Horizon on Google Cloud VMware Engine Configuration

This chapter is one of a series that make up the VMware Workspace ONE and VMware Horizon Reference Architecture, a framework that provides guidance on the architecture, design considerations, and deployment of VMware Workspace ONE® and VMware Horizon® solutions. This chapter provides information about common configuration and deployment tasks for VMware Horizon on Google Cloud VMware® Engine.

Prerequisites

Before you begin, you must install and configure the following components:

  • Google Cloud VMware Engine resources assigned to you.
  • Google Cloud login.
  • VMware Horizon Universal Licensing with access to myvmare.com. This is required to setup licensing on the Horizon Cloud Connector.
  • Third-party load balancer to install into GCP to forward Horizon protocol traffic from GCP to GCVE.

You should also review the following documentation:

Configuration

In this section, we will cover configuration of the Google Cloud Platform (GCP) as well as Google Cloud VMware Engine (GCVE) to prepare for Horizon installation. This information is provided as reference and the official Google docs should be used for your actual configuration.

Google Cloud Platform

Follow the quick start guides at: https://cloud.google.com/vmware-engine/docs/quickstarts.

Following are the steps we went through when creating the Reference Architecture Environment. Your configuration might vary, this information is provided as reference. Rely on the official Google quick-start guides referenced previously for your actual configuration.

Google Cloud Console

To get to the Google cloud console, where both Google Cloud Platform and GCVE are managed, go to https://cloud.console.google.com.

Create VPC Network

The first step is to create a Virtual Private Cloud which will contain the networks for your implementation.

Google Cloud VPC Networking Overview

  1. On the GCP Menu, in the Networking section, select VPC Network > VPC Networks.
  2. Click Create VPC Network on the top.
  3. Enter the subnet details:

Table 1: Creating a VPC Network
 

Field

Value

Name

**name of network**

Description

**description**

Subnet Creation Mode

Custom

New Subnet > Name

**name of subnet**

New Subnet > Region

**GCP region**

New Subnet > IP Address Range

Example: 10.20.0.0/24 (GW: 10.20.0.1)

New Subnet > Private Google Access

Off

New Subnet > Flow Logs

Off

Dynamic Routing Mode

Regional

Configure VPC / GCVE Private Service Connection

A private service connection must be established for each subnet created during the install of GCVE as well as any subnets created inside of GCVE manually with NSX-T for communication between the GCP and GCVE environments.

See the following documents for more details:

Graphical user interface, text, application

Description automatically generated

Figure 1: VPC Network Private Service Connection

Important: After you create segments in NSX-T for the Horizon infrastructure, you must come back to this section and add those subnets for them to communicate with GCP.

Create Firewall Rules in GCP

  1. Navigate to VPC Network > VPC Networks > **VPC network you created**.
  2. Select the Firewall rulestab.
  3. Click Add firewall ruleand add a rule to allow each of the GCVE subnets created to allow traffic to flow in and out of GCP. After segments are created in GCVE, new firewall rules in GCP must be added. 
  4. Refer to Network Ports in VMware Horizon for required Horizon ports.

Refer to the Google Cloud Platform documentation on setting firewall rules in GCP.

Enable Cloud NAT for Internet Access

Enable Cloud NAT for your VPC to allow internet access. See Using Cloud NAT for details.

Google Cloud VMware Engine

The following items need to be done inside the Google Cloud VMware Engine console. To get to the GCVE console, browse to Compute in the GCP menu and select VMware Engine.

Graphical user interface, application

Description automatically generated

Figure 2: Google Cloud VMware Engine Admin Console

In the GCVE console, select Resources and the name of your private cloud.

Graphical user interface, application

Description automatically generated

Figure 3: GCVE Resources

Graphical user interface, application

Description automatically generated

Figure 4: Private Cloud DNS Servers in GCVE Admin Console

Now, select Summary and note the Private Cloud DNS Server addresses – these are required for the next step to add conditional DNS forwarders.

Enable DNS Conditional Forwarder

You must define a conditional forwarder on your DNS server for gve.goog pointing to the IP addresses of the Private Cloud DNS servers captured in the previous step.

See Configuring DNS for vCenter access for more details on the process.

NSX-T

Networking for your SDDC must be created inside of NSX-T. When you are inside the GCVE management console, select vSphere Management Network then click the link for the NSX Manager under FQDN. 

Graphical user interface, text, application, email

Description automatically generated

Figure 5: NSX Manager FQDN in GCVE Admin Console

Default Login to NSX Manager

  • Username:admin
  • Password:VMwareEngine123!
  1. Create segments for Desktops, Management, and Internal and External DMZ.
  2. Enable DHCP on the desktops segment and optionally the management segment.
  3. See the NSX-T Data Center Installation Guide for the NSX-T Documentation on how this is done. 
  4. Update the GCVE Firewall for communication to/from GCP for newly created segments.

vSphere Console

In the same section that the NSX-T console was launched, you can launch the vSphere console. This is where the Horizon infrastructure is created and managed. Click the link under FQDN for the VMware vCenter Server® Appliance.

Graphical user interface, application

Description automatically generated

Figure 6: vCenter FQDN in GCVE Admin Console

Default Login to vCenter

External Access

Optionally, set up VPN or Cloud Interconnect for backhaul to on-premises. In this reference architecture, we created a VPN connection from GCP back to our on-premises data center. This allowed us to extend our domain into the GCVE environment and provide file server replication via DFS-R for Dynamic Environment Manager.

