24x7x365 Entisys360 Client Technical Support: Call (877) 368-4797 opt 9, or

The recent release of VMware Horizon Cloud on Azure now supports the greatest feature of Windows Virtual Desktop (WVD), multi-session Windows 10.

Windows 10 Enterprise multi-session is a desktop OS type built to allow connections from multiple concurrent users and is only supported on Microsoft Azure.  Running virtual desktops on Azure makes sense for this reason alone — giving the biggest bang for the buck around user densities. If you haven’t been following our articles on WVD and would like an intro, check out our blog post here.

This blog series will introduce you to the key VMware Horizon Cloud on Azure concepts, then walk you through an initial deployment.

A Quick Word on COVID-19 and our “New Normal”

At the time of this writing, most business are still dealing with the impacts of COVID-19 and beginning to plan out their next three to six months of response and remote workforce handling. The urgent need to provide remote work capabilities by any means necessary is no longer as widely felt. Instead, it is now obvious that the need to provide secure, performant, and scalable access to remote resources will continue to be a focus. Many organizations are now looking to address the user experience or security gap that was introduced by quickly designed and deployed solutions over the past several months.

As we all settle into what this new normal will become, we at Entisys360 hope that we can provide guidance and support around this difficult, and possibly painful journey. Whether your focus is on rolling out a solution relating to the topic of this blog, or you are simply seeking advice on end user related technology or methodologies, we are here to help.

Before We Get Started – Upcoming Webinar

This blog is partially meant as a teaser for our webinar coming up on June 30, Zero to VMware Horizon Cloud on Azure in Under 2 Hours. We recommend you sign up here to attend and see the full deployment of a VMware Horizon Cloud on Azure environment, all the way to the launch of the first desktop session.

Why VMware Horizon Cloud on Azure instead of Windows Virtual Desktop Native?

Windows Virtual Desktop is an excellent foundational platform, but like Remote Desktop Services (RDS), it has a few gaps around user experience and management capabilities. Layering Horizon Cloud on Azure over WVD offers the following additional benefits:

  1. Enhanced Remoting Protocols such as Blast Extreme
  2. Multi-cloud with on-premises deployment capabilities
  3. Advanced Power Management
  4. Easier Deployment and Management than native WVD tools and PowerShell scripts
  5. Integration with Workspace ONE Access for Unified App and Desktop Access
  6. Monitoring and Analytics – with tighter integration with ControlUp and Add-On license available through VMware

Whether WVD Native is sufficient, or a more robust solution such as Horizon is needed depends on your business, user, and administrative requirements.

Horizon Cloud on Azure – The Main Building Blocks

The License

Horizon Universal License entitles users to all VMware Horizon platforms, whether deployed on prem, on VMware Cloud on AWS, or into Azure. The only feature not included is vRealize Operations for Horizon. This means you can offer your users the following capabilities:

  1. Virtual Desktops
  2. Virtual Apps through RDSH
  3. Secured Gateway Access with Unified Access Gateway
  4. Blast Extreme and 3D Apps
  5. Single Sign on with Workspace ONE Access

The Horizon Universal License is a subscription license and available in two flavors, the full featured Horizon Universal License and the Horizon Apps Universal License.

Active Directory

Active Directory is an absolute requirement for any Horizon environment, including Horizon Cloud on Azure. You may use Azure Active Directory Domain Services, or leverage a traditional AD Domain. Domain Controllers can be deployed on-premises with availability via VPN / Express Route or deployed in your Azure tenant.

If not using Azure AD Domain Services, my recommendation would be to deploy a pair of Domain Controllers into your Azure tenant in each region you plan on deploying desktops. This will ensure logon times are as short as possible, and will protect against any VPN or on-premises failures.

VMware Horizon Cloud Control Plane

The Horizon Cloud Service manages all VMware Horizon Cloud deployments whether on Azure or on premises. This control plane is responsible for the deployment, management, and administration of the multi / hybrid cloud virtual desktop infrastructure. Hosting the Horizon Cloud Service Administration Console gives admins a single pain of glass with which to perform management tasks such as new pod deployment, desktop pool expansion, or user entitlement assignment across all sites and pods.

Unified Access Gateway

A pair of Unified Access Gateways are deployed to provide secure access to desktop and app resources. These virtual appliances reside in the DMZ and resource networks and are assigned a public internet IP.

SmartNode Manager

Horizon Management Appliance which connects to Azure and Active Directory. This appliance provides desktop and application provisioning, brokering, and user assignment services as directed by the Horizon Cloud Service and Horizon Cloud Service Administration Console.

This management VM can be deployed in HA mode to protect against single VM failure. I recommend all production deployments include a secondary VM to ensure adequate user accessibility.

