The recent release of VMware Horizon Cloud on Azure now supports the greatest feature of Windows Virtual Desktop (WVD), multi-session Windows 10.
Windows 10 Enterprise multi-session is a desktop OS type built to allow connections from multiple concurrent users and is only supported on Microsoft Azure. Running virtual desktops on Azure makes sense for this reason alone — giving the biggest bang for the buck around user densities. If you haven’t been following our articles on WVD and would like an intro, check out our blog post here.
This blog series will introduce you to the key VMware Horizon Cloud on Azure concepts, then walk you through an initial deployment.
A Quick Word on COVID-19 and our “New Normal”
At the time of this writing, most business are still dealing with the impacts of COVID-19 and beginning to plan out their next three to six months of response and remote workforce handling. The urgent need to provide remote work capabilities by any means necessary is no longer as widely felt. Instead, it is now obvious that the need to provide secure, performant, and scalable access to remote resources will continue to be a focus. Many organizations are now looking to address the user experience or security gap that was introduced by quickly designed and deployed solutions over the past several months.
As we all settle into what this new normal will become, we at Entisys360 hope that we can provide guidance and support around this difficult, and possibly painful journey. Whether your focus is on rolling out a solution relating to the topic of this blog, or you are simply seeking advice on end user related technology or methodologies, we are here to help.
Why VMware Horizon Cloud on Azure instead of Windows Virtual Desktop Native?
Windows Virtual Desktop is an excellent foundational platform, but like Remote Desktop Services (RDS), it has a few gaps around user experience and management capabilities. Layering Horizon Cloud on Azure over WVD offers the following additional benefits:
- Enhanced Remoting Protocols such as Blast Extreme
- Multi-cloud with on-premises deployment capabilities
- Advanced Power Management
- Easier Deployment and Management than native WVD tools and PowerShell scripts
- Integration with Workspace ONE Access for Unified App and Desktop Access
- Monitoring and Analytics – with tighter integration with ControlUp and Add-On license available through VMware
Whether WVD Native is sufficient, or a more robust solution such as Horizon is needed depends on your business, user, and administrative requirements.
Horizon Cloud on Azure – The Main Building Blocks
The License
Horizon Universal License entitles users to all VMware Horizon platforms, whether deployed on prem, on VMware Cloud on AWS, or into Azure. The only feature not included is vRealize Operations for Horizon. This means you can offer your users the following capabilities:
- Virtual Desktops
- Virtual Apps through RDSH
- Secured Gateway Access with Unified Access Gateway
- Blast Extreme and 3D Apps
- Single Sign on with Workspace ONE Access
The Horizon Universal License is a subscription license and available in two flavors, the full featured Horizon Universal License and the Horizon Apps Universal License.
Active Directory
Active Directory is an absolute requirement for any Horizon environment, including Horizon Cloud on Azure. You may use Azure Active Directory Domain Services, or leverage a traditional AD Domain. Domain Controllers can be deployed on-premises with availability via VPN / Express Route or deployed in your Azure tenant.
If not using Azure AD Domain Services, my recommendation would be to deploy a pair of Domain Controllers into your Azure tenant in each region you plan on deploying desktops. This will ensure logon times are as short as possible, and will protect against any VPN or on-premises failures.
VMware Horizon Cloud Control Plane
The Horizon Cloud Service manages all VMware Horizon Cloud deployments whether on Azure or on premises. This control plane is responsible for the deployment, management, and administration of the multi / hybrid cloud virtual desktop infrastructure. Hosting the Horizon Cloud Service Administration Console gives admins a single pain of glass with which to perform management tasks such as new pod deployment, desktop pool expansion, or user entitlement assignment across all sites and pods.
Unified Access Gateway
A pair of Unified Access Gateways are deployed to provide secure access to desktop and app resources. These virtual appliances reside in the DMZ and resource networks and are assigned a public internet IP.
SmartNode Manager
Horizon Management Appliance which connects to Azure and Active Directory. This appliance provides desktop and application provisioning, brokering, and user assignment services as directed by the Horizon Cloud Service and Horizon Cloud Service Administration Console.
This management VM can be deployed in HA mode to protect against single VM failure. I recommend all production deployments include a secondary VM to ensure adequate user accessibility.
Base VMs and Images
The Horizon Cloud Service within Azure allows for the import and creation of base images from Microsoft’s catalog of Windows Virtual Desktop templates in the Azure Marketplace. It is also possible to import your own base image. Azure supports both standard compute and GPU enabled virtual machines.
At the time of this blog, VMware supports the following Windows 10 versions: 1607 LTSB, 1803, 1809, 1903, and 1909. The latest 2004 release and Windows 7 are both in Tech Preview. For Server OS based images, Windows Server 2012 R2, 2016, and 2019 are all supported. See the below links for current support information:
- Windows 10 Supported OS: https://kb.vmware.com/s/article/70965
- Non-Windows 10 Supported OS: https://kb.vmware.com/s/article/78170
Microsoft Azure Tenant
A new or existing Azure tenant is required. You will also need to select the specific region in which you’ll want to deploy your Horizon Services components and the workload VMs. A limited amount of Azure prep work is required before the Horizon Cloud Services deployment framework is able to deploy and configure the required Horizon Cloud infrastructure.
Horizon Cloud creates the following networks:
- DMZ Network for UAG
- Management Network for UAG, SmartNode Manager, and temporary Jumpbox
- Desktop Network for virtual desktops and apps
Azure Load Balancers are used to load balance session traffic across the Unified Access Gateways and management traffic across the Manager VMs.