Quick-Start Tutorial for VMware Horizon Cloud on Microsoft Azure

VMware Horizon Cloud Service on Microsoft Azure 1.6

Introduction

This Quick-Start Tutorial introduces an offering to the VMware Horizon® Cloud Service™: VMware Horizon Cloud Service on Microsoft Azure. This offering combines the management functionality of the Horizon Cloud Service control plane with the cost-saving capacities of Microsoft Azure. You can take advantage of the Horizon Cloud Service to manage your desktops and remote applications. This includes managing VDI and RDS-hosted applications on Microsoft Azure infrastructure, as well as the flexibility to choose the deployment option that best meets the needs of your organization or use cases. This Quick-Start Tutorial describes the process of deploying Horizon Cloud Service components into your Microsoft Azure capacity. This process creates an entity called the Horizon Cloud Service node, which pairs with the control plane. You then use the control plane to create RDSH and session farms, and to manage and deliver virtual RDS-enabled Windows Servers and remote applications to your end users. You can also leverage the automation to perform basic VDI agent updates to floating and dedicated desktops.

Purpose

This Quick-Start Tutorial introduces you to Horizon Cloud Service on Microsoft Azure, and helps you to evaluate this product through a series of practical exercises. The Overview section describes the benefits, features, architecture, and components, and how the components interoperate. Subsequent sections provide exercises to help you deploy the Horizon Cloud Service node into your Microsoft Azure capacity, and then to explore and evaluate this product and its core capabilities and key features.

Important: This tutorial is designed for evaluation purposes, based on using the minimum required resources for a basic deployment, and does not explore all possible features. The evaluation environment should not be used as a template for deploying a production environment. To deploy a production environment, see the Horizon Cloud Service documentation.

Audience

This guide is intended for security architects, engineers, and administrators who want to familiarize themselves with, or are in the process of implementing, a Horizon Cloud Service on Microsoft Azure infrastructure. Familiarity with Windows data center technologies such as Microsoft Azure, Active Directory, SQL, and Microsoft Management Console is assumed. You should also be familiar with virtualization technology, cloud computing, network routing, firewall security architecture, site-to-site virtual private networks (S2S VPNs), and Multi-Protocol Label Switching networks (MPLS). Knowledge of compatibility is also useful before using VMware Horizon Cloud Service on Microsoft Azure (see VMware Product Interoperability Matrices).

Note: Not all sections of this guide are necessarily applicable to your deployment. Optional sections are clearly marked. If you have questions about the specifics of your order, see your Horizon Cloud-Hosted Setup web form, or speak to VMware or a Value Added Reseller for VMware.

Technical Introduction and Features

About Horizon Cloud Service on Microsoft Azure

The VMware Horizon Cloud Service delivers virtual desktops and applications using a cloud platform that is scalable across multiple deployment options. Horizon Cloud Service provides a single cloud control plane from which you can choose multiple deployment options. You can dynamically switch options at any time to adjust to use cases change, employee moves, or economic shifts. These deployment options include:

  • Cloud-hosted capacity managed by VMware
  • Public cloud infrastructure from Microsoft Azure, an Infrastructure-as-a-Service (IaaS) provider
  • On-premises hyper-converged infrastructure from partners such as Dell EMC, Hitachi, and QTC

The second option, Microsoft Azure, is the topic of this Quick Start Tutorial. You can connect your Microsoft Azure instance to your Horizon Cloud Service control plane for a comprehensive cloud-hosted solution for delivering virtualized Windows apps and desktops.

Setting up the environment involves deploying the required VMware software into your Microsoft Azure capacity. The deployed VMware software creates an appropriately configured entity called a Horizon Cloud Service node, which pairs with the control plane. After the node is deployed, you use the control plane to create RDSH farms and entitle remote desktops and applications to your end users, as well as to assign dedicated and floating Windows 10 desktops.

For more information, see the Horizon Cloud Service on Microsoft Azure datasheet.

Packaging, Licensing, and Service Models

Horizon Cloud Service delivers virtual desktops and apps using a cloud platform that is scalable across multiple deployment options. Horizon Cloud Service is available in two subscription options:

  • Per named user: For virtual environments with end users that require dedicated access to virtual machines throughout the day
  • Per concurrent connection: For virtual environments with a high number of users who share machines throughout the day, such as students or shift workers

You can bring your own hyper-converged infrastructure (HCI) or Microsoft Azure infrastructure, or purchase cloud-hosted infrastructure from VMware. For more information, see How to Buy and Packaging and Licensing guide.

Features and Benefits

With the Horizon Cloud Service on Microsoft Azure offering, Microsoft and VMware work together to extend the desktop-as-a-service (DaaS) offering with new cross-cloud capabilities. Key features of Horizon Cloud Service on Microsoft Azure include

  • Support for VDI desktops: For desktops that use the Microsoft Windows 10 operating system, you can entitle both VDI dedicated desktops and VDI floating desktops to your end users.
  • Easy deployment: Depending on the complexity of your configuration, it can take as little as 60 minutes to deploy the service to your own Microsoft Azure instance.
  • Single management plane: Even if you deploy multiple instances of Horizon Cloud Service to multiple Microsoft Azure regions, you still use the same cloud-based management UI to configure and manage your Horizon Cloud Service environments.
  • Single infrastructure provider: You can manage virtual applications from the cloud with your existing infrastructure provider.
  • Simple upgrades: VMware provides a simple blue-green upgrade method that allows you to rev to the next release in minutes.
  • Power management: Horizon Cloud Service has built-in features that automatically spin up or spin down RD Session Hosts based on your demand, to save you time on Microsoft Azure.
  • Schedule-based power management options for VDI dedicated and floating desktops: You can schedule powering off an assignment's VDI desktops for weekends, holidays, and non-working hours, which can optimize cost savings. You can also schedule a higher minimum desktop count to meet high-demand times. 
  • Rolling maintenance and image update: Horizon Cloud Service includes built-in orchestration to allow you to do rolling maintenance of your RD Session Hosts.
  • RD Session Hosted applications: Horizon Cloud Service supports RD Session Hosted applications and desktops with this initial release.
  • Cloud monitoring: You do not need a third party or additional tool to monitor or manage your Horizon Cloud Service on Microsoft Azure deployment. Our new cloud-based monitoring feature allows you to keep an eye on your deployment from a single UI.
  • True multi-cloud deployments: You can choose between cloud capacity managed by VMware, bring your own hyper-converged infrastructure, or bring your own public cloud capacity from Microsoft Azure.
  • User Environment Manager: You are entitled to use VMware User Environment Manager, which is our persona management system for each user in Horizon Cloud Service.  You can also leverage another tool to manage persona if you want.
  • Workspace ONE: The solution integrates with VMware Workspace ONE™ to provide your users with a single workspace to access all their applications.
  • Leverage Microsoft Azure services and regions: As mentioned earlier, you can leverage any region from Microsoft Azure services.
  • Expanded geographic reach: You can leverage any region from the many global Microsoft Azure data centers, and configure and deploy desktops in minutes.
  • Low-cost hourly billing: You benefit from consumption-based pricing for capacity, as well as no upfront costs or termination fees.

For more information, see VMware Horizon Cloud Service and click Horizon Cloud Service on Microsoft Azure > 1.6 > Release Notes.

Components and Architecture

About System Architecture and Components

The Horizon Cloud Service on Microsoft Azure system architecture includes the standard Horizon Cloud Service components, as well as unique components and integrations that provide additional capabilities.

Figure 1: Horizon Cloud Service on Microsoft Azure System Architecture

Figure 1 demonstrates the automated provisioning of a Horizon Cloud Service node on your Microsoft Azure capacity.

  1. Your Microsoft Azure infrastructure as a service (IaaS) provides capacity.
  2. Your VMware Horizon Cloud Service control plane is granted permission to create and manage resources with the use of a service principal in Microsoft Azure.
  3. You provide additional prerequisites such as Active Directory, as well as optional components such as Deployment Engine, Workspace ONE Connector, and RDS license, from either Microsoft Azure or Horizon Cloud on premises.
  4. The Horizon Cloud Service control plane initiates the deployment of the Horizon Cloud Service node, VMware Unified Access Gateway™ appliances for secure remote access, and other infrastructure components that assist with the configuration and management of the Horizon Cloud Service infrastructure.
  5. After the Horizon Cloud Service node is deployed, you can connect the node to your own corporate AD infrastructure or create a new AD configuration in your Microsoft Azure subscription. You deploy VMs from the Microsoft Azure marketplace, which are sealed into images, and can be used in RD Session Host farms.
  6. With the VDI functionality, you can also create Windows 10 assignments of both dedicated and floating desktops.

