Horizon Composer vCenter permissions

The following table outlines only those vCenter permissions required for Horizon Composer. Using the procedure outlined in Chapter 2, Implementing Horizon Connection Server, we can create a vCenter role just for the Composer service account, or we could modify the existing role we created to add the permissions as outlined in the following table:

The decision on whether or not to use separate AD accounts for the Horizon Connection Servers and Horizon Composer is up to you. In some cases, organizational security policies will require it in order to minimize the permissions any one account has within your down, which makes the decision an easy one.

For the purpose of this chapter, we will create the following:

  • AD service account named svc-horizoncomp
  • vSphere role with the previously listed permissions named Horizon Composer