Horizon Service Installer for NSX

Services and Service Groups for Horizon View does not ship with NSX 6.2 today. Administrators must manually add the Horizon-related services (source, destination, protocol, port information) into NSX. This is a time consuming process and lends itself to errors.

This VMware Fling is an easy-to-use utility that inserts Horizon View services into NSX, and then combines them into Service Groups. Moreover, this utility tool can pre-create 4 empty security groups and corresponding NSX Distributed Firewall Rules for Horizon environment.

In the simple deployment, a user can use whatever way to add the Horizon components, e.g. Desktops VMs, into corresponding security groups, then the Horizon network infrastructure is all set. This simplifies the creation of NSX based Horizon network infrastructure, that can be used to protect both Horizon infrastructure and hosted desktops and applications.

Pascal van de Bor has written a great blog NSX for Desktop: Jumpstart microsegmentation with Horizon Service Installer Fling and enriched the Horizon service rule in github. Check it out if you want to build up a NSX based Horizon network environment where other network zones might not trust the desktop zone.

H4NSX04 H4NSX05  

•  OS requirement – Windows 7, Windows 8, Windows Server 2008, Windows Server 2012
•  Java JRE or JDK 1.6 or above is installed on the client Windows PC
•  NSX Server is installed and licensed

Packaging

A single compressed ZIP file contains the following files:

  • bat - This is the batch executable file to add Horizon service into NSX
  • Horizon4NSX-1.0.jar - This is the Java main class to handle Horizon service for NSX
  • csv - This comma delimited file contains the pre-defined port rules that are required by Horizon View 6.2. It can be edited to allow users to inject their own custom services and service groups
  • Install.bat - This is the batch executable file to add Horizon service into NSX
  • Horizon6_Service.csv - This comma delimited file contains the pre-defined port rules that are required by Horizon View 6.2. It can be edited to allow users to inject their own custom services and service groups.
  • Readme.txt - This text file provides simple operating instructions.

  1. Download the compressed Fling file (zip‎) and extract it to a specified folder.
  2. Verify your Windows environment setting for JAVA_HOME.
  3. Using a text editor (example: Notepad), set JAVA_HOME value in install.bat according to your environment setting
  4. Run cmd.exe to open a command line window and go to the above folder with uncompressed contents
  5. Run install.bat
  6. You will be prompted to enter the FQDN or IP address of your NSX Manager server and the administrator credentials
  7. Enter “Yes” if you trust the server certificate.

Updated om July 7, 2014

  • Added two firewall rules to reject the communication inter-components
    - Inter-Desktop FW Rule //Reject inter-desktops communication
    - Inter-CS FW Rule //Reject inter-connection server communication

Updated on June 14, 2016

1) Added support for the source specification for the FirewallRules section in the YAML property files. Example:

FirewallRules : 
   - name : Desktop FW Rule
     source : View Desktops,View Connection Server
     destination : View Desktops
     action : Allow
     serviceGroup : Horizon View 7x Desktops

Update on March 16, 2016
  • Update network port information for Horizon 7
  • Change property file from csv format to YAML format for better reading
  • Add log support
  • Exception handling
Add a Comment
Report a Bug