VMware Horizon Cloud Service Components

Horizon Cloud Service consists of the following major components:

  • Infrastructure: You can choose Microsoft Azure infrastructure, VMware cloud-hosted infrastructure, or your own hyper-converged infrastructure (HCI). This guide focuses on the Microsoft Azure infrastructure option.
  • Active Directory: You can choose to deploy AD on premises or in cloud.
  • Image: Also called image template, a desktop or RDSH server image that can be used in a Horizon Cloud Service tenant to create desktop or application assignments. It is used as the base image from which virtual machines (VMs) are cloned.
  • VMware Horizon Client™: Software-based client installed on a desktop, thin client, mobile device, or tablet that facilitates connectivity to Horizon Cloud-hosted desktops and applications.
  • Horizon Cloud Service tenant appliance: A hardened Linux appliance that provides desktop and application brokering, provisioning, and entitlement services. It hosts the end-user and administrative portals.
  • Desktop and services subnets: Unique IP subnets that you assign to allow for desktop, application, and administrative connectivity. The Desktop Zone uses the desktop subnet for virtual desktops and RDSH servers. The Services Zone uses the services subnet for tenant appliances and other utility services.
  • Horizon Cloud Service Control Plane: The central location to conduct all administrative functions and policy management. From the cloud-based control plane, you can manage your RDS farms and assign applications to users and groups from any browser on any machine with an Internet connection. The cloud control plane provides access to manage all Horizon Cloud Service nodes deployed into your Microsoft Azure infrastructure in a single, centralized user interface, no matter which regional data center you use.
  • Horizon Cloud Service Administration Console: The web-based portal, a component of the control plane, that you use to provision and manage Horizon Cloud Service desktops and applications, resource entitlements, and images. The Horizon Cloud Service Administration Console provides full life-cycle management of desktops, and Remote Desktop Session Host (RDSH) through a single, easy-to-use web-based console. Organizations can securely provision and manage desktop models and entitlements, as well as native and remote applications, through the centralized Horizon Cloud Service Administration Console. The Horizon Cloud Service Administration Console also provides usage and activity reports for various user, administrative, and capacity-management activities.
  • VMware Unified Access Gateway: A hardened Linux appliance that allows for secure remote access into the Horizon Cloud Service environment and is part of the Security Zone (for external Horizon Cloud Service access) and the Services Zone (for internal Horizon Cloud Service access).
  • Optional VMware User Environment Manager: A scalable management solution that provides personalization of Windows and apps; dynamic policy configuration across virtual, physical, and cloud-based Windows desktop environments, for managing a user’s persona across devices and locations; and privilege elevation to aid in your privilege management strategy. VMware User Environment Manager seamlessly integrates with Horizon Cloud Service, and provides a consistent user experience across physical, virtual, and cloud-hosted PCs and RD Session Host servers. If you are already using VMware User Environment Manager on physical or virtual desktops or RD Session Host servers, your knowledge transfers immediately to Horizon Cloud Service on Microsoft Azure. For more information, see VMware User Environment Manager.
  • Optional VMware Workspace ONE: You can choose to deploy a Workspace ONE connector in your data center.
  • Optional True SSO Enrollment server: You can choose to deploy a True SSO Enrollment server in your data center.

Horizon Cloud Service on Microsoft Azure Components

Horizon Cloud Service on Microsoft Azure deploys three appliances from your Microsoft Azure configuration that provide the following capabilities:

  • Horizon Cloud Service Node: Manages all infrastructure resources. While all policy definition and management happen in the cloud, all of the real work––creating resources on Microsoft Azure infrastructure and making it available to users––happens in the Horizon Cloud Service node.
  • Unified Access Gateway Appliances: Provide secure Internet access to published applications and published desktops. One appliance is used for standard runtime, and an additional appliance is used during upgrade. One appliance is continuously powered on, and the second is on only during upgrade.
  • Jumpbox: A temporary Linux-based VM used during environment buildout, as well as for subsequent environment updates and upgrades.

A: Setting Up

About Setup

These prerequisites exercises help you prepare your environment for best use of Horizon Cloud Service on Microsoft Azure. The exercises are sequential and build upon one another, so make sure to complete each exercise in this section before going to the next.

First, you verify that your environment meets the basic prerequisites. Next, you create a new virtual network (VNet), one of the prerequisite Microsoft Azure components. You must bring your own Microsoft Azure IaaS capacity, and configure the Microsoft Azure prerequisites for the Horizon Cloud Service deployment. You set up network ranges based on previously provided CIDR blocks, select Active Directory options, complete VNet bi-directional peering, DNS configuration, and so on. Subsequent sections describe how to deploy the Horizon Cloud Service node on Microsoft Azure, and finally to create a farm where your end users can access applications and shared desktops, and assign dedicated and floating desktops.

Exercise A1: Reviewing the Workflow

Before you start, it is a good idea to review the workflow and tasks involved. You can use the navigation tool on the left to jump to each section:

  1. Verify that your environment meets the prerequisites listed in VMware Horizon Cloud Service on Microsoft Azure Requirements Checklist.
  2. See Deploying a Horizon Cloud Service Node
    • Prepare the Microsoft Azure for node deployment.
    • Deploy the node.
  3. See Creating an Image
    • Register Active Directory domain.
    • Configure a master image.
    • Install applications in the master image.
    • Convert the master image into an assignable image.
  4. See Deploying a Farm
    • Create an RDSH farm to provide session desktops which you can assign to users and groups.
    • Create a second RDSH farm to provide remote desktops which you can assign to users and groups.
    • Create a CNAME record in your DNS server.
  5. See Assigning VDI Desktops
    • Assign a dedicated desktop.
    • Assign a floating desktop.
  6. See Explore Horizon Cloud Service Monitoring and Analytics
    • Explore the reports and analytics functionality.
  7. See Explore VMware User Environment Manager
    • Explore the integration with User Environment Manager and capabilities.

After you finish reviewing the workflow, verify that your environment meets all prerequisites, and then proceed to the next exercise to configure the VNet.

Exercise A2: Creating the VNet

You can deploy a Horizon Cloud Service node to an existing virtual network (VNet), or create a new VNet. But before you create a VNet, verify that your environment meets the prerequisites listed in VMware Horizon Cloud Service on Microsoft Azure Requirements Checklist. For more information, see Getting Started with VMware Horizon Cloud Service on Microsoft Azure.

This exercise describes how to create a new VNet where Active Directory services are available. Microsoft Azure automatically creates the necessary subnets in the VNet using CIDR blocks that you provide. Horizon Cloud Service automates machine creation and domain join operations, and requires access to a VNet with AD services. A set of resource groups in your Microsoft Azure capacity is also automatically created. Resource groups organize the assets that the environment needs, such as virtual subnets and virtual machines (VMs) for the Unified Access Gateway, RDS-enabled server images, RDSH farms, and so on.

1. Log in to Microsoft Azure

  1. Log in to your existing Microsoft Azure deployment.
  2. Make sure to use a subscription that provides IaaS capacity.

2. Add a New Virtual Network

  1. In the navigation bar on the left, select Virtual Networks.
  2. Click Add to create a VNet.

3. Provide Data for New VNet

  1. In the Create Virtual Network pane, provide the following information:
    • Name: Enter a name to distinguish this VNet from others.
    • Address space: Accept the default, or enter an address range.
    • Subscription: Select from the drop-down menu.
    • Resource group: Select an existing resource group, or create a new one when the virtual network is created.
    • The value should not be empty: Create a new resource group or use an existing one.
    • Location: From the drop-down menu, select the region where you plan to deploy the Horizon Cloud Service node.
    • Subnet Name: Accept the default. Horizon Cloud Service automates the creation of the necessary subnets using the CIDR blocks previously provided.
    • Address range: Accept the default.
    • Service endpoints: Accept the default.
  2. In the lower right corner, click Create.
  3. Wait until the creation process is complete, and the VNet is created.

For more information, see Getting Started with VMware Horizon Cloud Service on Microsoft Azure, and click Horizon Cloud Service on Microsoft Azure > 1.6 > Preparing to Deploy a Horizon Cloud Node into Microsoft Azure > Configure the Required Virtual Network in Microsoft Azure.

After creating the VNET, proceed to the next section to configure bi-directional VNET peering.

Exercise A3: Configuring VNet Peering (Optional)

In this exercise, you use Microsoft Azure to configure bi-directional peering. You should configure VNet-to-VNet peering only if the following is true:

  • You created a new VNet that does not have an AD VM inside it
  • You are not using Express Route for VNet peering
  • You are not using VPN for express route peering

In this tutorial, it is assumed that another VNet is in the same region as the AD/DNS server, to which you are peering for access to those services.

1. Peering Connects the Horizon Cloud Service VNet on Microsoft Active Directory

  1. Select the Virtual Networks pane.
  2. Select a network.
  3. Click Peering.
  4. In the third pane on the right, verify that the peer is not yet connected.

2. Add Peering Details

  1. In the Add peering pane, provide the required information:
    • Name: Enter a name to distinguish this action from others.
    • Virtual network deployment model: Select the Resource manager option.
    • Subscription: Select your subscription.
    • Virtual network: Click Choose a virtual network, and select your VNet.
    • Allow virtual network access: Verify that Enabled is selected.
  2. Click OK.

3. VNet Peering Is Connected

  1. Locate the third pane.
  2. Verify that VNet peering is now connected.

4. VNet Peering Overview Details

  1. Locate the second pane.
  2. Click Overview to display additional details in the third pane.

For more information, see the Getting Started with VMware Horizon Cloud Service on Microsoft Azure guide.

After you finish configuring the VNet, proceed to the next exercise to configure the DNS server.

Exercise A4: Configuring the DNS Server

Now that the VNet is configured, your next step is to configure the DNS, which is required during the Horizon Cloud Service node deployment. Horizon Cloud Service uses the default Microsoft Azure-provided DNS for the deployment for outbound DNS resolution, but requires Active Directory to resolve the Active Directory domain controllers. You must set the virtual network to support both internal and external name resolution.

