Horizon on Alibaba Cloud VMware Service Architecture
This chapter is one of a series that make up the VMware Workspace ONE and VMware Horizon Reference Architecture, a framework that provides guidance on the architecture, design considerations, and deployment of VMware Workspace ONE and VMware Horizon solutions. This chapter provides information about architecting VMware Horizon when deployed on Alibaba Cloud VMware Service.
Introduction
VMware Horizon on Alibaba Cloud VMware Service delivers a seamlessly integrated hybrid cloud for virtual desktops and applications. Alibaba Cloud VMware Service is based on VMware Cloud Foundation and provides a fully supported, customizable cloud environment for VMware deployments and migrations. The solution delivers a full-stack software-defined data center (SDDC), including VMware vCenter, vSphere ESXi, NSX, and vSAN, delivered as a service on Alibaba Cloud Infrastructure (ACI).
Alibaba Cloud VMware Service combined with the market-leading capabilities of VMware Horizon gives a simple, secure, and scalable solution, that can easily address use cases such as on-demand capacity, disaster recovery, and cloud co-location without buying additional data center resources.
For customers who are already familiar with Horizon or have Horizon deployed on-premises, deploying Horizon on Alibaba Cloud VMware Service lets you leverage a unified architecture and familiar tools. This means that you use the same expertise you know from VMware vSphere and Horizon for operational consistency and leverage the same rich feature set and flexibility you expect. By outsourcing the management of the hardware and vSphere platform, you can simplify management of Horizon deployments.
For more information about VMware Horizon on Alibaba Cloud VMware Service, visit Alibaba Cloud VMware Service and the Alibaba Cloud documentation.
Figure 1: Horizon on Alibaba Cloud VMware Service
For details on feature parity between Horizon on-premises and Horizon on Alibaba Cloud VMware Service, see the VMware Knowledge Base article VMware Horizon on Alibaba Cloud VMware Service (ACVS) Support (92140).
The purpose of this design chapter is to provide a set of best practices on how to design and deploy Horizon on Alibaba Cloud VMware Service. This content is designed to be used in conjunction with Horizon documentation, and Alibaba Cloud VMware Service documentation.
| Important | It is highly recommended that you review the design concepts covered in the Horizon 8 Architecture chapter. This chapter builds on that one and covers specific information only for Horizon on Alibaba Cloud VMware Service. |
Deployment Options
Horizon on Alibaba Cloud VMware Service has one deployment option, the All-in-SDDC, which is a consolidated design with all the Horizon components located inside the SDDC.
All-in-SDDC
Every component in the All-in-SDDC-based deployment model, including management, is located inside the Alibaba Cloud VMware Service Software-Defined Data Centers (SDDCs).
The following figure shows the high-level logical architecture of this deployment model and all the management components inside the SDDC.
Figure 2: All-in-SDDC Logical Architecture
Architectural Overview
In this section, we discuss the various components, including individual server components used for Horizon, single or multiple vSphere Software-Defined Data Centers (SDDC), management and compute components, NSX-T components, and resource pools.
Components
The individual server components used for Horizon, whether deployed on Alibaba Cloud VMware Service or on-premises, are the same. See the Components section in the Horizon 8 Architecture for details on the common server components.
Check the Knowledge Base article 92140 for feature parity of Horizon on Alibaba Cloud VMware Service.
The components and features that are specific to Horizon on Alibaba are described in this section.
Software-Defined Data Centers (SDDC)
Alibaba Cloud VMware Service allows you to create vSphere Software-Defined Data Centers (SDDCs) on Alibaba Cloud Infrastructure (ACI). These SDDCs include VMware vCenter Server for VM management, VMware vSAN for storage, and VMware NSX for networking.
You can connect an on-premises SDDC to a cloud SDDC and manage both from a single VMware vSphere Web Client interface. Using a connected Alibaba Cloud account, you can access Alibaba Cloud services such as Alibaba Elastic Compute Service and Alibaba File Storage NAS from virtual machines in your SDDC. For more information, see the Alibaba Cloud documentation.
After you have deployed an SDDC on Alibaba Cloud VMware Service, you can deploy Horizon in that cloud environment just like you would in an on-premises vSphere environment. For pricing information, see Pricing on Alibaba Cloud VMware Service.
