Deploy and Configure Digital Workspaces via VMware Horizon Cloud and Workspace ONE in the Microsoft Azure Cloud


I’ve written and presented on the Digital Workspaces topic for around 2 years now, but I’ve never done an article on the VMware Horizon Cloud on Azure solution. Deploying Horizon Cloud on Microsoft Azure as resource location was an article that was on my list for a very long time, and now, I can finally say that I put it down to paper and share this one with my visitors – VDILIKEAPRO – Workspace community!

The industry is going through the biggest Digital Workspace transition in our history.

Hold tight –The world is currently going through one of the most impressive digital transitions right now, and you and I are part of this awesome journey. This journey creates opportunities for companies that want to reach something really fast by just doing something that never been done before – just to be different and faster than competitive solutions. The EUC industry changes to a Digital Workspace – the same concept, therefore now in a Cloud point of view.

“The end of ‘Fashion-IT’ — customers will only pay for value and not technology.”

Customers just aren’t impressed anymore by simple and small improvements and flashy lights. It’s no longer cool to have a fully functionating Remote Desktop or VDI environment, there are much more things involved right now to make a real difference on the workspace market and all the vendors are fighting to have the best Virtual Desktop solution on a Cloud, or better say, multi-cloud perspective. And I must admit, Horizon Cloud is doing great steps so far – I’m very impressed after implementing the solution on my own Azure subscription.

VMware Horizon Cloud is one upcoming player in this field, rapidly growing and increased their product stack in the past 3 years – resulted in doubling their market share. With the latest Horizon Cloud on Azure product support in particular. Horizon Cloud delivers different options to deliver your Workspaces. Some of them need to be managed by yourself, but talking about the Azure variant – your Virtual Desktops images are your own responsibility and will be placed in Microsoft Azure Infrastructure-As-a-Service (IaaS). All the other management tasks are all taken place from the Horizon Cloud Control Place – mostly automated – without user interaction.

The architecture pictureHorizon Cloud works pretty straightforward and simple. You first purchase the service at your VMware CSP or Sales representative – the service is unfortunately not yet available from the Azure Marketplace. After succeeding this, you’ll receive access to the Horizon Cloud control plane – or also known as the Astro GUI – where all the magic happens. A simplified, and an automated wizard will help you with the connection to Azure, and a temporary Deployment (JumpBox – sandbox) Engine will be placed in your Azure Infrastructure-As-a-Service environment. This is a Linux Virtual Machine that will be used as a sort of relay server of the Horizon Cloud to deploy all the workload in Azure. The Engine will automatically be removed after a successful deployment. Furthermore, a Linux node stays behind as brokering service to the Control Plane and your Virtual Applications and Desktops as well. Workspace ONE is automatically configured for remote access and you’re good to go and start sessions.

About architecting – VMware EUC ChampionJohan van Amersfoort just released a new book, called the VDI Design Guide. I highly recommend reading this book to expend your Architecture and Best Practices knowledge on VMware Horizon and VDI in particular.

Curious about the complete walkthrough process in more detail? Continue reading…

In this article, I’ll describe how you can implement a Horizon Cloud on Azure environment from scratch and will share as much as information possible to ensure that your implementation goes perfectly at the first attempt!

Extra – I’m giving a presentation at the E2EVC Conference in Athens, Greece in the beginning of November about all the different Digital Workspace solutions in Microsoft Azure – with the title – Get an inside Scoop of the different Digital Workspace solutions in Microsoft Azure. If you’re there and interested in the different options in Azure, please come by.

Enjoy reading!

Table of Contents

Click on the title to forward in the article

Did you know this about Horizon on Azure?