1. Microsoft Azure DNS Supports Name Resolution

  1. In the navigation bar on the left, click Virtual networks.
  2. Select the virtual network you want to use for your node.
  3. Click DNS servers to display the DNS server settings.

2. Configure DNS Before Deploying the Horizon Cloud Service Node

  1. In the upper right, select the Custom option.
  2. Add the address of the DNS server to use for name resolution.

For more information, see Getting Started with VMware Horizon Cloud Service on Microsoft Azure .

After you finish configuring the DNS server, proceed to the next exercise to create an authentication key for the service principal.

Exercise A5: Creating a Service Principal Authentication Key

Horizon Cloud Service needs a service principal to access and use your Microsoft Azure subscription capacity. A service principal defines the policy and permissions for use of an application in a specific tenant, and is used to grant Horizon Cloud Service permission to access and modify your Microsoft Azure tenant. When you register a Microsoft Azure AD application, the service principal is also created. For more information, see Create the Required Service Principal by Creating an Application Registration.

In addition to the service principal, you must generate an authentication key and assign the Contributor role to the service principal at the subscription level.

1. Service Principal Settings

  1. Locate the service principal details window.
  2. Click Settings to open the Settings menu.

2. Authentication Key Required to Deploy the Horizon Cloud Service Node

  1. In the Settings menu, click Keys.

3. Authentication Key Security Policy

  1. In the Keys menu, provide the following information:
    • Description: Enter a description of 16 characters or fewer, such as Hzn-Cloud-Key1.
    • Expires: Set the duration of the key, based on your security policy. You can set the expiration to Never expires, or you can set a specific time frame.
    • Caution: If you set a specific time frame, make sure to refresh the key before it expires, and enter the new key into the subscription information in the Horizon Cloud Service Administration Console. If the key expires without doing this, the associated node stops because Horizon Cloud Service cannot detect it.
    • Value: Keep the Keys window open until you have copied and saved the key value.
  2. Click Save.

4. Copy and Save the Authentication Key Because Irretrievable Later

  1. Copy the unique key value.
  2. Save the value securely, because you cannot retrieve it later.

For more information, see Virtual Network Peering and Use Portal to Create an Azure Active Directory Application and Service Principal That Can Access Resources.

After you finish creating an authentication key for the service principal, proceed to the next exercise to assign a role to the service principal.

Exercise A6: Assigning the Contributor Role to the Service Principal

The next step is to assign the contributor role to the service principal at the subscription level.

1. Make Note of the Subscription ID

  1. In the navigation bar on the left, select Subscriptions.
  2. Click the name of the subscription.
  3. Copy and save the subscription ID to use when you deploy the node.

2. Add Permissions

  1. Click Access control (IAM).
  2. Click Add to display the Add permissions window.

3. Add Permissions Information

  1. In the Add permission window, provide the following information:
    • Role: From the drop-down menu of built-in roles, select Contributor.
    • Assign access to: From the drop-down menu, select Azure AD user, group, or application.
    • Select: Search for and select the service principal by the name you gave it earlier.
  2. Click Save.

4. Save the Service Principal

  1. Click your service principal to select it
  2. Click Save.

After you finish assigning a role to the service principal, proceed to the next section to verify the required resource providers.

Exercise A7: Verifying Required Resource Providers

Verify that your subscription includes the registered resource providers that the node requires.

  1. In the navigation bar on the left, select Virtual machines, and click the name of the subscription used with this node.
  2. In the subscription menu, click Resource providers.

2. Verify That Required Resource Providers Are Registered

In the Status column, verify that the following resource providers have a Registered status, and if they do not, register them:

Microsoft.Compute
microsoft.insights
Microsoft.Network
Microsoft.Storage

3. Verify Subscription-Based Values Required for Deployment

  1. In the navigation bar on the left, click Azure Active Directory > Manage .
  2. In the second pane, click Properties.

In the third pane, verify that you have the four subscription-based values required during node deployment:

  • Subscription ID
  • Azure Active Directory ID
  • Application ID
  • Application key value

For more information, see Getting Started with VMware Horizon Cloud Service on Microsoft Azure.

After you finish creating and configuring the service provider and verified that you have the subscription-related values required for deployment, proceed to the next section to deploy the Horizon Cloud Service node.

B: Deploying a Horizon Cloud Service Node

About Node Deployment

Now that you have set up the Horizon Cloud Service on Microsoft Azure node, you are ready to begin the initial configuration process of your deployment. In this series of exercises, you deploy a Horizon Cloud Service node and bind it to an existing Active Directory domain, which grants the Horizon Cloud Service control plane access to create and manage resources in Microsoft Azure. These exercises are sequential and build upon one another, so make sure to complete each exercise in this section before going to the next.

Exercise B1: Deploying the Horizon Cloud Service Node

Armed with the prerequisite information from your Microsoft Azure tenant, you are ready to begin deploying the Horizon Cloud Service node and binding it to an existing Active Directory domain.

  1. Use your My VMware credentials, which give you access to the Horizon Cloud Service control plane.
  2. Before you deploy the Horizon Cloud Service node, verify that you have the prerequisite information from your Microsoft Azure tenant, which the Horizon Cloud Service deployment wizard uses during the deployment process:
    • Service Principal: Like a certificate, the service principal object defines the policy and permissions for use of an application in a specific tenant, and is used to grant Horizon Cloud Service permission to access and modify your Microsoft Azure tenant
    • Subscription ID: Primary Microsoft Azure billing identifier based on your agreement with Microsoft
    • Directory ID: Your Primary Identifier or Identifiers in Microsoft Azure Active Directory
    • Application ID: An attribute of the Service Principal that securely ties the Horizon Cloud Service control plane to your Microsoft Azure subscription
    • Application Key: A one-time-use password that is used to encrypt the service principal
      For more information, see Getting Started with VMware Horizon Cloud Service on Microsoft Azure.

1. Log in to VMware Horizon Cloud Service

Log in to Horizon Cloud Service, using your My VMware account ID and password.

2. Add a New Horizon Cloud Service Node

  1. In an account with no nodes previously deployed, the Getting Started wizard defaults to the Capacity section. In the upper right corner of the Add Cloud Capacity pane, click Add, which starts the Horizon Cloud Service Node Deployment wizard.
  2. (To add a new Microsoft Azure node to an account with nodes previously deployed, click Settings > Capacity > New > Node > Microsoft Azure.)

3. Provide Subscription Details

  1. In the Microsoft Azure Subscription tab of the Add Cloud Capacity window, provide the data that you gathered earlier:
    • Apply Subscription: Select Add New and enter the new subscription information.
    • Subscription Name: Enter a recognizable name to distinguish this subscription from others. The name must start with a letter and contain only letters, numbers, and dashes.
    • Environment: Select the environment associated with your Microsoft Azure subscription.
    • Subscription ID: Enter the subscription ID in UUID form, from the Subscription area of your Microsoft Azure portal.
    • Directory ID: Enter the Microsoft Azure AD Directory ID in UUID form, from the Microsoft Azure Active Directory properties in your Microsoft Azure portal.
    • Application ID: Enter the application ID in UUID form associated with the service principal you created in the Microsoft Azure portal. Creating an application registration and associated service principal in your Microsoft Azure Active Directory was a prerequisite.
    • Application Key: Enter the key value for the authentication key of the service principal that you created in the Microsoft Azure portal. Creating this key was a prerequisite.
  2. In the lower right corner, click Add.

4. Provide Node Setup Details

  1. In the Details panel of the Node Setup tab, provide the following information:
    • Node Name: Enter a recognizable name, to be used in the Administration Console to distinguish this node from other nodes.
    • Location: Click Add to specify a location, which you can use to group nodes according to categories that you provide, such as Business Unit A, Business Unit B, and so on.
    • Microsoft Azure Region: Select the physical geographic Microsoft Azure region into which you want the node to be deployed. For best performance, deploy the Horizon Cloud Service node in a region that is geographically near the end users consuming the service to provide lower latency.
    • Description: Enter an optional description for this node.

5. Provide Networking Details

  1. In the Networking panel of the Work Setup tab, provide the following information:
    • Virtual Network: Select a virtual network from the list. Only virtual networks that exist in the region selected in the Microsoft Azure Region field are shown here. You must have already created the VNet you want to use in that region in your Microsoft Azure subscription.
    • Management Subnet (CIDR): Enter a subnet (in CIDR notation) to which the node and Unified Access Gateway instances get connected, such as 192.168.8.0/28. For the management subnet, a CIDR of at least /28 is required.
    • Desktop Subnet (CIDR): Enter the subnet (in CIDR notation) to which all of this node's RDSH servers for end-user remote desktops and applications get connected, such as 192.168.12.0/22. Minimum: /28. Recommended: /22.
    • NTP Servers: Enter the list of NTP servers to use for time synchronization, separated by commas (for example 10.11.12.13, time.example.com).