Management Component
The management component for the network includes vCenter Server.
Compute Component
The compute component includes the following Horizon infrastructure components:
- Horizon Connection Servers
- Unified Access Gateway appliances
- App Volume Managers
- Virtual machines
NSX-T Components
VMware NSX-T is the network virtualization platform for the Software-Defined Data Center (SDDC), delivering networking and security entirely in software, abstracted from the underlying physical infrastructure.
The maximum number of ports per logical network is 1000. Pools can leverage the multi-VLAN option in Horizon to extend beyond this.
- Tier-0 router – Handles Internet, route- or policy-based IPsec VPN, Alibaba Express Connect, and also serves as an edge firewall for the Tier-1.
- Tier-1 router – Serves as a distributed firewall for all customer internal networks.
See Network Configuration for more information.
Resource Pools
A resource pool is a logical abstraction for flexible management of resources. Resource pools can be grouped into hierarchies and used to hierarchically partition available CPU and memory resources.
Within a Horizon pod on Alibaba Cloud VMware Service, you can use vSphere resource pools to separate management components from virtual desktops or published applications workloads to make sure resources are allocated correctly.
After an SDDC instance on Alibaba Cloud VMware Service is created, two resource pools exist:
- Management Resource Pool - with reservations that contain vCenter Server plus NSX-T
- Workload Resource Pool - within which everything is managed by the customer
When deploying both Horizon management components and user resources in the same SDDC, it is recommended to create two sub-resource pools within the Workload Resource Pool for your Horizon deployments:
- Horizon Management Resource Pool - for the Horizon management components, such as Connection Servers
- Horizon User Resource Pool - for the desktop pools and published apps
Figure 3: Resource Pools for All-in-SDDC Architecture of Horizon on Alibaba Cloud VMware Service
Scalability and Availability
In this section, we discuss the concepts and constructs that can be used to provide scalability of Horizon.
Block and Pod
A key concept of Horizon, whether deployed on Alibaba Cloud VMware Service or on-premises is the use of blocks and pods. See the Pod and Block section in Horizon 8 Architecture.
Table 1: Block and Pod Strategy
| Decision | A single pod containing one resource block (one SDDC) was deployed. |
| Justification | We are using an FQDN to directly connect to the POD. |
Cloud Pod Architecture
Cloud Pod Architecture (CPA) is a standard Horizon feature that allows you to connect your Horizon deployment across multiple pods and sites for federated management. It can be used to scale up your deployment, build a hybrid cloud, and provide redundancy for business continuity and disaster recovery. CPA introduces the concept of a global entitlement (GE) that spans the federation of multiple Horizon pods and sites. Any users or user groups belonging to the global entitlement are entitled to access virtual desktops and RDS published apps on multiple Horizon pods that are part of the CPA.
Important: CPA is not a stretched deployment; each Horizon pod is distinct and all Connection Servers belonging to each of the individual pods are required to be in a single location and run on the same broadcast domain from a network perspective.
Here is a logical overview of a basic two-site/ two-pod CPA implementation. For Alibaba Cloud VMware Service, Site 1 and Site 2 might be different Alibaba Cloud availability zones, or Site 1 might be on-premises and Site 2 might be on Alibaba Cloud VMware Service.
Figure 4: Cloud Pod Architecture
One consideration to be aware of is potential hairpinning of the Horizon protocol traffic through another Horizon Pod or SDDC than the one where the users’ Horizon resource is located. See Protocol Traffic Hairpinning for more information.
Without the global load balancer and the ability to have a single namespace for multiple environments, end users will be presented with a possibly confusing array of desktop icons (corresponding to the number of pods on which desktops have been provisioned for them).
For the full documentation on how to set up and configure CPA, refer to Administering View Cloud Pod Architecture in the Horizon documentation and the Cloud Pod Architecture section in Horizon Configuration.
Workspace ONE Access
Workspace ONE® Access SaaS can be used to broker Horizon resources. In this case, the entitlements and resources are synced to Workspace ONE Access and Workspace ONE Access knows the FQDN of each pod to properly direct users to their desktop or application resources.