  • It supports Windows 10 as well as Windows Server 2012 R2 and 2016 in Microsoft Azure to publish Virtual Desktops and Applications from the Horizon Cloud control place
  • Horizon Cloud control plane runs from inside Amazon AWS datacenters in the USA, Australia or Germany
    • The Horizon Cloud control plane is also known as the Astro GUI
  • Horizon Cloud is available in two subscription models:
    • Per named user (NU) – For virtual environments with staff that require dedicated access to virtual machines throughout the day.
    • Per concurrent connection (CCU) – For virtual environments with a high number of users who share machines throughout the day, such as students and shift workers.
  • The Horizon Cloud Control Plane is built in Kubernetes containers, which makes it very easy to upgrade your Horizon Cloud Nodes in Azure.
  • The complete control plane and registration nodes are based on Linux Operating Systems. VMware is securing their platform by using Linux rather than Windows OS. Upgrading the Node for example always takes place as a completely fresh installation. In-place upgrading is not supported.
  • VMware Horizon Cloud is available on Public Azure, Azure China, Azure Germany, and Azure Government
  • You currently can purchase Horizon Cloud only directly from VMware or your preferred reseller. Horizon isn’t available from the Azure Marketplace right now.
  • The Virtual Machine – Horizon Cloud Agent Auto Update (AAU) service can easily update agents via the Horizon Cloud control plane
  • The service account to set up Horizon Cloud must have the RBAC Contributor role, and not the Owner role.
  • A hybrid ExpressRoute or Site-to-Site VPN connection to Azure is only required when you want to connect internally to your Workspace ONE environment.
  • When you decide to connect over the internet to your Horizon Desktops in Azure – you’ll need to configure the Unified Access Gateway appliance
  • When activating the Horizon Unified Gateway, make sure to request and assign the SSL certificate in .pem format
  • Workspace ONE is the Unified Portal for all your VMware as well as Citrix and future RDmi workspace solutions.
  • Endpoint – session communication goes directly to Azure – no need for a active connection to the control plane.
    • The Blast Extreme Adaptive Transport (BEAT) and PCoIP display protocol optimizes the end-user session for high distances – for the best experience on long-distance and high latency connections
    • Sessions always can continue proceeding when there is an outage on Horizon Cloud Control plane and Workspace ONE – sessions are a connection directly from the endpoint to the Azure environment.
  • Azure Active Directory Domain Services as a replacement for traditional Active Directory is as well supports within Horizon Cloud
  • Supported Windows Active Directory Domain Services (AD DS) domain functional levels are Windows Server 2012 R2 and Windows Server 2016
  • As part of the configuration process, the master VM is joined to your domain. You can leave the Master Image out of the corporate domain.
  • NTP servers need to be available and accessible from the Horizon Cloud Node and Unified Access Gateways for accurate time configuration
  • Deployment Engine is needed for the deployment in Azure
    • You can deploy more than one node and manage all of them from the Horizon Cloud Administrator Console.
    • The node stays behind which is a Linux VM based on an Azure D2v2 SKU resource Virtual Machine
  • User Power Management features to save costs on Azure
    • Power Management is free included with Horizon Cloud.
    • Power Management can be used in an up and downscale solution, based on resource consumption as well as for specific scheduled time frames after working hours.
  • Azure Availability Set is not supportedVMware is working on this right now and support is expected soon.
    • Azure Availability Zones are officially not supported as well.
  • TrueOkta, AzureAD, Ping and TrueSSO are the supported Bring-your-Own Identity providers for Workspace ONE
    • Two-Factor Authentication is as well supported for Workspace ONE, such as Azure MFA or any other server which support the RADIUS protocol
  • If you want to use the node for GPU-capable desktops or remote applications, ensure that the Microsoft Azure region you select for the node provides for those NV-series VM types that you want to use and which are supported in this Horizon Cloud release.
    • Horizon Cloud support graphics-intensive workloads on Microsoft Azure GPU-enabled infrastructure
  • VMware gives Horizon Cloud customers the opportunity to use VMware UEM as User Profile Management solution – to publish settings to your end users – all completely free and part of the package deal.
  • Workspace ONE comes with Apteligent – which helps developers of mobile applications and IT organizations analyze mobile application performance in real-time, and understand user behavior for their mission-critical apps to address issues that matter the most and have a direct impact on business and revenue.
  • VMware created a deployment checklist – which overcomes problems during the implementation when you start deploying Horizon Cloud on Azure.
  • Horizon Cloud comes with an Enterprise-grade+ 99.9% availability SLA, 24-7 support from VMware for the Horizon Cloud service. So you’ve always support nearby if needed.

Note: Please check the following URL for more detailed information

VDILIKEAPRO independent survey results

Which on-premises VDI solution is used to provide access to the virtual desktops?

“Most participants do use Citrix VDI on-premises technology, 57.7% in 2018. VMware is a very strong competitor and is being used in 26.9% of the deployments. There is a huge difference between Citrix adoption and adoption with VMware. We believe this is mainly because Citrix historically has a larger customer base and the Citrix community is much stronger and more active compared to the VMware EUC community. Microsoft RDVH/VDI adoption is still very small but increased from 2% in 2017 to 4.6% in 2018. The strong growth rate of Workspot in 2017 is little less in 2018 but still increased from 6.36% in 2017 to 7.82% in 2018.”

 Will you introduce or change to new on-premises VDI/SBC broker vendor?

