The recent release of VMware Horizon Cloud on Azure now supports the greatest feature of Windows Virtual Desktop (WVD), multi-session Windows 10.
Windows 10 Enterprise multi-session is a desktop OS type built to allow connections from multiple concurrent users and is only supported on Microsoft Azure. Running virtual desktops on Azure makes sense for this reason alone — giving the biggest bang for the buck around user densities. If you haven’t been following our articles on WVD and would like an intro, check out our blog post here.
This blog series will introduce you to the key VMware Horizon Cloud on Azure concepts, then walk you through an initial deployment.
A Quick Word on COVID-19 and our “New Normal”
At the time of this writing, most business are still dealing with the impacts of COVID-19 and beginning to plan out their next three to six months of response and remote workforce handling. The urgent need to provide remote work capabilities by any means necessary is no longer as widely felt. Instead, it is now obvious that the need to provide secure, performant, and scalable access to remote resources will continue to be a focus. Many organizations are now looking to address the user experience or security gap that was introduced by quickly designed and deployed solutions over the past several months.
As we all settle into what this new normal will become, we at Entisys360 hope that we can provide guidance and support around this difficult, and possibly painful journey. Whether your focus is on rolling out a solution relating to the topic of this blog, or you are simply seeking advice on end user related technology or methodologies, we are here to help.
Before We Get Started – Upcoming Webinar
This blog is partially meant as a teaser for our webinar coming up on June 30, Zero to VMware Horizon Cloud on Azure in Under 2 Hours. We recommend you sign up here to attend and see the full deployment of a VMware Horizon Cloud on Azure environment, all the way to the launch of the first desktop session.
Why VMware Horizon Cloud on Azure instead of Windows Virtual Desktop Native?
Windows Virtual Desktop is an excellent foundational platform, but like Remote Desktop Services (RDS), it has a few gaps around user experience and management capabilities. Layering Horizon Cloud on Azure over WVD offers the following additional benefits:
- Enhanced Remoting Protocols such as Blast Extreme
- Multi-cloud with on-premises deployment capabilities
- Advanced Power Management
- Easier Deployment and Management than native WVD tools and PowerShell scripts
- Integration with Workspace ONE Access for Unified App and Desktop Access
- Monitoring and Analytics – with tighter integration with ControlUp and Add-On license available through VMware
Whether WVD Native is sufficient, or a more robust solution such as Horizon is needed depends on your business, user, and administrative requirements.
Horizon Cloud on Azure – The Main Building Blocks
Horizon Universal License entitles users to all VMware Horizon platforms, whether deployed on prem, on VMware Cloud on AWS, or into Azure. The only feature not included is vRealize Operations for Horizon. This means you can offer your users the following capabilities:
- Virtual Desktops
- Virtual Apps through RDSH
- Secured Gateway Access with Unified Access Gateway
- Blast Extreme and 3D Apps
- Single Sign on with Workspace ONE Access
The Horizon Universal License is a subscription license and available in two flavors, the full featured Horizon Universal License and the Horizon Apps Universal License.
Active Directory is an absolute requirement for any Horizon environment, including Horizon Cloud on Azure. You may use Azure Active Directory Domain Services, or leverage a traditional AD Domain. Domain Controllers can be deployed on-premises with availability via VPN / Express Route or deployed in your Azure tenant.
If not using Azure AD Domain Services, my recommendation would be to deploy a pair of Domain Controllers into your Azure tenant in each region you plan on deploying desktops. This will ensure logon times are as short as possible, and will protect against any VPN or on-premises failures.
VMware Horizon Cloud Control Plane
The Horizon Cloud Service manages all VMware Horizon Cloud deployments whether on Azure or on premises. This control plane is responsible for the deployment, management, and administration of the multi / hybrid cloud virtual desktop infrastructure. Hosting the Horizon Cloud Service Administration Console gives admins a single pain of glass with which to perform management tasks such as new pod deployment, desktop pool expansion, or user entitlement assignment across all sites and pods.
Unified Access Gateway
A pair of Unified Access Gateways are deployed to provide secure access to desktop and app resources. These virtual appliances reside in the DMZ and resource networks and are assigned a public internet IP.
Horizon Management Appliance which connects to Azure and Active Directory. This appliance provides desktop and application provisioning, brokering, and user assignment services as directed by the Horizon Cloud Service and Horizon Cloud Service Administration Console.
This management VM can be deployed in HA mode to protect against single VM failure. I recommend all production deployments include a secondary VM to ensure adequate user accessibility.
Base VMs and Images
The Horizon Cloud Service within Azure allows for the import and creation of base images from Microsoft’s catalog of Windows Virtual Desktop templates in the Azure Marketplace. It is also possible to import your own base image. Azure supports both standard compute and GPU enabled virtual machines.
At the time of this blog, VMware supports the following Windows 10 versions: 1607 LTSB, 1803, 1809, 1903, and 1909. The latest 2004 release and Windows 7 are both in Tech Preview. For Server OS based images, Windows Server 2012 R2, 2016, and 2019 are all supported. See the below links for current support information:
- Windows 10 Supported OS: https://kb.vmware.com/s/article/70965
- Non-Windows 10 Supported OS: https://kb.vmware.com/s/article/78170
Microsoft Azure Tenant
A new or existing Azure tenant is required. You will also need to select the specific region in which you’ll want to deploy your Horizon Services components and the workload VMs. A limited amount of Azure prep work is required before the Horizon Cloud Services deployment framework is able to deploy and configure the required Horizon Cloud infrastructure.
Horizon Cloud creates the following networks:
- DMZ Network for UAG
- Management Network for UAG, SmartNode Manager, and temporary Jumpbox
- Desktop Network for virtual desktops and apps
Azure Load Balancers are used to load balance session traffic across the Unified Access Gateways and management traffic across the Manager VMs.
Bringing it All Together
Required Virtual Machines and Services
- Pod Deployment Engine – 1 x Standard F2
- Pod Manager with High Availability – 2 x Standard D4v3 or D3v2
- Microsoft Azure Database for PostgreSQL Service – Gen 5, Memory Optimized, 2 vCores, 10 GB Storage
- External Unified Access Gateway – 2 x Standard A4v2
- Internal Unified Access Gateway – 2 x Standard A4v2
*Note: if deploying to a new tenant, do not forget to increase your vCPU quota for the required instance types to a count well above the listed quantity. See here for more information on Quota increase requests.
This is only the first article of a multi-part series. Come back to witness the full walk through of deploying Horizon Cloud on Azure, from Azure prep to initial session launch. Or if you’re feeling impatient, register for the webinar mentioned above: From Zero to Horizon Cloud on Azure in Under 2 Hours. Hope to see you there!