B: Deploying a Horizon Cloud Service Node

B: Deploying a Horizon Cloud Service Node

About Node Deployment

Now that you have set up the Horizon Cloud Service on Microsoft Azure node, you are ready to begin the initial configuration process of your deployment. In this series of exercises, you deploy a Horizon Cloud Service node and bind it to an existing Active Directory domain, which grants the Horizon Cloud Service control plane access to create and manage resources in Microsoft Azure. These exercises are sequential and build upon one another, so make sure to complete each exercise in this section before going to the next.

Exercise B1: Deploying the Horizon Cloud Service Node

Armed with the prerequisite information from your Microsoft Azure tenant, you are ready to begin deploying the Horizon Cloud Service node and binding it to an existing Active Directory domain.

  1. Use your My VMware credentials, which give you access to the Horizon Cloud Service control plane.
  2. Before you deploy the Horizon Cloud Service node, verify that you have the prerequisite information from your Microsoft Azure tenant, which the Horizon Cloud Service deployment wizard uses during the deployment process:
    • Service Principal: Like a certificate, the service principal object defines the policy and permissions for use of an application in a specific tenant, and is used to grant Horizon Cloud Service permission to access and modify your Microsoft Azure tenant
    • Subscription ID: Primary Microsoft Azure billing identifier based on your agreement with Microsoft
    • Directory ID: Your Primary Identifier or Identifiers in Microsoft Azure Active Directory
    • Application ID: An attribute of the Service Principal that securely ties the Horizon Cloud Service control plane to your Microsoft Azure subscription
    • Application Key: A one-time-use password that is used to encrypt the service principal
      For more information, see Getting Started with VMware Horizon Cloud Service on Microsoft Azure.

1. Log in to VMware Horizon Cloud Service

Log in to Horizon Cloud Service, using your My VMware account ID and password.

2. Add a New Horizon Cloud Service Node

  1. In an account with no nodes previously deployed, the Getting Started wizard defaults to the Capacity section. In the upper right corner of the Add Cloud Capacity pane, click Add, which starts the Horizon Cloud Service Node Deployment wizard.
  2. (To add a new Microsoft Azure node to an account with nodes previously deployed, click Settings > Capacity > New > Node > Microsoft Azure.)

3. Provide Subscription Details

  1. In the Microsoft Azure Subscription tab of the Add Cloud Capacity window, provide the data that you gathered earlier:
    • Apply Subscription: Select Add New and enter the new subscription information.
    • Subscription Name: Enter a recognizable name to distinguish this subscription from others. The name must start with a letter and contain only letters, numbers, and dashes.
    • Environment: Select the environment associated with your Microsoft Azure subscription.
    • Subscription ID: Enter the subscription ID in UUID form, from the Subscription area of your Microsoft Azure portal.
    • Directory ID: Enter the Microsoft Azure AD Directory ID in UUID form, from the Microsoft Azure Active Directory properties in your Microsoft Azure portal.
    • Application ID: Enter the application ID in UUID form associated with the service principal you created in the Microsoft Azure portal. Creating an application registration and associated service principal in your Microsoft Azure Active Directory was a prerequisite.
    • Application Key: Enter the key value for the authentication key of the service principal that you created in the Microsoft Azure portal. Creating this key was a prerequisite.
  2. In the lower right corner, click Add.

4. Provide Node Setup Details

  1. In the Details panel of the Node Setup tab, provide the following information:
    • Node Name: Enter a recognizable name, to be used in the Administration Console to distinguish this node from other nodes.
    • Location: Click Add to specify a location, which you can use to group nodes according to categories that you provide, such as Business Unit A, Business Unit B, and so on.
    • Microsoft Azure Region: Select the physical geographic Microsoft Azure region into which you want the node to be deployed. For best performance, deploy the Horizon Cloud Service node in a region that is geographically near the end users consuming the service to provide lower latency.
    • Description: Enter an optional description for this node.

5. Provide Networking Details

  1. In the Networking panel of the Work Setup tab, provide the following information:
    • Virtual Network: Select a virtual network from the list. Only virtual networks that exist in the region selected in the Microsoft Azure Region field are shown here. You must have already created the VNet you want to use in that region in your Microsoft Azure subscription.
    • Management Subnet (CIDR): Enter a subnet (in CIDR notation) to which the node and Unified Access Gateway instances get connected, such as 192.168.8.0/28. For the management subnet, a CIDR of at least /28 is required.
    • Desktop Subnet (CIDR): Enter the subnet (in CIDR notation) to which all of this node's RDSH servers for end-user remote desktops and applications get connected, such as 192.168.12.0/22. Minimum: /28. Recommended: /22.
    • NTP Servers: Enter the list of NTP servers to use for time synchronization, separated by commas (for example 10.11.12.13, time.example.com).