“In 2014, 71.1% of the respondents didn’t consider changing their VDI/SBC solution, while in 2017, 55% didn’t consider changing the VDI/SBC broker. In 2018, this number didn’t really change. The biggest difference is in the number of participants who are seriously considering moving away from on-premises to public cloud offerings — 12.57% in 2018, with 10.61% investigating their options. While Workspot adoption of VDI increased from 6.36% in 2017 to 7.82% in 2018, no one seems to be considering Workspot as a new on-premises VDI/SBC solution.”

 

 Which public cloud (Remote App/DaaS) solution will you introduce or use?

“Remote application and Desktop as a Service provided by a service provider using Citrix, Microsoft or VMware solutions are being considered by 15.67% of the participants. 18.16% of the respondents will introduce or use Citrix Cloud while Amazon Appstream and Workspaces is just considered or used by 3.73% of the participants — a decline from 7.17% in 2017. Workspot increased from 5.61% to 8.71% and VMware Horizon Cloud is considered by 3.23% of participants. Frame on both Azure and AWS is considered or being used by 8.70% of the survey respondents — a strong increase of 6.93% compared to 2017. The biggest competitor for public cloud DaaS/remote application as a service isn’t Citrix, Frame, Amazon, VMware, or Microsoft — it’s the on-premises VDI/SBC solutions combined with trends to use more web/SaaS, mobile, and PCs. 9,70”

 Horizon Cloud for Azure is a Desktop-As-s-Service (DaaS) service which is released by VMware at the beginning of 2018 – for this reason – don’t expect high number here for the simple reason that the product wasn’t there for a long time when independent people in the community answered the survey question.

Recommended: Download the complete EUC – VDILIKEAPRO survey here.

Global vs. USA vs. the Netherlands

 You see a small difference between the 3 regions. What’s interesting to share –  the Netherlands is having the highest value of the 3.

 You know what they say about the Dutch, right?J

Workspace ONE integration

VMware Workspace ONE is a unified management platform that can control end users and almost every mobile device and cloud-hosted virtual apps and desktops from the cloud or on-premises as well as SaaS and other Web Services through one single pane of glass – with mostly Single-Sign-On experience. It’s probably the most popular and known product of VMware Horizon right now.

VMware delivers a free version of Workspace ONE to the Horizon Cloud on Azure version – which supports remote access and secondary authentication to your Virtual Desktops and Apps. When you want to extend this with all the other benefits, such as Azure AD support, Okta, and Ping and all the other MDM and context and security management tools as well. Then you’ll need to extend this with an Advanced license.

Note: Workspace ONE also supports Citrix Virtual Apps and Desktops and Remote Desktop Services – and will support the future of RDS, which is called RDmi – Remote Desktop Modern Infrastructure as well.

 

What about monitoring

We IT Admins all know that monitoring is critical to be done in a very detailed manner. How more the detail, how faster we find the cause of the problem right? Or at least we are starting point will be more accrued.

Horizon Cloud delivers a monitoring solution included in the Cloud license, which makes it possible to manage resource usage, alerts displayed when one or more of the following parameters is at or above a set threshold value: CPU usage percentage, memory usage percentage, and disk latency. 

See below an example of how the different Horizon Cloud – monitoring screens look like.

Power Management scaling

Power management is critical from a cost and performance point of view in a digital Cloud Workspace solution. As you know, running workloads in Azure IaaS consumes money – and most (the ones I worked for) companies don’t like to spend too much money. Running machines 24/7 when your users are not using them is spending money on nothing. So to make this bill lower – you’re able to create different off-to working hour schedules – which can turn of your VDI environment after the usual 9 to 5 hours.

Furthermore, next to the feature to schedule static times – guarantee performance is as well critical. For this reason, you can scale up and down your VDI based on resource consumption, such as CPU and RAM allocation. For instance, when a Windows Server reach the maximum of 80% CPU usage – a new Virtual Machine will spin up to make sure the user experience will be the same!

 

Another cool enhancement is Rolling Maintenance – where you can plan your Virtual Machine – Horizon Agent software maintenance upfront

Azure Virtual Machine – Multi-User sizing’s

With the Workspace ONE solution, you can publish Windows apps and, SaaS and mobile apps and desktops through a single pane of glass. The instances that are making the desktop and application publishing possible– the Horizon Cloud Smartnode – needs to be available anytime in the best performance possible for the end-user. You don’t want to oversize your environment, because that creates extra costs for Azure resource consumption. So for this reason, unbiased LoginVSI measurement results are required to perform proper sizing’s of your Desktop and Servers Operating System Virtual Machines in Azure Infrastructure-As-a-Service.

