:::: MENU ::::

VMware Horizon Cloud Next-Gen – Deployment

Azure, EUC, Horizon, Next-Gen, VMware

VMware Horizon Cloud Next-Gen – Deployment

My previous blog explained the VMware Horizon Cloud Next-Gen – Prerequisites. In this blog, I will explain which steps you need to take to start the Horizon Cloud deployment.

Getting started

First, we will need to log in to the Horizon Universal Console. Once logged in you will see the Get Started page. Select Horizon Cloud Service.

Get Started Horizon Cloud Service

Once selected you will see the Deploy and Configure page. You will see three steps that we need to complete in order to finish the deployment. Below is a list of what is needed during these three steps.

  1. Domain Registration
    • DNS Domain Name
    • Domain bind account
    • Domain join account
  2. Identity & Access
    • Identity provider (Azure Active Directory or Workspace ONE Access)
    • Tenant subdomain
    • Broker URL (if applicable)
  3. Horizon Edge
    • Subscription ID
    • Microsoft Azure Cloud type and region
    • Directory ID for your Azure subscription
    • Azure Service Principal
Deploy and Configure

Domain Registration

For the Domain registration, we will need to provide the Domain Details, Domain bind accounts, and Domain join accounts.

Domain Details

Underneath Domain Details, we will need to provide a Name, Description (optional), DNS Domain Name, Default OU, and Domain join accounts.

Domain Details

Domain bind accounts

Underneath Domain bind accounts you will need to provide a domain bind account and an auxiliary domain bind account. The username for the account used to perform lookups in the Active Directory domain. The domain bind account can be a normal user account with read-only access to Active Directory, but can never expire or be locked out. Primary and auxiliary domain bind accounts are automatically granted Super Administrator access for recovery purposes.

Domain bind accounts

Domain join accounts

Underneath Domain join accounts you will need to provide a domain join account and an auxiliary domain join account. The username for the account is used to join computer accounts to the domain and perform Sysprep operations.

Domain join accounts

The next step in de Domain Registration will be the SSO configuration. For this blog, I will skip the SSO configuration. I will create a separate blog post on the SSO configuration as this can also be done after the Horizon Cloud deployment.

Identity & Access

Once the Domain Registration is completed we will need to configure Identity & Access. Here you will connect an identity provider to enable end-user authentication and access.

Deploy and Configure

In this example, I will use Azure Active Directory. Click on Identity & Access. Select Microsoft Azure as the identity provider and enter the subdomain for the broker URL end-users will use to access their assignments.

Identity & Access

If you are not a Global Administrator on your Azure AD admin approval is needed. In this example, I am Global Admin so I can click Connect and I need to log in to my Azure tenant and Approve the permissions that are asked for.

Permissions request

Horizon Edge

A Horizon Edge is an instance of Horizon deployed into your resource capacity provider in a single region or physical location. It contains the resources necessary to deliver desktops and applications to end users:

  • Horizon Edge Gateway, Unified Access Gateways, and load balancers
  • User capacity to host VM images, desktop and application pools, and app packages
  • Networking within the provider to allow all components to properly communicate

You can increase Horizon Edge capacity by adding additional providers.

The following steps are needed to complete the Horizon Edge deployment.

  1. General Information
  2. Primary Provider
  3. Secondary Providers
  4. Networks
  5. Site
  6. Connectivity
  7. Horizon Edge Gateway
  8. Unified Access Gateway
Horizon Edge Required

Select start deployment to deploy a Horizon Edge into your provider.

General information

Underneath General information, you can provide an Edge Name and description (optional).

General information

Primary Provider

In this section, you will need to provide your Primary Provider information. In this blog post, we will add a Microsoft Azure subscription.

Complete the form by entering the Provider Name, Subscription ID, Azure Cloud Type, Azure Region, Directory ID, the Service Principal detail, the Application ID and Application Key.

Primary Provider

Secondary Provider

The secondary provider is optional. In this example, I will not use a secondary provider.

Secondary Provider


In this section, we will need to choose the subnets of the Azure VNET. Click on select.

Network Select

In the Network Selection window choose the Subnets you want to use for the Horizon Edge deployment.

Network Selection

As you can see the status of the subnets has changed from 0 to 3.

Networks subnet status


Now we need to create the site. Fill in a site name and click next.

Site Name


Select the type of network connection to establish for this Horizon Edge. Microsoft Azure Private Link is recommended because it simplifies network architecture and improves speed and performance. In this example, we will follow the recommendations and choose Azure Private Link.

Connectivity Type

Horizon Edge Gateway

The Edge Gateway will be deployed in an Azure Kubernetes Service cluster. Provide the following configuration information for the AKS cluster and the Edge Gateway. Most items can be selected from the drop-down menus. The FQDN for the Edge Gateway will be used by the Horizon Agents.

Horizon Edge Gateway

Click Deploy to start the Horizon Edge Gateway deployment. This can take up to 20 minutes so please be patient.

Horizon Edge Gateway deployment

Unified Access Gateways

During the deployment of the Horizon Edge Gateway, we can continue towards the configuration of the Unified Access Gateway. In this section, you will need to choose the Access type and provide the FQDN, Certificates, VM Model, and the number of UAG VMs, and select the correct networks. Once done click save.

Unified Access Gateway

During the deployment of your Horizon Edge Gateway and Unified Access Gateway, you can create the DNS records that match the FQDNs on the Horizon Edge Gateway and Unified Access Gateway instances.

What’s next

Once the deployment of the Horizon Edge Gateway and the Unified Access Gateway is completed you can start creating images. Read more in my next blog where I will explain a little bit more about images in Horizon Cloud on Azure Next-Gen.

For now, if you have any questions, drop me a message and I will be happy to answer.

Leave a comment