Welcome back to the VMware Horizon Cloud on Azure blog series, During the previous blog in the series Introduction and Design, we shared our excitement around using Horizon Cloud to deploy on Windows Virtual Desktop. We explained the benefits between running both together, from leveraging WVD’s multi-session Windows 10, to how Horizon Cloud enables a full multi-cloud / hybrid-cloud VDI platform.

Now we get to get our hands dirty, and start the build out. Before we set off to preparing the Azure tenant, I once again wanted to share the list of required Virtual Machines and Services.

Required Virtual Machines and Services

  • Pod Deployment Engine – 1 x Standard F2
  • Pod Manager with High Availability – 2 x Standard D4v3 or D3v2
  • Microsoft Azure Database for PostgreSQL Service – Gen 5, Memory Optimized, 2 vCores, 10 GB Storage
  • External Unified Access Gateway – 2 x Standard A4v2
  • Internal Unified Access Gateway – 2 x Standard A4v2

*Note: if deploying to a new tenant, do not forget to increase your vCPU quota for the required instance types to a count well above the listed quantity. See here for more information on Quota increase requests.

Now it’s time to get started with the build work!

Getting Ready to Deploy – Preparing Your Azure Environment

This section walks you through the initial preparation of your Azure tenant for Horizon Cloud readiness. It is assumed that you already have a Microsoft Azure tenant available, with required VPN or Express Route connectivity already configured.

1. Login to Microsoft Azure Admin Portal

2. Select Virtual Networks

3. Click Add to create a new Virtual Network

4. If you do not already have a Resource Group for your Horizon Cloud on Azure deployment, create one now. Select the Create new under Resource Group and provide a name. Click Ok.

5. Provide a Name for the Virtual Network and click Click Next : IP Addresses when complete.

6. Leave the CIDR blocks and subnets at default. Click Next : Security to continue.

7. Leave the Security settings at default for a Proof of Concept deployment. Click Next : Tags to continue.

8. Tags can be leveraged to identify resource types, use cases, and security posture within your Azure tenant. You may configure those here. Since this is a Proof of Concept deployment, tags will not be configured. Click Next : Review + create

9. Review the Virtual Network configuration settings, then click Create.

10. From within your Virtual networks, click to select the newly created virtual network.

11. Find the Service endpoints menu options and click Add.

12. Specify the Service of type Sql and select the default subnet. Click Add.

VNET Peering

VNET peering is required when Active Directory is not in the same virtual network as the Horizon Cloud Service. Most often this will be the case, and VNET peering between the AD virtual network and the Horizon Cloud virtual network will be required.

13. Navigate to Virtual networks and select the new VNET created in the steps above. Click on Peerings and click Add.

14. Provide a name for the peering to the remove virtual network. Leave Resource manager as the virtual network deployment model. Select the right Subscription and Virtual network this network will be peered with. Provide a name for the opposite peering. If a gateway is leveraged within your Azure subscription, select the option to Allow gateway transit. Click OK once complete.

15. After completion, see that the status of the peering on the newly created Virtual network is Connected.

16. To verify the peering going the other direction, navigate to the virtual network that peering was configured with and select Peering. The status of that peering will also show Connected.

Configure DNS

1. From the Virtual network that will be used for Horizon, navigate to DNS servers. Change the DNS servers selection to Custom and provide the IP Address of the DNS server. In this POC, I have used the IP address of my single domain controller. Multiple DNS server IP addresses should be provided in a production deployment.

Create Horizon Cloud Service Principal

The service principal / app registration is used by the Horizon Cloud Service to gain the necessary access to your Azure tenant, and deploy all require Horizon Cloud Components, as well as perform on-going management and administration tasks within Azure.

1. Navigate to Azure Active Directory and select App registrations. Click New registration to create the new service principal.

2. Provide a unique name for the app / service principal. Leave Supported account types at Accounts in this organizational directory only and click Register.

3. Navigate to Certificates & secrets and click on New client secret

4. Provide a Description for the secret and configure how long before the secret It is recommended to use the most secure option of In 1 year. Click Add.

5. Note the secret Value after creation. This will be used during the initial Horizon Cloud on Azure deployment wizard.

6. In addition to the secret, you will also need to take down the following IDs for use during the Horizon Cloud on Azure deployment.

  • Application ID
  • Directory ID

7. Navigate to Subscriptions. If you are unable to find it from within available menu selections, you may have to use the search bar. Take note of the Subscription ID for use during Horizon Cloud on Azure deployment. Click on the Subscription name to configure permissions.

8. Select on Access control (IAM) and click on Select Add role assignment from the drop down that appears.

9. Select the Role of Contributor. Under Select, start typing the name of the service principal and the App created above should appear.

10. Click to select the service principal, then click Save. You will see the App show up under Selected members.

Verify the required Resource Providers are registered 

1. Navigate to Subscription, and select Resource providers.

2. Review the list for the following providers.

  • Microsoft.Compute
  • Microsoft.insights
  • Microsoft.Network
  • Microsoft.Storage
  • Microsoft.KeyVault
  • Microsoft.Authorization
  • Microsoft.Resources
  • Microsoft.ResourceHealth
  • Microsoft.DBforPostgreSQL
  • Microsoft.Sql

I would recommend using the search bar to locate these providers. It may be tedious, but it’s the easiest way to ensure the selected provider is registered. If any providers are not registered, select them and click Register. Neither Microsoft.Insights or Microsoft.Sql were registered during the initial POC deployment.

Ready for Horizon Cloud

The Azure Tenant is now ready to go! Don’t forget to increase your vCPU quota if this is a new tenant. The next blog in the series will show you how to deploy and configure the first Horizon Cloud on Azure pod.

Services

Security

Creating a strategy for managing risk and compliance while helping to filter the myriad of cybersecurity technologies

Modern Infrastructure

Empowering your enterprise to its greatest potential through an efficient and secure IT infrastructure

Digital Workplace

Enhancing enterprises with Application and Desktop Virtualization, Device Management, Identity and Security Compliance, and Communications and Collaboration.

Cloud Enablement

Accelerating IT service delivery through the adoption of agile methodologies using systems-oriented approach

Microsoft Expertise

Helping set goals and establishing benchmarks with the successful deployment of Microsoft solutions

Enterprise Managed Services

Best IT practices with design, configuration, implementation, licensing and environmental services

Markets and Market Support Vehicles

Business

Professional services and renowned expertise aligned with the trends and challenges facing a variety of industries

Healthcare

Addressing IT challenges faced by healthcare organizations through trusted services, solutions and relationships

Public Sector

Helping organizations manage costs and high availability while increasing security, compliance and efficiency

Group Purchasing

Industry-leading IT consulting services and technology solutions through a streamlined contracting process

Resource Library

Events

e360 in-person and online events

Solutions Literature

Access content on e360 services

Blog

Read about trending technology

Press Releases

Get official updates about e360

News Stories

Read about industry and e360 news

Media

e360 webinar and podcast content

About e360

Who We Are

Our mission, vision, leadership and team

Accolades

e360 awards and recognition

Privacy

e360's commitment to privacy

Community

e360's commitment to privacy

Careers

e360 career opportunities

Connect With e360

e360 locations and contact resources