6. Provide Unified Access Gateway Details

  1. In the Unified Access Gateway panel of the Work Setup tab, provide the following information.
    • Internet Enabled Desktops: Select Yes to enable users located outside your corporate network to access desktops and applications. The node includes a load balancer and Unified Access Gateway instances to enable this access. Selecting Internet-enabled desktops triggers Horizon Cloud Service to automatically deploy two Unified Access Gateway appliances in an availability setting.
    • FQDN: Enter the required fully qualified domain name (FQDN), such as ourOrg.example.com, for your end users to use to access the service. You must own that domain name and have a certificate in PEM format that can validate that FQDN.
    • DMZ Subnet (CIDR): Enter the subnet in CIDR notation for the demilitarized zone (DMZ) network to be configured to connect the Unified Access Gateway instances to the load balancer.
    • Certificate: Upload the certificate in PEM format for Unified Access Gateway to use to allow clients to trust connections to the Unified Access Gateway instances running in Microsoft Azure. The certificate must be based on the FQDN you entered and be signed by a trusted CA. A certificate is automatically applied to the two Unified Access Gateway appliances during deployment.
  2. In the lower right corner, click Validate & Proceed.

7. Verify That the Horizon Cloud Service Node Is Deployed

  1. After clicking Validate & Proceed, review the Summary tab, verify that the information is correct and complete, and click Submit.
  2. Wait until a green check mark appears, and a join domain message, which indicates that the Horizon Cloud Service node and all supporting infrastructure components are deployed. This process can take up to an hour to complete.

After you finish deploying the Horizon Cloud Service node, proceed to the next exercise to perform the domain bind operation.

Exercise B2: Binding to the Active Directory Domain

Machine creation and domain join operations are automated by Horizon Cloud Service. The domain bind operation must be performed on the node before creating images and farms. You have several Active Directory domain configurations to choose from. For more information about these options, see Getting Started with VMware Horizon Cloud Service on Microsoft Azure.

To complete the Active Directory configuration, provide information about the domain and accounts used for domain operations.

  1. In the Horizon Cloud Service Administration Console, in the navigation pane on the left, click Settings.
  2. Click Getting Started.

1. Expand the General Setup Fields

  1. In the Getting Started wizard, locate the 1 Microsoft Azure Node Added.
  2. Click General Setup to expand the fields.

2. Configure

  1. Under General Setup, locate the Active Directory panel.
  2. On the far right, click Configure.

3. Register Active Directory

  1. In the Register Active Directory window, provide information about the domain and accounts used for domain operations.
    • NETBIOS Name: Enter the Active Directory domain name.
    • DNS Domain Name: Enter the fully qualified Active Directory domain name.
    • Protocol: Accept the LDAP default.
    • Bind Username: Enter the user account in the domain to use as the primary LDAP bind account.
    • Bind Password: Enter the password associated with the Bind Username.
    • Auxiliary Account #1: In the Bind Username and Bind Password fields, enter a user account in the domain to use as the auxiliary LDAP bind account and its associated password.
    • For more information, see VMware Horizon Cloud Service on Microsoft Azure Administration Guide.
  2. In the lower right corner, click Domain Bind.

4. Provide Domain Join Details

  1. After configuration is complete, in the Domain Join window, provide the required data.
    • Primary DNS Server IP: Enter the IP address of the primary DNS Server.
      Note: This DNS server must be able to resolve machine names inside of your Microsoft Azure cloud as well as resolve external names.
    • Join Username: Enter the user account in the Active Directory that has permissions to join systems to that Active Directory domain.
    • Join Password: Enter the password associated with the Join Username.
    • Secondary DNS Server IP (Optional): Enter the IP of a secondary DNS Server.
  2. In the lower right corner, click Save.

5. Add the Administrator

  1. In the Add Administrator window, select an Active Directory User Group
  2. In the lower right corner, click Save.

Note: Add the Active Directory group that includes the domain-join account, as described in the prerequisites. This action grants this group permissions to perform management actions in the Administration Console.

6. Notice Change in Login Windows

  1. When you finish registering the node with your Active Directory domain, the system returns you to the login window.
  2. In the login window, you must log back in, first with your My VMware account, and then with the Active Directory credentials in the group that you just assigned.

7. Join the VMware Customer Experience Improvement Program

  1. With the Horizon Cloud Service node deployed and the bind operation complete, you can move the Yes/No slider to choose whether or not to join the VMware Customer Experience Improvement Program.
  2. In the lower right corner, click Save.

For more information, see VMware Horizon Cloud Service on Microsoft Azure Administration Guide, and click Getting Started Using Your Horizon Cloud Environment > Register the First Active Directory Domain.

After deploying the Horizon Cloud Service node and completing the bind operation, proceed to the next section to create master images.