Configuring the Horizon Instant Clone Engine

While Horizon does not require a Composer Server to deploy and manage Instant Clone desktops, we are required to provide an AD account that it will use to create and manage the Instant Clone desktop AD computer objects. In this section we will create the AD account, grant it the permissions required in AD, and provide the account details in the Horizon Administrator console.

Configuring the Instant Clone Engine AD user account

Horizon requires an AD account with specific permissions in order to manage the desktop AD computer objects for Instant Clone desktops. Refer to the Delegate permissions for Horizon Composer in Active Directory section of Chapter 3, Implementing Horizon Composer, for the procedure used to delegate these permissions, although refer to the following list of updates to that procedure as the permissions required and AD account used are different. It is assumed that prior to performing this procedure you have already created the AD user account you intend to use (svc-horizonic in this example).

• In step 5 of the preceding section—in the Select Users, Computers, or Groups window, type the name of the Horizon Composer service account (svc-horizonic), click OK to return to the Delegation of Control Wizard - Users or Groups window, and then click Next >.

  Tip

  Note that we are using a dedicated AD account for Instant Clone operations. I recommend using dedicated accounts for Horizon, Horizon Composer, and Horizon Instant Clone (AD operations) for security reasons and to make it easier to troubleshoot any issues that may occur.

• In step 8 of the preceding section—in the Delegation of Control Wizard | Permissions window, click the General, Property-specific, Read, Read All Properties, Write All Properties, and Reset password check boxes, and then click Next >.

Update the Instant Clone Engine Domain Administrator setting

The following steps outline the procedure used to specify the AD user account we created as our Instant Clone Engine Domain Administrator:

1. Log on to the Horizon Administrator console using an AD account that has administrative permissions within Horizon.
2. Open the View Configuration | Instant Clone Domain Admins window within the console.
3. Click on the Add… button in the Instant Clones Engine Domain Administrators window to open the Add Domain Admin window.
4. Provide the User Name: (svc-horizonic) and Password: as shown in the following screenshot and then click OK to return to the previous window:
   
5. Verify that the account was added successfully as shown in the following screenshot:

Horizon is now able to deploy Instant Clone desktops using the procedure described in Chapter 10, Creating Horizon Desktop Pools. Note that if the permissions for this account were not granted correctly, we will likely not notice until we attempt to create an Instant Clone desktop pool.