Discover the security, access, and performance updates in Horizon 8 2503

Horizon 8 2503 release brings key enhancements across Horizon, Dynamic Environment Manager (DEM), and App Volumes—focused on improving performance, strengthening security, and simplifying management. This release introduces smarter access controls, improves session stability and monitoring, and extends App Volumes with broader support for physical devices. 

This is also our latest Extended Service Branch (ESB) release, which means customers will receive critical bug fixes and OS version support through regular maintenance updates for up to three years.  Learn more here. 

Expanded platform support

Horizon 8 2503 strengthens integration with leading cloud platforms and adds support for the latest Windows Server OS.

Support for Windows Server 2025 

Horizon 8 now supports Connection Server on Windows Server 2025, allowing seamless upgrades and replica additions to older environments. Enhancements include Enrollment Server support, TrueSSO with Microsoft CA, Active Directory (2025 domain functional level), and Event Database support with a compatible Microsoft SQL version.  This update allows customers to upgrade their infrastructure without disrupting Horizon services.

Easier access to Horizon on Amazon WorkSpaces Core 

Omnissa Access supports Horizon 8 on Amazon WorkSpaces Core.  Horizon 8 2503 updates the Horizon SDK to allow Workspace ONE Access to properly interact with AWS Core pool types.  Customers can now directly launch Horizon 8 on Workspaces Core from Workspace ONE Access and more easily get to their desktops through a centralized portal.

Horizon 8 automated pools now support Amazon WorkSpaces Core graphics G4DN (NVIDIA T4) instances. Graphics.g4dn is ideal for customers seeking low-cost GPU-enabled virtual desktops and the GraphicsPro.g4dn enables high-end media production, or GIS data processing. See more EC2 G4dn family.

Improve operations for simpler management and monitoring 

Horizon 8 2503 introduces features that reduce administrative overhead, enhance infrastructure visibility, and support automation at scale—making it easier for IT teams to manage and maintain Horizon environments.

Automate ADAM DB partition migration to Omnissa branding 

As part of the rebranding of Horizon Connection Server to Omnissa, the application partition names in both local and global AD LDS instances have been updated. Starting with this release, the partition name has changed from "vmware" to "horizon."  To assist existing customers with this transition, Omnissa provides a migration script that updates the partition names while providing data integrity. After upgrading all pods to Horizon 2503, customers can run the script to permanently update their deployments to the new application partition naming convention, helping ensure a smooth migration without data loss.   Learn more about rebranding changes in Omnissa products at KB6000681.

Expand visibility with built-in infrastructure monitoring

Horizon 8 2503 improves the Horizon console with built-in monitoring capabilities for both Unified Access Gateways (UAGs) and Connection Servers. Administrators can now view key health metrics directly within the console.  Additionally, admins can monitor pod and cloud pod architectures (CPAs) connected to the connection server including real-time availability, system utilization (CPU, memory, disk), session counts, connected services health, and certificate status. This pod-based visibility helps IT proactively detect and resolve issues by surfacing errors and expiration warnings before they impact users. It also simplifies infrastructure monitoring and enables faster, more informed troubleshooting across distributed environments.

Boost operational efficiency with SMB support for Connection Server LCMs

To simplify Horizon lifecycle management (LCM) workflows for Connection Server and Enrolment Server, Horizon 8 2503 introduces SMB file share support for use with Horizon LCM APIs and the Horizon Terraform provider. Instead of requiring a dedicated web server to host installer files, administrators can now place the files on a standard network file share—making it easier to automate deployments and updates. This new capability reduces setup complexity and provides more efficient, scalable operations through automation.

Simplify remote access with dynamic user assignment 

When using a physical PC for remote access and authentication, Horizon 8 2503 automates the process of adding users to the Local Remote Desktop Users group, eliminating the need for manual intervention. By dynamically adding users upon Horizon login, it reduces administrative overhead, minimizes the risk of misconfigurations that could impact security, and simplifies remote access management for IT teams. 

Enhanced security and access control

Horizon 2503 enhances security with flexible authentication options, intelligent network access policies, and broader support for modern encryption standards.

Enforce access with Adaptive Authentication and Network Policies 

Introducing Adaptive Authentication & Network Access Policy at the pool level, which offers greater flexibility in securing access based on the end-user’s location and access policies for specific applications. Administrators can define network access policies (i.e. External, Internal, All) allowing them to enforce stronger authentication for sensitive or restricted use cases.  For example, a doctor can access all applications inside the hospital network but may require stricter authentication for VDI or RDSH outside the network due to compliance requirements. Supported authentication methods include USERNAME_PASSWORD, CERTIFICATE, GSSAPI, RADIUS, SAML, RSA_SECURID, and JWT Available via API, this feature provides granular control over authentication and network policies that help align access to enterprise security and compliance standards.

