Release date: April 15th 2020
Welcome to my VMware Horizon series. In this session I will describe how I set up Ubuntu 22.04 Desktop in Horizon. The template I create in this session will be used with a Instant-Clone desktop pool. This means that all user data created during the session will be gone once the user logs out, which is fine for this set up.
I like the idea about an operating system that isn’t linked to one company, but rather is made as best possible by many great minds. VMware has a great guide about setting up Linux as a Horizon desktop, but I find it lacking in some areas. This is probably due to the fact that there are different ways of using the Linux-specific technology to achieve the same goals. VMware’s official documentation about setting up Linux in VMware Horizon is here:
Linux Desktops and Applications in Horizon 8
I was careful to check out the system requirements before starting this session, and I’ll be using Ubuntu 22.04 in my set up, which I have verified is supported. Lastly, I will be using the Horizon Agent for Linux v. 2303 as this is current build running in my lab. To complete this session, I have identified the following tasks that have to be completed.
- Deploy Virtual Machine
- Configure Virtual Machine
- Install Operating System
- Configure Operating System
- Integrate Linux with MS Active Directory
- Install and configure VMware Horizon Agent
- Create Desktop Pool
- Testing
Deploy Virtual Machine
Deploy Virtual Machine
Before I start to create the virtual machine I review the Prerequisites outlined by VMware here: Create a Virtual Machine and Install Linux
Prerequisites
- Verify that your deployment meets the requirements for supporting Linux desktops. See System Requirements for Horizon Agent for Linux.
- Familiarize yourself with the video memory (vRAM) settings requirements for the monitors you plan to use with the VM. See System Requirements for Horizon Agent for Linux.
- Familiarize yourself with the custom configuration parameters for VMs. See Virtual Machine Custom Configuration Parameters.
- Verify that an ISO image file of the guest Linux distribution is in a datastore on your ESXi server.Note:When selecting a guest Linux distribution, consider the following limitations for instant-clone desktop pools and multi-session hosts.Horizon Agent for Linux only supports instant-clone desktop pools created from virtual machines running the following operating systems:
Only virtual machines running RHEL Workstation 7.9/8.x/9.x, Ubuntu 20.04/22.04, or Debian 10.x/11.x can support multi-session published desktop pools and single-session or multi-session application pools.
- Ubuntu 20.04/22.04
- Debian 10.x/11.x
- RHEL 7.9/8.x/9.x
- CentOS 7.9
- SLED/SLES 15.x
Login to vSphere, select the cluster and choose “New Virtual Machine”, Next…
I give the Virtual machine a name, and select the location where the VM should to be placed, Next…
I select a compute resources where the VM will be placed, Next…
Select the Storage on where the VM will be placed, Next…
Select the compatibility. I have chosen to use the “ESXi 8.0 and later”, Next…
I select Linux as Guest OS Family and Ubuntu Linux (64-bit) as OS Version, Next…
I customize the hardware, click VM Options…
Under the second tab, VM Options, I select Boot Options, set BIOS as firmware and enable Force BIOS setup. With this option enabled, I go straight into the BIOS of the VM after powering it on.
Check the installation summary and click Finish…
Configure Virtual Machine
Configure Virtual Machine
When the VM is created, I first boot into BIOS and make the following modifications.
I launch the VMware Web or Remote Console. In BIOS, I disable all features that are unnecessary. In the Main-tab, all Diskette stations are disabled, which is OK. Next, I open the Advanced–tab.
Within the advanced section, I select I/O Device Configuration. I don’t need any of the I/O Devices, so I disable them all. Press ESC to return to the BIOS main screen. Select Boot-Tab
I change the boot-order as follows. When done, I press ESC and F10. Save and exit
With the BIOS modifications done, I power off the VM, attach my Ubuntu-ISO, change Firmware to EFI and power on the virtual machine
Install Operating System
Install Operating System
It is now time to install the Operating System. The ISO with the software is already attached to the VM and connected. When the installation screen from Ubuntu shows up, I click Install Ubuntu…
The first thing I do is to select the language to be used during installation, Continue…
I will be doing a normal installation and I will download updates while installing Ubuntu, Continue…
I select “Erase Disk and install Ubuntu“, Install Now and Continue…
I select my location, Continue…
Next, I provide my credentials and computername-fqdn, Continue…
The operating system is now installed with the settings I provided above
I click Restart Now once the installation is done
As I mentioned to begin with, I’m no Linux expert. Therefore I prefer to take some snapshots during the setup of Linux, which gives me the opportunity to roll back if I run into problems further into the set up. I will document at what point I take the snapshots below. All snapshots are taken with the VM powered off.
