Quick-Start Tutorial for VMware Horizon Cloud on Microsoft Azure
VMware Horizon Cloud on Microsoft Azure 1.5
This Quick-Start Tutorial introduces a new offering to the VMware Horizon® Cloud Service™: VMware Horizon Cloud on Microsoft Azure. This offering combines the management functionality of the Horizon Cloud control plane with the cost-saving capacities of Microsoft Azure. You can take advantage of the Horizon Cloud Service for managing your desktops and remote applications, including management of RDS-hosted applications on Microsoft Azure infrastructure, as well as the flexibility to choose the deployment option that best meets the needs of your organization or use cases. This Quick-Start Tutorial describes the process of deploying Horizon Cloud components into your Microsoft Azure capacity. This process creates an entity called the Horizon Cloud node, which pairs with the Horizon Cloud control plane. You then use the control plane to create RDSH and session farms, and to manage and deliver virtual RDS-enabled Windows Servers and remote applications to your end users.
This Quick-Start Tutorial introduces you to Horizon Cloud on Microsoft Azure, and helps you to evaluate this product through a series of practical exercises. The Overview section describes the benefits, features, architecture, and components, and how the components interoperate. Subsequent sections provide exercises to help you deploy the Horizon Cloud node into your Microsoft Azure capacity, and then to explore and evaluate this product and its core capabilities and key features.
Important: This tutorial is designed for evaluation purposes, based on using the minimum required resources for a basic deployment, and does not explore all possible features. The evaluation environment should not be used as a template for deploying a production environment. To deploy a production environment, see the Horizon Cloud Service documentation.
This guide is intended for security architects, engineers, and administrators who want to familiarize themselves with, or are in the process of implementing, a Horizon Cloud on Microsoft Azure infrastructure. Familiarity with Windows data center technologies such as Microsoft Azure, Active Directory, SQL, and Microsoft Management Console is assumed. You should also be familiar with virtualization technology, cloud computing, network routing, firewall security architecture, site-to-site virtual private networks (S2S VPNs), and Multi-Protocol Label Switching networks (MPLS). Knowledge of compatibility is also useful before using VMware Horizon Cloud Service on Microsoft Azure (see VMware Product Interoperability Matrices).
Note: Not all sections of this guide are necessarily applicable to your deployment. Optional sections are clearly marked. If you have questions about the specifics of your order, see your Horizon Cloud-Hosted Setup web form, or speak to VMware or a Value Added Reseller for VMware.
Technical Introduction and Features
About Horizon Cloud on Microsoft Azure
The VMware Horizon Cloud Service delivers virtual desktops and applications using a cloud platform that is scalable across multiple deployment options. Horizon Cloud provides a single cloud control plane from which you can choose multiple deployment options. You can dynamically switch options at any time to adjust to use cases change, employee moves, or economic shifts. These deployment options include:
- Cloud-hosted capacity managed by VMware
- Public cloud infrastructure from Microsoft Azure, an Infrastructure-as-a-Service (IaaS) provider
- On-premises hyper-converged infrastructure from partners such as Dell EMC, Hitachi, and QTC
The second option, Microsoft Azure, is the topic of this Quick Start Tutorial. You can connect your Microsoft Azure instance to your Horizon Cloud control plane for a comprehensive cloud-hosted solution for delivering virtualized Windows apps and desktops.
Setting up the environment involves deploying the required VMware software into your Microsoft Azure capacity. The deployed VMware software creates an appropriately configured entity called a Horizon Cloud node, which pairs with the control plane. After the node is deployed, you use the control plane to create RDSH farms and entitle remote desktops and applications to your end users.
For more information, see the Horizon Cloud on Microsoft Azure datasheet.
Packaging, Licensing, and Service Models
Horizon Cloud delivers virtual desktops and apps using a cloud platform that is scalable across multiple deployment options. Horizon Cloud is available in two subscription options:
- Per named user: For virtual environments with end users that require dedicated access to virtual machines throughout the day
- Per concurrent connection: For virtual environments with a high number of users who share machines throughout the day, such as students or shift workers
You can bring your own hyper-converged infrastructure (HCI) or Microsoft Azure infrastructure, or purchase cloud-hosted infrastructure from VMware. For more information, see How to Buy and Packaging and Licensing guide.
Features and Benefits
With the Horizon Cloud with Microsoft Azure offering, Microsoft and VMware work together to extend the desktop-as-a-service (DaaS) offering with new cross-cloud capabilities. Key features of Horizon Cloud with Microsoft Azure include
- Easy deployment: Depending on the complexity of your configuration, it can take as little as 60 minutes to deploy the service to your own Microsoft Azure instance.
- Single management plane: Even if you deploy multiple instances of Horizon Cloud to multiple Microsoft Azure regions, you still use the same cloud-based management UI to configure and manage your Horizon Cloud environments.
- Single infrastructure provider: You can manage virtual applications from the cloud with your existing infrastructure provider.
- Simple upgrades: VMware provides a simple blue-green upgrade method that allows you to rev to the next release in minutes.
- Power management: Horizon Cloud has built-in features that automatically spin up or spin down RD Session Hosts based on your demand, to save you time on Microsoft Azure.
- Rolling maintenance and image update: Horizon Cloud includes built-in orchestration to allow you to do rolling maintenance of your RD Session Hosts.
- RD Session Hosted applications: Horizon Cloud supports RD Session Hosted applications and desktops with this initial release.
- Cloud monitoring: You do not need a third party or additional tool to monitor or manage your Horizon Cloud on Microsoft Azure deployment. Our new cloud-based monitoring feature allows you to keep an eye on your deployment from a single UI.
- True multi-cloud deployments: You can choose between cloud capacity managed by VMware, bring your own hyper-converged infrastructure, or bring your own public cloud capacity from Microsoft Azure.
- User Environment Manager: You are entitled to use VMware User Environment Manager, which is our persona management system for each user in Horizon Cloud. You can also leverage another tool to manage persona if you want.
- Workspace ONE: The solution integrates with VMware Workspace ONE™ to provide your users with a single workspace to access all their applications.
- Leverage Microsoft Azure services and regions: As mentioned earlier, you can leverage any region from Microsoft Azure services.
- Expanded geographic reach: You can leverage any region from the many global Microsoft Azure data centers, and configure and deploy desktops in minutes.
- Low-cost hourly billing: You benefit from consumption-based pricing for capacity, as well as no upfront costs or termination fees.
For more information, see VMware Horizon Cloud Service and click Horizon Cloud on Microsoft Azure > 1.5 > Release Notes.
Components and Architecture
About System Architecture and Components
The Horizon Cloud on Microsoft Azure system architecture includes the standard Horizon Cloud components, as well as unique components and integrations that provide additional capabilities.
Figure 1: Horizon Cloud on Microsoft Azure System Architecture
Figure 1 demonstrates the automated provisioning of a Horizon Cloud node on your Microsoft Azure capacity.
- Your Microsoft Azure infrastructure as a service (IaaS) provides capacity.
- In your VMware Horizon Cloud infrastructure, the VMware Horizon Cloud control plane is granted permission to create and manage resources with the use of a service principal in Microsoft Azure.
- You provide additional prerequisites such as Active Directory, as well as optional components such as Deployment Engine, Workspace ONE Connector, and RDS license, from either Microsoft Azure or Horizon Cloud on premises.
- The Horizon Cloud control plane initiates the deployment of the Horizon Cloud node, VMware Unified Access Gateway™ appliances for secure remote access, and other infrastructure components that assist with the configuration and management of the Horizon Cloud infrastructure.
- After the Horizon Cloud node is deployed, you can create images and farms.
VMware Horizon Cloud Components
Horizon Cloud consists of the following major components:
- Infrastructure: You can choose Microsoft Azure infrastructure, VMware cloud-hosted infrastructure, or your own hyper-converged infrastructure (HCI). This guide focuses on the Microsoft Azure infrastructure option.
