Deploying a Horizon Edge Gateway for Horizon 8 EnvironmentsHorizon Cloud Service – next-gen
Horizon 8 environments can be connected to the VMware Horizon® Cloud Service™ using the Horizon Edge Gateway. Deploying a Horizon Edge Gateway Appliance is accomplished by accessing the Horizon Universal Console, which is the administrative interface for the Horizon Cloud Service.
This guide will walk you through the steps to deploy a Horizon Edge Gateway appliance.
Horizon Edge Gateway Appliance is required to entitle your environment for use with Horizon subscription licenses, services and management features hosted in the Horizon Control Plane Services. To enable subscription license entitlement, Horizon Edge Gateway Appliance must be deployed in each Horizon Pod.
For more information on VMware Horizon® Cloud Service™ – next-gen, you can review What is Horizon Cloud Service – next-gen. All of the critical details you want to know about the service and the Service Description can be found on the VMware EULA site.
This guide is intended for IT professionals and Horizon administrators of existing production environments. Both current and new administrators can benefit from using this tutorial. Familiarity with networking and platform infrastructure (DNS, firewalls, Certificate management, and so on), Windows data center technologies such as Microsoft Azure and Active Directory is assumed. Knowledge of VMware Horizon® and Horizon Cloud Service is also helpful.
What is the Horizon Edge Gateway Appliance?
The Horizon Edge Gateway Appliance is deployed as a virtual appliance from VMware vSphere® Web Client and paired to one of the Connection Servers in the pod. As part of the pairing process, the Horizon Edge Gateway Appliance virtual appliance connects the Connection Server to the Horizon Cloud Service to manage the subscription license. With a subscription license for Horizon, you do not need to retrieve or manually enter a license key for Horizon product activation.
For more information, see VMware Horizon Cloud Service - next-gen Deployment and Onboarding.
Steps for deploying a Horizon Edge Gateway Appliance
If you are a Horizon 8 (or Horizon 7) customer leveraging a subscription-based license, you must complete the basic onboarding process to complete your license entitlement for each Horizon 8 (or Horizon 7) pod.
Details for onboarding and your first login to the Horizon Cloud Service are outside of the domain of this guide, but are explained in the product documentation by accessing the following pages:
- For a video overview of the Horizon Cloud Service Onboarding process, see the video VMware Horizon Cloud Service – next-gen: Onboarding.
- For customers who have purchased Horizon Plus licensing, see the details in Horizon Plus Documentation.
- For customers who have purchased the Horizon Universal License, see the details in VMware Horizon Cloud Service - next-gen Deployment and Onboarding.
- For a general overview of Horizon Licenses, see Understanding Horizon Licenses.
- If you are a first-time VMware customer, and do not have a VMware Cloud Service account, you can find more information on completing your initial configuration and setup as a VMware customer through the following resources:
- All details to sign up for a VMware Cloud Services account can be found in the VMware Cloud Services Documentation
- A video overview of the process can be found in the Getting Started with Cloud Universal page on the VMware TV site.
The steps required to prepare your environment for deploying the Horizon Edge Gateway in your Horizon 8 environment are the same, regardless of your subscription license. There are several infrastructure and networking configurations that must be set up prior to deployment.
The general process for deploying a Horizon Edge Gateway into a Horizon 8 environment is:
Prepare the environment and complete prerequisites
To prepare for deployment, you should check that the appropriate prerequisites and environmental conditions are set. The first thing you need to do is make sure that you have all the following infrastructure details that are required to deploy a Horizon Edge Gateway Appliance.
Note: The Horizon Edge Gateway Appliance is intended to be deployed on an internal network segment. It is not hardened for DMZ or public-facing network locations. Do not deploy the Horizon Edge Gateway Appliance on an external network.
Note: The environmental prerequisites for successful deployment of the Horizon Edge Appliance are slightly different depending on your entitlement. Make sure that you are checking the appropriate list of prerequisites in the product documentation.
Creating the DNS Entry
The Horizon Edge Gateway requires a DNS configuration that allows it to be resolved internally by the Horizon Connection Server and the Unified Access Gateways (UAGs) in the Horizon 8 deployment.
Verify Line-of-sight for Horizon Cloud Service Components
Make sure that the network location where you will deploy the appliance has line-of-sight to all of the required Horizon Cloud Control Plane DNS entries. You can find a list of these DNS entries in the product documentation. The Horizon Cloud Service next-gen Edge Subnet URL checker tool can be downloaded and run from a Windows-based machine to check that all of the appropriate URLs are available. It is best practice to ensure that the machine you use to test for connectivity to Horizon Cloud Service is on the same network segment where you plan on placing the Horizon Edge Gateway Appliance.
Verify Line-of-sight for Horizon Pod Components
You also need to make sure that there are no firewalls or other network security appliances prohibiting line-of-sight between the Horizon Edge Appliance and critical Horizon Cloud, or Horizon 8 pod resources.
