VMware Horizon Best Practices

Overview

There are a few things that should be configured to ensure the best possible user experience when it comes to a Virtual Desktop Infrastructure (VDI). After all, if the users cannot use it or are logging endless incidents, then we have failed our customer.

Compatible Windows Servers

ref: https://kb.vmware.com/s/article/78652

As of this post’s date, the current versions of Windows Servers to VMware Horizon Components are as follows:

VMware Horizon Connection Server

Includes Standard, Replica, and Enrollment servers.

Operating System	Edition	VMware Horizon Version
Windows Server 2016	Standard / Datacenter	> Horizon 8 (2006)
Windows Server 2019	Standard / Datacenter	> Horizon 8 (2006)
Windows Server 2022	Standard / Datacenter	> Horizon 8 (2111)

---

Microsoft SQL Servers

ref: https://interopmatrix.vmware.com/Solution

Database	Edition	VMware Horizon Version
Microsoft SQL Server 2016 (64-bit)	Standard / Enterprise	> Horizon 8 (2006)
Microsoft SQL Server 2019	Standard / Enterprise	> Horizon 8 (2006)
Microsoft SQL Server 2022	Standard / Enterprise	> Horizon 8 (2303)

---

VMware App Volumes

ref: https://interopmatrix.vmware.com/Solution

Database	Edition	VMware App Volumes
Microsoft SQL Server 2016 (64-bit)	Standard / Enterprise	> App Volumes (4.0.1)
Microsoft SQL Server 2017	Standard / Enterprise	> App Volumes (4.0.1)
Microsoft SQL Server 2019	Standard / Enterprise	> App Volumes (2103.8)
Microsoft SQL Server 2022	Standard / Enterprise	Not Supported

---

Recommendations

VMware Horizon Connection Server

• VMware Horizon Connection Servers are same version
• Collect and log events to a database server
• Collect and log events to a Syslog server
• Horizon services are running
• Anti-affinity rules are configured to separate Connection Servers
• Configure 3rd party or Enterprise TLS certificates for web interface
• Configure TLS certificates for authentication (CAC/PIV/Smart card)
• Up to 2000 endpoints should have at least two connection servers with a load balancer
• Hardware requirements should be at least
  • vCPU: 4 / 2 (two sockets) or 4 / 4 (one socket) — never exceed physically installed package count
  • vRAM: 16 GB
  • vNIC: 10 Gbps (VMXNET 3 adapter)
  • System disk: > 40 GB
  • SCSI controller: VMware Paravirtual (pvscsi)
  • Video card: 256 MB
• Up-to-date VMware Tools
• Use separate roles and accounts
  • Roles for Horizon Admins and Horizon Users
  • Account for connecting to Active Directory (Instant Clones)
  • Account for connecting to VMware vSphere

---

Desktop Golden Image

• Added to domain
• Windows Updates are up-to-date
• Installed Antivirus has appropriate exceptions (no full scans and virtualization aware)
• No domain accounts logged in; no cached profiles
• TLS certificates are installed (3rd party or Enterprise roots) if not added by GPO
• Up-to-date VMware Tools
• VMware Horizon Agent version matches VMware Horizon Connection Server
• Hardware requirements should be at least (Golden Image without a vGPU)
  • vCPU: 4 / 2 (two sockets) or 4 / 4 (one socket) — never exceed physically installed package count
  • vRAM: up to 16 GB (unless a specific reason to increase necessitates)
  • vNIC: 10 Gbps (VMXNET 3 adapter)
  • System disk: 40 GB
  • SCSI controller: VMware Paravirtual (pvscsi)
  • Video card: 256 MB
  • Remove unnecessary hardware: CD/DVD, SATA Controller, USB Controllers, etc.
• Computer object is located in a separate Active Directory Organizational Unit (OU)
• Run an up-to-date VMware Operating System Optimization Tool (OSOT) Be sure the following Common Options are set:
  • Keep all Windows App
  • Leave Cortana Search (for indexing)
  • Toggle the vGPU checkbox, accordingly
  • Disable Windows Update
• KMS licensing server is accessible
• Hibernation policy is disabled
• System Restore is disabled
• DHCP pool has available leases and slightly longer than pool refresh frequency
• No more than three (3) snapshots in the chain
• Do not use the Synchronize guest time with host setting for Windows clients (they use the domain controller to keep time)

---