6. Provide Unified Access Gateway Details

  1. In the Unified Access Gateway panel of the Work Setup tab, provide the following information.
    • Internet Enabled Desktops: Select Yes to enable users located outside your corporate network to access desktops and applications. The node includes a load balancer and Unified Access Gateway instances to enable this access. Selecting Internet-enabled desktops triggers Horizon Cloud Service to automatically deploy two Unified Access Gateway appliances in an availability setting.
    • FQDN: Enter the required fully qualified domain name (FQDN), such as ourOrg.example.com, for your end users to use to access the service. You must own that domain name and have a certificate in PEM format that can validate that FQDN.
    • DMZ Subnet (CIDR): Enter the subnet in CIDR notation for the demilitarized zone (DMZ) network to be configured to connect the Unified Access Gateway instances to the load balancer.
    • Certificate: Upload the certificate in PEM format for Unified Access Gateway to use to allow clients to trust connections to the Unified Access Gateway instances running in Microsoft Azure. The certificate must be based on the FQDN you entered and be signed by a trusted CA. A certificate is automatically applied to the two Unified Access Gateway appliances during deployment.
  2. In the lower right corner, click Validate & Proceed.

7. Verify That the Horizon Cloud Service Node Is Deployed

  1. After clicking Validate & Proceed, review the Summary tab, verify that the information is correct and complete, and click Submit.
  2. Wait until a green check mark appears, and a join domain message, which indicates that the Horizon Cloud Service node and all supporting infrastructure components are deployed. This process can take up to an hour to complete.

After you finish deploying the Horizon Cloud Service node, proceed to the next exercise to perform the domain bind operation.

Exercise B2: Binding to the Active Directory Domain

Machine creation and domain join operations are automated by Horizon Cloud Service. The domain bind operation must be performed on the node before creating images and farms. You have several Active Directory domain configurations to choose from. For more information about these options, see Getting Started with VMware Horizon Cloud Service on Microsoft Azure.

To complete the Active Directory configuration, provide information about the domain and accounts used for domain operations.

  1. In the Horizon Cloud Service Administration Console, in the navigation pane on the left, click Settings.
  2. Click Getting Started.

1. Expand the General Setup Fields

  1. In the Getting Started wizard, locate the 1 Microsoft Azure Node Added.
  2. Click General Setup to expand the fields.

2. Configure

  1. Under General Setup, locate the Active Directory panel.
  2. On the far right, click Configure.

3. Register Active Directory

  1. In the Register Active Directory window, provide information about the domain and accounts used for domain operations.
    • NETBIOS Name: Enter the Active Directory domain name.
    • DNS Domain Name: Enter the fully qualified Active Directory domain name.
    • Protocol: Accept the LDAP default.
    • Bind Username: Enter the user account in the domain to use as the primary LDAP bind account.
    • Bind Password: Enter the password associated with the Bind Username.
    • Auxiliary Account #1: In the Bind Username and Bind Password fields, enter a user account in the domain to use as the auxiliary LDAP bind account and its associated password.
    • For more information, see VMware Horizon Cloud Service on Microsoft Azure Administration Guide.
  2. In the lower right corner, click Domain Bind.

4. Provide Domain Join Details

  1. After configuration is complete, in the Domain Join window, provide the required data.
    • Primary DNS Server IP: Enter the IP address of the primary DNS Server.
      Note: This DNS server must be able to resolve machine names inside of your Microsoft Azure cloud as well as resolve external names.
    • Join Username: Enter the user account in the Active Directory that has permissions to join systems to that Active Directory domain.
    • Join Password: Enter the password associated with the Join Username.
    • Secondary DNS Server IP (Optional): Enter the IP of a secondary DNS Server.
  2. In the lower right corner, click Save.

5. Add the Administrator

  1. In the Add Administrator window, select an Active Directory User Group
  2. In the lower right corner, click Save.

Note: Add the Active Directory group that includes the domain-join account, as described in the prerequisites. This action grants this group permissions to perform management actions in the Administration Console.

6. Notice Change in Login Windows

  1. When you finish registering the node with your Active Directory domain, the system returns you to the login window.
  2. In the login window, you must log back in, first with your My VMware account, and then with the Active Directory credentials in the group that you just assigned.

7. Join the VMware Customer Experience Improvement Program

  1. With the Horizon Cloud Service node deployed and the bind operation complete, you can move the Yes/No slider to choose whether or not to join the VMware Customer Experience Improvement Program.
  2. In the lower right corner, click Save.

For more information, see VMware Horizon Cloud Service on Microsoft Azure Administration Guide, and click Getting Started Using Your Horizon Cloud Environment > Register the First Active Directory Domain.

After deploying the Horizon Cloud Service node and completing the bind operation, proceed to the next section to create master images.

C: Creating an Image

About Image Creation

Microsoft provides a variety of VM templates in the Microsoft Azure Marketplace. Horizon Cloud Service provides the ability to import Windows 2012 R2 or 2016 data center-edition servers. Upon import, Horizon Cloud Service joins the VM to the domain, enables the RDS role, automates the Horizon and DaaS installations, and performs a bootstrap process, enabling secure pairing of the DaaS agent to the Horizon Cloud Service node. All of this is automated, although the process can be performed manually if you want to convert an existing VM to a Horizon Cloud Service image yourself. After the imported VM is configured with the necessary applications, Horizon Cloud Service converts the VM to an image by automatically running SYSPREP and sealing the OS. You can then use the image to create RDS session host farms and assign dedicated and floating VDI desktops.

Exercise C1: Importing VMs from Microsoft Azure Marketplace

This exercise demonstrates how to import a Windows Server VM from the Microsoft Azure Marketplace, configure it with applications, and convert the VM to an image to automatically build images, which can be used to deploy a farm of remote desktop RD Session Host servers.

  1. In the navigation panel of the Horizon Cloud Service Administration Console, click Inventory.
  2. In the Inventory menu, click Imported VMs.

2. Import a Windows VM

In the Imported VMs window, click Import, which imports a Windows VM from the Microsoft Azure Marketplace.

3. Select the Marketplace

In the Import Desktop window under From Marketplace, click Select.

4. Provide Destination and Desktop Details

  1. In the Import Desktop Marketplace window, provide the required information for the Destination Desktop and Desktop Details panels:
    • OS: Select the Microsoft Windows Server OS to use from the operating system to use from the Microsoft Azure Marketplace. Selecting a desktop OS enables you to assign desktops. Selecting a Windows server 2016 OS provides you with more options.
    • Server Model: Select a server VM specification.
    • Domain: Select the Active Directory domain that you want configured in the base VM.
    • Enable Public IP Address: Set the toggle to Yes to configure a public IP address for this master image VM. When set to Yes, the VM gets both a private IP address and a public one. If you set the toggle to No, the VM is configured with only a private IP address.
  2. Scroll to the next panel. Horizon Cloud Service displays the supported operating systems and server models in the menus.

5. Provide Admin Credentials and Properties Details

  1. In the Admin Credentials for the Desktop panel and the Properties panel, provide the required information.
    • Username: Enter the administration username for the VM account. This username is used for the local administration account to access the OS of the master image VM.
    • Password: Enter the password for the administrator account, which must adhere to the Microsoft Azure rules.
    • Verify Password: Re-enter the password to verify.
    • Do you have a Windows Server License: Set the toggle to Yes, and select the check box to confirm that you have the proper license.
    • Name: Enter a unique name for the master image VM.
    • Description: You can enter an optional description to accompany the name.
  2. Scroll to the next panel.

6. Provide Horizon Agent Details

  1. Click Advanced Options to reveal the Horizon Agent Features panel.
  2. Accept the default to install all features in the master VM:
    • Enable Flash MMR: Redirects Flash multimedia content that is streamed to a remote desktop directly to the client computer, which plays the media content, offloading the demand on the RDS desktop and improving performance optimization.
    • 3D support in RDSH: Provides 3D graphics support to applications that run on the RDS desktop.
    • MMR for Terminal Services: Redirects multimedia content that is streamed to the remote desktop directly to the client computer, which plays the media content, offloading the demand on the RDS desktop and improving performance optimization.
    • Client Drive Redirection: Allows Horizon Client users to share local drives with their RDS desktops and applications.
    • Skype for Business: Provides the ability to use the RDS desktops to make optimized audio and video calls with Skype for Business.
    • Webcam Support (Real Time Audio Video RTAV): Redirects webcam and audio devices that are connected to the client systems so that those devices can be used on the remote desktop.
    • Smart Card: Lets users authenticate with smart cards when using PCoIP or Blast Extreme display protocols.
    • Thin Print: Allows users to print to any printer available on the client computers, without installing additional drivers.
    • Scanner Redirection: Redirects scanning and imaging devices that are connected to the client systems so that they can be used on remote desktops or applications.
    • Enable USB: Provides access to locally connected USB flash drives and hard disks in the RDS desktops and applications.
    • URL Redirection: Allows Horizon Client to determine which URLs should be handled by the remote desktop or application instead of being opened by the users’ client system, and open those URLs using the remote desktop or application.
  3. In the lower right corner, click Import.

7. Verify the VM Imported Successfully in Microsoft Azure

  1. When the success banner verifies that the import is complete, you can return to the Microsoft Azure portal.
  2. Verify that the VM was successfully completed.

8. Explore the Details of the Imported VM

  1. Select the imported VM.
  2. Explore the details.

9. Verify That the Imported VM Is Now Active

  1. Return to the Horizon Cloud Service Administration Console, where the imported VM is displayed.
  2. Horizon Cloud Service automates the customization of the master image VM, and the status changes to Active when the process is complete.