For more design details, see Horizon and Workspace ONE Access Integration in the Platform Integration chapter.
Figure 5: Syncing Horizon Resources into Workspace ONE Access SaaS
Sizing Horizon on Alibaba Cloud VMware Service
The overall methodology for sizing Alibaba Cloud VMware Service is the same as for on-premises deployments. You must size your requirements for deploying Horizon on Alibaba Cloud VMware Service to determine the number of hosts you must deploy for the following purposes:
- Your virtual desktop or RDS workloads.
- Your Horizon infrastructure components, such as Horizon Connection Servers, Unified Access Gateways, and App Volumes managers.
- SDDC infrastructure components on Alibaba Cloud VMware Service. These components are deployed and managed automatically for you by Alibaba but require capacity in your SDDC.
The minimum number of hosts required per SDDC on Alibaba Cloud VMware Service for production use is 3 nodes (hosts). See Host Specifications for the RAM, CPU, and disk capacities of the hardware in Alibaba Cloud VMware Service.
One design consideration in sizing an SDDC is the throughput capability of the SDDC networking and the NSX edge gateways. Each user session will generate a certain amount of traffic that needs to pass through the NSX edge gateways.
Each SDDC can handle up to 1,000 desktop or application sessions, assuming:
- The workload traffic aligns with the LoginVSI task worker profile.
- Only protocol traffic is considered, no user data.
- NSX Edge gateways are configured to be large.
Your workload profile and needs may be different, and therefore results may vary based on your use case. User data volumes may lower scale limits in the context of your workload. Size and plan your deployment accordingly. Work with your VMware team to help determine the correct sizing.
Network Configuration
When SDDCs are deployed on Alibaba Cloud VMware Service, NSX-T is used for network configuration.
The recommended network architecture consists of a double DMZ and a separation between Horizon management components and the RDSH and VDI virtual machines.
Figure 6: Network Diagram (Subnets are for Illustrative Purposes Only)
Unified Access Gateway
The Unified Access Gateway appliances are located inside the Alibaba Cloud VMware Service SDDC. To ensure redundancy and scale, multiple Unified Access Gateways are deployed. To implement them in a highly available configuration and provide a single namespace, either the high availability (HA) feature built into Unified Access Gateway.
See the Load Balancing Unified Access Gateway section of the Horizon 8 Architecture chapter and the High Availability section of the Unified Access Gateway Architecture chapter.
Table 2: Load Balancing Unified Access Gateways Strategy
| Decision | Unified Access Gateway High Availability was used to present a single virtual IP and namespace for the Unified Access Gateways. |
| Justification | Using Unified Access Gateway HA simplifies the deployment. HA with Unified Access Gateways provides the required scale and capability of an individual Horizon pod within an SDDC. |
To provide direct external access, a public IP address would be configured with Network Address Translation (NAT) to forward traffic to either the Unified Access Gateway HA virtual IP address or to the load balancer virtual IP address.
When using Unified Access Gateway HA, the individual Unified Access Gateway appliances also each require a public IP address and NAT configured to route the Horizon protocol traffic to them.
Load Balancing Connection Servers
Multiple Connection Servers are deployed for scale and redundancy. Depending on the user connectivity, you may or may not need to deploy a third-party load balancer to provide a single namespace for the Connection Servers. When all user connections originate externally and come through a Unified Access Gateway, it is not necessary to have a load balancer between the Unified Access Gateways and the Connection Servers. Each Unified Access Gateway can be defined with a specific Connection server as its destination. While the diagram below shows a 1 to 1 mapping of Unified Access Gateway to Connection Server, it is also possible to have an N to 1 mapping, where more than one Unified Access Gateway maps to the same Connection Server.
Figure 7: Load Balancing when all Connections Originate Externally
Where users will be connecting from internally routed networks and their session will not go via a Unified Access Gateway, a load balancer should be used to present a single namespace for the Connection Servers. A load balancer such as the NSX Advanced Load Balancer (Avi), should be deployed. See the Load Balancing Connection Servers section of the Horizon 8 Architecture chapter.
When required for internally routed connections, a load balancer for the Connection Servers can be either:
- Placed in between the Unified Access Gateways and the Connection Server and used as an FQDN target for both internal users and the Unified Access Gateways.