For more details on setting up the prerequisites, review the following resources:
- Deploying a Horizon Edge Gateway – DNS Configuration [video]
- Deploying a Horizon Edge Gateway – Horizon Cloud Service next-gen Edge Subnet URL Checker Fling [video]
- Horizon Cloud Service – next-gen Edge Subnet URL Checker Fling [Fling]
- Horizon 8 Deployments, Horizon Edge - Preparing to Deploy [VMware Docs]
Add a Horizon 8 Edge
Assuming you have already onboarded and logged into the Horizon Cloud Service – next-gen via the Horizon Universal Console, you can deploy a Horizon Edge Gateway appliance for an existing Horizon 8 pod. The instructions for deploying a Horizon Edge Gateway appliance to your Horizon 8 pod are outlined in the product documentation.
The following video demonstrates the process for configuring and deploying a Horizon Edge Gateway Appliance into a Horizon 8 pod.
Note: Depending on whether you are a brand new Horizon Cloud Service customer or are already using Horizon Cloud Service – next-gen to manage native Microsoft Azure-based Horizon Edge environments, the interface may look somewhat different from what is demonstrated in the video.
Deploy the Horizon Edge Gateway Appliance
To deploy the Horizon Edge Gateway OVF, you will use the OVF deployment interface from vCenter. You should collect information on the following details to prepare for the OVF deployment:
OVF Server Fields
Connection string / Pairing Key
Public Key for CCADMIN (optional)
Proxy Details (optional)
No Proxy For
Domain Search Path
Domain Name Servers
Network IP Address
After you have deployed the appliance and started it, it may take up to fifteen (15) minutes for all of the required services to boot, configure, and be available. If the Horizon Edge Gateway Appliance successfully connects to the Horizon Cloud Service, you will receive a visible notification in the UI that the connection was successful.
A demonstration of the entire OVF deployment process can be found in the following video and VMware Docs contains more information on this process.
- Deploying a Horizon Edge Gateway – OVA Deployment [video]
- Deploy an OVF or OVA Template [VMware Docs]
Connect to the Horizon Connection Server
After the Pairing process has successfully completed, you must provide details on your Horizon Connection Server. This configuration is required to use with Horizon subscription licenses, services and management features hosted in the Horizon Control Plane Services.
As mentioned in Step 1, The Horizon Edge Gateway Appliance needs line-of-sight visibility so that it can communicate to the Horizon 8 Connection Server. Assuming you have configured for this prerequisite, you should be able to complete this configuration by entering the URL of the primary connection server into the configuration UI.
Note: If you leverage multiple Horizon Connection Servers in your Horizon pod, you only need to provide details for the primary Horizon Connection Server or the details of the load balancer. The Horizon Edge Gateway Appliance will find the other Horizon Connection Servers automatically.
After you have successfully completed the configuration, the Horizon Edge Gateway Appliance will configure the Horizon Connection Server with your license entitlement.
If you are having trouble getting a Horizon Edge Gateway Appliance to connect to the Horizon Cloud Service, and you have confirmed all of the prerequisites outlined in the product documentation and above, you should reach out to VMware Support for assistance.
VMware The Horizon Edge Gateway Appliance runs the Photon OS and hosts multiple Kubernetes containers that run all of the critical functions of the appliance. VMware Support may ask you to run Kubernetes commands directly on the appliance to inspect and troubleshoot the cause of the problem.
You can leverage Putty or a similar application to open a terminal session to the appliance. You will need to leverage the Root Password that you supplied during the OVF deployment process to access the appliance.
Check the status of containers
After you have accessed the appliance, you can use the kubectl command to inspect the operational status of the Kubernetes containers on the appliance.
kubectl get pods -A
This command will list all of the available pods, and report on their status. Make sure that the
edgedevice-deployment pod is READY, Running, and does not show any Restarts. You should also make sure that the
view-cs-module-deployment pod is READY, Running, and has no Restarts.
Gather Log files from individual containers
In some cases, VMware Support may ask that you gather log files from the containers for troubleshooting purposes. The process for gathering log files from a container is as follows:
- Run -
kubectl get pods -A
- Note the namespace name and pod name you want the logs from.
- Run -
- Download or copy the contents of the <
filename> to transfer it out of the VM or look at it using a text editor.
For a demonstration of running the previous commands and downloading a log file, see the following video:
Summary and Additional Resources
This document covered the four main steps to deploy a Horizon Edge Gateway, including:
- Preparing the environment and completing prerequisites.
- Creating a Provider and configuring the Horizon Edge Gateway Appliance.
- Downloading the Horizon Edge Gateway Appliance and deploying it with vCenter.
- Connecting the Horizon Edge Gateway to the Horizon Connection Server.
It also covered basic troubleshooting procedures.
For more information, you can explore the following resources:
- Deploying Horizon Edge Gateway – Connect to Horizon Connection Server [video]
- Horizon Cloud Service – next-gen Architecture [TZ article]
- Horizon Cloud Service – next-gen Initial Setup & Configuration Workflow [TZ blog]
- What is VMware Horizon Cloud Service – next-gen? [TZ article]
The following updates were made to this guide:
Description of Changes
About the Author
This guide was written by Rick Terlep, Staff EUC Technical Marketing Architect, End User Computing Technical Marketing, VMware, with contributions from:
- Gina Daly, Technical Marketing Manager, EUC Technical Marketing, VMware
Your feedback is valuable.
To comment on this paper, contact VMware End-User-Computing Technical Marketing at firstname.lastname@example.org.