For more information, see VMware Horizon Cloud Service on Microsoft Azure Administration Guide, and click Creating Desktop Images for a Horizon Cloud Node in Microsoft Azure > Create a Master Virtual Machine Automatically from the Microsoft Azure Marketplace.

Note: It is also recommended that you optimize the image using the VMware Windows Operating System Optimization Tool. This tool includes templates that you can customize to enable and disable Windows system services and features across multiple systems. Many Windows system services are enabled by default. You can disable services or features using the optimization tool, and improve performance by eliminating unnecessary services or features. For instructions, see the VMware Windows Operating System Optimization Tool Guide.

When you finish importing the RDS-enabled master image VM, proceed to the next exercise to customize it.

Exercise C2: Customizing the Windows VM

You can customize the Windows operating system of the new master image VM, set wallpapers, and install applications to provide to your end users. If you enabled a public IP address for the master image VM, you can connect to the VM by using the IP address displayed in the Imported VMs window in an RDP client like Microsoft Remote Desktop Connection.

1. RDP to a Public IP

Depending on your configuration, you can use either a private or public IP address to RDP to the new master image VM.

2. Copy the IP Address

  1. Use the IP address of the master image VM to connect to the RDS-enabled Windows Server operating system.
    • Public IP address: RDP into it using that IP address.
    • Private IP address: RDP into it by one of these two methods:
      • Use another VM in your Microsoft Azure subscription that does have a public IP address, and do an outbound RDP into the master image VM.
      • Use your VPN and RDP into the master image VM over your corporate network.
  2. Log in to the RDS-enabled Windows Server operating system using the credentials that you set up when creating the master image VM, and enter the username as \username.
  3. Copy the IP address.

3. Log in with a Local Administrator Account

  1. When the login window is displayed, you can log in to Horizon Client.
  2. Once you are connected, you can add end-user applications and video GPU drivers, and any other required configurations to the VM.
  3. Install the third-party applications and drivers that you want available to run in the multi-user RDS desktop environment.
    • In the Windows Server operating system, right-click the Start button and click Command Prompt (Admin) to open a command prompt as an administrator.
    • In the command prompt, use the following command to determine the install mode of the server:
      change user /query
    • The server is in RD-Execute mode if you receive the following response:
      Application EXECUTE mode is enabled
    • In the command prompt, use the following command to switch the server into RD-Install mode, a special mode to install applications so they can run in a multi-user environment:
      change user /install
    • Install the third-party user applications you want to provide to your end users in their RDS desktops or as remote applications.
    • Return to the command prompt, and issue the following command to switch the server back into RD-Execute mode:
      change user /execute
  4. In the operating system, install any custom drivers you want in the RDS desktops, such as GPU-backed VMs that leverage NVIDIA GPUs.
  5. Make any customizations or configurations you want to the RDS desktops, such as adding custom wallpaper, setting default fonts or colors or themes, adjusting the taskbar default settings, and so on.
  6. When you finish, sign out of the operating system. Note: Do not shut down the Windows operating system, but instead, use Sign Out.

For more information, see VMware Horizon Cloud Service on Microsoft Azure Administration Guide, and click Creating Desktop Images for a Horizon Cloud Node in Microsoft Azure > Customize the Guest Windows Operating System of the Master Image Virtual Machine.

After you finish customizing the master image VM, proceed to the next exercise to convert the master image VM to an assignable image.

Exercise C3: Converting the Master VM to an Image

When the master image VM is ready, it is made assignable. For this exercise, you can use any VM with the Agent and bootstrap process already complete.

  1. In the Horizon Cloud Service Administration Console navigation bar on the left, select Inventory.
  2. In the Inventory menu, select Images.

2. Start Creating a New Image

In the Images window, click New.

3. Provide New Image Details

  1. In the New Image window, provide the following information.
    • Location: Select the location associated with the node where you have the configured master image VM.
    • Node: Select the node to serve the desktop from.
    • Desktop: From the list of VMs on the selected node, select the desktop you want.
    • Image Name: Accept the auto-populated name associated with the Desktop selection, or enter a unique name for this image.
    • Company Name: Enter an identifying name. This name appears as the default in all desktops created with this image.
    • Timezone: Accept the auto-populated time zone, or set a new one, to be the default time zone for all desktops created with this image.
    • Admin credentials for the desktop: Enter the credentials for the local administrator account that is enabled in the master image VM.
      Note: These credentials are the user name and password that were entered in the wizard when the master VM was created in the Imported VMs window.
  2. In the lower right corner, click Publish.

4. Wait for the Published Status

Wait until the status changes to Published to use the assignable image for creating a farm.

For more information, see VMware Horizon Cloud Service on Microsoft Azure Administration Guide, and click Creating Desktop Images for a Horizon Cloud Node in Microsoft Azure > Convert a Configured Master Virtual Machine to an Assignable Image.

After you finish importing and customizing a master image VM and converting it into an assignable image, proceed to the next section to use the assignable image to create RDSH farms, and then add and assign applications from the farms.

D: Deploying a Farm

About Farm Deployment

A farm is a collection of Microsoft Remote Desktop Services (RDS servers) on Microsoft Azure that host applications and desktops. You can use farms to simplify RDS host management by serving subsets of users that vary in size or have different desktop or application requirements. Farms can provide session-based desktops and remote applications.

Ideally, you provide the resources that users need to do their jobs without delays, and at the same time, avoid the cost of unused resources that are powered on but sitting idle. Horizon Cloud Service provides power management capabilities for the Microsoft Azure servers so hosts are automatically powered hosts on and off and deallocated, as needed. The result is that farms can automatically scale out to the maximum size when necessary, and scale down to minimum size when not needed. This reduces cloud capacity costs, as well as computing costs for deallocated servers.

You first set up these options in the Horizon Cloud Service farm profile when you create the farm, and you can edit the settings at any time later.

Exercise D1: Creating a Farm

When the new image has been published, you can use it to create farms.

  1. In the navigation bar of Horizon Cloud Service Administration Console, select Inventory.
  2. Select Farms.

2. Select New

In the Farms window, click New.

3. Provide the Required Information About the New Farm

  1. In the New Farm window, Definition tab, provide the following information, and then scroll down.
    • Name: Enter a name for this farm.
    • Description: Enter an optional description.
    • Farm Type: Specify the type of asset this farm provides to end users:
      • Desktops: Provides session-based desktops
      • Applications: Provides access to remote applications
    • Location: Select the location associated with the node containing the RDSH image. This selection filters the choices in the Node field to display only the nodes in the selected location.
    • Node: Select the node.
    • Server Model: Select the model to use for the farm's server instances, which defines the resources used when farm server instances are created, including capacity.
    • Image: Select the assignable RDSH image.
    • Preferred Protocol: Select the default display protocol that you want the end-user sessions to use.
    • Preferred Client Type: Select the type used when end users launch session-based desktops from Workspace ONE, either a Horizon Client or a browser for HTML Access.
    • Domain: Select the Active Directory domain registered with your environment.
    • Join Domain: Select Yes so that the server instances are automatically joined to the domain when created.
  2. Scroll to the Farm Size section.

4. Provide Information About the Farm Size

  1. In the Farm Size pane, provide the information to enable the farm to automatically scale up or down on demand:
    • Min Servers: Specify the minimum number of servers you want in this farm.
    • Max Servers: Specify the maximum number of servers you want in this farm.
      Note: The minimum number of server instances is initially powered on. As demand increases, additional servers are powered on until reaching the maximum. As end-user demand shrinks, servers are powered off until reaching the minimum. Each server is completely empty of user sessions before the system powers it off.
    • Sessions per Server: Specify the number of concurrent end-user sessions per server that this farm should allow.
      Note: This number cannot be updated after the farm is created.
    • VM Names: Enter a name for all server VMs created for this farm to which a number is appended, such as win2016-1, win2016-2, and so on. The name must start with a letter and can contain only letters, dashes, and numbers.
    • Computer OU: Enter the Active Directory Organizational Unit where the server VMs are to be located. For example, OU=RootOrgName,DC=DomainComponent,DC=eng, and so on. The entries must be comma-separated with no spaces in between.
    • Run Once Script (optional): You can enter the location of scripts that you want run after system preparation completes.
    • Session Timeout Interval: Enter the amount of time the sessions can be idle before the system forces a log out from the session-based desktops or applications that are served by this farm.
      Note: This timeout applies to the logged-in session to the underlying Windows operating system, and is separate from timeout settings that govern Horizon Client or HTML Access logged-in sessions.
    • For more information about these settings, see Exercise D2: Explore RD Session Host Power Management.
  2. In the lower right corner, click Next.

5. Provide Required Information for Rolling Maintenance

  1. In the Management tab, provide the information for the Rolling Maintenance panel.
    • Rolling Maintenance: Select the maintenance type, either according to:
      • Scheduled: Select a time cadence such as daily or weekly.
      • Session: Specify the number of user sessions at which the farm should begin rolling maintenance.
    • Server Action: Select the action that the system should perform on servers that are undergoing maintenance:
      • Restart: Restart the sever VMs.
      • Rebuild: Delete server VMs and then re-provision them from their RDS desktop image.
  2. Scroll to the Power Management panel.