SNAPSHOT: Base-installation complete
I
Configure Operating System
Configure Operating System
Before I continue, I familiarize myself with VMware’s documentation, Prepare a Linux Machine for Remote Desktop Deployment, and do the configuration of the operating system.
You must perform certain tasks to prepare a Linux machine for use as a desktop in a VMware Horizon 8 deployment.
To prepare a Linux machine, you must enable communication between the machine and the Horizon Connection Server. You must configure networking on the Linux machine so that the Linux machine can ping the Connection Server instance using its FQDN (fully qualified domain name).
Prerequisites
- Verify that you have created a new virtual machine (VM) in vCenter Server and installed your guest Linux distribution on the machine. See Create a Virtual Machine and Install Linux.
- Configure an Active Directory domain controller for your remote desktops. For more information, see the Horizon 8 Installation and Upgrade document on the VMware Horizon Documentation portal.
- To make sure that desktop users are added to the local Remote Desktop Users group of the virtual machine, create a restricted Remote Desktop Users group in Active Directory. For more information, see the Horizon 8 Installation and Upgrade document on the VMware Horizon Documentation portal.
- If you plan to configure 3D graphics rendering for desktop pools, familiarize yourself with the Enable 3D Support setting for virtual machines. On ESXi hosts, you can select options that determine how the 3D renderer is managed on the ESXi host. For details, see the vSphere Virtual Machine Administration document on the VMware vSphere Documentation portal.
- Familiarize yourself with the steps for configuring your Linux machine to be resolvable through DNS. These steps vary for the different Linux distributions and releases. For instructions, consult the documentation for your Linux distribution and release.
If you are preparing the Linux machine for deployment as an automated full-clone or instant-clone desktop pool or for inclusion in an automated instant-clone farm, you must also do the following:
- Verify that the virtual switch that the instant-clone VMs connect to has enough ports to support the expected number of VMs. Each network card on a VM requires one port.
- To support instant-clone desktop pools or farms, verify that you have added an instant-clone domain administrator in Horizon Console.
The first thing I do is to install OpenSSH by running the command below:
$ sudo apt install openssh-serverNext, I install Mate as the Desktop Environment for my template, by running the command below:
$ sudo apt install ubuntu-mate-desktopWhen prompted to configure lightdm, I select gdm3
I verify that the Linux machine’s host name is mapped to 127.0.0.1 in the /etc/hosts file
Next, I check if there are any updates that I will need to install before I continue, I restart as needed. After update is complete, disable Automatic Updates
I will also remove the Ubuntu Getting Started Dialogue box for all my users, by running the following command:
$ sudo apt remove --autoremove gnome-initial-setupSNAPSHOT: Ubuntu-configuration complete
Integrate Linux with MS Active Directory
Integrate Linux with MS Active Directory
Before I continue with AD integration, I check VMware’s documentation regarding this, Integrating Linux Desktops with Active Directory, and select SSSD Authentication as the easiest route to success.
Note:For ease of deployment, if available for your Linux distribution, use System Security Services Daemon (SSSD) Authentication.
