24x7x365 e360 Client Technical Support: Call (877) 368-4797 opt 9, or

Welcome back to the VMware Horizon Cloud on Azure blog series, During the previous blog in the series Introduction and Design, we shared our excitement around using Horizon Cloud to deploy on Windows Virtual Desktop. We explained the benefits between running both together, from leveraging WVD’s multi-session Windows 10, to how Horizon Cloud enables a full multi-cloud / hybrid-cloud VDI platform.

Now we get to get our hands dirty, and start the build out. Before we set off to preparing the Azure tenant, I once again wanted to share the list of required Virtual Machines and Services.

Required Virtual Machines and Services

  • Pod Deployment Engine – 1 x Standard F2
  • Pod Manager with High Availability – 2 x Standard D4v3 or D3v2
  • Microsoft Azure Database for PostgreSQL Service – Gen 5, Memory Optimized, 2 vCores, 10 GB Storage
  • External Unified Access Gateway – 2 x Standard A4v2
  • Internal Unified Access Gateway – 2 x Standard A4v2

*Note: if deploying to a new tenant, do not forget to increase your vCPU quota for the required instance types to a count well above the listed quantity. See here for more information on Quota increase requests.

Now it’s time to get started with the build work!

Getting Ready to Deploy – Preparing Your Azure Environment

This section walks you through the initial preparation of your Azure tenant for Horizon Cloud readiness. It is assumed that you already have a Microsoft Azure tenant available, with required VPN or Express Route connectivity already configured.

1. Login to Microsoft Azure Admin Portal

2. Select Virtual Networks

3. Click Add to create a new Virtual Network

4. If you do not already have a Resource Group for your Horizon Cloud on Azure deployment, create one now. Select the Create new under Resource Group and provide a name. Click Ok.

5. Provide a Name for the Virtual Network and click Click Next : IP Addresses when complete.

6. Leave the CIDR blocks and subnets at default. Click Next : Security to continue.

7. Leave the Security settings at default for a Proof of Concept deployment. Click Next : Tags to continue.

8. Tags can be leveraged to identify resource types, use cases, and security posture within your Azure tenant. You may configure those here. Since this is a Proof of Concept deployment, tags will not be configured. Click Next : Review + create

9. Review the Virtual Network configuration settings, then click Create.

10. From within your Virtual networks, click to select the newly created virtual network.

11. Find the Service endpoints menu options and click Add.

12. Specify the Service of type Sql and select the default subnet. Click Add.

VNET Peering

VNET peering is required when Active Directory is not in the same virtual network as the Horizon Cloud Service. Most often this will be the case, and VNET peering between the AD virtual network and the Horizon Cloud virtual network will be required.

13. Navigate to Virtual networks and select the new VNET created in the steps above. Click on Peerings and click Add.

14. Provide a name for the peering to the remove virtual network. Leave Resource manager as the virtual network deployment model. Select the right Subscription and Virtual network this network will be peered with. Provide a name for the opposite peering. If a gateway is leveraged within your Azure subscription, select the option to Allow gateway transit. Click OK once complete.

15. After completion, see that the status of the peering on the newly created Virtual network is Connected.

16. To verify the peering going the other direction, navigate to the virtual network that peering was configured with and select Peering. The status of that peering will also show Connected.

Configure DNS

1. From the Virtual network that will be used for Horizon, navigate to DNS servers. Change the DNS servers selection to Custom and provide the IP Address of the DNS server. In this POC, I have used the IP address of my single domain controller. Multiple DNS server IP addresses should be provided in a production deployment.

Create Horizon Cloud Service Principal

The service principal / app registration is used by the Horizon Cloud Service to gain the necessary access to your Azure tenant, and deploy all require Horizon Cloud Components, as well as perform on-going management and administration tasks within Azure.

1. Navigate to Azure Active Directory and select App registrations. Click New registration to create the new service principal.

2. Provide a unique name for the app / service principal. Leave Supported account types at Accounts in this organizational directory only and click Register.

3. Navigate to Certificates & secrets and click on New client secret

4. Provide a Description for the secret and configure how long before the secret It is recommended to use the most secure option of In 1 year. Click Add.

5. Note the secret Value after creation. This will be used during the initial Horizon Cloud on Azure deployment wizard.

6. In addition to the secret, you will also need to take down the following IDs for use during the Horizon Cloud on Azure deployment.

  • Application ID
  • Directory ID

7. Navigate to Subscriptions. If you are unable to find it from within available menu selections, you may have to use the search bar. Take note of the Subscription ID for use during Horizon Cloud on Azure deployment. Click on the Subscription name to configure permissions.

8. Select on Access control (IAM) and click on Select Add role assignment from the drop down that appears.

9. Select the Role of Contributor. Under Select, start typing the name of the service principal and the App created above should appear.

10. Click to select the service principal, then click Save. You will see the App show up under Selected members.

Verify the required Resource Providers are registered 

1. Navigate to Subscription, and select Resource providers.

2. Review the list for the following providers.

  • Microsoft.Compute
  • Microsoft.insights
  • Microsoft.Network
  • Microsoft.Storage
  • Microsoft.KeyVault
  • Microsoft.Authorization
  • Microsoft.Resources
  • Microsoft.ResourceHealth
  • Microsoft.DBforPostgreSQL
  • Microsoft.Sql

I would recommend using the search bar to locate these providers. It may be tedious, but it’s the easiest way to ensure the selected provider is registered. If any providers are not registered, select them and click Register. Neither Microsoft.Insights or Microsoft.Sql were registered during the initial POC deployment.

Ready for Horizon Cloud

The Azure Tenant is now ready to go! Don’t forget to increase your vCPU quota if this is a new tenant. The next blog in the series will show you how to deploy and configure the first Horizon Cloud on Azure pod.

Services

Security

Creating a strategy for managing risk and compliance, while helping to filter the noise of myriad cybersecurity technologies.

Modern Infrastructure

Empowering your enterprise to achieve its full potentialand greatest efficiencyby keeping IT infrastructure operational, available and secure.

Digital Workplace

Helping businesses keep infrastructure up-to-date, minimizing security risks, and maintaining compliance

Cloud Enablement

Accelerating IT service delivery for our clients through the adoption of agile methodologies that are all part of a systems-oriented approach.

Microsoft Expertise

Helping set goals and establishing benchmarks for the journey toward the successful deployment of Microsoft solutions.

Enterprise Managed Services

Design, implementation, licensing optimization, and environmental services, ensuring use of Microsoft's best practices and configurations.

Our Markets and Market Support Vehicles

Business

Professional services and nationally-recognized expertise that align perfectly with the trends and challenges facing a variety of industries.

Healthcare

Recognizing the unique challenges faced by healthcare IT organizations, and offering understanding, capabilities, and trusted relationships.

Public Sector

Helping organizations contain costs maintain high availability while finding new ways to increase security, compliance and more.

Group Purchasing

Industry-leading IT consulting services and technology solutionsaccessed through a streamlined contracting process.

Resource Library

Events

Learn about our upcoming events and webinars.

Solutions Literature

Access content on e360 solutions and services.

Blog

Learn about leading technology topics.

Press Releases

Read official updates from the e360 team.

News Stories

Read about latest industry and  e360 news.

Media

Access e360 webinars and podcasts.

About e360

About e360

Our mission, vision, leadership and team

Accolades

e360 awards and recognition

Privacy

e360's commitment to privacy

Community

e360's commitment to privacy

Careers

e360 career opportunities

Contact

e360 locations and contact resources