Active Directory Integration

• OpenLDAP Pass-through Authentication supports integration with Active Directory for desktops running any Linux distribution supported by Horizon Agent.
  Note: For OpenLDAP Pass-through Authentication, you can perform the configuration in a template virtual machine. No additional steps are required in the cloned virtual machines.
• System Security Services Daemon (SSSD) Authentication supports offline domain join with Active Directory for instant-cloned desktops running the following Linux distributions.
  • Ubuntu 20.04/22.04
  • Debian 10.x/11.x/12.x
  • RHEL 7.9/8.x/9.x
  • Rocky Linux 8.x/9.x
  • CentOS 7.9
  • SLED/SLES 15.x
• PowerBroker Identity Services Open (PBISO) Authentication supports offline domain join with Active Directory for instant-cloned desktops running the following Linux distributions.
  • Ubuntu 20.04/22.04
  • RHEL 7.9
• Samba supports offline domain join with Active Directory for instant-cloned desktops running any Linux distribution supported by Horizon Agent. However, VMware recommends using SSSD Authentication for desktops running newer distributions and Samba only for desktops running older distributions, as described in the following note.
  Note:

  • VMware recommends using the SSSD Authentication method (instead of Samba) for desktops running the following Linux distributions.
    • Ubuntu 20.04/22.04
    • Debian 11.x/12.x
    • RHEL 8.x/9.x
    • Rocky Linux 8.x/9.x
    • SLED/SLES 15.x
  • VMware recommends using the Samba method for desktops running the following Linux distributions.
    • Debian 10.x
    • RHEL/CentOS 7.9

For more information, see the subtopics under Integrating Linux Desktops with Active Directory.

Application Pools

You can create single-session application pools that run on virtual Linux desktops. Each application in a single-session pool can support a single user session at a time.

You can create multi-session application pools based on manual or automated instant-clone farms of Linux host machines. Each application in a multi-session pool can support multiple user sessions at a time. For more information, see Creating Application Pools.

Audio-in and Audio-out

Linux desktops support audio input redirection from a client host as part of the Real-Time Audio-Video feature. See the entry for "Real-Time Audio-Video" in this article.

Audio input redirection is distinct from the USB redirection feature. You must select the system default audio in device "PulseAudio server (local)" in your application for the audio input.

Linux desktops support audio output redirection. This feature is enabled by default. To deactivate this feature, you must set the RemoteDisplay.allowAudio option to false. When accessed using Chrome and Firefox browsers, VMware Horizon HTML Access provides audio-out support for Linux desktops.

Automated Full-Clone Desktop Pool

You can create automated full-clone desktop pools of single-session Linux desktops. For more information, see Create and Manage Automated Full-Clone Desktop Pools.

Client Drive Redirection

When you enable the Client Drive Redirection (CDR) feature, your local system's shared folders and drives become available for you to access. Use the tsclient folder located in your home directory in the remote Linux desktop. To use this feature, you must install the CDR components.

Clipboard Redirection

With the clipboard redirection feature, you can copy and paste a rich text or a plain text between a client host and a remote Linux desktop. You can set the copy/paste direction and the maximum text size using Horizon Agent options. This feature is enabled by default. You can deactivate it during installation.

Desktop Environments

Horizon Agent for Linux supports multiple desktop environments on different Linux distributions. For more information, see the "Desktop Environment" section in System Requirements for Horizon Agent for Linux.

Desktop Pools

You can create single-session virtual desktops based on manual, automated full-clone, or automated instant-clone pools of Linux machines. Each virtual desktop can support a single user session at a time.

You can create multi-session published desktops based on manual or automated instant-clone farms of Linux host machines. Each published desktop can support multiple user sessions at a time. For more information, see Creating Published Desktop Pools.

Digital Watermark

You can create a unique digital watermark as a solution for authenticity, content integrity, and ownership protection of your intellectual property. A watermark shows traceable information that can deter people from potentially stealing your data.

The watermark can be displayed on the following Linux remote sessions:

• Multi-session applications and applications running on a desktop pool
• Virtual desktops and multi-session hosts
• Multiple monitors
• Primary session in a collaborative session

The watermark feature has the following limitations:

• Recorded sessions in Zoom or Webex applications do not include the watermark.
• Screen capture applications and the Print Screen key operated from within the remote desktop do not include the watermark. However, screen capture applications and the Print Screen key operated from the client system do include the watermark.
• If you use an old client version with the latest agent version, the watermark might not appear in the display.
• If you use the latest client version with an old agent version, the watermark does not appear in the display.
• A shadow session in a collaborative session cannot show the watermark.
• The watermark does not display when the Search, Activities, or Show Applications desktop features are in use.

You can configure the digital watermark using the following methods:

• Configuration options in the /etc/vmware/config file. See Edit Configuration Files on a Linux Desktop.
• Dynamic Environment Manager environment variables. See Set Up Digital Watermarks on a Linux Desktop With Environment Variables. The environment variable settings take priority over the settings in /etc/vmware/config.

