
| Account Name | Account Type | Used By |
|---|---|---|
| root | Linux OS built-in | Java Standalone Agent, mksvchanserver, shell scripts |
| vmwblast | Created by Linux Agent installer | VMwareBlastServer |
| <current login user> | Linux OS built-in or AD user or LDAP user | Python script |
Desktop Environment
Horizon Agent for Linux supports multiple desktop environments on different Linux distributions. The following table lists the default desktop environments for each Linux distribution and the other desktop environments supported by
Horizon Agent for Linux.
| Linux Distribution | Default Desktop Environment | Desktop Environments Supported by Horizon Agent for Linux |
|---|---|---|
| Ubuntu | Gnome | Gnome Ubuntu, K Desktop Environment (KDE), MATE |
| Debian | Gnome | Gnome, KDE, MATE |
| RHEL and Rocky Linux 8.x/9.x | Gnome | Gnome |
| RHEL 7.9 | Gnome | Gnome, KDE, MATE |
| CentOS 7.9 | Gnome | Gnome, KDE |
| SLED/SLES | Gnome | Gnome |
Note: When using RHEL/CentOS 7.x and Ubuntu distributions, SSO fails to unlock a locked KDE session. You must manually enter your password to unlock the locked session.
To change the default desktop environment used on one of the supported Linux distributions, you must use the following steps and commands appropriate for your Linux desktop.
- Install the supported Linux distribution's operating system with the default desktop environment setting.
- Run the appropriate commands described in the following table for your specific Linux distribution.
Table 5. Commands to Install Desktop Environments Linux Distribution New Default Desktop Environment Commands to Change the Default Desktop Environment RHEL/CentOS 7.9 KDE yum groupinstall "KDE Plasma Workspaces"
RHEL 7.9 MATE rpm -ivh https://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-7-14.noarch.rpm yum groupinstall -y "MATE Desktop"
Ubuntu KDE apt install plasma-desktop
Ubuntu MATE apt install ubuntu-mate-desktop
- To begin using the new default desktop environment, restart the desktop.
If you enabled SSO on a Linux desktop that has multiple desktop environments installed, use the following information to select the desktop environment to use in an SSO session.
- For Ubuntu and RHEL/CentOS 7.x, use the information in the following table to set the SSODesktopType option in the /etc/vmware/viewagent-custom.conf file to specify the desktop environment to use with SSO.
Table 6. SSODesktopType Option Desktop Type SSODesktopType Option Setting MATE SSODesktopType=UseMATE GnomeUbuntu SSODesktopType=UseGnomeUbuntu GnomeFlashback SSODesktopType=UseGnomeFlashback KDE SSODesktopType=UseKdePlasma GnomeClassic SSODesktopType=UseGnomeClassic - For RHEL and Rocky Linux 9.x/8.x, for the SSO login session to use Gnome Classic, remove all the desktop startup files, except for the Gnome Classic startup file, from the /usr/share/xsession directory. For example, run the following set of commands as the root user:
cd /usr/share/xsessions mkdir backup mv *.desktop backup mv backup/gnome-classic.desktop ./
After the initial setup, the end user must log out or reboot their Linux desktop to use Gnome Classic as the default desktop in their next SSO session.
If you deactivated SSO on a Linux desktop that has multiple desktop environments installed, you do not need to perform any of the previously described steps. The end users have to select their desired desktop environment when they log in to that Linux desktop.
Network Requirements
VMware Blast Extreme supports both User Datagram Protocol (UDP) and Transmission Control Protocol (TCP). Network conditions affect the performances of UDP and TCP. To receive the best user experience, select UDP or TCP based on the network condition.
- Select TCP if the network condition is good, such as in a local area network (LAN) environment.
- Select UDP if the network condition is poor, such as in a wide area network (WAN) environment with packet loss and time delay.
Use a network analyzer tool, such as Wireshark, to determine whether VMware Blast Extreme is using TCP or UDP. Use the following set of steps, which use Wireshark, as a reference example.
- Download and install Wireshark on your Linux VM.
For RHEL/CentOS and Rocky Linux:
sudo yum install wireshark
For Ubuntu:sudo apt install tshark
- Connect to the Linux desktop using VMware Horizon Client.
- Open a terminal window and run the following command, which displays the TCP package or UDP package used by VMware Blast Extreme.
sudo tshark -i any | grep 22443
USB Redirection and Client Drive Redirection (CDR) features are sensitive to network conditions. If the network condition is bad, such as a limited bandwidth with time delay and packet loss, the user experience becomes poor. In such condition, the end user might experience one of the following.
- Copying remote files can be slow. In this situation, transmit smaller sized files instead.