- Active Directory: You can choose to deploy AD on premises or in cloud.
- Image: Also called image template, a desktop or RDSH server image that can be used in a Horizon Cloud tenant to create desktop or application assignments. It is used as the base image from which virtual machines (VMs) are cloned.
- VMware Horizon Client™: Software-based client installed on a desktop, thin client, mobile device, or tablet that facilitates connectivity to Horizon Cloud-hosted desktops and applications.
- Horizon Cloud tenant appliance: A hardened Linux appliance that provides desktop and application brokering, provisioning, and entitlement services. It hosts the end-user and administrative portals.
- Desktop and services subnets: Unique IP subnets that you assign to allow for desktop, application, and administrative connectivity. The Desktop Zone uses the desktop subnet for virtual desktops and RDSH servers. The Services Zone uses the services subnet for tenant appliances and other utility services.
- Horizon Cloud Control Plane: The central location to conduct all administrative functions and policy management. From the cloud-based control plane, you can manage your RDS farms and assign applications to users and groups from any browser on any machine with an Internet connection. The cloud control plane provides access to manage all Horizon Cloud nodes deployed into your Microsoft Azure infrastructure in a single, centralized user interface, no matter which regional data center you use.
- Horizon Cloud Administration Console: The web-based portal, a component of the control plane, that you use to provision and manage Horizon Cloud desktops and applications, resource entitlements, and images. The Horizon Cloud Management Console provides full life-cycle management of desktops, and Remote Desktop Session Host (RDSH) through a single, easy-to-use web-based console. Organizations can securely provision and manage desktop models and entitlements, as well as native and remote applications, through the centralized Horizon Cloud Management Console. The Horizon Cloud Management Console also provides usage and activity reports for various user, administrative, and capacity-management activities.
- VMware Unified Access Gateway: A hardened Linux appliance that allows for secure remote access into the Horizon Cloud environment and is part of the Security Zone (for external Horizon Cloud access) and the Services Zone (for internal Horizon Cloud access).
- Optional VMware User Environment Manager: A scalable management solution that provides personalization of Windows and apps; dynamic policy configuration across virtual, physical, and cloud-based Windows desktop environments, for managing a user’s persona across devices and locations; and privilege elevation to aid in your privilege management strategy. VMware User Environment Manager seamlessly integrates with Horizon Cloud, and provides a consistent user experience across physical, virtual, and cloud-hosted PCs and RD Session Host servers. If you are already using VMware User Environment Manager on physical or virtual desktops or RD Session Host servers, your knowledge transfers immediately to Horizon Cloud on Microsoft Azure. For more information, see VMware User Environment Manager.
- Optional VMware Workspace ONE: You can choose to deploy a Workspace ONE connector in your data center.
- Optional True SSO Enrollment server: You can choose to deploy a True SSO Enrollment server in your data center.
Horizon Cloud on Microsoft Azure Components
Horizon Cloud on Microsoft Azure deploys three appliances from your Microsoft Azure configuration that provide the following capabilities:
- Horizon Cloud Node: Manages all infrastructure resources. While all policy definition and management happen in the cloud, all of the real work––creating resources on Microsoft Azure infrastructure and making it available to users––happens in the Horizon Cloud node.
- Unified Access Gateway Appliances: Provide secure Internet access to published applications and published desktops. One appliance is used for standard runtime, and an additional appliance is used during upgrade. One appliance is continuously powered on, and the second is on only during upgrade.
- Jumpbox: A temporary Linux-based VM used during environment buildout, as well as for subsequent environment updates and upgrades.
A: Setting Up
These prerequisites exercises help you prepare your environment for best use of Horizon Cloud on Microsoft Azure. The exercises are sequential and build upon one another, so make sure to complete each exercise in this section before going to the next.
First, you verify that your environment meets the basic prerequisites. Next, you create a new virtual network (VNet), one of the prerequisite Microsoft Azure components. You must bring your own Microsoft Azure IaaS capacity, and configure the Microsoft Azure prerequisites for the Horizon Cloud deployment. You set up network ranges based on previously provided CIDR blocks, select Active Directory options, complete VNet bi-directional peering, DNS configuration, and so on. Subsequent sections describe how to deploy the Horizon Cloud node on Microsoft Azure, and then create a farm where your end users can access applications and shared desktops.
Exercise A1: Reviewing the Workflow
Before you start, it is a good idea to review the workflow and tasks involved, which are detailed in each chapter:
- Verify that your environment meets the prerequisites listed in VMware Horizon Cloud Service on Microsoft Azure Requirements Checklist and Getting Started with VMware Horizon Cloud Service on Microsoft Azure.
- See Deploying a Horizon Cloud Node
- Prepare the Microsoft Azure for node deployment.
- Deploy the node.
- See Creating an Image
- Register Active Directory domain.
- Configure a master image.
- Install applications in the master image.
- Convert the master image into an assignable image.
- See Deploying a Farm
- Create an RDSH farm to provide session desktops which you can assign to users and groups.
- Create a second RDSH farm to provide remote desktops which you can assign to users and groups.
- Create a CNAME record in your DNS server.
- See Explore Horizon Cloud Monitoring and Analytics
- Explore the reports and analytics functionality.
- See Explore VMware User Environment Manager
- Explore the integration with User Environment Manager and capabilities.
After you finish reviewing the workflow, verify that your environment meets all prerequisites, and then proceed to the next exercise to configure the VNet.
Exercise A2: Creating the VNet
You can deploy a Horizon Cloud node to an existing virtual network (VNet), or create a new VNet. But before you create a VNet, verify that your environment meets the prerequisites listed in VMware Horizon Cloud Service on Microsoft Azure Requirements Checklist. For more information, see Getting Started with VMware Horizon Cloud Service on Microsoft Azure.
This exercise describes how to create a new VNet where Active Directory services are available. Microsoft Azure automatically creates the necessary subnets in the VNet using CIDR blocks that you provide. Horizon Cloud automates machine creation and domain join operations, and requires access to a VNet with AD services. A set of resource groups in your Microsoft Azure capacity is also automatically created. Resource groups organize the assets that the environment needs, such as virtual subnets and virtual machines (VMs) for the Unified Access Gateway, RDS-enabled server images, RDSH farms, and so on.
Log in to Microsoft Azure
- Log in to your existing Microsoft Azure deployment.
- Make sure to use a subscription that provides IaaS capacity.
Add a New Virtual Network
- In the navigation bar on the left, select Virtual Networks.
- Click Add to create a VNet.
Provide Data for New VNet
- In the Create Virtual Network pane, provide the following information, and then click Create:
- Name: Enter a name to distinguish this VNet from others.
- Address space: Accept the default, or enter an address range.
- Subscription: Select from the drop-down menu.
- Resource group: Select an existing resource group, or create a new one when the virtual network is created.
- The value should not be empty: Create a new resource group or use an existing one.
- Location: From the drop-down menu, select the region where you plan to deploy the Horizon Cloud node.
- Subnet Name: Accept the default. Horizon Cloud automates the creation of the necessary subnets using the CIDR blocks previously provided.
- Address range: Accept the default.
- Service endpoints: Accept the default.
- Wait until the creation process is complete, and the VNet is created.
For more information, see Getting Started with VMware Horizon Cloud Service on Microsoft Azure, and click Horizon Cloud on Microsoft Azure > 1.5 > Preparing to Deploy a Horizon Cloud Node into Microsoft Azure > Configure the Required Virtual Network in Microsoft Azure.
After creating the VNET, proceed to the next section to configure bi-directional VNET peering.
