VMware Horizon Cloud Service on Microsoft Azure Network Ports Diagrams

Introduction

This document provides port and protocol requirements for connectivity between the various components and servers in a VMware Horizon® Cloud Service with Microsoft Azure™ deployment. This document is intended to be a companion to the Ports and Protocols Requirements for a Horizon Cloud Pod at the September 2019 Release's Manifest Level, which provides ports and protocols in tabular format. The tables tell you which ports must be opened for traffic from the end users' connections to reach their pod-provisioned virtual desktops and remote applications, as well as how to choose how your end users will connect.

In Figure 1, the master diagram shows all the possible client connection types for Horizon Cloud Service on Microsoft Azure, and includes all display protocols. Following Figure 1, subsequent sections of this document provide subsets of the master diagram, each focusing on a specific connection type and protocol use.

The first set of diagrams following the master diagram covers Horizon Cloud Service on Microsoft Azure with external connectivity. The second set covers Horizon Cloud Service on Microsoft Azure with internal connectivity. To view these diagrams in larger formats, click the diagram images themselves on each page to enlarge them.

This document leverages the Horizon Cloud Service on Microsoft Azure product documentation for a tabular listing of all possible ports from a source component to destination components within a typical Horizon Cloud Service on Microsoft Azure deployment. This does not mean that all these ports necessarily need to be open. If a component or protocol is not in use, then the ports associated with it can be ignored. For example:

  • If Blast Extreme is the only display protocol used, the PCoIP ports need not be opened.

  • If VMware Dynamic Environment Manager is not deployed, ports to and from it can be ignored.

Furthermore, this document does not list all possible ports for all possible integrations with third-party services. The document lists ports to third-party services that are critical to a functioning deployment.

Ports shown are destination ports. In the diagrams, arrows depict the direction of communication from source to destination and assume a stateful connection.

The Horizon Cloud tables and diagrams include connections to the following products, product families, and components:

  • VMware Horizon Client™

  • VMware Unified Access Gateway™

  • VMware Workspace ONE Access™

  • VMware Dynamic Environment Manager

Client Connections for Horizon Cloud Service on Microsoft Azure

Deploying Horizon Cloud Service on Microsoft Azure on your Azure infrastructure is somewhat similar to deploying Horizon 7 on vSphere. Microsoft Azure infrastructure must be available and configured for functionality. This includes the ability to communicate with core infrastructure platform components such as DNS, Active Directory, and file shares (if you are using Dynamic Environment Manager).

For details on the network ports required for a Horizon Cloud Service on Microsoft Azure implementation, see Ports and Protocols for a Horizon Cloud Pod at the September 2019 Release's Manifest Level in the VMware Horizon Cloud Deployment Guide.

Note: If you have a deployment of Horizon Cloud with Microsoft Azure based on a release prior to that, see Ports and Protocols Requirements for a Horizon Cloud Pod Deployed Prior to the September 2019 Release.

Horizon Cloud Service on Microsoft Azure leverages the Horizon Cloud Service for many features, including configuration, administrative interfaces, management, and monitoring. The Horizon Cloud Service on Microsoft Azure pod is downloaded and implemented on your behalf from a cloud-based CDN. To facilitate the functionality of these and other features, the Horizon Cloud Service on Microsoft Azure deployment requires connectivity or visibility to various cloud-based resources, in addition to the network ports requirements. These resources are documented in the DNS Requirements for a Horizon Cloud Pod in Microsoft Azure in the VMware Horizon Cloud Deployment Guide.

The master diagram is a combination of all options in a single diagram.

Horizon Cloud Pod in Microsoft Azure

Figure 1: All Connection Types, All Display Protocols

The master diagram describes all supported connection and protocol types.

For more information, see the Pod Operations Ports and Protocols table in Ports and Protocols Requirements for a Horizon Cloud Pod at the September 2019 Release's Manifest Level,

Internal-Tunneled / External Connections

There are two basic connectivity configurations for Horizon Cloud Service on Microsoft Azure: Internal-Tunneled and External connection. Typically, we recommend that you deploy a Horizon Cloud pod with Unified Access Gateway (one or two depending on HA configuration). This configuration is valid for clients using Internal-Tunneled and External connections to the Horizon Cloud Service on Microsoft Azure deployment.

The following diagrams depict an Internal-Tunneled or External connection for Horizon Cloud Service on Microsoft Azure.

External/Internal Tunneled Connections, All Display Protocols

This diagram describes the connections when a user is connecting with both Horizon Client and a Web browser.

Horizon Client

 

Figure 2: External/Internal Tunneled Connections, All Display Protocols

For more information, see the Pod Operations Ports and Protocols table in Ports and Protocols Requirements for a Horizon Cloud Pod at the September 2019 Release's Manifest Level,

External/Internal Tunneled Connection, Blast Extreme

This diagram describes the connections when a user is connecting with a full Horizon Client and Blast Extreme.