- Located so that only the internal users use it as an FQDN.
Figure 8: Options for Load Balancing Connection Servers for Internal Connections
Table 3: Load Balancing Connection Servers Strategy
| Decision | Connection Servers were not load balanced. |
| Justification | All the users will connect to the environment externally through the Unified Access Gateways. |
DHCP Service
It is critical to ensure that all VDI-enabled desktops have the proper assigned IP address. In most cases, you opt for the automatic IP assignment.
Alibaba Cloud VMware Service supports the following ways to assign IP addresses to clients:
- NSX-T based local DHCP service.
- DHCP Relay, customer managed.
DNS Service
Reliable and correctly configured name resolution is key for a successful hybrid Horizon deployment. Your design choice will directly influence the configuration details.
Network Connectivity
If connecting an Alibaba Cloud VMware Service SDDC with on-premises data centers or with another SDDC, review the options available in the Alibaba documentation hybrid cloud network.
Alibaba Express Connect is a cloud service solution that makes it easy to establish a dedicated network connection from your premises to Alibaba Cloud Infrastructure. Using Alibaba Express Connect, you can establish private connectivity between Alibaba Cloud and your data center, office, or co-location environment, which in many cases can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet-based connections.
Figure 9: Alibaba Cloud VMware Service Networking to On-Premises
Data Egress Cost
Unlike on-premises deployments, deploying Horizon on Alibaba Cloud VMware Service incurs data egress costs based on the amount of data egress traffic the environment will generate. It is important to understand and estimate the data egress traffic. Refer to the Alibaba documentation for more information.
Understanding Different Types of Data Egress Traffic
Depending on the deployment use case, you may be incurring costs for some or all of the following types of data egress traffic:
- End-user traffic via the Internet – You have configured your environment where your end users will connect to their virtual desktops on Alibaba Cloud VMware Service remotely via the Internet. Any data leaving the Alibaba Cloud VMware Service data center will incur egress charges. Egress data consists of the following components: outbound data from Horizon protocols and outbound data from remote experience features (for example, remote printing). Although the former is typically predictable, the latter has more variance and depends on the exact activity of the user.
- End-user traffic via the on-premises data center – You have configured your environment where your end users will connect to their virtual desktops on Alibaba Cloud VMware Service via your on-premises data center. In this case, you will have to link your data center with the Alibaba Cloud VMware Service data center using VPN or Express Connect. Any data traffic leaving the Alibaba Cloud VMware Service data center and traveling back to your on-premises data center will incur egress charges. And if you have Cloud Pod Architecture (CPA) configured between the on-premises environment and the Alibaba Cloud VMware Service environment, you will incur egress charges for any CPA traffic between the two pods.
- External application traffic – You have configured your environment where your virtual desktops on Alibaba Cloud VMware Service must access applications hosted either in your on-premises environment or in another cloud. Any data traffic leaving the Alibaba Cloud VMware Service data center and traveling to these other data centers will incur egress charges.
Scaling Deployments
In this section, we will discuss options for scaling out Horizon on Alibaba Cloud VMware Service, using the All-in-SDDC architecture, with a single SDDC and with multiple SDCCs.
One of the main constraints to consider is the amount of network traffic throughput capability of the NSX edge gateway components inside the SDDCs. The network throughput into and out of an SDDC limits the number of Horizon sessions each SDDC is capable of hosting.
When assessing the amount of network traffic that the Horizon sessions will consume, a variety of factors should be considered, including:
- Protocol traffic – Can be affected by the display resolution, number of displays, content type, and usage.
- User data – Where the user data is outside the SDDC or is replicated into or out of the SDDC.
- Application data – When applications used in the Horizon desktops or published applications reside outside the SDDC.
The number of Horizon sessions that can be hosted within a single SDDC depends on how much network traffic the sessions generate that needs to enter or exit the SDDC and therefore traverse the NSX edge gateways.
Single SDDC
The simplest deployment comprises of a single SDDC. This will also form the building block for multiple SDDC deployments.
- Resource pools for Horizon Management and Horizon User are created within the default created Workload resource pool.