Exercise A3: Configuring VNet Peering (Optional)
In this exercise, you use Microsoft Azure to configure bi-directional peering. You should configure VNet-to-VNet peering only if the following is true:
- You created a new VNet that does not have an AD VM inside it
- You are not using Express Route for VNet peering
- You are not using VPN for express route peering
In this tutorial, it is assumed that another VNet is in the same region as the AD/DNS server, to which you are peering for access to those services.
Peering Connects the Horizon Cloud VNet with Microsoft Active Directory
- In the Virtual Networks pane, select a network. and click Peering.
- In the third pane on the right, verify that the peer is not yet connected.
Add Peering Details
- In the Add peering pane, provide the required information:
- Name: Enter a name to distinguish this action from others.
- Virtual network deployment model: Select the Resource manager option.
- Subscription: Select your subscription.
- Virtual network: Click Choose a virtual network, and select your VNet.
- Allow virtual network access: Verify that Enabled is selected.
- Click OK.
VNet Peering Is Connected
- Locate the third pane.
- Verify that VNet peering is now connected.
VNet Peering Overview Details
- Locate the second pane.
- Click Overview to display additional details in the third pane.
For more information, see the Getting Started with VMware Horizon Cloud Service on Microsoft Azure guide.
After you finish configuring the VNet, proceed to the next exercise to configure the DNS server.
Exercise A4: Configuring the DNS Server
Now that the VNet is configured, your next step is to configure the DNS, which is required during the Horizon Cloud node deployment. Horizon Cloud uses the default Microsoft Azure-provided DNS for the deployment for outbound DNS resolution, but requires Active Directory to resolve the Active Directory domain controllers. You must set the virtual network to support both internal and external name resolution.
Microsoft Azure DNS Supports Name Resolution
- In the navigation bar on the left, click Virtual networks.
- Select the virtual network you want to use for your node.
- Click DNS servers to display the DNS server settings.
Configure DNS Before Deploying the Horizon Cloud Node
- In the upper right, select the Custom option.
- Add the address of the DNS server to use for name resolution.
For more information, see Getting Started with VMware Horizon Cloud Service on Microsoft Azure.
After you finish configuring the DNS server, proceed to the next exercise to create an authentication key for the service principal.
Exercise A5: Creating a Service Principal Authentication Key
Horizon Cloud needs a service principal to access and use your Microsoft Azure subscription capacity. A service principal defines the policy and permissions for use of an application in a specific tenant, and is used to grant Horizon Cloud permission to access and modify your Microsoft Azure tenant. When you register a Microsoft Azure AD application, the service principal is also created. For more information, see Create the Required Service Principal by Creating an Application Registration.
In addition to the service principal, you must generate an authentication key and assign the Contributor role to the service principal at the subscription level.
Service Principal Settings
- Locate the service principal details window.
- Click Settings to open the Settings menu.
Authentication Key Required to Deploy the Horizon Cloud Node
- In the Settings menu, click Keys.
Authentication Key Security Policy
- In the Keys menu, provide the following information:
Description: Enter a description of 16 characters or fewer, such as
- Expires: Set the duration of the key, based on your security policy. You can set the expiration to Never expires, or you can set a specific time frame.
- Caution: If you set a specific time frame, make sure to refresh the key before it expires, and enter the new key into the subscription information in the Horizon Cloud Administration Console. If the key expires without doing this, the associated node stops because Horizon Cloud cannot detect it.
- Value: Keep the Keys window open until you have copied and saved the key value.
- Description: Enter a description of 16 characters or fewer, such as
- Click Save.
Copy and Save the Authentication Key Because Irretrievable Later
- Copy the unique key value.
- Save the value securely, because you cannot retrieve it later.
After you finish creating an authentication key for the service principal, proceed to the next exercise to assign a role to the service principal.
Exercise A6: Assigning the Contributor Role to the Service Principal
The next step is to assign the contributor role to the service principal at the subscription level.
Make Note of the Subscription ID
- In the navigation bar on the left, select Subscriptions.
- Click the name of the subscription.
- Copy and save the subscription ID to use when you deploy the node.
- Click Access control (IAM).
- Click Add to display the Add permissions window.
Add Permissions Information
- In the Add permission window, provide the following information:
- Role: From the drop-down menu of built-in roles, select Contributor.
- Assign access to: From the drop-down menu, select Azure AD user, group, or application.
- Select: Search for and select the service principal by the name you gave it earlier.
- Click Save.
Save the Service Principal
- Click your service principal to select it
- Click Save.
After you finish assigning a role to the service principal, proceed to the next section to verify the required resource providers.
Exercise A7: Verifying Required Resource Providers
Verify that your subscription includes the registered resource providers that the node requires.
- In the navigation bar on the left, select Virtual machines.
- Click the name of the subscription used with this node.
- In the subscription menu, click Resource providers.
Verify That Required Resource Providers Are Registered
- In the Status column, verify that the following resource providers have a Registered status:
Microsoft.Compute microsoft.insights Microsoft.Network Microsoft.Storage
- If they do not, register them.
Verify Subscription-Based Values Required for Deployment
- In the navigation bar on the left, click Azure Active Directory > Manage > Properties.
- Verify that you have the four subscription-based values required during node deployment:
- Subscription ID
- Azure Active Directory ID
- Application ID
- Application key value
For more information, see Getting Started with VMware Horizon Cloud Service on Microsoft Azure.
After you finish creating and configuring the service provider and verified that you have the subscription-related values required for deployment, proceed to the next section to deploy the Horizon Cloud node.
B: Deploying a Horizon Cloud Node
About Node Deployment
Now that you have set up the Horizon Cloud on Microsoft Azure node, you are ready to begin the initial configuration process of your deployment. In this series of exercises, you deploy a Horizon Cloud node and bind it to an existing Active Directory domain, which grants the Horizon Cloud control plane access to create and manage resources in Microsoft Azure. These exercises are sequential and build upon one another, so make sure to complete each exercise in this section before going to the next.
Exercise B1: Deploying the Horizon Cloud Node
Armed with the prerequisite information from your Microsoft Azure tenant, you are ready to begin deploying the Horizon Cloud node and binding it to an existing Active Directory domain.
- Use your My VMware credentials, which give you access to the Horizon Cloud control plane.
- Before you deploy the Horizon Cloud node, verify that you have the prerequisite information from your Microsoft Azure tenant, which the Horizon Cloud deployment wizard uses during the deployment process:
- Service Principal: Like a certificate, the service principal object defines the policy and permissions for use of an application in a specific tenant, and is used to grant Horizon Cloud permission to access and modify your Microsoft Azure tenant
- Subscription ID: Primary Microsoft Azure billing identifier based on your agreement with Microsoft
- Directory ID: Your Primary Identifier or Identifiers in Microsoft Azure Active Directory
- Application ID: An attribute of the Service Principal that securely ties the Horizon Cloud control plane to your Microsoft Azure subscription
Application Key: A one-time-use password that is used to encrypt the service principal
For more information, see Getting Started with VMware Horizon Cloud Service on Microsoft Azure.
Log in to VMware Horizon Cloud
- Log in to Horizon Cloud.
- Use your My VMware account ID and password.
Add a New Horizon Cloud Node
- In an account with no nodes previously deployed, the Getting Started wizard defaults to the Capacity section. In the upper right corner of the Add Cloud Capacity pane, click Add, which starts the Horizon Cloud Node Deployment wizard.
- (To add a new Microsoft Azure node to an account with nodes previously deployed, click Settings > Capacity > New > Node > Microsoft Azure.)
Provide Subscription Details
- In the Microsoft Azure Subscription tab of the Add Cloud Capacity page, provide the data that you gathered earlier:
- Apply Subscription: Select Add New and enter the new subscription information.
- Subscription Name: Enter a recognizable name to distinguish this subscription from others. The name must start with a letter and contain only letters, numbers, and dashes.