Horizon Client

 

Figure 3: External/Internal Tunneled Connections, Blast Extreme

For more information, see the Pod Operations Ports and Protocols table in Ports and Protocols Requirements for a Horizon Cloud Pod at the September 2019 Release's Manifest Level,

External/Internal Tunneled Connection, HTML

This diagram describes the connections when a user is connecting with a Web browser instead of a full Horizon Client.

External/Internal Tunneled Connections

 

Figure 4: External/Internal Tunneled Connections, HTML

For more information, see the Pod Operations Ports and Protocols table in Ports and Protocols Requirements for a Horizon Cloud Pod at the September 2019 Release's Manifest Level,

External/Internal Tunneled Connection, PCoIP

This diagram describes the connections when a user is connecting with a full Horizon Client based on the PCoIP protocol.

PCoIP protocol

 

Figure 5: External/Internal Tunneled Connections, PCoIP

For more information, see the Pod Operations Ports and Protocols table in Ports and Protocols Requirements for a Horizon Cloud Pod at the September 2019 Release's Manifest Level,

Internal-Trusted Connections

The second basic connectivity configuration for Horizon Cloud Service on Microsoft Azure is meant for internal-trusted environments where all client (user) connections go through a VPN or other trusted connection to access Horizon Cloud Service on Microsoft Azure. In this configuration, there is no Unified Access Gateway managing connections into the Horizon Cloud pod.

Note: As mentioned earlier, we recommend that you deploy a Horizon Cloud pod with Unified Access Gateway (one or two depending on HA configuration) as described in the diagrams above.

The following diagrams depict an Internal-Trusted connection for Horizon Cloud Service on Microsoft Azure.

Internal-Direct Connection, All Display Protocols

This diagram describes the connections using all display protocols for an Internal-Direct connection.

Internal-Direct connection

 

Figure 6: Internal-Direct Connection, All Display Protocols

For more information, see the Pod Operations Ports and Protocols table in Ports and Protocols Requirements for a Horizon Cloud Pod at the September 2019 Release's Manifest Level,

Internal-Direct Connection, Blast Extreme

This diagram describes the connections when a user is connecting with a full Horizon Client based on Blast Extreme.

Horizon Client based on Blast Extreme

 

Figure 7: Internal-Direct Connection, Blast Extreme

For more information, see the Pod Operations Ports and Protocols table in Ports and Protocols Requirements for a Horizon Cloud Pod at the September 2019 Release's Manifest Level,

Internal-Direct Connection, HTML

This diagram describes the connections when a user is connecting with a Web browser instead of a full Horizon Client.

Internal-Direct Connection

 

Figure 8: Internal-Direct Connection, HTML

For more information, see the Pod Operations Ports and Protocols table in Ports and Protocols Requirements for a Horizon Cloud Pod at the September 2019 Release's Manifest Level,

Internal-Direct Connection, PCoIP

This diagram describes the connections when a user is connecting with the PCoIP protocol.

PCoIP protocol

 

Figure 9: Internal-Direct Connection, PCoIP

For more information, see the Pod Operations Ports and Protocols table in Ports and Protocols Requirements for a Horizon Cloud Pod at the September 2019 Release's Manifest Level.

Summary and Additional Resources

Summary

This document provides the port and protocol requirements that you need to connect the components and servers in your VMware Horizon Cloud Service with Microsoft Azure deployment. The images in this document, combined with the same information in tabular format in Ports and Protocols Requirements for a Horizon Cloud Pod at the September 2019 Release's Manifest Level, will help you meet connectivity requirements. If you have a deployment of Horizon Cloud with Microsoft Azure based on a release prior to that, see Ports and Protocols Requirements for a Horizon Cloud Pod Deployed Prior to the September 2019 Release.

Additional Resources

For more information, you can explore the following resources:

Changelog

The following updates were made to this guide:

2019-10-25

 

 

 

 

 

 

 

 

 

 

  • Redesigned Network Ports in VMware Horizon Cloud Service with updated links to port list source file and split into the following separate entities:

    • VMware Horizon Cloud Service on Microsoft Azure Network Ports Diagrams

    • VMware Horizon Cloud Service on IBM Cloud Network Ports Diagrams

  • VMware Identity Manager - Rebranded to VMware Workspace ONE Access.

  • User Environment Manager - Rebranded to Dynamic Environment Manager.

  • VMware AirWatch – Rebranded to VMware Workspace ONE UEM.

 

About the Author and Contributors

Rick Terlep, End-User-Computing Architect, EUC Technical Marketing, VMware, wrote this document and created the diagrams.

The following people contributed considerable knowledge and assistance with reviewing:

The following people contributed their knowledge to past versions of this document:

Feedback

To comment on this paper, contact VMware End-User-Computing Technical Marketing at euc_tech_content_feedback@vmware.com.