6. Provide Required Information for Power Management

  1. In the Power Management panel, provide the information used to optimize the farm for your unique business needs. This is where you determine the thresholds at which new capacity is powered up or down, for automatic shutdown or deallocation of unused servers. Set the thresholds at which the system automatically grows and shrinks the number of powered-on server instances as it responds to demand and use:
    • Optimized Performance: Keeps more hosts powered on than are needed to service the current end-user workload. As more users log in, Horizon Cloud Service continues to power on hosts in advance, up to the threshold of the maximum farm size. This option increases capacity costs by having the next server ready before requested, but decreases the chance of a delay when users make the request.
    • Optimized Power: Waits as long as possible before powering on the next server instance, and more progressively deallocates unused hosts, leaving fewer available resources for end users. This option decreases capacity costs by using the servers longer before powering new ones, but increases the chance of a delay when users try to log in. You can even set the minimum number to 0, so all servers automatically power down when no users need them. However, the next users who log in experience a delay while the server powers back on, which might take several minutes.
    • Balanced: Strikes a 50:50 balance between optimizing for performance (time-to-availability for users), and optimizing for power (minimizing between capacity costs).
  2. Scroll down to the Timeout Handling section.

7. Provide Required Information for the Timeout Handling

  1. In the Timeout Handling panel, provide the required settings. This is where you configure how you want the system to handle different user session types.
    • Empty Session Timeout: Specify how to handle idle user sessions: never timeout idle sessions, or timeout after a specified number of minutes. Note: When a session is disconnected, the session is preserved in memory. When a session is logged out, the session is not preserved in memory, and any unsaved documents are lost.
    • Log Off Disconnected Sessions: Specify when the system logs the user out of a disconnected session.
    • Max Session Lifetime: Specify the maximum number of minutes the system should allow for a single user session.
  2. Scroll down to Schedule Power Management and click Add a row.

8. Schedule Power Management

  1. Set the power management schedule:
    • Name: Provide a recognizable name for this schedule.
    • Days: Select the day or days of the week to run the schedule.
    • Start Time: Select a time of the day to start the schedule. You might need to scroll to see all options.
    • End Time: Select the time of the day to end the schedule.
    • Timezone: Set the time zone if it differs from the default.
    • Min Desktops: Enter the minimum number of desktops to include.
  2. In the lower right corner, click Next.

9. Verify the Summary Information

  1. In the Summary tab, review all settings to verify they are correct and complete.
  2. In the lower right corner, click Submit.

10. Verify in VMware Horizon Cloud Service

View the farm you just created.

For more information, see VMware Horizon Cloud Service on Microsoft Azure Administration Guide, and click Farms in Horizon Cloud > Create a Farm.

After you finish creating farms from the image, proceed to the next exercise to review RDS host power management.

Exercise D2: Exploring RD Session Host Power Management

Horizon Cloud Service provides power management capabilities for the Microsoft Azure servers, automatically powering hosts on and off and deallocating them as needed. You can see the results of setting up the farm you just created by returning to Microsoft Azure.

1. Verify in Microsoft Azure

  1. Return to the Microsoft Azure portal.
  2. Review the hosts that the farm automatically creates there.

2. Automatic Shutdown or Deallocation

  1. You can set up automatic shutdown or deallocation of unused servers. 
  2. From the navigation bar, select Virtual machines, and view the status showing each subscription as running or automatically deallocated.

3. Automatic Creation of Resource Groups

  1. Horizon Cloud Service streamlines administration tasks, such as the automatic creation of resource groups, which contain all farm-related components. 
  2. From the navigation bar, select Resource groups > Overview to view resource group details.

4. Automatic Definition of Network Security Group Rules

  1. Network security group rules are automatically defined. From the navigation bar, select More services.
  2. Select Network security groups.
  3. Select a group to view the security rules.

For more information, see VMware Horizon Cloud Service on Microsoft Azure Administration Guide, and click Applications in Your Horizon Cloud Inventory.

After you finish reviewing RDS host power management, proceed to the next exercise to add applications from the farm.

Exercise D3: Adding Applications from the Farm

Horizon Cloud Service can auto-discover applications installed on the farm, or you can manually specify an application. Select the applications to be published, and assign them to end users or groups.

  1. In the Horizon Cloud Service Administration Console navigation bar, click Inventory.
  2. In the Inventory menu, select Applications.

2. Select New

In the Applications window, click New.

3. Select the Auto-Scan from Farm Option

In the New Application window, under Auto-Scan from Farm, click Select.

4. Provide Definition Information

  1. In the New Application window, provide the Definition information required
  2. In the lower right corner, click Next.

5. Select Applications to Publish

  1. In the Applications tab, select the applications to be published.
  2. In the lower right corner, click Next.

6. Provide Attributes

  1. In the Attributes tab, provide the appropriate attributes.
  2. In the lower right corner, click Next.

7. Verify the Summary Information

  1. In the Summary tab, review to verify that the selections are correct and complete.
  2. In the lower right corner, click Submit.

8. Verify Addition of New Applications

In the Applications window, the green banner verifies that three new applications were added.

For more information, see VMware Horizon Cloud Service on Microsoft Azure Administration Guide, and click Applications in Your Horizon Cloud Inventory > Importing New Applications from an RDSH Farm Using Auto-Scan from Farm.

After you finish adding applications from the farm, proceed to the next section to explore assigning desktops and applications to users and groups.

E: Assigning Resources to Users

About Assignments

After you finish creating images and Farms, you are ready to assign desktops and applications to users. There are three main types of assignments:

  • Desktop Assignments - You can leverage automation built into the system to perform basic VDI agent updates to floating and dedicated desktops. VDI desktops are powered off and deallocated when not in use, which reduces infrastructure costs. You can also leverage the system to support RDSH session desktops, to be accessed by remote users over a network connection. For more information about floating and dedicated desktop assignments, see VMware Horizon Cloud May 2018 Release Technical What's New Overview.
  • Application Assignments - You can assign Windows applications to users or groups using remote applications, which can be hosted on the RDS Farms created earlier. This functionality enables you to provide the resources your users need when they need them, and at the same time avoid the cost of maintaining idle resources that are waiting to be used.
  • Customization - You can customize your end users' environments by making URL redirection assignments. You do this by configuring the client-to-agent URL redirection rules that tell the Horizon Client to redirect URLs from the end user's client machine to a desktop or application within your Horizon Cloud environment. For more information about customization, see Assigning Customizations in Quick-Start Tutorial for VMware Horizon Cloud with Hosted Infrastructure.

Exercise E1: Checking Desktop Capacity Allocation

Before you assign a desktop to a user or group, it is good practice to first check the capacity allocation in the Dashboard window. The Dashboard provides information about your environment, including notifications, activities, and reports.

  1. In the Horizon Cloud Administration Console, select Monitor.
  2. In the Monitor menu, click Dashboard.
  3. In the Capacity window, see the percentage currently allocated.

2. Hover to Change the Display

  1. Hover over the Capacity window to change the display.
  2. Click More to see more details.

3. View Desktop Capacity Allocation Details

  1. In the Desktop Model section, note the amount used so that you can compare after assigning the desktop. In this example, 232 units of capacity are remaining.
  2. Hover over each section to see details such as memory and CPU.

For information about the capacity model, see Service Description: VMware Horizon Cloud Service with Hosted Infrastructure.

After verifying that the Desktop Capacity Allocation is sufficient, you can proceed to the next exercise to assign a desktop and see how the capacity allocation is affected.

Exercise E2: Assigning Applications from the Farm

To assign applications to users and groups:

1. Assign New

  1. In the navigation bar on the left, click Assign.
  2. In the Assignments window, click New.

2. Select Applications

In the New Assignment window under Applications, click Select.

3. Provide Definition

  1. In the Definitions tab of the New Application Assignment window, provide the fixed and flexible attributes.
  2. In the lower right corner, click Next.

4. Select Applications

  1. In the Applications tab, select the applications to assign.
  2. In the lower right corner, click Next.

5. Select Users and Groups

  1. In the Users tab, select the users and groups to assign.
  2. In the lower right corner, click Next.

6. Verify Summary Information

  1. In the Summary tab, review and verify your settings.
  2. In the lower right corner, click Submit.

7. Verify Success

  1. Verify that the green success banner appears at the top.
  2. Verify that the assignments display a green status symbol.

For more information, see Create a Remote Application Assignment.

When you finish assigning applications to user and groups, your end users can launch their assigned desktops and remote applications using your FQDN in either the Horizon Client or with HTML Access. You can proceed to the next exercise to create an RDSH session assignment.

Exercise E3: Creating RDSH Session Assignments

To create a session desktop assignment, use the Assignments window after first verifying that your deployment meets the following prerequisites:

  • At least one farm configured to deliver remote desktops
  • The intended farm is in the node that you want to deliver from
  • The intended farm is not already assigned

1. Assign New

  1. In the navigation pane on the left, click Assign.
  2. In the Assignments window, click New.

2. Select Desktops

In the New Assignment window, select Desktops.

3. Provide Information

  1. In the Definition step, complete the selections.
    • Location: Select the location of the node where the session desktops should be provided.
    • Node: Select the node.
    • Farm: Select the farm to assign.
    • Assignment Name: Enter a memorable name for this assignment to help end users identify it, using only letters, hyphens, and numbers.
  2. In the lower right corner, click Next.