- Environment: Select the environment associated with your Microsoft Azure subscription.
- Subscription ID: Enter the subscription ID in UUID form, from the Subscription area of your Microsoft Azure portal.
- Directory ID: Enter the Microsoft Azure AD Directory ID in UUID form, from the Microsoft Azure Active Directory properties in your Microsoft Azure portal.
- Application ID: Enter the application ID in UUID form associated with the service principal you created in the Microsoft Azure portal. Creating an application registration and associated service principal in your Microsoft Azure Active Directory was a prerequisite.
- Application Key: Enter the key value for the authentication key of the service principal that you created in the Microsoft Azure portal. Creating this key was a prerequisite.
- Click Add.
Provide Node Setup Details
- In the Details panel of the Node Setup tab, provide the following information:
- Node Name: Enter a recognizable name, to be used in the Administration Console to distinguish this node from other nodes.
- Location: Click Add to specify a location, which you can use to group nodes according to categories that you provide, such as Business Unit A, Business Unit B, and so on.
- Microsoft Azure Region: Select the physical geographic Microsoft Azure region into which you want the node to be deployed. For best performance, deploy the Horizon Cloud node in a region that is geographically near the end users consuming the service to provide lower latency.
- Description: Enter an optional description for this node.
Provide Networking Details
- In the Networking panel of the Work Setup tab, provide the following information:
- Virtual Network: Select a virtual network from the list. Only virtual networks that exist in the region selected in the Microsoft Azure Region field are shown here. You must have already created the VNet you want to use in that region in your Microsoft Azure subscription.
Management Subnet (CIDR): Enter a subnet (in CIDR notation) to which the node and Unified Access Gateway instances get connected, such as
192.168.8.0/28. For the management subnet, a CIDR of at least
Desktop Subnet (CIDR): Enter the subnet (in CIDR notation) to which all of this node's RDSH servers for end-user remote desktops and applications get connected, such as
NTP Servers: Enter the list of NTP servers to use for time synchronization, separated by commas (for example
Provide Unified Access Gateway Details
- In the Unified Access Gateway panel of the Work Setup tab, provide the following information.
- Internet Enabled Desktops: Select Yes to enable users located outside your corporate network to access desktops and applications. The node includes a load balancer and Unified Access Gateway instances to enable this access. Selecting Internet-enabled desktops triggers Horizon Cloud to automatically deploy two Unified Access Gateway appliances in an availability setting.
FQDN: Enter the required fully qualified domain name (FQDN), such as
ourOrg.example.com, for your end users to use to access the service. You must own that domain name and have a certificate in PEM format that can validate that FQDN.
- DMZ Subnet (CIDR): Enter the subnet in CIDR notation for the demilitarized zone (DMZ) network to be configured to connect the Unified Access Gateway instances to the load balancer.
- Certificate: Upload the certificate in PEM format for Unified Access Gateway to use to allow clients to trust connections to the Unified Access Gateway instances running in Microsoft Azure. The certificate must be based on the FQDN you entered and be signed by a trusted CA. A certificate is automatically applied to the two Unified Access Gateway appliances during deployment.
- Click Validate & Proceed.
Verify That the Horizon Cloud Node Is Deployed
- After clicking Validate & Proceed, review the Summary tab, verify that the information is correct and complete, and click Submit.
- Wait until a green check mark appears, and a join domain message, which indicates that the Horizon Cloud node and all supporting infrastructure components are deployed. This process can take up to an hour to complete.
After you finish deploying the Horizon Cloud node, proceed to the next exercise to perform the domain bind operation.
Exercise B2: Binding to the Active Directory Domain
Machine creation and domain join operations are automated by Horizon Cloud. The domain bind operation must be performed on the node before creating images and farms. You have several Active Directory domain configurations to choose from. For more information about these options, see Getting Started with VMware Horizon Cloud Service on Microsoft Azure.
To complete the Active Directory configuration, provide information about the domain and accounts used for domain operations.
- In the Horizon Cloud Administration Console, in the navigation pane on the left, click Settings.
- Click Getting Started.
Expand the General Setup Fields
- In the Getting Started wizard, locate the 1 Microsoft Azure Node Added.
- Click General Setup to expand the fields.
- Under General Setup, locate the Active Directory panel.
- Click Configure.
Register Active Directory
- On the Register Active Directory page, provide information about the domain and accounts used for domain operations.
- NETBIOS Name: Enter the Active Directory domain name.
- DNS Domain Name: Enter the fully qualified Active Directory domain name.
- Protocol: Accept the LDAP default.
- Bind Username: Enter the user account in the domain to use as the primary LDAP bind account.
- Bind Password: Enter the password associated with the Bind Username.
- Auxiliary Account #1: In the Bind Username and Bind Password fields, enter a user account in the domain to use as the auxiliary LDAP bind account and its associated password.
- For more information, see VMware Horizon Cloud Service on Microsoft Azure Administration Guide.
- Click Domain Bind.
Provide Domain Join Details
- After configuration is complete, on the Domain Join page, provide the required data.
Primary DNS Server IP: Enter the IP address of the primary DNS Server.
Note: This DNS server must be able to resolve machine names inside of your Microsoft Azure cloud as well as resolve external names.
- Join Username: Enter the user account in the Active Directory that has permissions to join systems to that Active Directory domain.
- Join Password: Enter the password associated with the Join Username.
- Secondary DNS Server IP (Optional): Enter the IP of a secondary DNS Server.
- Primary DNS Server IP: Enter the IP address of the primary DNS Server.
- Click Save.
Add the Administrator
- On the Add Administrator page, select an Active Directory User Group
- Click Save.
Note: Add the Active Directory group that includes the domain-join account, as described in the prerequisites. This action grants this group permissions to perform management actions in the Administration Console.
Notice Change in Login Windows
- When you finish registering the node with your Active Directory domain, the system returns you to the login page.
- In the login page, you must log back in, first with your My VMware account, and then with the Active Directory credentials in the group that you just assigned.
Join the VMware Customer Experience Improvement Program
- With the Horizon Cloud node deployed and the bind operation complete, you can move the Yes/No slider.
- Choose whether or not to join the VMware Customer Experience Improvement Program.
For more information, see VMware Horizon Cloud Service on Microsoft Azure Administration Guide, and click Getting Started Using Your Horizon Cloud Environment > Register the First Active Directory Domain.
After deploying the Horizon Cloud node and completing the bind operation, proceed to the next section to create master images.
C: Creating an Image
About Image Creation
Microsoft provides a variety of VM templates in the Microsoft Azure Marketplace. Horizon Cloud provides the ability to import Windows 2012 R2 or 2016 data center-edition servers. Upon import, Horizon Cloud joins the VM to the domain, enables the RDS role, automates the Horizon and DaaS installations, and performs a bootstrap process, enabling secure pairing of the DaaS agent to the Horizon Cloud node. All of this is automated, although the process can be performed manually if you want to convert an existing VM to a Horizon Cloud image yourself. After the imported VM is configured with the necessary applications, Horizon Cloud converts the VM to an image by automatically running SYSPREP and sealing the OS. You can then use the image to create RDS session host farms.
Exercise C1: Importing VMs from Microsoft Azure Marketplace
This exercise demonstrates how to import a Windows Server VM from the Microsoft Azure Marketplace, configure it with applications, and convert the VM to an image to automatically build images, which can be used to deploy a farm of remote desktop RD Session Host servers.
- In the navigation panel of the Horizon Cloud Administration Console, click Inventory.
- Click Imported VMs.
Import a Windows VM
- On the Imported VMs page, click Import.
- This imports a Windows VM from the Microsoft Azure Marketplace.
Select the Marketplace
- On the Import Desktop page, locate From Marketplace.
- Click Select.