- Network segments are added for External-DMZ, Internal-DMZ, Horizon-Management, and VDI and RDSH as detailed in Network Configuration.
The Horizon management components, such as the Horizon Connection Servers and Unified Access Gateways are built out and attached to the relevant network segment, inside the SDDC.
Figure 10: Logical Architecture for a Single SDDC with Networking
An FQDN (for example, acvs1.company.com) is bound to an external public IP address which will then be NATed to the HA virtual IP address of the Unified Access Gateways. Each individual Unified Access Gateway will also need a public IP address and NAT rules to forward protocol traffic to them.
This FQDN will then be used to provide user access by either:
- Using the FQDN with the Horizon Client.
- Using Universal Broker and configuring the Pod External FQDN to use the pod FQDN.
- Integrating with Workspace ONE Access. See Horizon and Workspace ONE Access Integration in the Platform Integration chapter.
Figure 11: Horizon Connection Flow with Single SDDC
To build out a full Horizon pod environment, the following components and servers were deployed.
Table 4: Connection Server Strategy
| Decision | Two Horizon Connection Servers were deployed. These ran on dedicated Windows 2022 VMs located in the Horizon-Management network segment. |
| Justification | One Connection Server supports a maximum of 4,000 sessions. A second server provides redundancy and availability (n+1). |
Table 5: Unified Access Gateway Strategy
| Decision | Two standard-size Unified Access Gateway appliances were deployed inside the ACVS SDDC. These spanned the Internal and External DMZ network segments. |
| Justification | UAG provides secure external access to internally hosted Horizon desktops and applications. One standard UAG appliance is recommended for up to 2,000 concurrent Horizon connections. A second UAG provides redundancy and availability (n+1). |
Table 6: App Volumes Manager Strategy
| Decision | Two App Volumes Managers were deployed. |
| Justification | App Volumes is used to deliver applications to virtual desktops and as published apps, and to simplify image management. Two App Volumes Managers provides the required scale and gives redundancy. |
Table 7: Dynamic Environment Manager Strategy
| Decision | VMware Dynamic Environment Manager (DEM) was deployed on the local file server. |
| Justification | This is used to provide customization / configuration of the Horizon desktops. This location contains the Configuration and local Profile shares for DEM. |
Table 8: SQL Server Strategy
| Decision | A SQL server was deployed. |
| Justification | This SQL server was used for the Horizon Events Database and App Volumes. |
Multiple SDDCs
To build environments capable of supporting larger numbers of users than a single SDDC can support, multiple SDDC environments can be deployed. As the All-in-SDDC architecture for Horizon on Alibaba Cloud VMware Service places all the management components inside the SDDC, there are some considerations when scaling above a single SDDC, related to the traffic throughput of the NSX edge gateways.
The current recommendation is that a Horizon pod, based in Alibaba Cloud VMware Service, should only contain a single SDDC. If multiple SDDCs were added to the same Horizon pod, user traffic might get routed through an initial SDDC to get to a destination SDDC, causing unnecessary protocol traffic through the NSX edge gateways in the initial SDDC. See Protocol Traffic Hairpinning to understand this consideration.
Figure 12: Logical Architecture for Multiple SDDC
Each SDDC is built out as a separate Horizon pod following the same design outlined in the Single SDDC design. Each SDDC has its own distinct set of Horizon management components, including Connection Servers, Unified Access Gateways, and App Volumes Managers.
Figure 13: Multiple SDDC Deployment with Networking
When deploying environments with multiple Horizon Pods, there are different options available for administrating and entitling users to resources across the pods. This is applicable for Horizon environments on Alibaba Cloud VMware Service, on other cloud platforms, or on-premises.
- The Horizon pods can be managed separately, users entitled separately to each pod, and users directed to use the unique FQDN for the correct pod.
- Alternatively, you can manage and entitle the Horizon environments by linking them using Cloud Pod Architecture (CPA).
Each Horizon pod, and therefore the SDDC that contains it, will have a dedicated FQDN for user access. For example, acvs1.company.com and acvs2.company.com. Each SDDC would have a dedicated public IP address that would correlate to its FQDN.
This avoids potential protocol traffic hairpinning through the wrong SDDC.