4. Select Users and Groups

  1. On the Users step, search users and groups in your registered Active Directory domains, select the ones to give this assignment.
  2. In the lower right corner, click Next.

5. Verify the Summary Information

  1. On the Summary step, review the configuration.
  2. In the lower right corner, click Submit.

6. Verify in the Assignments Window

  • As the system configures the farm's server instances to provide session desktops to the selected users, you can use the navigation bar to the left to click Assign to verify the status in the Assignments window.

For more information, see VMware Horizon Cloud Service on Microsoft Azure Administration Guide, and click Applications in Your Horizon Cloud Inventory > Create a Remote Application Assignment.

When you finish assigning session-based desktops to users and groups, this exercise is complete. You can proceed to the next exercise to explore assigning VDI-based dedicated desktops.

Exercise E4: Assigning Dedicated Desktops

You can use the Assignments window to create, edit, and delete an assignment, choose which type of desktop to assign, and update the agent software for any existing assignments. In this exercise, you assign dedicated desktops. With dedicated desktops, your end-user is assigned a virtual desktop upon first login, and they continue to get the same desktop whenever they log in subsequently, until or unless you rebuild the desktops. For more information, see VMware Horizon Cloud May 2018 Release Technical What's New Overview.

  1. In the navigation bar on the left of the Horizon Cloud Services Administration Console, select Assign.
  2. In the Assignments window, click New.

2. Select Desktops

  1. In the New Assignment window under Desktops, click Select.

Note: You would select Applications if you wanted to assign AppStacks or RDSH applications. For this exercise, a desktop is assigned.

3. Select a Dedicated Desktop Type

  1. In the Definitions tab of the New Desktop Assignment window, for Type, select Dedicated.
  2. Click the down arrow of the Desktop Model field.
  3. Select a new Desktop Model from the drop-down menu.
  4. Scroll down to the Flexible Attributes section.

4. Set the Flexible Attributes

  1. Under Flexible Attributes, provide the following information:
    • Image: Accept the default image.
    • Assignment Name: Enter a friendly name to identify this assignment. The name must start with a letter, and contains only letters, dashes, and numbers.
    • VM Names: All VMs in this assignment inherit the assignment name, and include an appended number, such as Server DTA1 1, Server DTA1 2, and so on.
    • Default Protocol: Choose Blast Extreme as the default protocol for end user sessions.
    • Preferred Client Type: Accept the browser default with which to launch assignments associated with this pool.
    • Min Desktops: Enter the minimum number of desktops to be allowed.
    • Max Desktops: Enter the maximum number of desktops to be allowed.
  2. In the lower right corner, click Next.

5. Add a Row

In the Management tab under Schedule Power Management, click Add a row.

6. Start Setting the Schedule

  1. In the Schedule Power Management section under Name, provide a name for this schedule.
  2. Under Days, select one or more days of the week to schedule.

7. Set the Start and End Times

  1. Under Start Time, select a time of the day to start the schedule (scroll to see all options in the drop-down menu).
  2. Under End Time, select the time of the day to end the schedule.
  3. Under Timezone, accept the default.

8. Set the Desktop Minimum

  1. Under Min Desktops, enter the minimum number of desktops to include.
  2. In the lower right corner, click Next.

9. Search Active Directory for Users or Groups

  1. In the Users tab, click the Active Directory search field, and start entering the name of the user or group.
  2. If you do not know the name, click Search Active Directory for a list of all names.

10. Select a User or Group

  1. In the Active Directory hit list, select the name.
  2. In the lower right corner, click Next.

11. Submit

  1. In the Summary tab, review the summary.
  2. In the lower right corner, click Submit.

12. Verify Completion

  1. Wait until a green banner appears at the top, which indicates success.
  2. Wait until a green dot appears in the Status column before proceeding.

13. Launch Horizon Client

Launch Horizon Client.

14. Log in to Horizon Client

  1. Enter your login credentials for Horizon Client:
    • Username: Enter the username.
    • Password: Enter the password.
  2. Click Login.

15. Launch the Floating Desktop

In Horizon Client, select a virtual desktop.

 

16. Verify Success

Verify that the virtual dedicated desktop launches properly.

Now that you have successfully assigned a dedicated desktop, you can proceed to the next exercise to assign a floating desktop. The process is very similar.

Exercise E5: Assigning Floating Desktops

You can choose which type of desktop to assign to a user or group in the Assignments window. You can use the Assignments window to create, edit, and delete an assignment, and update the agent software for any existing assignments. In this exercise, you assign floating desktops. With floating desktops, the user is assigned a desktop upon first login, and the desktop is recreated after the user logs off. Desktops are powered on or off according to the power management policy. For more information, see VMware Horizon Cloud May 2018 Release Technical What's New Overview.

2. Select Desktops

In the New Assignment window under Desktops, click Select.

3. Select a Floating Desktop Type

  1. In the Definitions tab of the New Desktop Assignment window, for Type, select Floating.
  2. Under Fixed Attributes, select a Desktop Model from the drop-down list.
  3. Scroll down to the Flexible Attributes section.

4. Set the Flexible Attributes

  1. In the Flexible Attributes section, provide the following information:
    • Image: Accept the default image.
    • Assignment Name: Enter a friendly name to identify this assignment. The name must start with a letter, and contains only letters, dashes, and numbers.
    • VM Names: All VMs in this assignment inherit the assignment name, and include an appended number, such as Server DTAfloating 1, Server DTAfloating 2, and so on.
    • Default Protocol: Choose Blast Extreme as the default protocol for end user sessions.
    • Preferred Client Type: Accept the browser as the default with which to launch assignments associated with this pool.
    • Min Desktops: Enter the minimum number of desktops to be allowed.
    • Max Desktops: Enter the maximum number of desktops to be allowed.
  2. In the lower right corner, click Next.

5. Set the Power Management

  1. In the Management tab, click the down arrow of the Power Management Mode.
  2. Select the power management mode from the drop-down list.
  3. In the Schedule Power Management section, click Add a row.

6. Set the Power Management Schedule

  1. Under Schedule Power Management, provide the following information:
    • Name: Enter the name for this schedule.
    • Day(s): Click the Days field and select one or more days of the week from the drop-down list.
    • Start Time: Select the time of the day to start the schedule from the drop-down list.
    • End Time: Select the time of day to end the schedule from the drop-down list.
    • Timezone: Select your timezone if necessary.
    • Min Desktops: Select the minimum number of desktops to include.
  2. In the lower right corner, click Next.

7. Search Active Directory

  1. In the Users tab, click the Active Directory search field.
  2. If no results are found, click Search Active Directory.

8. Select Users or Groups

  1. Select the user or group from the pop-up list.
  2. In the lower right corner, click Next.

9. Review and Submit

  1. In the Summary tab, review the summary information.
  2. In the lower right corner, click Submit.

10. Verify Completion

  1. Wait until the green banner appears at the top indicates success.
  2. Wait until the green dot appears in the Status column before proceeding.

11. Launch Horizon Client

Launch Horizon Client.

12. Log in to Horizon Client

  1. Enter your login credentials for Horizon Client:
    • Username: Enter the username.
    • Password: Enter the password.
  2. Click Login.

13. Launch the Floating Desktop

  1. In Horizon Client, select a virtual desktop.
  2. Verify that the virtual floating desktop launches properly.

 

When you finish assigning floating desktops to user and groups, you have completed the workflow. The next two sections explore the Horizon Cloud Service monitoring and analytics features and the VMware User Environment Management capabilities in greater depth.

Exploring Monitoring and Analytics

About Monitoring and Analytics

After setting up Horizon Cloud Service on Microsoft Azure, you can explore the monitoring and analytics functionality. Horizon Cloud Analytics includes dashboard, activity monitoring, and reporting features, which provide the following benefits:

  • Real-time monitoring: Alerts for common desktop and server issues. Real-time monitoring of desktops and application servers.
  • Contextual metrics: In-depth information about user experience and resource usage. We leverage contextual metrics to give you details on user experience, and resource utilization.
  • Historical utilization: Visualize usage with perspective on capacity, concurrency, and uniqueness. The system enables you to go back in time, to visually evaluate differences in how your resources are consumed by your deployment.
  • Endpoint landscape: Understand access patterns by protocol, client type, and location. We also monitor how information is gathered directly from the endpoints that the users are using to access the system.

The result is that you have one place to go to get all the details you need to monitor the health and performance of your Horizon Cloud Service implementation.

Exploring Dashboard and Status

When you launch Horizon Cloud Service for the first time, the Getting Started window is displayed. From this window, you can navigate through the usage dashboards.

Launch the Dashboard

Log in to Horizon Cloud Service, and in the navigation bar on the left, click Monitor > Dashboard.

Dashboard Data

In the Dashboard window, you can see the status of your environment, including how much capacity is allocated, and the utilization of your environment. In the Activity pane, click More to drill down for more details.

Activity Detail

In the Activity pane, select a time range to see the detailed utilization reports for the indicated time range.

Hide Metrics for Better Focus

You can also hide selected metrics to make it easier to focus on the most important details.

