Got Azure?....You can Run Horizon Cloud on it
I was working with a customer recently on a mobility project, they wanted published desktops and applications running 100% from the cloud. They already had good experiences with the cloud and had a certain element (subset) of server workloads running there - in this case the public cloud of their choice was Azure. They wanted virtual desktops to allow for remote working and the concept of the same consistent desktop that could be accessed on any device. They also wanted their desktops to be in the same region as the server workloads already running there.
When discussing their requirements they wanted to have an "as simple as possible" approach where the published desktop's and applications were provisioned and managed - they would manage the Azure platform capacity but they needed someone to manage the control plane and automatically "spin up" the environment for tenants, desktop & app management, images, monitoring and service updates.
Horizon Cloud on Azure was the solution that addressed their requirements. The Horizon Cloud control plane connects to the Azure tenant and automates the deployment of VMs, controlling the lifecycle management of published desktops and application's residing in and delivered from MS Azure.
This post will take you through the requirements and management of Horizon Cloud on Azure.
Firstly because it's a cloud service provided by VMware it's updated regularly leveraging the benefits of a SaaS offering. The infrastructure is provided by the customer (IaaS Azure). The control plane is run from the Horizon Cloud Service (USA & Germany).
MS Azure Prerequisites
Login to the Azure portal https://portal.azure.com using the customers IaaS subscription.
An existing or a new VNet can be created - Horizon cloud will automate the creation of subnets based on the given CIDR blocks.
Machine creation and domain join are automated by Horizon Cloud, because of this we need to add a peer VNet to where AD is running. Both On premise and cloud based AD are supported. VNet peering is unidirectional so peering is required in both directions.
Azure provided DNS and Custom DNS is supported.
A service principal account granting access from Horizon Cloud to the MS Azure Subscription is also required. In Azure you can copy the application ID of the service account and the unique key as this is required to deploy the Horizon Cloud node. The key value should be stored securely.
Horizon Cloud on Azure Interface
The interface for the control plane is quite intuitive and easy to navigate. There is a simple "Getting Started" page that walks through the steps of adding capacity and desktop assignment etc. Below you will see the steps broken out into screenshots.
The node is the controller that deploys the components to run the service.
As shown in the screenshots above the MS Azure subscription details are added in to join the control plane to the tenant. The bits are downloaded and installed from the Horizon Cloud control plane to the Azure tenant. You will be able to choose the relevant Azure region from the node setup page, add in the network ranges and enable the ability for the desktop's/applications to access the internet. There is also an option to enable 2 Factor Authentication and upload a PEM format certificate.
Once Horizon Cloud is paired with the tenant and the control plane has deployed the node we can start adding the Golden Image, this step is super easy. We can choose from the Azure marketplace to select an image to use. Supported Server OS' for RDS are 2012R2 or 2016 DC Edition. On import Horizon Cloud joins the machine to the domain, enables the RDS role, automated Horizon and DaaS agents are installed.A bootstrap process enables secure pairing of the DaaS agent to the Horizon cloud node.
A given IP address can be used to RDP to the desktop (image) to configure the desktop and install applications etc. The image can then be converted into an assignable image and can be used to create 1 or more RDS session host farms.
You can see from above that you can select a server size that best matches your desktop requirements with vGPU being an option if required. There are a number of options regarding management as shown below.
One really nice option in management is to enable maintenance schedules and power management so that Azure servers can be turned off when not in use saving on running costs.
Now that the image and farm is ready to go we can start assigning desktop (and applications) to users. Doing this is very straightforward.
1. Choose Assignment and we are presented with both desktop and application assignments (published desktops or published apps). Here I choose the node name and farm. I can then search through Active Directory to entitle users to the relevant desktop or application(s).
Once the assignments have been completed users can connect with a few different methods. This can be with the Horizon client, via HTML5 (Browser) or with SSO via Identity Manager.