See the following documents for configuring external access into GCP:

Load Balancing

There is no way to directly route Horizon protocol traffic from GCP into the SDDC. We need something like a load balancer in native GCP to forward the protocol traffic from the internet to the UAGs inside of the GCVE SDDC.

One option is to use the VMware NSX Advanced Load Balancer (Avi) on GCP. The NSX Advanced Load Balancer can integrate with GCP via a cloud integration and perform all these configurations automatically.

See Load Balancing Unified Access Gateway in Horizon Architecture.

Forwarding Traffic to Third-Party Load Balancer in GCP

A third-party load balancer is required inside of GCP to route protocol traffic into the SDDC. It can be any type of load balancer which does HTTP, Layer 4 and Layer 7 load balancing. If the load balancer does not have integration with GCP like the NSX Advanced load balancer does, some manual steps are required to forward the external IP address into the load balancer.

Create Static External IP Address

First, we will create a static external IP address inside the GCP VPC networking. This IP will be used by the load balancer and should be assigned a public DNS entry for users to connect to desktop resources. For example, gcve-horizon.vmweuc.com. 

Go to VPC network > External IP Addresses.

Graphical user interface, application

Description automatically generated

Figure 7: Reserving Static External IP Address in GCP

Note the External IP address – you will need it in the next steps.

Create Load Balancer in GCP

We will now create a load balancer in GCP that will be used to forward external traffic (TCP/UDP) from the external IP address to our third-party load balancer. We cannot use the GCP load balancer for systems inside GCVE, so we need to use the third-party load balancer.

Before you perform this step, your third-party load balancer should be installed into native GCP. 

  1. Navigate to Networking > Network Services in the GCP Console.
  2. Select Load Balancing.
  3. Navigate to the Advanced Menu.

Graphical user interface, text, application, email

Description automatically generated

Figure 8: Creating Load Balancer in GCP

Create Target Pool

  1. Create a target pool to put the third-party load balancer into.

Figure 9: Creating target pool in GCP

  1. Configure the target pool.

Graphical user interface, text, application, email

Description automatically generated

Figure 10: Configuring the target pool in GCP

  1. Provide a name and description.
  2. Select the GCP region where your load balancer is located.
  3. Select No health check.
  4. Select None for session affinity.
  5. Add your existing load balancer instances from GCP into the pool (can be multiple).
  6. Select None for Backup pool.
  7. Click Create.

Create TCP Forwarding Rule

We will now create forwarding rules, to forward TCP and UDP traffic from the external IP address to the pool we just created.

Figure 11: Creating forwarding rule in GCP

  1. Click Create Forwarding Rule - we will now create the TCP forwarding rule.

 

Graphical user interface, text, application, email

Description automatically generated
Figure 12: Configuring forwarding rule in GCP

  • Enter a name and description (add the protocol being forwarded).
  • Select the region where your load balancers are.
  • Select the external IP you created earlier.
  • Select the protocol as TCP.
  • Leave Port/range blank to forward all rules.
  • Select the target pool you created in the previous step containing your load balancer(s).

Create UDP Forwarding Rule

  1. Create a second forwarding rule for UDP.
  2. Enter a name and description - include UDP in the name.
  3. Select the region where your load balancers are located.
  4. Select the external IP you created earlier.
  5. Select UDP as the protocol.
  6. Leave the Port range blank to forward all UDP traffic.
  7. Select the pool you created earlier containing your load balancers.

Figure 13: Reviewing load balancer forwarding rules

  1. Review the rules that were created.

Review Load Balancer and External IP

If you select Load Balancing, you will see a new TCP/UDP load balancer created to forward external traffic to your load balancers.

Graphical user interface, text, application, email

Description automatically generated

Figure 14: Reviewing load balancer created in GCP

Navigate to VPC network > External IP Addresses and review the External IP Address you just created. It will now have the forwarding rules attached to it for TCP and UDP.

Figure 15: Review external IP address

Inventory

Inventory of infrastructure installed in the Reference Architecture Lab.

Deployed inside native Google Cloud Platform:

Component

Version

Operating System

Number Deployed

NSX Advanced Load Balancer (Avi)

Controller

20.1.2

CentOS 7.5 (Docker)

1

NSX Advanced Load Balancer (Avi)

Service Engine

20.1.2

Appliance

2

Deployed inside GCVE SDDC:

Component

Version

Operating System

Number Deployed

Horizon Connection Server

Version 8 (2006)

Windows Server 2019

2

Unified Access Gateway

2006

Appliance

2

App Volumes Managers

Version 4.1 (2006)

Windows Server 2019

2

Horizon Cloud Connector

1.8

Appliance

1

Workspace ONE Access Connector

19.03

Windows Server 2019

1

Microsoft SQL Server

2016

Windows Server 2019

1

File Server

-

Windows Server 2019

1

Domain Controller

-

Windows Server 2019

1

What’s Next?

Now that you have come to the end of this chapter, you can return to the landing page and search or scroll to select your next chapter in one of the following sections:

  • Overview chapters provide understanding of business drivers, use cases, and service definitions.
  • Architecture chapters explore the products you are interested in including in your platform, including Workspace ONE UEM, Workspace ONE Access, Workspace ONE Assist, Workspace ONE Intelligence, Horizon, App Volumes, Dynamic Environment Manager, and Unified Access Gateway.
  • Integration chapters cover the integration of components and services you need to create the platform capable of delivering what you want.
  • Configuration chapters provide reference for specific tasks as you build your platform, such as installation, deployment, and configuration processes for Horizon, App Volumes, Dynamic Environment Management, and more.

 

 

 

 

Filter Tags

Horizon Horizon Document Reference Architecture Advanced Deploy Windows Delivery