VMware published a very comprehensive whitepaper for IT architects and administrators not so long ago, which holds (see table below) the most popular sizing’s in Azure. Based on different LoginVSI Workload runbooks, results of a maximum concurrent session are published. If your workloads require vGPU’s to ensure proper performance, the NV6-series in Azure will do best in a cost and performance perspective regarding this test.

Knowledge workers and Task workers are different workloads in LoginVSI. If you’re interested in the differences of those 2 – and how that reflects your end-users – please check this LoginVSI Wiki article.

 The following graphic is the same outcome as the table, but now in a more graphical picture.

 

Pre-check list

VMware created a deployment checklist – which overcomes problems during the implementation when you start deploying Horizon Cloud on Azure. Before you start – I’m recommending to read the document first. Most of the requirements are included in the – Did you know – section of this blog as well. 

 

Request a trial to get started

Register for a Horizon Cloud on Azure 45-days trial through this URL. You’ll receive the full-featured products for this duration, and get the best experience possible.

You’ll be contacted fast after the registration to start the onboarding process. If you need help with the trial – or the onboarding process – please let me know at the comment section at the end of this blog. 

 

Logon to the Horizon Cloud Control Plane

Log on to the Horizon CloudControl Place with your my VMware credentials

https://cloud.horizon.vmware.com/horizonadmin/

 

Accept the terms of Service

 

 Click on Add – next to Add Cloud Capacity

 What about Add On-Premises Capacity? On-Premises capacity can be added by ordering a supported Hyperconverged Infrastructure Appliance (HCIA). Once delivered, set up the HCIA and pair it with Horizon Cloud using it’s local HAL interface. Then, you can log back in and come here to manage the newly added node. When you see your On-Premises node listed here, you can complete the remaining Getting Started steps and deliver applications and desktops to your employees.

 You now will be asked to provide the Microsoft Azure subscription details.

We switch back to this screen later.

  

Create an Azure AD App Registration for Horizon 

Before we can proceed with this step, we’ll have to create a so called App Registration in Azure Active Directory. 

Go to the Azure Portal and open Azure Active Directory  

Click on App Registration

Click on + New App Registration

Enter the following name and Sign-on URL

Click on Create

Confirm that the creation proceeded successfully…

Open the new App Registration from the list

Save the Application ID and Object ID, which we need to enter in the Horizon Cloud deployment procedure.

Now we need to create API keys within the App Registration for Horizon Cloud – to provide the external access from the Horizon Cloud to the Azure tenant – subscription.

Go to the Settings menu of the App Registration

Open the Keys menu

  

Create a new Key

Name it something like – Horizon-Key01

Click on Save

Note: Set the key to never expires to ensure that the always keep working. If you have a security policy that doesn’t allow you to do that. Make sure to refresh the key before it expires – the connection / interaction between the Horizon Cloud control plane and Azure will break!

 

The passphrase key will be displayed once – make sure to save the key in a save location. You cannot restore the key!

We are now ready – and done with the App Registration part

Assign App Registration principal roles

We now need to assign the Contributor RBAC role to the App RegistrationPrincipal Role account we just created. 

Go to the Subscription menu and open your Azure subscription 

Openthe Access control (IAM) menu

Click on Add

Assign the ContributorRole to the Service PrincipalApp Registration account

Click Save

Wait for the rights confirmation 

 Confirm that the registration went successful.

Open the Resource Providers menu and check if the providers below are green

Microsoft.Compute

Microsoft.insights

Microsoft.Network

Microsoft.Storage

Microsoft.KeyVault 

Connect from the Horizon Cloud to Azure 

Switch back to the Horizon Cloud

(Make sure to collect all the data)

The first one is just the Azure subscription name

 Environment is the Azure region – the type of datacenter

 Subscription ID is easy – that’s the one of your Azure tenant

 Directory ID can be found at the Properties menu in Azure Active Directory

 

 Application ID is the one from the Horizon App Registration

 The passphrase key from the App Registration

 then you collected all the data – the details must be something like the screenshot below

Click on Add

 

The connection is proceeding

Configure the Horizon Cloud Node 

When you entered all the correct information, the following Node Setup screen returns. We are one step closer to the final Horizon on Azure deployment. 

Enter a name for the Node 

Create a Horizon Resource Location (can be random)

Select a Azure region location.

Select the Azure Virtual Network

Select your Management Subnet for the Node – sandbox 

(Note: Horizon will create both subnets during the enrolment – they need to be unique and cannot be an existing subnet!) 

For me – the following 2 subnets below were created.

