VMware is proud to announce our authorization with for VMware Horizon® Cloud Service™ (HCS), along with our existing FedRAMP High, enabling U.S. Department of Defense (DoD)-based customers with VMware Horizon® 8 on-premises and Horizon Cloud on Microsoft Azure customers with new Horizon SaaS subscriptions to use their Horizon virtual desktop and app deployments to connect to Horizon Cloud Service in a FedRAMP High/IL5 environment. As a result, this provides a hybrid-cloud experience, leveraging the Horizon Cloud Control Plane to connect and run Horizon on-premises and/or Horizon Cloud on Azure (HCoA) instances.
DoD IL5 overview
DISA issued a DoD Provisional Authorization (PA) for VMware’s Horizon Cloud Service cloud service offering for data categorized as Impact Level 5. IL5 data includes Controlled Unclassified Information (CUI) used for example with both branches and many Defense Industrial Base (DIB) under the certification program, as well as with National Security Systems (NSS). Horizon Cloud Service offers Software-as-a-Service (SaaS), including capabilities across private and hybrid cloud environments, and supports up to IL5 data for DoD and Intel-based federal communities alike.
DISA’s authorizing official (AO) grants PAs to commercial cloud service providers following a robust testing and validation process based on and leveraging assessment results from the and the controls associated with it. Although DISA validates the assessments on the cloud service offerings and issues PAs, DOD components are responsible for determining and authorizing the best cloud service offering to meet their operational and security requirements.
The defines the baseline security requirements used by DoD and its branches to assess the security posture of a cloud service provider (CSP), supporting the decision to grant a DoD PA that allows a CSP to host DoD missions. It incorporates, supersedes, and rescinds the previously published DoD Cloud Security Model (CSM) and maps to the DoD’s Risk Management Framework (RMF).
DISA IL5 for Horizon Cloud Service
DoD branches will now have the flexibility of deploying virtual desktops and apps in Microsoft Azure with an option to also run Horizon 8 on-premises or in the cloud while leveraging the lower costs and scale benefits of Horizon. With a hybrid-cloud approach, IT can further broaden the scope of use cases their Virtual Desktop Infrastructure (VDI) and Desktop-as-a-Service (DaaS) environments can cover, including High Availability / Disaster Recovery (HA/DR) and cloud bursting.
VMware Authorized Solution – Horizon Cloud Service on Microsoft Azure (HCoA)
VMware HCoA is comprised of a client, agent, connection server, and Unified Access Gateway, which are all a part of the VMware Horizon suite of services and appliances that work together to deliver centralized enterprise resources to end users. This is done by providing users with a “virtual desktop” that consolidates their authorized enterprise computing environments and applications into a single view that is presented to them through a client application and makes up the core elements or foundation of VMware’s Virtual Desktop Interface (VDI) service. And delivering virtual desktops and apps on Microsoft Azure adds even more value to Azure Virtual Desktop (AVD) capabilities with Horizon Cloud, now authorized for federal customers requiring the additional controls certified under DISA’s IL5 controls.
What does this mean for Federal Horizon customers?
Admins and end users will find that these VMware Horizon features save time and costs while supporting security and ease of management and enable end users to work remotely and securely. Horizon changes their user experience by improving consistency ease of use and access, through VMware HCoA which not only provides the security controls necessary for a DoD branch, Intel Community / Nat'l Security-based agency, or DIB contractor but also the rich capabilities within VMware’s HCoA solution, including:
Note: Some services may not be available with all infrastructure platform options.
Horizon Site Architecture Options for Public Sector Deployments On-Premises
The VMware Horizon solution provides Public Sector customers with the means to efficiently deploy, manage, monitor, and scale desktops and apps across private, hybrid, and multi-cloud infrastructure using a cloud-based console and SaaS management services.
The following diagram shows an example of the server components and logical architecture for a single-site deployment of Horizon that provides an illustration of the core Horizon server components and those certified under NIAP within an example, single gov't hosted domain. However, depending on a customer’s solution, it could be expanded to include multi-site deployments with use of VMware’s Cloud Pod Architecture (CPA) if desired, as well as the inclusion of other non-highlighted core Horizon server components, such as VMware App Volumes, VMware Workspace ONE Access, or even other Workspace ONE or customer deployed assets.
In summary, the FedRAMP High / IL5 Authorized VMware Horizon Cloud Service makes delivery of virtualized desktops and apps easy and secure. You can use Horizon for device redirection, unified communications, access to apps and desktops, and more. Horizon provides easy single sign-on (SSO) access on any device, multi-factor authentication (MFA) for administration and deploys virtual desktops to any location; providing end users the freedom to work in any qualified or approved agency location and space.
Additional Horizon Resources
For more information on our Horizon solution, see the following links:
- : Overview of the deployment of Horizon On-Premises location for the Horizon service
- : Latest news about new and updated features
- : Latest demos, documents, videos, etc.
- Latest assets and guidelines for End-User Computing
- : Latest and complete list of Public Sector related assets on TechZone
- : List of CC certifications for VMware solutions
- : Sandbox environment for VMware Horizon to try out Horizon 8