Welcome back to the VMware Horizon Cloud on Azure blog series, During the previous blog in the series Introduction and Design, we shared our excitement around using Horizon Cloud to deploy on Windows Virtual Desktop. We explained the benefits between running both together, from leveraging WVD’s multi-session Windows 10, to how Horizon Cloud enables a full multi-cloud / hybrid-cloud VDI platform.
Now we get to get our hands dirty, and start the build out. Before we set off to preparing the Azure tenant, I once again wanted to share the list of required Virtual Machines and Services.
Required Virtual Machines and Services
- Pod Deployment Engine – 1 x Standard F2
- Pod Manager with High Availability – 2 x Standard D4v3 or D3v2
- Microsoft Azure Database for PostgreSQL Service – Gen 5, Memory Optimized, 2 vCores, 10 GB Storage
- External Unified Access Gateway – 2 x Standard A4v2
- Internal Unified Access Gateway – 2 x Standard A4v2
*Note: if deploying to a new tenant, do not forget to increase your vCPU quota for the required instance types to a count well above the listed quantity. See here for more information on Quota increase requests.
Now it’s time to get started with the build work!
Getting Ready to Deploy – Preparing Your Azure Environment
This section walks you through the initial preparation of your Azure tenant for Horizon Cloud readiness. It is assumed that you already have a Microsoft Azure tenant available, with required VPN or Express Route connectivity already configured.
1. Login to Microsoft Azure Admin Portal
2. Select Virtual Networks
3. Click Add to create a new Virtual Network
4. If you do not already have a Resource Group for your Horizon Cloud on Azure deployment, create one now. Select the Create new under Resource Group and provide a name. Click Ok.
5. Provide a Name for the Virtual Network and click Click Next : IP Addresses when complete.
6. Leave the CIDR blocks and subnets at default. Click Next : Security to continue.
7. Leave the Security settings at default for a Proof of Concept deployment. Click Next : Tags to continue.
8. Tags can be leveraged to identify resource types, use cases, and security posture within your Azure tenant. You may configure those here. Since this is a Proof of Concept deployment, tags will not be configured. Click Next : Review + create
9. Review the Virtual Network configuration settings, then click Create.
10. From within your Virtual networks, click to select the newly created virtual network.
11. Find the Service endpoints menu options and click Add.
12. Specify the Service of type Sql and select the default subnet. Click Add.
VNET Peering
VNET peering is required when Active Directory is not in the same virtual network as the Horizon Cloud Service. Most often this will be the case, and VNET peering between the AD virtual network and the Horizon Cloud virtual network will be required.
13. Navigate to Virtual networks and select the new VNET created in the steps above. Click on Peerings and click Add.
14. Provide a name for the peering to the remove virtual network. Leave Resource manager as the virtual network deployment model. Select the right Subscription and Virtual network this network will be peered with. Provide a name for the opposite peering. If a gateway is leveraged within your Azure subscription, select the option to Allow gateway transit. Click OK once complete.
15. After completion, see that the status of the peering on the newly created Virtual network is Connected.
16. To verify the peering going the other direction, navigate to the virtual network that peering was configured with and select Peering. The status of that peering will also show Connected.
Configure DNS
1. From the Virtual network that will be used for Horizon, navigate to DNS servers. Change the DNS servers selection to Custom and provide the IP Address of the DNS server. In this POC, I have used the IP address of my single domain controller. Multiple DNS server IP addresses should be provided in a production deployment.
Create Horizon Cloud Service Principal
The service principal / app registration is used by the Horizon Cloud Service to gain the necessary access to your Azure tenant, and deploy all require Horizon Cloud Components, as well as perform on-going management and administration tasks within Azure.
1. Navigate to Azure Active Directory and select App registrations. Click New registration to create the new service principal.
2. Provide a unique name for the app / service principal. Leave Supported account types at Accounts in this organizational directory only and click Register.
3. Navigate to Certificates & secrets and click on New client secret
4. Provide a Description for the secret and configure how long before the secret It is recommended to use the most secure option of In 1 year. Click Add.
5. Note the secret Value after creation. This will be used during the initial Horizon Cloud on Azure deployment wizard.
6. In addition to the secret, you will also need to take down the following IDs for use during the Horizon Cloud on Azure deployment.
- Application ID
- Directory ID
7. Navigate to Subscriptions. If you are unable to find it from within available menu selections, you may have to use the search bar. Take note of the Subscription ID for use during Horizon Cloud on Azure deployment. Click on the Subscription name to configure permissions.
8. Select on Access control (IAM) and click on Select Add role assignment from the drop down that appears.
9. Select the Role of Contributor. Under Select, start typing the name of the service principal and the App created above should appear.
10. Click to select the service principal, then click Save. You will see the App show up under Selected members.
Verify the required Resource Providers are registered
1. Navigate to Subscription, and select Resource providers.
2. Review the list for the following providers.
- Microsoft.Compute
- Microsoft.insights
- Microsoft.Network
- Microsoft.Storage
- Microsoft.KeyVault
- Microsoft.Authorization
- Microsoft.Resources
- Microsoft.ResourceHealth
- Microsoft.DBforPostgreSQL
- Microsoft.Sql
I would recommend using the search bar to locate these providers. It may be tedious, but it’s the easiest way to ensure the selected provider is registered. If any providers are not registered, select them and click Register. Neither Microsoft.Insights or Microsoft.Sql were registered during the initial POC deployment.
Ready for Horizon Cloud
The Azure Tenant is now ready to go! Don’t forget to increase your vCPU quota if this is a new tenant. The next blog in the series will show you how to deploy and configure the first Horizon Cloud on Azure pod.
