VMware 2V0-51.23 Practice Test - Questions Answers, Page 2

Cloud Pod Architecture is a feature that allows administrators to link multiple Horizon pods across sites and data centers to form a single logical entity called a pod federation. Cloud Pod Architecture enables global entitlements, which allow users to access desktops and applications from any pod in the pod federation. Cloud Pod Architecture also provides load balancing, high availability, and disaster recovery capabilities for Horizon deployments.

However, Cloud Pod Architecture has some feature limitations that administrators should be aware of. Two of these limitations are:

Cloud Pod Architecture does not support Active Directory two-way trusts between domains: This means that the domains that contain the Horizon pods in the pod federation must have a one-way trust relationship, where the domain that contains the Cloud Pod Architecture home site trusts all the other domains, but not vice versa. A two-way trust relationship, where each domain trusts and is trusted by all the other domains, is not supported by Cloud Pod Architecture and can cause authentication and entitlement issues.

Kiosk mode clients are not supported unless a workaround has been implemented: This means that users who log in to Horizon Client in kiosk mode, which is a mode that allows users to access a single desktop or application without entering credentials, cannot access desktops or applications from a Cloud Pod Architecture implementation. Kiosk mode clients are not compatible with global entitlements and load balancing features of Cloud Pod Architecture. However, there is a workaround that involves creating a dedicated user account and a dedicated desktop pool for each kiosk mode client and using a script to launch Horizon Client with the appropriate parameters.For instructions, see VMware Knowledge Base (KB) article 21488881.

The other options are not limitations of Cloud Pod Architecture:

Cloud Pod Architecture is supported with Unified Access Gateway appliances: Unified Access Gateway is a platform that provides secure edge services for Horizon deployments, such as secure remote access, load balancing, and authentication. Unified Access Gateway is compatible with Cloud Pod Architecture and can be configured to route user requests to the appropriate pod in the pod federation based on global entitlements and load balancing policies.

Cloud Pod Architecture can span multiple sites and data centers simultaneously: This is one of the main benefits of Cloud Pod Architecture, as it allows administrators to scale up and out their Horizon deployments across different geographic locations and network boundaries. Cloud Pod Architecture can support up to 15 pods per pod federation and up to 5 sites per pod federation, with a maximum of 200,000 sessions per pod federation.

The Cloud Pod Architecture feature is supported in an IPv6 environment: IPv6 is the latest version of the Internet Protocol that provides a larger address space and enhanced security features for network communication. Cloud Pod Architecture supports IPv6 environments and can operate in mixed IPv4 and IPv6 environments as well.

Horizon Connection Server instances keep their data in an AD LDS database, which is automatically synchronized between the Connection Server. AD LDS is a Lightweight Directory Access Protocol (LDAP) directory service that provides flexible support for directory-enabled applications, without the dependencies that are required for Active Directory Domain Services (AD DS). AD LDS provides much of the same functionality as AD DS, but it does not require the deployment of domains or domain controllers. In a Horizon environment, each Connection Server instance has a copy of the AD LDS database and replicates changes to other Connection Server instances in the same pod.This ensures that the Connection Server instances have consistent and up-to-date information about the Horizon resources and user sessions12Reference:

Configuring Horizon Connection Server1

Understanding VMware Horizon Services2

VMware Horizon Cloud on Microsoft Azure is the only deployment solution that meets all the requirements.VMware Horizon Cloud on Microsoft Azure supports Windows 10 Enterprise multi-session desktops, which are a new Remote Desktop Session Host exclusive to Azure Virtual Desktop on Azure1. It also supports App Volumes, which is a real-time application delivery system that enables IT to instantly provision applications to users or desktops. VMware Horizon Cloud on Microsoft Azure supports centralized brokering, which means that the Horizon Cloud Service acts as a single point of entry for end users to access their virtual desktops and applications. VMware Horizon Cloud on Microsoft Azure also supports automatic routing of end-users to the most appropriate virtual workspace, using the Universal Broker feature. Universal Broker is a cloud-based brokering service that provides a unified user experience across multiple Horizon pods and clouds.

VMware vSphere Desktop Edition does not support Windows 10 Enterprise multi-session desktops, as they are only available on Azure Virtual Desktop1. VMware Workspace ONE Unified Endpoint Management does not support App Volumes, as it is a different solution for managing devices and applications. VMware Horizon On-Premises does not support automatic routing of end-users to the most appropriate virtual workspace, as it requires manual configuration of load balancing and global entitlements.Reference:

Profile production applications in Azure with Application Insights Profiler1

Using Application Profiler - VMware Docs2

First look at profiling tools - Visual Studio (Windows)3

App Volumes Overview

Horizon Cloud Service on Microsoft Azure Architecture

Universal Broker Overview

Workspace ONE UEM Overview

Load Balancing Across Pods and Sites in a Cloud Pod Architecture Environment

The VMware Horizon component that needs to be deployed to allow users to log into VMware Workspace ONE Access and connect to remote desktops and applications without having to provide Active Directory credentials is the Enrollment Server.The Enrollment Server is a standalone service that integrates with VMware Workspace ONE Access and enables True Single Sign-On (SSO) for Horizon clients that are using non-AD-based authentication methods such as RSA SecureID, RADIUS, or SAML1.The Enrollment Server requests short-lived certificates on behalf of the users from a certificate authority (CA), and these certificates are used for authentication to the Horizon environment2.The Enrollment Server must be installed and configured in the same domain or forest as the Connection Server, and it must have an enrollment agent certificate that authorizes it to act as an enrollment agent2.

The other options are not valid or feasible because:

A Replica Server is a Connection Server instance that replicates the Horizon LDAP configuration data from another Connection Server instance, and provides high availability and load balancing for user connections3. A Replica Server does not request or issue certificates for users, and it does not integrate with VMware Workspace ONE Access.

A Security Server is a Connection Server instance that resides within a DMZ and acts as a proxy for external user connections to the Horizon environment4. A Security Server does not request or issue certificates for users, and it does not integrate with VMware Workspace ONE Access.Security Servers are deprecated in Horizon 8 and replaced by Unified Access Gateways (UAGs)4.

A vCenter Server is a management platform that provides centralized control and visibility of vSphere hosts and virtual machines in the Horizon environment5. A vCenter Server does not request or issue certificates for users, and it does not integrate with VMware Workspace ONE Access.

VMware Horizon 8.x Professional by Vmware1

Install and Set Up an Enrollment Server2

Install a Replica Connection Server Instance3

Install a Security Server4

vCenter Server Overview5

Prepare the Windows Server 2019 golden image.

Add an Automated Farm.

Add a RDS deskptop pool.

Entitle AD users and/or groups.

Launch Horizon Client and verify access to RDS desktop.