I follow Ubuntu’s instruction for setting up SSSD here: SSSD and Active Directory
I start by installing the necessary packages:
$ sudo apt install sssd-ad sssd-tools realmd adcliBefore I proceed, I verify that my domain is discoverable via DNS
$ sudo realm -v discover ad.admin.frelab.net
* Resolving: _ldap._tcp.ad.admin.frelab.net
* Performing LDAP DSE lookup on: 172.16.0.20
* Performing LDAP DSE lookup on: 172.16.0.18
* Successfully discovered: ad.admin.frelab.net
ad.admin.frelab.net
type: kerberos
realm-name: AD.ADMIN.FRELAB.NET
domain-name: ad.admin.frelab.net
configured: no
server-software: active-directory
client-software: sssd
required-package: sssd-tools
required-package: sssd
required-package: libnss-sss
required-package: libpam-sss
required-package: adcli
required-package: samba-common-bin
Having successfully discovered the domain via DNS, I join my machine to the domain by running the following command:
$ sudo realm join ad.admin.frelab.net
Password for Administrator:
Finally, I verify that the /etc/sssd/sssd.conf file has been configured correctly, using the following command:
$ nano /etc/sssd/sssd.conf
# Content of my /etc/sssd/sssd.conf file
[sssd]
domains = ad.admin.frelab.net
config_file_version = 2
services = nss, pam
[domain/ad.admin.frelab.net]
default_shell = /bin/bash
krb5_store_password_if_offline = True
cache_credentials = True
krb5_realm = AD.ADMIN.FRELAB.NET
realmd_tags = manages-system joined-with-adcli
id_provider = ad
fallback_homedir = /home/%u@%d
ad_domain = ad.admin.frelab.net
use_fully_qualified_names = True
ldap_id_mapping = True
access_provider = adNow that I have joined the domain I configure automatic home directory creation by running the following command:
$ sudo pam-auth-update --enable mkhomedirI want my users to have sudo permissions, so I give them this by adding the AD User group Horizon-Users to sudoers by editing the /etc/sudoers file:
$ visudo
# Edit the section below
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
%Horizon-Users ALL=(ALL:ALL) ALL
I reboot the VM and test sudo with one of my domain users by running the following command:
$ sudo -l -U usernamen@domain-fqdnSNAPSHOT: AD-Integration complete
Install and configure VMware Horizon Agent
Install and configure VMware Horizon Agent
Prior to downloading and installing VMware Horizon Agent, I must install the dependency packages as documented by VMware here: Install Dependency Packages for Horizon Agent
$ sudo apt-get install krb5-user
$ sudo apt-get install -y gnome-shell-extension-appindicatorNext, I modify the /etc/sssd/sssd.conf according to the documentation mentioned above
# Content of my /etc/sssd/sssd.conf file
[sssd]
domains = ad.admin.frelab.net
config_file_version = 2
services = nss, pam
[domain/ad.admin.frelab.net]
default_shell = /bin/bash
krb5_store_password_if_offline = True
cache_credentials = True
krb5_realm = AD.ADMIN.FRELAB.NET
realmd_tags = manages-system joined-with-adcli
id_provider = ad
fallback_homedir = /home/%u@%d
ad_domain = ad.admin.frelab.net
use_fully_qualified_names = False
ldap_id_mapping = True
access_provider = ad
ad_gpo_map_interactive = +gdm-vmwcred #Add this line for SSO
ad_gpo_access_control = permissive #Deactivate GPO access control in the cloned VM
Next, I download the correct version of VMware Horizon agent for Linux from VMware Customer Connect
I extract the downloaded tar file by running the following command:
$ sudo tar -xvzf VMware-horizonagent-linux-x86_64-YYMM-y.y.y-xxxxxxx.tar.gzI launch installation of the Horizon Agent by running this command:
$ sudo ./install_viewagent.shOnce the installation is done I make the following adjustments to the Horizon Agent files:
# /etc/vmware/viewagent-custom.conf
SSOUserFormat=[domain]\\[username]
OfflineJoinDomain=sssd
SSODesktopType=UseMATE
# /etc/vmware/config
RemoteDisplay.buildToPNG=TRUE
Clipboard.Direction=1I also configure the Blast Settings as described by VMware Here: Example Blast Settings for Linux Desktops
Finally, I shut down the VM and take a snapshot to prepare for deployment to Horizon and testing.
Create Desktop Pool
Create Desktop Pool
I login to VMware Horizon Admin Console and start the Create new Desktop Pool Wizard. For this session it will be an Automated Desktop Pool
I choose Instant Clone, my vCenter, Next…
I select Floating Assignment, Next…
I don’t have VSAN, yet…
I provide a Desktop Pool ID and Display name, Next…
I enter the Provisioning Settings, Next…
I detail the vCenter Settings, Next…
I configure the Desktop Pool Settings, Next…
I select my Remote Display Settings, Next…
I choose the Domain and Active Directory settings, Next…
I complete the New Desktop Pool wizard, Submit…
The publishing starts immediately, once the state changes to “Published”, I can verify that the desktops are available
Testing
Testing
When I log on with the VMware Horizon Client, I see that I now have access to a Ubuntu 22.04 Desktop
And with that, I finally have a working Instant Clone Desktop Pool with Ubuntu 22.04 Mate desktops.
VMware Horizon View planning, deployment etc.
VMware’s official documentation: Linux Desktops and Applications in Horizon 8
Disclaimer: Every tips/tricks/posting I have published here, is tried and tested in different it-solutions. It is not guaranteed to work everywhere, but is meant as a tip for other users out there. Remember, Google is your friend and don’t be afraid to steal with pride! Feel free to comment below as needed.
bjosoren's IT-Tech blog 