Scroll Down to See User Metrics

Scroll down to see which users are using each protocol, which client types they are using, and how long they have accessed the system.

After you finish exploring the dashboards and status features, proceed to the next exercise to explore additional reports, activity monitoring, and notifications.

Exploring Reports, Monitoring, and Notifications

Reporting features make it easy for you to review the health of your Horizon Cloud Service and monitor your end users’ experience within the system. Examples of reports include RDSH server health and basic metrics, RDSH session reporting, and RDSH app-level metrics such as user mapping, desktop health, utilization, session history, concurrency, and URL configurations.

Desktop Health Reports

In the Reports window, click the Desktop Health tab, and in the Status field, select All Desktops to see CPU utilization, disk IOPS, and memory usage. You can view session information for servers within a farm.

View Session Information

The Session History tab shows you who is logged in from where, and for how long. You can change the time scale to view the history up to one year.

View Session History

In the left-hand navigation bar, click Monitor > Notifications, and select a time range to see critical system events and notices.

Notification Reports

For more detailed information about how to use this feature, see Horizon Cloud Service documentation.

After you finish exploring the reports, monitoring, and notification features, the exploration exercises are complete. You have now reached the end of this set of exercises. The next section explores the VMware User Environment Management capabilities in greater depth.

Exploring VMware User Environment Manager

Installing VMware User Environment Manager on Microsoft Azure

VMware User Environment Manager provides a wide range of capabilities such as personalization of Windows and applications, contextual policies for enhanced user experience, and privilege elevation to aid in your privilege management strategy. If you are already using VMware User Environment Manager on physical or virtual desktops or RD Session Host servers, your knowledge transfers immediately to Horizon Cloud Service on Microsoft Azure. VMware User Environment Manager is flexible enough to run on physical, virtual, and cloud-hosted machines.

You bring your own Microsoft Azure IaaS capacity, on which Horizon Cloud Service and VMware User Environment Manager are deployed. You have the option of using the included VMware User Environment Manager licenses by installing a new instance, or leveraging an existing instance.

The infrastructure requirements are minimal, comprised primarily of SMB file shares. VMware User Environment Manager uses one share for configuration data, and another for profile archive data. You can deploy one or more Windows Server VMs on Microsoft Azure, and configure file sharing. For comprehensive share requirements, see Installing and Configuring VMware User Environment Manager. While there are several server models available in the Microsoft Azure Marketplace, consider using Dv2, Dv3, or Ev3 series VMs to create file servers for the requisite SMB file shares. Additional disks can be added to accommodate increased performance demand (IOPS) as needed.

Figure F1: VMware User Environment Manager Process Flow

Exploring Deployment Options

You can use Microsoft Azure to extend your existing data centers in a hybrid-cloud model, or treat Microsoft Azure as a stand-alone, public-cloud capacity. Horizon Cloud Service and VMware User Environment Manager support both configurations.

For stand-alone, or single-site deployments, Installing and Configuring VMware User Environment Manager contains everything you need to know to deploy. VMware User Environment Manager is installed and managed the same way, whether deployed on premises or in a public cloud.  

With the hybrid-cloud or multi-site model, Microsoft Azure capacity is essentially a remote customer data center. The VMware Horizon 7 Enterprise Edition Multi-Site Reference Architecture provides detailed information to configure VMware User Environment Manager for a consistent user experience as end users roam from site to site.

Optimizing VM Performance

A common question for multi-site VMware User Environment Manager deployments is whether users from multiple sites can access a single SMB file share instance at the primary data center. While this is possible, there are design considerations to ensure the best experience.

DirectFlex is a feature of VMware User Environment Manager that reads and writes personalization data as applications are opened and closed. DirectFlex improves the efficiency of the VMware User Environment Manager agent by only fetching configuration data that is needed, when it is needed, rather than reading it all during login. By design, DirectFlex makes frequent requests to the SMB file servers hosting the VMware User Environment Manager configuration and user shares. The latency of these requests directly affects the end-user experience. Typically, anything less than 20 milliseconds has no noticeable impact. As latency gets worse, the chance and severity of impact to the end-user experience increases.

Even a high-performing ExpressRoute may have latency greater than 20 milliseconds, so it is recommended to deploy VMware User Environment Manager in the same Azure region as your Horizon Cloud Service node. If the design goal is to have a single VMware User Environment Manager deployment for both on-premises and cloud-hosted VMs, Distributed File System (DFS) replication is recommended. This model provides IT with a single point of administration, while keeping configuration and user data geographically near the VMs accessing the data.

Figure F2: VMware User Environment Manager Deployment Options

For more information about configuring DFS for multi-site VMware User Environment Manager deployments, see VMware Horizon 7 Enterprise Edition Multi-Site Reference Architecture.

Using the NoAD Mode

VMware User Environment Manager has traditionally been configured and enabled using ADMX templates with Group Policy, and logon or logoff scripts. Version 9.1 introduced an alternative, XML-based option called NoAD Mode. NoAD Mode simplifies administration by eliminating the need to create and manage GPOs, and can be used for on-premises, hybrid-cloud, and public-cloud deployments of VMware User Environment Manager.

When deploying VMware User Environment Manager in a hybrid-cloud or multi-site model, NoAD Mode has the added benefit of not being dependent on Domain Controllers and GPO replication. While not a requirement, the NoAD Mode option is recommended, especially for hybrid-cloud and public-cloud deployments.

Horizon Cloud Service on Microsoft Azure is the newest offering in the Horizon Cloud Services suite. VMware User Environment Manager seamlessly integrates with Horizon Cloud Service, and provides a consistent user experience across physical, virtual, and cloud-hosted PCs and RD Session Host servers.

For video demonstrations, see Deploying and Using VMware Horizon Cloud on Microsoft Azure. For more information about VMware User Environment Manager, see VMware User Environment Manager Deployed in 60 Minutes or Less.

Summary and Additional Resources

Summary

The Quick-Start Tutorial for VMware Horizon Cloud Service on Microsoft Azure introduces you to Horizon Cloud Service on Microsoft Azure through a brief description of features and capabilities, as well as a series of practical exercises to help you set up and explore this offering. The Overview describes the interoperability of the architecture and components, core capabilities, and new features. Sequential exercises walk you through the process of gathering prerequisite data, meeting requirements, deploying a Horizon Cloud Service node, creating a master image, creating a farm from the image, and adding and assigning desktops and applications to users and groups. Additional sections explore the reporting and analytics functionality. This tutorial ends with an exploration of the integration with VMware User Environment Manager.

Terminology Used in This Tutorial

The following terms are used in this tutorial:

Base image

A VM, also referred to as a desktop image, a golden image, or a master image, that is an RDS-enabled Microsoft Windows Server operating system VM configured with the Horizon Agent and DaaS Agents, and is created and configured for desktop deployment.

Cloud

A set of securely accessed Internet-hosted services

DaaS agent

Desktops as a service agent

Disk IOPS

Input and output operations per second (IOPS, pronounced eye-ops) is an input and output performance measurement used to characterize computer storage devices like hard disk drives (HDD), solid state drives (SSD), and storage area networks (SAN).

IaaS capacity

Capacity provided through infrastructure as a service

RDSH farm

RDS session host farm VMs are the server instances that provide session-based desktops and remote applications to your end users.

Virtual desktop

The user interface of a virtual machine that has been made available to an end user

Virtual machine

A software computer running an operating system or application environment that is backed by the physical resources of a host

VMware Horizon Cloud Service control plane

VMware hosts the Horizon Cloud Service control plane in the cloud and provides ongoing feature updates and enhancements. This service enables the central orchestration and management of virtual desktops, desktop applications, remote desktop sessions, and remote applications for your users. The cloud service also manages your nodes, which are physically located in your provided capacity environments. When you log in to the cloud service, you see all your nodes and perform management activities across them, regardless of where they are physically located. The VMware Horizon Cloud Service control plane also hosts the Horizon Cloud Service Administration Console, which is accessible from anywhere at any time, providing maximum flexibility.

VMware Horizon Cloud Service Administration Console

The common management user interface hosted by the cloud control plane. The Horizon Cloud Service Administration Console runs in industry-standard browsers and provides a single location for management tasks involving user assignments and the virtual desktops, remote desktop sessions, and applications.

VNet peering

Virtual network which is used to connect Horizon Cloud Service VNet with Microsoft Active Directory. Virtual network peering enables you to seamlessly connect two Microsoft Azure virtual networks. Once peered, the virtual networks appear as one, for connectivity purposes.

Note: For additional VMware terms and concepts, see the VMware Technical Publications Glossary or VMware Technical Publications Glossary Online. For information about Microsoft Azure-specific terms, see the Microsoft Azure Glossary.

Additional Resources

About the Authors

This guide was written by

  • Rick Terlep, End-User-Computing Architect, End-User-Computing Technical Marketing, VMware
  • Jerrid Cunniff, End-User-Computing Cloud Services Senior Architect, VMware
  • Cindy Heyer Carroll, Technical Writer in End-User-Computing Technical Marketing, VMware
  • Josh Spencer, End-User-Computing Architect, End-User-Computing Technical Marketing, VMware

Feedback

The purpose of this guide is to assist you, and your feedback about this is valuable. To comment on this guide, contact VMware End-User-Computing Technical Marketing at euc_tech_content_feedback@vmware.com.