My previous blog explained the VMware Horizon Cloud Next-Gen – Prerequisites. In this blog, I will explain which steps you need to take to start the Horizon Cloud deployment.
First, we will need to log in to the Horizon Universal Console. Once logged in you will see the Get Started page. Select Horizon Cloud Service.
Once selected you will see the Deploy and Configure page. You will see three steps that we need to complete in order to finish the deployment. Below is a list of what is needed during these three steps.
- Domain Registration
- DNS Domain Name
- Domain bind account
- Domain join account
- Identity & Access
- Identity provider (Azure Active Directory or Workspace ONE Access)
- Tenant subdomain
- Broker URL (if applicable)
- Horizon Edge
- Subscription ID
- Microsoft Azure Cloud type and region
- Directory ID for your Azure subscription
- Azure Service Principal
For the Domain registration, we will need to provide the Domain Details, Domain bind accounts, and Domain join accounts.
Underneath Domain Details, we will need to provide a Name, Description (optional), DNS Domain Name, Default OU, and Domain join accounts.
Domain bind accounts
Underneath Domain bind accounts you will need to provide a domain bind account and an auxiliary domain bind account. The username for the account used to perform lookups in the Active Directory domain. The domain bind account can be a normal user account with read-only access to Active Directory, but can never expire or be locked out. Primary and auxiliary domain bind accounts are automatically granted Super Administrator access for recovery purposes.
Domain join accounts
Underneath Domain join accounts you will need to provide a domain join account and an auxiliary domain join account. The username for the account is used to join computer accounts to the domain and perform Sysprep operations.
The next step in de Domain Registration will be the SSO configuration. For this blog, I will skip the SSO configuration. I will create a separate blog post on the SSO configuration as this can also be done after the Horizon Cloud deployment.
Identity & Access
Once the Domain Registration is completed we will need to configure Identity & Access. Here you will connect an identity provider to enable end-user authentication and access.
In this example, I will use Azure Active Directory. Click on Identity & Access. Select Microsoft Azure as the identity provider and enter the subdomain for the broker URL end-users will use to access their assignments.
If you are not a Global Administrator on your Azure AD admin approval is needed. In this example, I am Global Admin so I can click Connect and I need to log in to my Azure tenant and Approve the permissions that are asked for.
A Horizon Edge is an instance of Horizon deployed into your resource capacity provider in a single region or physical location. It contains the resources necessary to deliver desktops and applications to end users:
- Horizon Edge Gateway, Unified Access Gateways, and load balancers
- User capacity to host VM images, desktop and application pools, and app packages
- Networking within the provider to allow all components to properly communicate
You can increase Horizon Edge capacity by adding additional providers.
The following steps are needed to complete the Horizon Edge deployment.
- General Information
- Primary Provider
- Secondary Providers
- Horizon Edge Gateway
- Unified Access Gateway
Select start deployment to deploy a Horizon Edge into your provider.
Underneath General information, you can provide an Edge Name and description (optional).
In this section, you will need to provide your Primary Provider information. In this blog post, we will add a Microsoft Azure subscription.
Complete the form by entering the Provider Name, Subscription ID, Azure Cloud Type, Azure Region, Directory ID, the Service Principal detail, the Application ID and Application Key.
The secondary provider is optional. In this example, I will not use a secondary provider.
In this section, we will need to choose the subnets of the Azure VNET. Click on select.
In the Network Selection window choose the Subnets you want to use for the Horizon Edge deployment.
As you can see the status of the subnets has changed from 0 to 3.
Now we need to create the site. Fill in a site name and click next.
Select the type of network connection to establish for this Horizon Edge. Microsoft Azure Private Link is recommended because it simplifies network architecture and improves speed and performance. In this example, we will follow the recommendations and choose Azure Private Link.
Horizon Edge Gateway
The Edge Gateway will be deployed in an Azure Kubernetes Service cluster. Provide the following configuration information for the AKS cluster and the Edge Gateway. Most items can be selected from the drop-down menus. The FQDN for the Edge Gateway will be used by the Horizon Agents.
Click Deploy to start the Horizon Edge Gateway deployment. This can take up to 20 minutes so please be patient.
Unified Access Gateways
During the deployment of the Horizon Edge Gateway, we can continue towards the configuration of the Unified Access Gateway. In this section, you will need to choose the Access type and provide the FQDN, Certificates, VM Model, and the number of UAG VMs, and select the correct networks. Once done click save.
During the deployment of your Horizon Edge Gateway and Unified Access Gateway, you can create the DNS records that match the FQDNs on the Horizon Edge Gateway and Unified Access Gateway instances.
Once the deployment of the Horizon Edge Gateway and the Unified Access Gateway is completed you can start creating images. Read more in my next blog where I will explain a little bit more about images in Horizon Cloud on Azure Next-Gen.
For now, if you have any questions, drop me a message and I will be happy to answer.