Enable access with native SAML Support for Connection Server 

Horizon 8 2503 introduces native support for third-party SAML authentication directly on the Connection Server. This allows users to be redirected to an external identity provider (IDP) for authentication before being granted access to their entitled virtual desktops. With this enhancement, organizations that relied on SAML authentication with a unified access gateway (UAG) can now extend the same authentication experience to internal users without needing a UAG. This simplifies the setup and reduces infrastructure requirements for internal access.

Figure 1.  Horizon 2503 Connection Server supports SAML authentication for users 

Strengthen security and performance with cipher suite support 

Horizon Server now includes ChaCha cipher suites in its default configuration for non-FIPS mode. These modern cipher suites offer strong encryption and improved efficiency, especially on devices without AES hardware acceleration. This update strengthens security while ensuring consistent performance across a broader range of endpoints, helping deliver a high-quality end-user experience.

Improved performance and resilience across platforms 

Horizon 8 2503 delivers a set of performance-focused updates designed to improve session reliability, optimize bandwidth usage, and extend key capabilities across platforms.

Maintain Horizon Recording despite network outages 

If a network disruption occurs, Horizon Recording resumes automatically once the connection is restored, preventing gaps in recorded sessions. This update adds a retry window that prevents short disconnections from interrupting session recordings. This helps ensure that even brief outages do not result in lost recordings and provides confidence that all sessions are fully captured.

Extend bandwidth optimization to Mac and Linux clients 

The asynchronous bandwidth estimator, previously available on Windows clients, is now supported on Mac and Linux desktop clients. This feature tracks bandwidth usage and packet loss on an asynchronous basis, allowing Blast to minimize bandwidth consumption and respond more effectively to changing network conditions. The result is improved session stability and a more consistent user experience across all supported platforms.

Enable screen sharing on Linux without compromising performance

Horizon 8 2503 adds screen sharing support for Browser Content Redirection (BCR) on Chrome and Edge for Linux clients. Previously available on Windows, this update enables Linux users to share their screens while offloading browser-based content to the client. By reducing the load on virtual desktops, it improves performance and makes collaboration smoother. This is especially useful for media-rich websites and unified communications web apps as it provides a more efficient way to support video calls, online meetings, and web-based collaboration.

Extend application delivery and accelerate logon performance

App Volumes and Dynamic Environment Manager, both of which support Horizon 8, introduce new capabilities in this release that simplify app delivery to physical endpoints, enhance cross-environment flexibility, and improve system performance during user logon.

Simplify app delivery to physical devices on the LAN 

Building on the capability introduced in App Volumes 2412, App Volumes can now deliver MSI-wrapped VHD packages directly to physical Windows endpoints.This update extends support by enabling those VHDs to be mounted directly from a network share. This enhancement is ideal for “always connected” physical desktopsthat remain on the LAN, allowing applications to be delivered without local storage requirements. It also enables broader use cases, such as repave scenarios where physical devices are treated as non-persistent—common in kiosks, labs, and shared environments. IT admins can deliver and manage applications across physical endpoints while benefiting from the efficiency of shared storage and centralized app management.

Enable app delivery across environments with VHD replication

App Volumes now supports VHD replication within storage groups. This brings parity with existing VMDK replication, allowing customers the ability to replicate VHD-based packages across multiple file shares and instances. This enhancement enables replication across disparate infrastructures by using VHDs as a consistent packaging format, allowing organizations to deliver and manage the same applications regardless of their underlying environment. It supports the broader vision of delivering applications anywhere, with the performance and scale customers expect.

Accelerate startup time in DEM 

Dynamic Environment Manager (DEM) now significantly reduces system boot time with the introduction of asynchronous task execution during startup. Administrators can configure tasks to run independently or in parallel groups—rather than sequentially—via FlexService to reduce delays during startup. Tasks can also continue running even after the FlexEngine process ends, giving admins greater flexibility in how tasks are organized and executed. This update improves startup performance, delivers a faster and more responsive experience for end users, and enables IT to manage the environment more efficiently.

Figure 2.  New “Run asynchronously” option in DEM startup task menu helps reduce startup time by allowing parallel task execution.

As always, we're introducing features that help our customers improve security, efficiency, and performance across their environments. From smarter access controls and faster reconnections to enhanced monitoring and expanded app delivery for physical devices, Horizon 8 2503 comes with features designed to make an impact in your virtual desktop and app deployment. This blog covers some of what’s new—check out the full release notes for the complete list of features and updates.