What Is Horizon Cloud Service - next-gen?

Desktop and app virtualization as a service

Like SDDC (software-defined datacenter)-based VMware Horizon®, VMware Horizon® Cloud Service™- next-gen delivers virtualized Windows desktops and apps to just about any endpoint device you can think of. Devices can include Windows, Mac, and Linux desktop computers and laptops, Chromebooks, tablets, smartphones, and thin and zero clients. The difference is that Horizon Cloud – next-gen is a DaaS (desktop-as-a-service) solution, meaning that VMware delivers and maintains all the critical management tools.

Admins need concern themselves only with managing the virtual apps and desktops. The rest is provided as a service:

• DaaS management infrastructure: VMware has got you covered with respect to managing the VDI infrastructure services, app-packaging services, connection brokering service, edge gateways, databases, and so on.
• Resource capacity: Resource providers are VMware-supported hypervisors and cloud platforms that provide the necessary resource capacity to deliver desktops and applications to end users. At the time of this writing, Horizon Cloud – next-gen supports Microsoft Azure subscriptions for resource capacity.

The following video provides a brief demo of the administrator’s experience importing a Windows image, creating a pool of desktops, and assigning desktops and apps to a user group.

Horizon Cloud – next-gen also allows for the use of VMware SDDC-based infrastructure capacity in an on-premises datacenter, or on cloud-based SDDC capacity, including Azure VMware Solutions, VMware Cloud on AWS, Oracle Cloud, VMware Engine, and others, as described in the Horizon Architecture chapters of the VMware Workspace ONE and Horizon Reference Architecture document.

Horizon Cloud – next-gen delivers a cloud-native, hybrid, and multi-cloud desktop and app virtualization platform while still providing security and not sacrificing end-user experience.

What are the key features?

Perhaps your main concern focuses on remote work and providing the speed, flexibility, and features to keep your users productive. Or perhaps your number-one use case is maintaining business continuity, which might require rapidly deploying virtual desktops and apps for thousands of end users.

On top of all the features shared with SDDC-based Horizon, Horizon Cloud – next-gen offers the following key features:

Extraordinary scalability

Horizon Cloud – next-gen is the best solution for accommodating fluctuating capacity demands:

• Scale up without having to add hardware.
• Scale down according to demand and save on consumption costs. If only half your employees are using the system at a certain time, you do not have to pay for hardware to support the other half, who are not using the system.

The Horizon Cloud - next-gen “thin edge” architecture reduces the infrastructure footprint within customer environments, and each Horizon Edge can support up to 20,000 end users! Scaling beyond that number is straightforward by adding additional Horizon Edges.

Advanced automation

Horizon Cloud - next-gen is built entirely using APIs, so that anything you can do from the management interface is accessible through APIs. This public API platform supports advanced automation and integration on several fronts:

• Third-party ticketing or monitoring solutions
• Partner-built managed service offerings
• Customer-built integrations and automations that leverage existing workflows

For more information, see the Horizon Cloud Service – next-gen API Reference, on the VMware Developer Documentation portal.

Less troubleshooting with proactive monitoring

With the Horizon Cloud – next-gen DaaS solution, fewer components run in the customer environment, and the VMware Operations team benefits from increased observability over the entire service offering. This visibility allows the VMware Ops team to proactively detect and resolve many issues before they affect your environment. But if an issue should arise, the proactive alerting features and advanced reporting capabilities greatly simplify troubleshooting.

Application and user environment management

Horizon Cloud – next-gen also includes other market-leading features, such as VMware App Volumes™ and VMware Dynamic Environment Manager™. With App Volumes and Dynamic Environment Manager, you deploy and manage applications separately from the OS image:

• App Volumes simplifies application management while reducing cloud consumption costs by efficiently delivering applications from one virtual disk to many desktops or published-application servers. Using virtual machines more efficiently in this way reduces the operational costs of running instances in cloud.
• Dynamic Environment Manager adds advanced user environment management capabilities to deliver desktops and apps that meet each user’s needs at the specific time they request it, and in the context of the company’s security requirements. User-specific Windows desktop and application settings can be applied in the context of client device, location, and other conditions.

Using this strategy, admins will not need to become virtualization wizards or layering experts. All they need to know to capture an application is how to install it. With Horizon Cloud – next-gen, the App Volumes functionality is provided as part of the DaaS management platform. The corresponding App Volumes and Dynamic Environment Manager agents are automatically installed for you when you create a golden image.

What is the architecture?

Horizon Cloud – next-gen is a great solution for rapidly scaling existing or new Horizon VDI or published application environments. To reduce the management footprint and deliver a true desktop virtualization service, Horizon Cloud - next-gen leverages a “thin edge” architecture.

All the thin Horizon Edge consists of are one or more Horizon Edge Gateways and one or more pairs of load-balanced VMware Unified Access Gateway™ virtual appliances; there are no connection servers and no cloud connectors. If more capacity is needed, you need only deploy a new Horizon Edge.

All Horizon Edges, whether spread around the world or located in the same region, leverage the same Horizon Control Plane and are managed as a single environment. All the VDI infrastructure servers, app-packaging servers, connection brokers, databases, and so on reside in the Horizon Control Plane, which is delivered and managed by VMware.

The following diagram illustrates, at a high level, the Horizon Cloud – next-gen architecture. Descriptions of individual components follow.

Figure 1: High-level architecture for Horizon Cloud – next-gen; Control Plane managed by VMware

The Horizon architecture is made up of the following components:

• VMware Horizon Control Plane
  Unifies and simplifies management across pods (multiple instances of Horizon configured for the cloud), providing monitoring and management of images, applications, and lifecycles.
  