Provide Destination and Desktop Details
- On the Import Desktop Marketplace page, provide the required information for the Destination Desktop and Desktop Details panels:
- OS: Select the Microsoft Windows Server OS to use for the base RDS-enabled master image VM.
- Server Model: Select a server VM specification.
- Domain: Select the Active Directory domain that you want configured in the base VM.
- Enable Public IP Address: Set the toggle to Yes to configure a public IP address for this master image VM. When set to Yes, the VM gets both a private IP address and a public one. If you set the toggle to No, the VM is configured with only a private IP address.
- Scroll to the next panel. Horizon Cloud displays the supported operating systems and server models in the menus.
Provide Admin Credentials and Properties Details
- In the Admin Credentials for the Desktop panel and the Properties panel, provide the required information.
- Username: Enter the administration username for the VM account. This username is used for the local administration account to access the OS of the master image VM.
- Password: Enter the password for the administrator account, which must adhere to the Microsoft Azure rules.
- Verify Password: Re-enter the password to verify.
- Do you have a Windows Server License: Set the toggle to Yes, and select the check box to confirm that you have the proper license.
- Name: Enter a unique name for the master image VM.
- Description: You can enter an optional description to accompany the name.
- Scroll to the next panel.
Provide Horizon Agent Details
- Click Advanced Options to reveal the Horizon Agent Features panel, accept the default to install all features in the master VM.
- Enable Flash MMR: Redirects Flash multimedia content that is streamed to a remote desktop directly to the client computer, which plays the media content, offloading the demand on the RDS desktop and improving performance optimization.
- 3D support in RDSH: Provides 3D graphics support to applications that run on the RDS desktop.
- MMR for Terminal Services: Redirects multimedia content that is streamed to the remote desktop directly to the client computer, which plays the media content, offloading the demand on the RDS desktop and improving performance optimization.
- Client Drive Redirection: Allows Horizon Client users to share local drives with their RDS desktops and applications.
- Skype for Business: Provides the ability to use the RDS desktops to make optimized audio and video calls with Skype for Business.
- Webcam Support (Real Time Audio Video RTAV): Redirects webcam and audio devices that are connected to the client systems so that those devices can be used on the remote desktop.
- Smart Card: Lets users authenticate with smart cards when using PCoIP or Blast Extreme display protocols.
- Thin Print: Allows users to print to any printer available on the client computers, without installing additional drivers.
- Scanner Redirection: Redirects scanning and imaging devices that are connected to the client systems so that they can be used on remote desktops or applications.
- Enable USB: Provides access to locally connected USB flash drives and hard disks in the RDS desktops and applications.
- URL Redirection: Allows Horizon Client to determine which URLs should be handled by the remote desktop or application instead of being opened by the users’ client system, and open those URLs using the remote desktop or application.
- Click Import.
Verify the VM Imported Successfully in Microsoft Azure
- When the success banner verifies that the import is complete, you can return to the Microsoft Azure portal.
- Verify that the VM was successfully completed.
Explore the Details of the Imported VM
- Select the imported VM.
- Explore the details.
Verify That the Imported VM in Horizon Cloud Is Now Active
- Return to the Horizon Cloud Administration Console, where the imported VM is displayed.
- Horizon Cloud automates the customization of the master image VM, and the status changes to Active when the process is complete.
For more information, see VMware Horizon Cloud Service on Microsoft Azure Administration Guide, and click Creating Desktop Images for a Horizon Cloud Node in Microsoft Azure > Create a Master Virtual Machine Automatically from the Microsoft Azure Marketplace.
Note: It is also recommended that you optimize the image using the VMware Windows Operating System Optimization Tool. This tool includes templates that you can customize to enable and disable Windows system services and features across multiple systems. Many Windows system services are enabled by default. You can disable services or features using the optimization tool, and improve performance by eliminating unnecessary services or features. For instructions, see the VMware Windows Operating System Optimization Tool Guide.
When you finish importing the RDS-enabled master image VM, proceed to the next exercise to customize it.
Exercise C2: Customizing the Windows VM
You can customize the Windows operating system of the new master image VM, set wallpapers, and install applications to provide to your end users. If you enabled a public IP address for the master image VM, you can connect to the VM by using the IP address displayed on the Imported VMs page in an RDP client like Microsoft Remote Desktop Connection.
RDP to a Public IP
- Depending on your configuration, you can use either a private or public IP address to RDP to the new master image VM.
Copy the IP Address
- Use the IP address of the master image VM to connect to the RDS-enabled Windows Server operating system.
- Public IP address: RDP into it using that IP address.
Private IP address: RDP into it by one of these two methods:
- Use another VM in your Microsoft Azure subscription that does have a public IP address, and do an outbound RDP into the master image VM.
- Use your VPN and RDP into the master image VM over your corporate network.
- Log in to the RDS-enabled Windows Server operating system using the credentials that you set up when creating the master image VM, and enter the username as \username.
- Copy the IP address.
Log in with a Local Administrator Account
- When the login page is displayed, you can log in to Horizon Client.
- Once you are connected, you can add end-user applications and video GPU drivers, and any other required configurations to the VM.
- Install the third-party applications and drivers that you want available to run in the multi-user RDS desktop environment.
- In the Windows Server operating system, right-click the Start button and click Command Prompt (Admin) to open a command prompt as an administrator.
- In the command prompt, use the following command to determine the install mode of the server:
change user /query
- The server is in RD-Execute mode if you receive the following response:
Application EXECUTE mode is enabled
- In the command prompt, use the following command to switch the server into RD-Install mode, a special mode to install applications so they can run in a multi-user environment:
change user /install
- Install the third-party user applications you want to provide to your end users in their RDS desktops or as remote applications.
- Return to the command prompt, and issue the following command to switch the server back into RD-Execute mode:
change user /execute
- In the operating system, install any custom drivers you want in the RDS desktops, such as GPU-backed VMs that leverage NVIDIA GPUs.
- Make any customizations or configurations you want to the RDS desktops, such as adding custom wallpaper, setting default fonts or colors or themes, adjusting the taskbar default settings, and so on.
- When you finish, sign out of the operating system. Note: Do not shut down the Windows operating system, but instead, use Sign Out.
For more information, see VMware Horizon Cloud Service on Microsoft Azure Administration Guide, and click Creating Desktop Images for a Horizon Cloud Node in Microsoft Azure > Customize the Guest Windows Operating System of the Master Image Virtual Machine.
After you finish customizing the master image VM, proceed to the next exercise to convert the master image VM to an assignable image.
Exercise C3: Converting the Master VM to an Image
When the master image VM is ready, it is made assignable. For this exercise, you can use any VM with the Agent and bootstrap process already complete.
- In the Horizon Cloud console navigation bar on the left, select Inventory.
- Select Images.
Start Creating a New Image
- On the Images page, click New.
Provide New Image Details
- On the New Image page, provide the following information.
- Location: Select the location associated with the node where you have the configured master image VM.
- Node: Select the node to serve the desktop from.
- Desktop: From the list of VMs on the selected node, select the desktop you want.
- Image Name: Accept the auto-populated name associated with the Desktop selection, or enter a unique name for this image.
- Company Name: Enter an identifying name. This name appears as the default in all desktops created with this image.
- Timezone: Accept the auto-populated time zone, or set a new one, to be the default time zone for all desktops created with this image.
Admin credentials for the desktop: Enter the credentials for the local administrator account that is enabled in the master image VM.
Note: These credentials are the user name and password that were entered in the wizard when the master VM was created on the Imported VMs page.
- Click Publish.
Wait for the Published Status
- Wait until the status changes to Published to use the assignable image for creating a farm.
For more information, see VMware Horizon Cloud Service on Microsoft Azure Administration Guide, and click Creating Desktop Images for a Horizon Cloud Node in Microsoft Azure > Convert a Configured Master Virtual Machine to an Assignable Image.