- USB device does not appear in the remote Linux desktop.
- USB data does not transfer completely. For example, if you copy a large file, you might get a file smaller in size than the original file.
VHCI Driver for USB Redirection
Note: To determine the correct installation sequence for the VHCI driver, use the following guidelines:
- If you intend to install Horizon Agent using the .tar.gz tarball installer, you must first download and unpack the tarball installer, then install the VHCI driver, and then install Horizon Agent with the installation parameter for the USB redirection feature.
- If you intend to install Horizon Agent using the .rpm RPM installer, you must first install Horizon Agent, then install the VHCI driver, and then add the USB redirection feature to the Horizon Agent configuration.
For more information, see Install Horizon Agent on a Linux Virtual Machine.
The USB redirection feature has a dependency on the USB Virtual Host Controller Interface (VHCI) kernel driver. To support USB 3.0 and the USB redirection feature, you must install the VHCI driver by performing the following steps:
- Download the USB VHCI source code from https://sourceforge.net/projects/usb-vhci/files/linux%20kernel%20module/.
- Identify the full path to the VHCI patch file, depending on the Horizon Agent installer format. For guidelines, see the following examples.
- (Tarball installer) If you download and unpack the tarball installer VMware-horizonagent-linux-x86_64-YYMM-y.y.y-xxxxxxx.tar.gz under the /install_tmp/ directory, the full-path_to_patch-file is /install_tmp/VMware-horizonagent-linux-x86_64-YYMM-y.y.y-xxxxxxx/resources/vhci/patch/vhci.patch.
- (RPM installer) If you download the RPM installer VMware-horizonagent-linux-YYMM-y.y.y-xxxxxxx.el8.x86_64.rpm and use it to install Horizon Agent, the full-path_to_patch-file is /usr/lib/vmware/viewagent/resources/vhci/patch/vhci.patch.
- To compile the VHCI driver source code and install the resulting binary on your Linux system, use the commands listed in the following table. Replace full-path_to_patch-file in the commands with the file path that you identified in the previous step.
For example, if the file path is /install_tmp/VMware-horizonagent-linux-x86_64-YYMM-y.y.y-xxxxxxx/resources/vhci/patch/vhci.patch, the patch command becomes:
patch -p1 < /install_tmp/VMware-horizonagent-linux-x86_64-YYMM-y.y.y-xxxxxxxi/resources/vhci/patch/vhci.patch
| Linux Distribution | Steps to Compile and Install USB VHCI Driver |
|---|---|
| Ubuntu |
|
| Debian |
|
| RHEL/CentOS 7.x RHEL 8.x/9.x Rocky Linux 8.x/9.x |
|
| SLED/SLES |
|
In addition, follow these guidelines:
- If your Linux kernel changes to a new version, you must recompile and reinstall the VHCI driver, but you do not need to reinstall Horizon Agent for Linux.
- You can also add Dynamic Kernel Module Support (DKMS) to the VHCI driver using steps similar to the following example for an Ubuntu system.
- Install the kernel headers.
sudo apt install linux-headers-`uname -r`
- Install dkms using the following command.
sudo apt install dkms
- Extract and patch the VHCI TAR file.
tar xzvf vhci-hcd-1.15.tar.gz cd vhci-hcd-1.15 patch -p1 <full-path_to_patch-file> cd .. - Copy the extracted VHCI source files to the /usr/src directory.
sudo cp -r vhci-hcd-1.15 /usr/src/usb-vhci-hcd-1.15
- Create a file named dkms.conf and place it in the /usr/src/usb-vhci-hcd-1.15 directory.
sudo touch /usr/src/usb-vhci-hcd-1.15/dkms.conf
- Add the following contents to the dkms.conf file.
PACKAGE_NAME="usb-vhci-hcd" PACKAGE_VERSION=1.15 MAKE_CMD_TMPL="make KVERSION=$kernelver" CLEAN="$MAKE_CMD_TMPL clean" BUILT_MODULE_NAME[0]="usb-vhci-iocifc" DEST_MODULE_LOCATION[0]="/kernel/drivers/usb/host" MAKE[0]="$MAKE_CMD_TMPL" BUILT_MODULE_NAME[1]="usb-vhci-hcd" DEST_MODULE_LOCATION[1]="/kernel/drivers/usb/host" MAKE[1]="$MAKE_CMD_TMPL" AUTOINSTALL="YES"
- Add this VHCI driver in dkms.
sudo dkms add usb-vhci-hcd/1.15
- Build the VHCI driver.
sudo dkms build usb-vhci-hcd/1.15
- Install the VHCI driver.
sudo dkms install usb-vhci-hcd/1.15
- Install the kernel headers.
