As far back as 2 years ago at VMworld Europe 2014 conference VMware announced the release of the VMware Horizon FLEX solution. It is a virtualization platform for desktops, which allows running virtual machines locally on users’ computers, both on Mac and with Windows, while connection to the company’s datacenter isn’t available. At the same time, the virtual machine utilized by the user can be Windows-based or have guest OS Linux inside.
Many virtual infrastructures administrators still remember that before VMware had VMware ACE and VMware View Local Mode products, which passed long ago and now have been replaced with FLEX technology. Since VMware Horizon FLEX 1.9 version, as well as the new versions of Workstation and Fusion desktop platforms, has been released just recently, let’s look closer at the FLEX solution and consider its key features.
VMware Horizon FLEX isn’t a standalone product, but a mixed technology based on three solutions:
- Horizon FLEX Policy Server is a central management server for VMs, which is responsible for policies assignment and management.
- Horizon FLEX Clients are users’ workstations with installed Fusion Pro or Player Pro, which are already known to many. Before starting to use the solution, the user downloads the virtual machine completely from the server, and then can work with it locally.
- Mirage for Horizon FLEX is designed to manage virtual desktop components (system, applications, data).
At FLEX Policy Server the datacenter administrator assigns policies (over 70 altogether) to a virtual machine, like the VM usable life, USB-devices availability, means of communication with the host OS, etc. In this regard, the product has much in common with VMware ACE solution, if somebody still remembers it.
From this server users’ VMs can be managed, for example, machine can be simply locked out any moment:
It is interesting that though the solution is called Horizon FLEX, installation of Horizon View or VMware vSphere is not necessary at all. Besides, since everything is implemented locally, you don’t need additional storage for these virtual machines. At the same time, the VM can be deployed either on the laptop hard drive or individual flash drive.
One of the use cases is BYOD concept. For example, an employee has his own convenient Mac he wants to work on, but the corporate standards require to work in Windows environment. In this case, with FLEX solution, he can use Windows-based virtual machine as a working one and have it with him at all times.
There are the following policies in the Horizon FLEX:
- Total VM aging (Time limit)
- Offline usage duration (while no server connection)
- Policies update rate
- Access to USB-devices
- Copying data mechanisms condition with the host system (drag-and-drop, copy-and-paste operations)
- Limited access to the virtual machine configuration (reconfiguration by the user is impossible)
The following host OS support has been tested for Horizon FLEX as yet:
- Windows XP SP3, Windows Vista, Windows 7, Windows 8.x and Windows 10 (keep in mind that Player Pro supports 64-bit OS only)
- Mac OS X 10.8, 10.9, 10.10 and11
Listed OS can be also used as guest OS, but in their 32-bit versions. Actually, OS supported by VMware Workstation and Fusion can be used, since the latter are FLEX components.
This is how VMware FLEX components architecture looks like:
As far as we can see, for external (located behind DMZ) and internal (on-premise) virtual machines, stored in FLEX infrastructure, different file servers are used. External desktops connect to FLEX Server to get policies updates.
Typical workflow of a Horizon FLEX administrator:
Here we can see that after the new VM for the user is created, it is encrypted and protected with the policies on behalf of Horizon FLEX Policy Server, and only after, the end user is provided with the access to it. Then, centralized management of all virtual machines follows.
Here is the typical workflow of VMware Horizon Flex user. For user’s access to the VM FLEX Client is used:
As we can see, when the administrator creates desktop and protects it with policies, it becomes visible to the user. The user downloads it to his desktop to use locally.
Here are some key features of a new version of VMware Horizon FLEX 1.9, which allow to support offline virtual PCs:
- Using VMware Workstation and VMware Fusion latest versions as clients
- Support of Microsoft Windows 10, both as host OS and guest OS
- Support of Microsoft DirectX and OpenGL for guest OSs
- The virtual machine can have up to 16 vCPU, 64 GB of RAM, 8 TB of disk space and 2 GB of video RAM
- VoIP-calls via Skype and Lync
- USB 3.0 devices support (with the latest USB driver from Intel)
- An option of adding incremental number to the virtual machine name in Active Directory. This allows user to download several copies of his virtual machine, with each of them being connected to AD domain. This is especially useful for the developers.
- Support of the virtual machine URL to assign rights, which allows several AD groups have several sites to deploy the VMs.
- Support of networking capabilities – MAC Address Assignment, Network Policy for network adapters and Virtual Router Isolation function.
In the end, VMware Horizon FLEX is a very useful tool for certain types of users, whose virtual PCs need enterprise data security. These users can be the employees who often go on business trips with poor internet connection, as well as the users who work on their MacBooks within BYOD concept in a corporate environment.
Of course, for these users Workstation and Fusion solutions could be used separately, but in this case protection of virtual machines with policies and the control of virtual infrastructure administrators over them are not guaranteed.