  With Horizon Cloud – next-gen, the VMware Horizon Console, the connection server/brokering function, App Volumes management servers, and associated databases are all included in the Horizon Control Plane.
• VMware Workspace ONE® Access™
  An identity and access management solution that is included with Horizon Cloud – next-gen, Workspace ONE Access provides your end users with an app catalog to access Horizon desktops and apps, web apps, and SaaS apps through a browser. Workspace ONE Access also provides the ability to integrate with other identity providers to enable single sign-on (SSO) to all your apps without sacrificing security.
• Monitoring with VMware Workspace ONE® Intelligence™
  Horizon Cloud - next-gen benefits from VMware Workspace ONE® integration, with support for Workspace ONE Intelligence for dashboards and customized reports.
• VMware App Volumes
  With Horizon Cloud – next-gen, the App Volumes management components are included in the Horizon Control Plane, which simplifies packaging and deploying applications. With App Volumes, applications are virtually attached and integrated into the Windows OS rather than natively installed on the virtual desktop or RDSH server. Use this strategy to reduce OS image count and simplify application maintenance.
• Horizon Edge Gateway
  Acts as an orchestration bridge between the Horizon Control Plane and the infrastructure capacity provider. This gateway also provides single sign-on capabilities for the service, so that users do not have to enter their passwords multiple times to log into a virtual desktop or published app. For more information, see the Horizon Edge chapter of the Horizon Cloud Service - next-gen Architecture document.
• VMware Unified Access Gateway
  Provides secure remote access from the client endpoint to virtual desktops and published applications, without using a VPN. These gateways are for communication from the broker down into your environment.
  
  In Horizon Cloud – next-gen, Unified Access Gateway virtual appliances are set up as pass-through devices that provide a direct (not tunneled) connection and do not perform any kind of security. The connection string has an authentication token in it. The Blast display protocol session that uses the direct connection is encrypted.
  
  The Unified Access Gateway just points the user to the virtual machine they are authorized to use. In Horizon Cloud – next-gen, these gateways can handle 10,000 connections each. For more information, see Unified Access Gateway in the Horizon Cloud Service - next-gen Architecture document.
• Single-session desktops
  Dedicated (persistent) or floating (nonpersistent) desktop pools are created from a golden image to provide single-session remote desktops to your end users.
• Multi-session desktops and apps
  Remote Desktop Session Host server pools or pools of multi-session Windows 10 or Windows 11 desktops are created from a golden image to provide published applications and multi-session-based remote desktops to your end users.
• Active Directory
  With Horizon Cloud – next-gen, directory services for user authentication, or identity (IdP), has been separated from directory services for virtual machines. Active Directory is still used for virtual machine identity, so that the machine can be joined to the domain. For machines, you can place a local domain controller in your provider’s infrastructure capacity, such as your Microsoft Azure subscription, near where the machine objects are going to be created, or you can use Azure AD services.
  
  User accounts can use either Azure Active Directory services or Workspace ONE Access. You can sync either of these to an on-premises Active Directory if you like.

The deployment architecture for the above-mentioned components is described in the following diagram, which shows how the cloud service works with the Horizon Edge, deployed on an infrastructure provider, to manage and orchestrate virtual desktops and applications for end users.

Figure 2: Deployment architecture for Horizon Cloud – next-gen

Integration with other VMware services

With a publicly available API, Horizon Cloud – next-gen was built with integrations in mind from the start. In addition to the already mentioned integration with Workspace ONE Access, Horizon Cloud – next-gen uses the VMware Cloud Service Platform for single sign-on and RBAC (role-based access control) functionality for administrators.

Figure 3: VMware Workspace ONE Cloud Services home page, with Horizon Cloud Service tile

Click Manage on the Horizon Cloud Service tile to access the Horizon Universal Console for Horizon Cloud – next-gen.

Figure 4: Horizon Universal Console home page, for simplified app and desktop management across pods

The platform also integrates with VMware Workspace ONE Intelligence to bring reporting and analytics capabilities to Horizon Cloud Service. Dashboards with insights from Workspace ONE Intelligence are visible directly in the Horizon Universal Console. With the added Digital Employee Experience Management for Horizon reports, you can combine measurement of environment KPIs (key performance indicators) and employee sentiment, with root-cause analysis and remediation.

Figure 5: Analytics score for digital employee experience, provided through integration with Workspace ONE Intelligence

Conclusion

Horizon Cloud – next-gen gives organizations a secure, comprehensive, cloud-hosted solution for delivering virtualized Windows applications and desktops. This service, which is deployed and managed by VMware, enables you to focus on managing desktops and applications rather than the underlying infrastructure.

You can use Horizon Cloud – next-gen for device redirection, unified communications, access to applications and desktops, and more. End users have easy single sign-on access from any device and can connect to virtual desktops and applications from any location.

Find out more

You’ll find a wealth of related information on Tech Zone and VMware Docs, including:

• The next generation of VMware Horizon Cloud is here! (blog post)
• Using VMware Horizon Cloud Service – next-gen
• Horizon Cloud Service - next-gen Architecture
• VMware Horizon Cloud Service - next-generation Network Ports Diagrams
• Horizon Cloud Service - next-gen Initial Setup & Configuration Workflow
• Getting Started with Horizon Cloud Service - next-gen Supported REST APIs with PowerShell

Learn more about other VMware projects

If you are interested in other VMware projects, see the following introductions:

• What Is VMware Horizon?
• What Is Workspace ONE?
• What Is VMware Workspace ONE UEM?
• What Is VMware App Volumes?
• What is VMware Dynamic Environment Manager?
• What Is Digital Employee Experience (DEX)?