After you finish importing and customizing a master image VM and converting it into an assignable image, proceed to the next section to use the assignable image to create RDSH farms, and then add and assign applications from the farms.
D: Deploying a Farm
About Farm Deployment
A farm is a collection of Microsoft Remote Desktop Services (RDS servers) on Microsoft Azure that host applications and desktops. Farms simplify RDS host management by enabling you to serve subsets of users that vary in size or have different desktop or application requirements. Farms can provide either session-based desktops or remote applications.
Ideally, you can provide the resources that all active users need to do their jobs without delays, and also avoid the cost of unused resources sitting idle but powered on. Horizon Cloud provides power management capabilities for the Microsoft Azure servers, automatically powering hosts on and off and deallocating them as needed. The result is that Horizon Cloud farms can automatically scale out to the maximum size when necessary, and scale down to minimum size when not needed. Cloud capacity costs are thus reduced, as well as computing costs for deallocated servers.
You first set up these options in the Horizon Cloud farm profile when you create the farm, and you can edit the settings at any time later.
Exercise D1: Creating a Farm
When the new image has been published, you can use it to create farms.
- In the navigation bar of Horizon Cloud Administration Console, select Inventory.
- Select Farms.
- On the Farms page, click New.
Provide the Required Information About the New Farm
- On the New Farm page, Definition tab, provide the following information, and then scroll down.
- Name: Enter a name for this farm.
- Description: Enter an optional description.
Farm Type: Specify the type of asset this farm provides to end users:
- Desktops: Provides session-based desktops
- Applications: Provides access to remote applications
- Location: Select the location associated with the node containing the RDSH image. This selection filters the choices in the Node field to display only the nodes in the selected location.
- Node: Select the node.
- Server Model: Select the model to use for the farm's server instances, which defines the resources used when farm server instances are created, including capacity.
- Image: Select the assignable RDSH image.
- Preferred Protocol: Select the default display protocol that you want the end-user sessions to use.
- Preferred Client Type: Select the type used when end users launch session-based desktops from Workspace ONE, either a Horizon Client or a browser for HTML Access.
- Domain: Select the Active Directory domain registered with your environment.
- Join Domain: Select Yes so that the server instances are automatically joined to the domain when created.
Provide Information About the Farm Size
- Scroll down to the Farm Size pane, provide the information to enable the farm to automatically scale up or down on demand.
- Min Servers: Specify the minimum number of servers you want in this farm.
Max Servers: Specify the maximum number of servers you want in this farm.
Note: The minimum number of server instances is initially powered on. As demand increases, additional servers are powered on until reaching the maximum. As end-user demand shrinks, servers are powered off until reaching the minimum. Each server is completely empty of user sessions before the system powers it off.
Sessions per Server: Specify the number of concurrent end-user sessions per server that this farm should allow.
Note: This number cannot be updated after the farm is created.
VM Names: Enter a name for all server VMs created for this farm to which a number is appended, such as
win2016-1, win2016-2, and so on. The name must start with a letter and can contain only letters, dashes, and numbers.
Computer OU: Enter the Active Directory Organizational Unit where the server VMs are to be located. For example,
OU=RootOrgName,DC=DomainComponent,DC=eng, and so on. The entries must be comma-separated with no spaces in between.
- Run Once Script (optional): You can enter the location of scripts that you want run after system preparation completes.
Session Timeout Interval: Enter the amount of time the sessions can be idle before the system forces a log out from the session-based desktops or applications that are served by this farm.
Note: This timeout applies to the logged-in session to the underlying Windows operating system, and is separate from timeout settings that govern Horizon Client or HTML Access logged-in sessions.
- For more information about these settings, see Exercise D2: Explore RD Session Host Power Management.
- Click Next.
Provide Required Information for Rolling Maintenance
- In the Management tab, provide the information for the Rolling Maintenance panel.
Rolling Maintenance: Select the maintenance type, either according to:
- Scheduled: Select a time cadence such as daily or weekly.
- Session: Specify the number of user sessions at which the farm should begin rolling maintenance.
Server Action: Select the action that the system should perform on servers that are undergoing maintenance:
- Restart: Restart the sever VMs.
- Rebuild: Delete server VMs and then re-provision them from their RDS desktop image.
- Rolling Maintenance: Select the maintenance type, either according to:
- Scroll to the next panel.
Provide Required Information for Power Management
- Scroll down to the Power Management panel, and provide the information used to optimize the farm for your unique business needs. This is where you determine the thresholds at which new capacity is powered up or down, for automatic shutdown or deallocation of unused servers.
- In Power Management, set the thresholds at which the system automatically grows and shrinks the number of powered-on server instances as it responds to demand and use.
- Optimized Performance: Keeps more hosts powered on than are needed to service the current end-user workload. As more users log in, Horizon Cloud continues to power on hosts in advance, up to the threshold of the maximum farm size. This option increases capacity costs by having the next server ready before requested, but decreases the chance of a delay when users make the request.
- Optimized Power: Waits as long as possible before powering on the next server instance, and more progressively deallocates unused hosts, leaving fewer available resources for end users. This option decreases capacity costs by using the servers longer before powering new ones, but increases the chance of a delay when users try to log in. You can even set the minimum number to 0, so all servers automatically power down when no users need them. However, the next users who log in experience a delay while the server powers back on, which might take several minutes.
- Balanced: Strikes a 50:50 balance between optimizing for performance (time-to-availability for users), and optimizing for power (minimizing between capacity costs).
Provide Required Information for the Timeout Handling
- Scroll down to the Timeout Handling panel, provide the required settings. This is where you configure how you want the system to handle different user session types.
- Empty Session Timeout: Specify how to handle idle user sessions: never timeout idle sessions, or timeout after a specified number of minutes. Note: When a session is disconnected, the session is preserved in memory. When a session is logged out, the session is not preserved in memory, and any unsaved documents are lost.
- Log Off Disconnected Sessions: Specify when the system logs the user out of a disconnected session.
- Max Session Lifetime: Specify the maximum number of minutes the system should allow for a single user session.
- Click Next.
Verify the Summary Information
- In the Summary tab, review all settings to verify they are correct and complete.
- Click Submit.
Verify in VMware Horizon Cloud
- View the farm you just created.
For more information, see VMware Horizon Cloud Service on Microsoft Azure Administration Guide, and click Farms in Horizon Cloud > Create a Farm.
After you finish creating farms from the image, proceed to the next exercise to review RDS host power management.
Exercise D2: Exploring RD Session Host Power Management
Horizon Cloud provides power management capabilities for the Microsoft Azure servers, automatically powering hosts on and off and deallocating them as needed. You can see the results of setting up the farm you just created by returning to Microsoft Azure.
Verify in Microsoft Azure
- Return to the Microsoft Azure portal.
- Review the hosts that the farm automatically creates there.
Automatic Shutdown or Deallocation
- You can set up automatic shutdown or deallocation of unused servers.
- From the navigation bar, select Virtual machines, and view the status showing each subscription as running or automatically deallocated.
Automatic Creation of Resource Groups
- Horizon Cloud streamlines administration tasks, such as the automatic creation of resource groups, which contain all farm-related components.
- From the navigation bar, select Resource groups > Overview to view resource group details.
Automatic Definition of Network Security Group Rules
- Network security group rules are automatically defined. From the navigation bar, select More services.
- Select Network security groups.
- Select a group to view the security rules.
For more information, see VMware Horizon Cloud Service on Microsoft Azure Administration Guide, and click Applications in Your Horizon Cloud Inventory.
After you finish reviewing RDS host power management, proceed to the next exercise to add applications from the farm.