Figure 14: Horizon Connection Flow for Two SDDCs
Protocol Traffic Hairpinning
One consideration to be aware of is potential hairpinning of the Horizon protocol traffic through another Horizon Pod or SDDC than the one where the users’ Horizon resource is located. This can occur if the users’ session is initially sent to the wrong SDDC for authentication.
With each SDDC, all traffic into and out of the SDDC goes via the NSX edge gateways and there is a limit to the traffic throughput. In the All-in-SDDC architecture, the management components, including the Unified Access Gateways, are located inside the SDDC, and authentication traffic has to enter an SDDC and pass through the NSX edge gateway.
If the authentication traffic is not precisely directed, such as using a unique namespace for each Horizon Pod, the user could be directed to any Horizon pod in its respective SDDC. If the users’ Horizon resource is not in that SDDC where they are initially directed for authentication, their Horizon protocol traffic would go into the initial SDDC to a Unified Access Gateway in that SDDC and then back out via the NSX edge gateways and then be directed to where their desktop or published application is being delivered from.
This causes a reduction in achievable scale due to this protocol hairpinning. For this reason, caution should be exercised if using Horizon Cloud Pod Architecture.
Figure 15: Potential Horizon Protocol Traffic Hairpinning with Multiple SDDC Deployments
Licensing
Enabling Horizon to run on Alibaba Cloud VMware Service requires two separate licenses: a capacity license for Alibaba Cloud VMware Service and a Horizon license. For a POC or pilot deployment of Horizon on Alibaba Cloud VMware Service, you may use a temporary evaluation license. However, to enable Horizon for production deployment on Alibaba Cloud VMware Service, you should obtain Horizon licensing. For more information, see the Horizon Pricing and Packaging Whitepaper.
To license a Horizon pod, use one of the following licensing methods.
- Term – A license key is manually entered into a Connection Server to license the Horizon pod.
- Subscription – Licensing is obtained from the Horizon Cloud Service and synchronized by a Horizon Edge Gateway to license the Horizon pod.
With a Horizon subscription-based license, you do not need to retrieve or manually enter a license key for Horizon product activation. However, supporting component license keys, such as the license keys for App Volumes, and others, will be delivered separately, and the administrator must manually enter them to activate the product.
You can use different types of licensing (term and subscription) on different Horizon pods, regardless of whether the pods are connected by CPA. You cannot mix different licenses within a pod because each pod only takes one type of license.
Horizon Edge Gateway
When using subscription licensing you need to connect to the Horizon Cloud Service. The Horizon Edge Gateway is a virtual appliance that connects a Horizon pod with Horizon Cloud Service -next-gen features, such as subscription licensing.
- A separate Horizon Edge Gateway is required for each Horizon pod that will be connected to Horizon Cloud Service -next-gen.
- The Horizon Cloud Service – next-gen is hosted in several locations outside of China.
- The Horizon Edge Gateway is an optional component and not required if you are using Term licensing.
For more information on the Horizon Edge Gateway appliance and connecting to Horizon Cloud Service – next-gen, see the Horizon Edge Gateway Appliance section of the Horizon 8 Architecture chapter.
Preparing Active Directory
Horizon requires Active Directory services. For supported Active Directory Domain Services (AD DS) domain functional levels, see the VMware Knowledge Base (KB) article: Supported Operating Systems and MSFT Active Directory Domain Functional Levels for VMware Horizon 8 2006 (78652).
If you are deploying Horizon in a hybrid cloud environment by linking an on-premises environment with an Alibaba Cloud VMware Service Horizon pod, you should extend the on-premises Microsoft Active Directory (AD) to Alibaba Cloud VMware Service.
Although you could access on-premises located active directory services and not locate new domain controllers in Alibaba Cloud VMware Service, this could introduce undesirable latency and a dependency on the WAN links to the on-premises locations.
A site should be created in Active Directory Sites and Services and defined with the subnets containing the Domain Controller(s) in Alibaba Cloud VMware Service. This will keep the active directory services traffic local.