Display Scaling

With the Display Scaling feature enabled, Linux remote desktops support the client display's scale factor. If the DPI (Dots Per Inch) setting on the remote desktop does not match the DPI setting on the client system, the remote session is displayed using a scale factor that matches the client system.

This feature is turned off by default. You can enable it by setting a configuration option as described in Edit Configuration Files on a Linux Desktop.

DPI Synchronization

The DPI Synchronization feature ensures that the DPI setting in a remote session changes to match the DPI setting of the client system when users connect to a Linux remote desktop or published application.

This feature is enabled by default. You can deactivate it by modifying a configuration option as described in Edit Configuration Files on a Linux Desktop.

FIPS 140-2 Mode

The Federal Information Processing Standard (FIPS) 140-2 mode, although not yet validated with the NIST Cryptographic Module Validation Program (CMVP), is available for Linux desktops running a RHEL 8.x distribution.

Horizon Agent for Linux implements cryptographic modules that meet FIPS 140-2 compliance. These modules were validated in operational environments listed in CMVP certificate #2839 and #2866, and were ported to this platform. However, the CAVP and CMVP testing requirement to include the new operational environments in VMware's NIST CAVP and CMVP certificates remains to be completed on the product roadmap.

For more information, see Configure a FIPS-compliant Linux Machine.

Help Desk Tool

Horizon Help Desk Tool is a Web application that you can use to troubleshoot Linux desktop sessions. You can use Horizon Help Desk Tool to get the status of user sessions and to perform troubleshooting and maintenance operations.

Horizon Recording

The VMware Horizon Recording feature allows administrators to record desktop and application sessions to monitor user behavior for Linux remote desktops and applications. For more information, see Using VMware Horizon Recording.

Horizon Smart Policies

You can use VMware Dynamic Environment Manager to create Smart Policies that control the behavior of the USB redirection, clipboard redirection, and client drive redirection features on specific remote Linux desktops. See Using Smart Policies.

Instant-clone Floating Desktop Pool

You can create instant-clone floating desktop pools of single-session Linux desktops.

For more information, see Creating and Managing Instant-Clone Desktop Pools.

IPv6 Support

You can run Linux desktops and applications in an IPv6 environment. For a list of the Horizon 8 features supported in an IPv6 environment, see "Installing VMware Horizon 8 in an IPv6 or Mixed IPv4/IPv6 Environment" in the Horizon 8 Installation and Upgrade document.

To enable IPv6 support on a Linux machine, you must install Horizon Agent with the --ipv6 optional parameter as described in Command-line Options for Installing Horizon Agent for Linux.

The Subnet6 option in the /etc/vmware/viewagent-custom.conf configuration file lets you specify the IPv6 subnet of the Linux machine.

Keyboard Layout and Locale Synchronization

This feature specifies whether to synchronize a client's system locale and current keyboard layout with the Linux desktops. With the setting enabled or not configured, synchronization is allowed. With the setting deactivated, synchronization is not allowed.

Linux desktops support this feature only with Horizon Client for Windows, Mac, and Linux, and only for the English, French, German, Japanese, Korean, Spanish, Simplified Chinese and Traditional Chinese locales.

Lossless PNG

Images and videos generated on a desktop display on the client device in a pixel-exact manner.

Manual Desktop Pool

When configuring a manual desktop pool of single-session Linux desktops, you can select from the following options for machine source:

• Managed Virtual Machine - Machine source of the vCenter virtual machine. Both new and upgrade deployments support managed virtual machines.

• Unmanaged Virtual Machine - Machine source of other sources. An unmanaged virtual machine is only supported when the upgrade is from an unmanaged virtual machine deployment.

Monitor Resolutions and Multiple Monitors

vGPU desktops support a maximum resolution of 3840x2160 on one, two, three, or four monitors configured in any arrangement.

2D desktops support the following maximum resolutions:

• 3840x2160 on a single monitor

• 2560x1600 on three monitors configured in any arrangement

• 2048x1536 on four monitors configured in any arrangement

• 2560x1600 on four monitors configured as follows:

  • Two monitors arranged on the bottom and two monitors arranged on the top

  • Four monitors stacked vertically on top of one another.

    The 2560x1600 resolution is not supported on four monitors arranged side by side.

Network Intelligence Support for VMware Blast

VMware Blast supports the Network Intelligence transport. This feature is enabled by default.

When User Datagram Protocol (UDP) is enabled, Blast establishes both Transmission Control Protocol (TCP) and UDP connections. Based on the current network conditions, Blast dynamically selects one of the transports for transmitting data to provide the best user experience. For example, in a local area network, TCP performs better than UDP, so Blast selects TCP to transport data. Similarly, in a wide area network (WAN), UDP performance is better than TCP and Blast selects the UDP transport in that environment.

If one of the inline components used does not support UDP, Blast establishes a TCP connection only. For example, if your connection is using the Blast Security Gateway component of the Horizon Connection Server, Blast only establishes a TCP connection. Even if both client and agent enabled UDP, the connection uses TCP because Blast Security Gateway does not support UDP. If users are connecting from outside the corporate network, the UDP component requires VMware Unified Access Gateway, which supports UDP.