Exercise D3: Adding Applications from the Horizon Cloud Farm
Horizon Cloud can auto-discover applications installed on the farm, or you can manually specify an application. Select the applications to be published, and assign them to end users or groups.
- In the Horizon Cloud Administration Console navigation bar, click Inventory.
- Select Applications.
- On the Applications page, click New.
Select the Auto-Scan from Farm Option
- On the New Application page, under Auto-Scan from Farm, click Select.
Provide Definition Information
- On the New Application page, provide the Definition information required
- Click Next.
Select Applications to Publish
- In the Applications tab, select the applications to be published.
- Click Next.
- In the Attributes tab, provide the appropriate attributes.
- Click Next.
Verify the Summary Information
- In the Summary tab, review to verify that the selections are correct and complete.
- Click Submit.
Verify Addition of New Applications
- On the Applications page, the green banner verifies that three new applications were added.
For more information, see VMware Horizon Cloud Service on Microsoft Azure Administration Guide, and click Applications in Your Horizon Cloud Inventory > Importing New Applications from an RDSH Farm Using Auto-Scan from Farm.
After you finish adding applications from the farm, proceed to the next exercise to create applications assignments.
Exercise D4: Assigning Applications from the Horizon Cloud Farm
To assign applications to users and groups:
- In the navigation bar on the left, click Assign.
- On the Assignments page, click New.
- On the New Assignment page under Applications, click Select.
- In the Definitions tab of the New Application Assignment page, provide the fixed and flexible attributes.
- Click Next.
- In the Applications tab, select the applications to assign.
- Click Next.
Select Users and Groups
- In the Users tab, select the users and groups to assign.
- Click Next.
Verify Summary Information
- In the Summary tab, review and verify your settings.
- Click Submit.
- Verify that the green success banner appears at the top.
- Verify that the assignments display a green status symbol.
For more information, see Create a Remote Application Assignment.
When you finish assigning applications to user and groups, your end users can launch their assigned desktops and remote applications using your FQDN in either the Horizon Client or with HTML Access. You can proceed to the next exercise to create an RDSH session assignment.
Exercise D5: Creating an RDSH Session Assignment
To create a session desktop assignment, use the Assignments page after first making sure you meet the prerequisites.
- Verify that your deployment meets the following prerequisites:
- At least one farm configured to deliver remote desktops
- The intended farm is in the node that you want to deliver from
- The intended farm is not already assigned
- In the navigation pane on the left, click Assign > New.
- On the New Assignment page, select Desktops.
- In the Definition step, complete the selections.
- Location: Select the location of the node where the session desktops should be provided.
- Node: Select the node.
- Farm: Select the farm to assign.
- Assignment Name: Enter a memorable name for this assignment to help end users identify it, using only letters, hyphens, and numbers.
- Click Next.
Select Users and Groups
- On the Users step, search users and groups in your registered Active Directory domains, select the ones to give this assignment.
- Click Next.
Verify the Summary Information
- On the Summary step, review the configuration.
- Click Submit.
Verify on the Assignments Page
- As the system configures the farm's server instances to provide session desktops to the selected users, you can use the navigation bar to the left to click Assign to verify the status on the Assignments page.
For more information, see VMware Horizon Cloud Service on Microsoft Azure Administration Guide, and click Applications in Your Horizon Cloud Inventory > Create a Remote Application Assignment.
When you finish assigning session-based desktops to user and groups, you have completed the workflow. The next two sections explore the Horizon Cloud monitoring and analytics features and the VMware User Environment Management capabilities in greater depth.
Exploring Monitoring and Analytics
About Monitoring and Analytics
After setting up Horizon Cloud on Microsoft Azure, you can explore the monitoring and analytics functionality. Horizon Cloud Analytics includes dashboard, activity monitoring, and reporting features, which provide the following benefits:
- Real-time monitoring: Alerts for common desktop and server issues. Real-time monitoring of desktops and application servers.
- Contextual metrics: In-depth information about user experience and resource usage. We leverage contextual metrics to give you details on user experience, and resource utilization.
- Historical utilization: Visualize usage with perspective on capacity, concurrency, and uniqueness. The system enables you to go back in time, to visually evaluate differences in how your resources are consumed by your deployment.
- Endpoint landscape: Understand access patterns by protocol, client type, and location. We also monitor how information is gathered directly from the endpoints that the users are using to access the system.
The result is that you have one place to go to get all the details you need to monitor the health and performance of your Horizon Cloud implementation.
Exploring Dashboard and Status
When you launch Horizon Cloud for the first time, the Getting Started page is displayed. From this page, you can navigate through the usage dashboards. For more information, see About the Monitor Icon and Reports Page.
Launch the Dashboard
Log in to Horizon Cloud, and in the navigation bar on the left, click Monitor > Dashboard.
On the Dashboard page, you can see the status of your environment, including how much capacity is allocated, and the utilization of your environment. In the Activity pane, click More to drill down for more details.
Activity Page Detail
In the Activity pane, select a time range to see the detailed utilization reports for the indicated time range.
Hide Metrics for Better Focus
You can also hide selected metrics to make it easier to focus on the most important details.
Scroll Down to See User Metrics
Scroll down to see which users are using each protocol, which client types they are using, and how long they have accessed the system.
After you finish exploring the dashboards and status features, proceed to the next exercise to explore additional reports, activity monitoring, and notifications.
Exploring Reports, Monitoring, and Notifications
Reporting features make it easy for you to review the health of your Horizon Cloud service and monitor your end users’ experience within the system. Examples of reports include RDSH server health and basic metrics, RDSH session reporting, and RDSH app-level metrics such as user mapping, desktop health, utilization, session history, concurrency, and URL configurations.
Desktop Health Reports
On the Reports page, click the Desktop Health tab, and in the Status field, select All Desktops to see CPU utilization, disk IOPS, and memory usage. You can view session information for servers within a farm.
View Session Information
The Session History tab shows you who is logged in from where, and for how long. You can change the time scale to view the history up to one year.
View Session History
In the left-hand navigation bar, click Monitor > Notifications, and select a time range to see critical system events and notices.
For more detailed information about how to use this feature, see Horizon Cloud Service documentation.
After you finish exploring the reports, monitoring, and notification features, the exploration exercises are complete. You have now reached the end of this set of exercises. The next section explores the VMware User Environment Management capabilities in greater depth.
Exploring VMware User Environment Manager
Installing VMware User Environment Manager on Microsoft Azure
VMware User Environment Manager provides a wide range of capabilities such as personalization of Windows and applications, contextual policies for enhanced user experience, and privilege elevation to aid in your privilege management strategy. If you are already using VMware User Environment Manager on physical or virtual desktops or RD Session Host servers, your knowledge transfers immediately to Horizon Cloud on Microsoft Azure. VMware User Environment Manager is flexible enough to run on physical, virtual, and cloud-hosted machines.
You bring your own Microsoft Azure IaaS capacity, on which Horizon Cloud and VMware User Environment Manager are deployed. You have the option of using the included VMware User Environment Manager licenses by installing a new instance, or leveraging an existing instance.
The infrastructure requirements are minimal, comprised primarily of SMB file shares. VMware User Environment Manager uses one share for configuration data, and another for profile archive data. You can deploy one or more Windows Server VMs on Microsoft Azure, and configure file sharing. For comprehensive share requirements, see Installing and Configuring VMware User Environment Manager. While there are several server models available in the Microsoft Azure Marketplace, consider using Dv2, Dv3, or Ev3 series VMs to create file servers for the requisite SMB file shares. Additional disks can be added to accommodate increased performance demand (IOPS) as needed.
Figure F1: VMware User Environment Manager Process Flow
Exploring Deployment Options
You can use Microsoft Azure to extend your existing data centers in a hybrid-cloud model, or treat Microsoft Azure as a stand-alone, public-cloud capacity. Horizon Cloud and VMware User Environment Manager support both configurations.