Table 9: Active Directory Strategy
| Decision | Active Directory domain controllers were installed into Alibaba Cloud VMware Service. |
| Justification | Locating domain controllers in Alibaba Cloud VMware Service reduces latency for Active Directory queries, DNS and KMS. |
Shared Content Library
Content Libraries are container objects for VM, vApp, and OVF templates and other types of files, such as templates, ISO images, text files, and so on. vSphere administrators can use the templates in the library to deploy virtual machines and vApps in the vSphere inventory. Sharing golden images across multiple vCenter Server instances, between multiple Alibaba Cloud VMware Services and/or on-premises SDDCs guarantees consistency, compliance, efficiency, and automation in deploying workloads at scale.
For more information, see Using Content Libraries in the vSphere Virtual Machine Administration guide in the VMware vSphere documentation.
Deploying Desktops
With Horizon on Alibaba Cloud VMware Service, both Instant Clones and full clones can be used. Instant Clones, coupled with App Volumes and Dynamic Environment Manager helps accelerate the delivery of user-customized and fully personalized desktops.
Instant Clone
Dramatically reduce infrastructure requirements while enhancing security by delivering a brand-new personalized desktop and application services to end users every time they log in:
- Reap the economic benefits of stateless, nonpersistent virtual desktops served up to date upon each login.
- Deliver a pristine, high-performance personalized desktop every time a user logs in.
- Improve security by destroying desktops every time a user logs out.
When you install and configure Horizon for instant clone for deployment on Alibaba Cloud VMware Service, do the following:
- When installing a Horizon Connection Server, select AWS as the deployment type.
- When adding Alibaba Cloud VMware Service vCenter Server to the Horizon configuration, select VMware Cloud on AWS as the deployment type.
For more information, see Instant Clone Smart Provisioning.
App Volumes
App Volumes provides real-time application delivery and management:
- Quickly provision applications at scale.
- Dynamically attach applications to users, groups, or devices, even when users are already logged in to their desktop.
- Provision, deliver, update, and retire applications in real time.
- Provide a user-writable volume, allowing users to install applications that follow them across desktops.
- Provide end users with quick access to a Windows workspace and applications, with a personalized and consistent experience across devices and locations.
- Simplify end-user profile management by providing organizations with a single and scalable solution that leverages the existing infrastructure.
- Speed up the login process by applying configuration and environment settings in an asynchronous process instead of all at login.
- Provide a dynamic environment configuration, such as drive or printer mappings, when a user launches an application.
For design guidance, see App Volumes Architecture.
Dynamic Environment Manager
Use VMware Dynamic Environment Manager for application personalization and dynamic policy configuration across any virtual, physical, and cloud-based environment. Install and configure Dynamic Environment Manager on Alibaba Cloud VMware Service just like you would install it on-premises.
Summary and Additional Resources
Now that you have come to the end of this design chapter on Horizon on Alibaba Cloud VMware Service, you can return to the landing page and use the tabs, search, or scroll to select your next chapter in one of the following sections:
- Overview chapters provide understanding of business drivers, use cases, and service definitions.
- Architecture chapters give design guidance on the products you are interested in including in your platform, including Workspace ONE UEM, Workspace ONE Access, Workspace ONE Assist, Workspace ONE Intelligence, Horizon Cloud Service, Horizon, App Volumes, Dynamic Environment Manager, and Unified Access Gateway.
- Integration chapters cover the integration of products, components, and services you need to create the platform capable of delivering the services that you want to deliver to your users.
- Configuration chapters provide reference for specific tasks as you build your platform, such as installation, deployment, and configuration processes for Workspace ONE, Horizon Cloud Service, Horizon, App Volumes, Dynamic Environment Management, and more.
Additional Resources
For more information about VMware Horizon on Alibaba Cloud VMware Service, you can explore the following resources:
Changelog
The following updates were made to this guide:
| Date | Description of Changes |
| 2023-07-19 |
|
Author and Contributors
- Graeme Gordon, Senior Staff End-User-Computing (EUC) Architect in End-User-Computing Technical Marketing, VMware.
Contributors:
- Daniel Berkowitz, Senior Staff End-User-Computing (EUC) Architect in End-User-Computing Field Engineering, VMware.
Feedback
Your feedback is valuable.
To comment on this paper, contact VMware End-User-Computing Technical Marketing at euc_tech_content_feedback@vmware.com.
Associated Content
From the action bar MORE button.