To establish a UDP-based Blast connection, follow these guidelines:

• If the client connects to a Linux desktop directly, enable UDP in both the client and agent. UDP is enabled by default in both the client and agent.

• If the client connects to a Linux desktop using Unified Access Gateway, enable UDP in the client, agent, and Unified Access Gateway.

Real-Time Audio-Video

Real-Time Audio-Video allows users to run Skype, Webex, Google Hangouts, Microsoft Teams, and other online conferencing applications in their remote sessions. With Real-Time Audio-Video, webcam and audio devices that are connected locally to the client system are redirected to the remote sessions.

This feature redirects video and audio data with a significantly lower bandwidth than can be achieved by using USB redirection. To enable Real-Time Audio-Video, you must install both the audio-in and webcam redirection features. For more information, see Install Real-Time Audio-Video on a Linux Machine.

Session Collaboration

With the Session Collaboration feature, users can invite other users to join an existing remote Linux desktop session, or you can join a collaborative session when you receive an invitation from another user. For more information, see Configuring Session Collaboration on Linux Desktops.

Single Sign-on

You can configure Active Directory single sign-on (SSO) for Linux desktops.

Smart Card Redirection and Smart Card SSO

Smart card redirection enables users to authenticate into Linux desktops using a smart card reader connected to the local client system. This feature is not supported on desktops running CentOS.

This feature supports Personal Identity Verification (PIV) cards and Common Access Cards (CAC). For more information, see Set Up Smart Card Redirection for Linux Desktops.

The smart card single sign-on (SSO) feature allows users to launch desktop sessions without entering their smart card credentials.

Screen-capture Blocking

With the screen-capture blocking feature enabled, users cannot take screenshots of their virtual desktop or published application from their endpoint using a Windows or macOS device. This feature is deactivated by default.

You can configure screen-capture blocking using the following methods:

• Configuration options in the /etc/vmware/viewagent-custom.conf file. See Edit Configuration Files on a Linux Desktop.

• Dynamic Environment Manager environment variables. See Configure Screen-Capture Blocking Using Environment Variables. The environment variable settings take priority over the settings in /etc/vmware/viewagent-custom.conf.

True SSO Support

You can configure the True SSO feature on Linux desktops.

For more information, see Set Up True SSO for Linux Desktops.

USB Redirection

The USB Redirection feature gives you access to locally attached USB devices from remote Linux desktops. You must install the USB Redirection components and USB VHCI driver kernel module to use the USB feature. Ensure that you have sufficient privileges to use the USB device that you want to redirect.

Video Codecs

Horizon Agent for Linux supports the following video compression methods, or codecs, for Blast Extreme. The agent machine must have the required hardware and drivers to support the codec.

• H.264
• High Efficiency Video Coding (HEVC)
• AOMedia Video 1 (AV1)

H.264 and HEVC can improve the Blast Extreme performance for a remote desktop, especially under a low-bandwidth network. HEVC provides higher image quality than H.264 at the same bandwidth.

If the client system has both H.264 and HEVC turned off, Blast Extreme automatically falls back to JPEG/PNG encoding.

The H.264 and HEVC encoders include both hardware support and software encoder support. The hardware support has the following requirements.

• The vGPU is configured with an NVIDIA graphics card. For more details, see the video codec support matrix on https://developer.nvidia.com.

• The NVIDIA driver 384 series or later is installed in the NVIDIA graphics card.

When the system meets the preceding requirements, Horizon Agent for Linux uses the hardware encoder. Otherwise, the software encoder is used.

VMware Integrated Printing

VMware Integrated Printing supports client printer redirection for Linux remote desktops. With client printer redirection, users can print from a Linux remote desktop to any local or network printer available on their client computer. VMware Integrated Printing with client printer redirection is enabled by default when you install Horizon Agent. For more information, see Configure VMware Integrated Printing for Linux Desktops.

VMware Integrated Printing also supports the ability to include a watermark with printed jobs. For more information, see Add Watermarks With VMware Integrated Printing on Linux Desktops.

VMware Integrated Printing is only supported on Linux desktops running RHEL 7.9/8.x/9.x, Rocky Linux 8.x/9.x, Ubuntu 20.04/22.04, or Debian 10.x/11.x/12.x.

3Dconnexion Mouse

To begin using your 3Dconnexion mouse, you must install the appropriate device driver and pair the mouse using the Connect USB Device menu on your Linux desktop.

3D Graphics

Horizon Agent for Linux supports vGPU graphics capabilities on systems configured with certain NVIDIA graphics cards and running certain operating systems.

Limitations of Linux Desktops

Linux desktops have the following limitations:

• Location-based printing is not supported.
• The VMware HTML Access file transfer feature is not supported.
• Only the X11 display server protocol is supported. The Wayland protocol is not supported.

Additional limitations apply to multi-session published desktop pools and application pools. For more information, see Considerations for Linux Farms, Published Desktops, and Published Applications.