For stand-alone, or single-site deployments, Installing and Configuring VMware User Environment Manager contains everything you need to know to deploy. VMware User Environment Manager is installed and managed the same way, whether deployed on premises or in a public cloud.
With the hybrid-cloud or multi-site model, Microsoft Azure capacity is essentially a remote customer data center. The VMware Horizon 7 Enterprise Edition Multi-Site Reference Architecture provides detailed information to configure VMware User Environment Manager for a consistent user experience as end users roam from site to site.
Optimizing VM Performance
A common question for multi-site VMware User Environment Manager deployments is whether users from multiple sites can access a single SMB file share instance at the primary data center. While this is possible, there are design considerations to ensure the best experience.
DirectFlex is a feature of VMware User Environment Manager that reads and writes personalization data as applications are opened and closed. DirectFlex improves the efficiency of the VMware User Environment Manager agent by only fetching configuration data that is needed, when it is needed, rather than reading it all during login. By design, DirectFlex makes frequent requests to the SMB file servers hosting the VMware User Environment Manager configuration and user shares. The latency of these requests directly affects the end-user experience. Typically, anything less than 20 milliseconds has no noticeable impact. As latency gets worse, the chance and severity of impact to the end-user experience increases.
Even a high-performing ExpressRoute may have latency greater than 20 milliseconds, so it is recommended to deploy VMware User Environment Manager in the same Azure region as your Horizon Cloud node. If the design goal is to have a single VMware User Environment Manager deployment for both on-premises and cloud-hosted VMs, Distributed File System (DFS) replication is recommended. This model provides IT with a single point of administration, while keeping configuration and user data geographically near the VMs accessing the data.
Figure F2: VMware User Environment Manager Deployment Options
For more information about configuring DFS for multi-site VMware User Environment Manager deployments, see VMware Horizon 7 Enterprise Edition Multi-Site Reference Architecture.
Using the NoAD Mode
VMware User Environment Manager has traditionally been configured and enabled using ADMX templates with Group Policy, and logon or logoff scripts. Version 9.1 introduced an alternative, XML-based option called NoAD Mode. NoAD Mode simplifies administration by eliminating the need to create and manage GPOs, and can be used for on-premises, hybrid-cloud, and public-cloud deployments of VMware User Environment Manager.
When deploying VMware User Environment Manager in a hybrid-cloud or multi-site model, NoAD Mode has the added benefit of not being dependent on Domain Controllers and GPO replication. While not a requirement, the NoAD Mode option is recommended, especially for hybrid-cloud and public-cloud deployments.
Horizon Cloud on Microsoft Azure is the newest offering in the Horizon Cloud Services suite. VMware User Environment Manager seamlessly integrates with Horizon Cloud, and provides a consistent user experience across physical, virtual, and cloud-hosted PCs and RD Session Host servers.
For video demonstrations, see Deploying and Using VMware Horizon Cloud on Microsoft Azure. For more information about VMware User Environment Manager, see VMware User Environment Manager Deployed in 60 Minutes or Less.
Summary and Additional Resources
The Quick-Start Tutorial for VMware Horizon Cloud on Microsoft Azure introduces you to Horizon Cloud on Microsoft Azure through a discussion of the features and capabilities and a series of practical exercises to help you set up and explore this offering. The Overview describes the interoperability of the architecture and components, as well as core capabilities and new features. Sets of sequential exercises walk you through the process of gathering prerequisite data, meeting requirements, deploying a Horizon Cloud node, creating a master image, creating a farm from the image, and adding and assigning applications to users and groups. Additional sections explore the reporting and analytics functionality, and end with an exploration of the integration with VMware User Environment Manager.
Terminology Used in This Tutorial
The following terms are used in this tutorial:
A VM, also referred to as a desktop image, a golden image, or a master image, that is an RDS-enabled Microsoft Windows Server operating system VM configured with the Horizon Agent and DaaS Agents, and is created and configured for desktop deployment.
A set of securely accessed Internet-hosted services
Desktops as a service agent
Input and output operations per second (IOPS, pronounced eye-ops) is an input and output performance measurement used to characterize computer storage devices like hard disk drives (HDD), solid state drives (SSD), and storage area networks (SAN).
Capacity provided through infrastructure as a service
RDS session host farm VMs are the server instances that provide session-based desktops and remote applications to your end users.
The user interface of a virtual machine that has been made available to an end user
A software computer running an operating system or application environment that is backed by the physical resources of a host
VMware Horizon Cloud control plane
VMware hosts the Horizon Cloud control plane in the cloud and provides ongoing feature updates and enhancements. This service enables the central orchestration and management of virtual desktops, desktop applications, remote desktop sessions, and remote applications for your users. The cloud service also manages your nodes, which are physically located in your provided capacity environments. When you log in to the cloud service, you see all your nodes and perform management activities across them, regardless of where they are physically located. The VMware Horizon Cloud control plane also hosts the Horizon Cloud Administration Console, which is accessible from anywhere at any time, providing maximum flexibility.
VMware Horizon Cloud Administration Console
The common management user interface hosted by the cloud control plane. The Horizon Cloud Administration Console runs in industry-standard browsers and provides a single location for management tasks involving user assignments and the virtual desktops, remote desktop sessions, and applications.
Virtual network which is used to connect Horizon Cloud VNet with Microsoft Active Directory. Virtual network peering enables you to seamlessly connect two Microsoft Azure virtual networks. Once peered, the virtual networks appear as one, for connectivity purposes.
For more information about Horizon Cloud on Microsoft Azure, you can explore the following resources:
- Application and service principal objects in Azure Active Directory
- Blog post: Deploying and Using VMware Horizon Cloud on Microsoft Azure: New Video Series
- Blog post: Get Ready for VMware Horizon Cloud on Microsoft Azure
- Blog post: Here Comes Horizon Cloud
- Blog post: Horizon Cloud on Microsoft Azure—It Keeps Getting Better
- Blog post: VMware Horizon Cloud on Microsoft Azure: Learn More at VMworld 2017 U.S.
- Blog post: VMware User Environment Manager Deployed in 60 Minutes or Less
- Getting Started with VMware Horizon Cloud Service on Microsoft Azure
- Horizon Cloud on Microsoft Azure Datasheet
- Horizon Cloud Service documentation
- Horizon Cloud Service on Microsoft Azure documentation
- Horizon Cloud Support for Microsoft Azure - FAQ
- Installing and Configuring VMware User Environment Manager
- Installing and Configuring User Environment Manager in NoAD Mode
- Microsoft SMB Protocol and CIFS Protocol Overview
- Subscription-Related Information for the Deployment Wizard
- Video: Create an Image and Deploy a Farm
- Video: VMware Horizon Cloud Demo
- Video: Previewing Horizon Cloud Service on Microsoft Azure
- Video: VMware Horizon Cloud on Microsoft Azure – Getting Started
- Video: VMware User Environment Manager 9.2 - Privilege Elevation Demo
- VMware and Microsoft
- VMware Horizon 7 Enterprise Edition Multi-Site Reference Architecture
- VMware Horizon Cloud
- VMware Horizon Cloud Service on Microsoft Azure Checksheet
About the Authors
This guide was written by
- Rick Terlep, End-User-Computing Architect, End-User-Computing Technical Marketing, VMware
- Jerrid Cunniff, End-User-Computing Cloud Services Senior Architect, VMware
- Cindy Heyer Carroll, Technical Writer in End-User-Computing Technical Marketing, VMware
- Josh Spencer, End-User-Computing Architect, End-User-Computing Technical Marketing, VMware
The purpose of this guide is to assist you, and your feedback about this is valuable. To comment on this guide, contact VMware End-User-Computing Technical Marketing at email@example.com.