Since the admin UI of Azure has been updated by Microsoft, today I will also update the Horizon Cloud (HoC) deployment procedure base on the new Azure UI.
The solution of Horizon Cloud on Azure includes 2 major components; Horizon Cloud Control Plane and Azure Subscription.
The Cloud Control Plane is hosted by VMware and mainly used by administrator for admin job like create image, desktop provisioning, user entitlement and etc. No VDI session or user data will route through the Cloud Control Plane. All VDI traffic will directly talk through the Unified Access gateway (UAG) located within the Azure tenant.
Besides Cloud Control Plane, user will required to have their own Azure subscription to host the management servers and VDI desktops. This model is named as Bring Your Own Subscription model.
The whole deployment procedure will involve following sections.
Let's go through one by one.
1. Create Resources Group on Azure
It is assumed you have your own Azure subscription ready for the deployment. The first step will required to create a dedicated Resource Group for the purpose.
Login the Azure Admin UI. Click the "Resources Group".
Click "Create".
Assign a name for the Resource Group. And select the azure data center for the deployment. Click "Review + create".
Click "Create"
2. Create Azure Network for HoC
Next step will be creating corresponding Azure Network. From my example, I will create a class B Virtual Network. And then create 3 class C subnets in it for different purpose as follow.
Virtual Network (192.1.0.0/16)
Management Subnet (192.1.1.0/24) - network usage for all Horizon management servers
DMZ Subnet (192.1.2.0/24) - network usage for all Unified Access Gateway
VDI Subnet (192.1.3.0/24) - network usage for all VDI desktop
On the main page of the Azure. Click "All services" if you can't find the Virtual Network function.
Search "Virtual Network" and click the "Virtual Network" icon.
Click "Create".
Select the Resources Group created in section 1. Assign name for the newly create Virtual Network. Click "Next".
Assign an IP range for the Network. Click "Add subnet".
The first subnet created will be the management subnet. Assign a name for the subnet. Assign corresponding IP range. Remember to select Services "Microsoft.Sql"for the subnet. click "Add".
The second subnet created will be the DMZ subnet. Assign a name for the subnet. Assign corresponding IP range. Remember to select Services "Microsoft.Sql"for the subnet. click "Add".
The third subnet created will be the VDI subnet. Assign a name for the subnet. Assign corresponding IP range. "Microsoft.Sql"is NOT Required for the subnet. click "Add".
Make sure all 3 subnets are added. Click "Reviewed + create".
Click "Create".
Virtual Network and subnets will be created.
Click the "DNS" tab of the Virtual Network. Add corresponding DNS server. From my example, I am adding IP of a Domain Controller running on a separate Virtual Network. Click "Save".
3. Network Peering (Optional)
This step is optional. If you are running a Domain Controller VM which locating on a different Virtual Network, Network Peering is required to allow Horizon and VDI desktop talk to the Domain Controller.
On the main page of Azure, select "Virtual networks".
Select the Virtual Network created on last section.
select "Peering" tab and click "Add".
Since Peering is a bidirectional configuration, peering setting will be created on both Horizon Network and Domain Controller Network. 2 different name is required for the Peering. Assign names for each peering setting on the same configuration page.
From my example, I will peer the HoC network to the Server network. So I will create 2 different names as follow representing the 2 peering setting.
Scroll down the page and select the Virtual Network hosting the Domain Controller. Click "Add".
4. App Registration and Create Secret on Azure
After created the Peering, next step will be create the App Registration.
On the Azure main page, click "Azure Active Directory".
Select "App Registration" tab and click "New Registration".
Assign a name for the Registration. Click "Register".
The App Registration will be created with details. Please copy or write down following information. Those will be required for later steps.
- Application ID
- Object ID
- Directory ID
Go back to the Azure main page. Click "Subscriptions".
Click the subscription using for this deployment.
Click "Access control (IAM)" tab. Click "Add" and "Add role assignment".
Select "Contributor". click "Next".
Select "User, groups, or service principal". Click "+ Select members".
Input the name of the App Registration just created in the search field. Select the App Registration and click "Select".
Click "Next".
Click "Review + assign".
Go back to the Azure main page. Click "Azure Active Directory".
Select "App Registration"tab. Click the App Registration created on previous section.
Select "Certificated & secrets". Click "New client secret".
Assign a name of the Secret. Select a expires period. Since this is a PoC setup, I just selected 24 months. You may select a longer period for a production setup. Click "Add".
A secret will be created. Please copy or write down the Secret ID. It will be required for upcoming deployment steps.
5. Register Resource Provider on Azure
The last step on Azure is making sure all required Service Provider is enabled. Regarding the documentation, following Service Providers are required for Horizon Cloud deployment.
Microsoft.Compute
microsoft.insights
Microsoft.Network
Microsoft.Storage
Microsoft.KeyVault
Microsoft.Authorization
Microsoft.Resources
Microsoft.ResourceHealth
Microsoft.ResourceGraph
Microsoft.Security
Microsoft.DBforPostgreSQL
Microsoft.Sql
Microsoft.MarketplaceOrdering
Details can be referenced from following document.
This session will making use the PostgreSQL and KeyVault as an example. Showing you how to enable Service Provider. Please repeat the steps and checking on all Service Providers listed on the document.
On the Azure main page, click "Subscriptions".
Click the subscription for this deployment.
Click "Resource providers". Search "Microsoft.DBforPostgreSQL". Click the Microsoft.DBforPostgreSQ under Provider. Click "Register".
Make sure the status of the Provider is Registered.
Search "Microsoft.keyvault". Click the Microsoft.keyvault under Provider. Click "Register".
Make sure the status of the Provider is Registered.
6. Horizon Cloud Deployment
After all those Azure prerequisites listed on previous sections, we will start the actual deployment of the Horizon Cloud.
Login the VMware Horizon Cloud Control Plane with your VMware Connect ID.
Click "Manage" under Microsoft Azure tab. Click "Manage Subscriptions".
Select "Add". Assign name for the Subscription and select "Azure - Commercial" for Environment. Provide different ID and secret key created in previous sections. click "Confirm".
Click "Manage". Click "Add Pod".
Select the subscription just created. Click "Next".
If it is the first time of your deployment, select "New". Assign name for Site and Pod Name. Select corresponding location of your deployment.
You may enable HA for the deployment. Since this is just a PoC deployment, I am not enable HA at this stage. But don't worry, you can enable back HA anytime after the initial deployment.
Scroll down the page. Select the Virtual Network created on Azure for this deployment. And select corresponding management and VDI subnet created on Azure. Click "Next".
You may also create Internal and External Gateway for the deployment. I will cover the steps of Gateway creation at other chapter. This setting can be enabled back anytime after the initial deployment. Click "Validate & Proceed".
Click "Submit".
Wait for the deployment to complete the process.
Microsoft Azure will marked complete after the deployment.
Extra Resources Group will be created on Azure by the deployment process. Each Resources Group will holding corresponding Horizon Cloud resources.
----- END -----
Commentaires