Base VMs and Images

The Horizon Cloud Service within Azure allows for the import and creation of base images from Microsoft’s catalog of Windows Virtual Desktop templates in the Azure Marketplace. It is also possible to import your own base image. Azure supports both standard compute and GPU enabled virtual machines.

At the time of this blog, VMware supports the following Windows 10 versions: 1607 LTSB, 1803, 1809, 1903, and 1909. The latest 2004 release and Windows 7 are both in Tech Preview. For Server OS based images, Windows Server 2012 R2, 2016, and 2019 are all supported. See the below links for current support information:

Microsoft Azure Tenant

A new or existing Azure tenant is required. You will also need to select the specific region in which you’ll want to deploy your Horizon Services components and the workload VMs. A limited amount of Azure prep work is required before the Horizon Cloud Services deployment framework is able to deploy and configure the required Horizon Cloud infrastructure.

Horizon Cloud creates the following networks:

  • DMZ Network for UAG
  • Management Network for UAG, SmartNode Manager, and temporary Jumpbox
  • Desktop Network for virtual desktops and apps

Azure Load Balancers are used to load balance session traffic across the Unified Access Gateways and management traffic across the Manager VMs.

Bringing it All Together

 

Required Virtual Machines and Services

  • Pod Deployment Engine – 1 x Standard F2
  • Pod Manager with High Availability – 2 x Standard D4v3 or D3v2
  • Microsoft Azure Database for PostgreSQL Service – Gen 5, Memory Optimized, 2 vCores, 10 GB Storage
  • External Unified Access Gateway – 2 x Standard A4v2
  • Internal Unified Access Gateway – 2 x Standard A4v2

*Note: if deploying to a new tenant, do not forget to increase your vCPU quota for the required instance types to a count well above the listed quantity. See here for more information on Quota increase requests.

Next Steps

This is only the first article of a multi-part series. Come back to witness the full walk through of deploying Horizon Cloud on Azure, from Azure prep to initial session launch. Or if you’re feeling impatient, register for the webinar mentioned above: From Zero to Horizon Cloud on Azure in Under 2 Hours. Hope to see you there!

Our Expertise

Security and Cyber Risk Services

Creating a strategy for managing risk and compliance, while helping to filter the noise of myriad cybersecurity technologies.

Automation and Cloud

Accelerating IT service delivery for our clients through the adoption of agile methodologies that are all part of a systems-oriented approach.

End User Computing

Helping businesses keep infrastructure uptodate, minimizing security risks, and maintaining compliance

Software Defined Data Center

Empowering your enterprise to achieve its full potentialand greatest efficiencyby keeping IT infrastructure operational, available and secure.

Core Infrastructure Services

Offering design, implementation, licensing optimization, and environmental services to ensure the use of Microsoft’s best practices and configurations.

Microsoft Expertise

Helping set goals and establishing benchmarks for the journey toward the successful deployment of Microsoft solutions.

Our Services

Professional
Services

Enjoy a stressfree implementation that comes through the knowledge and experience of our professional services team.

Enterprise
Managed Services

Align your business initiatives with evolving industry trends to obtain a clear understanding of the impact of future technologies.

Cloud Strategy
and Services

Meeting a diverse range of business requirements through deployments that are flexible, scalable, and have the right mix of elements.

Contract
Management

Never miss another maintenance or warranty contract renewal date or pay for unused maintenance contracts or warranties.

Project
Management

Through this service, our project management team takes the lead role in planning, executing, monitoring and closing projects.

Our Markets and Market Support Vehicles

Business

Professional services and nationallyrecognized expertise that align perfectly with the trends and challenges facing a variety of industries.

Healthcare

Recognizing the unique challenges faced by healthcare IT organizations, and offering understanding, capabilities, and trusted relationships.

Public Sector

Helping organizations contain costs maintain high availability while finding new ways to increase security, compliance and more.

Group Purchasing

Industryleading IT consulting services and technology solutionsaccessed through a streamlined contracting process.

Resources

Events

Learn about our upcoming events and webinars.

Solutions Literature

Accesstodownloadable assets with information on solutions and services offerings.

Blog

Gain expert technical insights around today’s leading enterprise technologies and solutions.

Press Releases

Read news and updates from the Entisys360 team.

News Stories

Learn about new developments with Entisys360 and our team.

About Entisys360

About Entisys360

Our mission, vision, leadership and team

Accolades

Notable industry awards and recognition

Privacy

Entisys360’s and its commitment to privacy

Community

Our commitment to the community

Careers

Entisys360 Career opportunities

Contact Us

Entisys360 locations and contact resources