Select the subnet for your Virtual Desktops

Click on Next

 

Configure the Horizon Gateway for external Public Internet Access

(the following steps are only required when you want to expose your Virtual Desktop environment to the Public internet, and let users work from home for example – Select No when you want to skip this step)

Before we proceed, make sure to request a Public SSL certificate first, with the DNS/Common Name registered for the external access DNS URL to your Horizon Cloud environment.Make sure that the SSL is exported as .PEM format 

(See this URL how to convert from PFX to PEM)

Enter the DNS name

Enter the subnet (in CIDR notation) for the DMZ network that will be configured to connect the Unified Access Gateway instances to the load balancer. Recommended: /28.

Upload the SSL .PEM certificate 

Optional: Configure 2-factor authentication

Note: The following settings are only applying the VMware Horizon logon web interface. If you’re looking for AzureAD and Azure MFA, or any other RADIUS server mechanism and technology. Please leave this setting default and configure the advanced security settings in VMware Workspace ONE.

Continue with the next step…

Click on Validate & proceed 

 

Check all the settings in the summary 

Click on Submit

 

 

 The deployment is started – the node is being deployed on Azure

Building the node…

 

The Node – JumpBox is deployed successfully

 

The machine is running in Azure Infrastructure-As-a-Service

Authentication and Identity settings

Switch to the second step in the automated process – which is called the General Setup.

Click on Configure next to Active Directory 

Enter the required information, such as NETBIOS, DNS Domain Name, Horizon Administrator, and a second Auxiliary account as well.

 Note: You need to configure an auxiliary bind account for the Active Directory domains that are registered with your Horizon Cloud Nodes. Configuring an auxiliary bind account avoids locking out your administrator users from the Administration Console in situations where the primary bind account is inaccessible in the Active Directory domain. If the primary bind account configured for the domain becomes inaccessible, the system uses this auxiliary bind account to connect to the Active Directory domain.

 And configure the advanced settings as well

 Click on Domain Bind when done.

Configure the primary DNS server, domain join service account and the default OU to place the Virtual Desktops in.

Note: Make sure this account is part of the Horizon Admin group which is used to access the console

 Click on Save

 You’ll be logged off after the domain join configuration. You now need to logon with your My VMware account followed up with the Horizon Administrator account you defined.

Roles & Permissions setup

Add a Horizon Administrator Group to give account to the Horizon Control place for management purposes

Click on Save

 

 When you switch back to the menu – you have more options to delegate access as well

Enable user session information for utilization, trending and historical analysis.

The User Session Information feature provides details regarding login times, session duration and average session length on a per user basis for historical viewing and analysis. If you enable this feature, we will collect this information, maintain it for the duration of your subscription, unless the customer disables this feature. Disabling the feature will delete previously collected user names and data regarding session usage. If you do not enable this feature (User Session Information), VMware will only collect this information for a limited period of time and hash the username to enable real-time administration but not utilize for historical or aggregated viewing of information by a user. You can enable or disable the User Session Information feature at any time by following the product documentation. 

 This was the final step of the General Setup procedure

 

Configure a Virtual Machine Image

Switch to the 3rth option –Imported VMs

Click on Add

 You can choose 2 options

Use your existing master VM or create a clean one from the Azure Marketplace with all the Horizon Agents automatically installed.

 I’ll go for the Azure Marketplace option

 

 The following Virtual Machine types are supported right now

 

vGPU enabled machines needed? Select Yes to provide GPU-backed hardware. If this toggle is dimmed, that means your Microsoft Azure subscription in the selected node’s region does not support GPU hardware. You’ll get the NV series provided in Azure

Enter the required settings to import the Virtual Desktop

 Make sure to activate the setting below only when you have a EA Agreement with Software Assurance on the Windows Operating system level. Otherwise you are not allowed to use the Hybrid Use Benefit (HUB) discount program

 

 Advanced Settings

 Make sure to activate the extra features when they’re beneficial for your organization.

 Click on Import to start the deployment

The deployment is started

 A new snapshot will be created and available to select as image

 

 Wait for the process to be completed

 The following golden image machine is created in Azure and will completely automated be provided with the VMware Horizon agents

Setup a Remote Desktop Connection to the machine to install software and/or agents that you want to reside in the golden image.

The process is completed 

Create a Clone / Snapshot image

Info: Select a desktop or server VM to convert to an image. The selected desktop or server VM should be powered on and no user should be logged in to convert it to an image. When the desktop or server VM is powered on, you can use the IP address provided to connect and make changes before converting the desktop or server VM to a published image. Click Publish to complete the process.

Open the inventory menu and open images

click on New

Note: The selected desktop or server VM should be powered on to convert it to an image.

Select the new golden Virtual Machine/ Desktopwe just created 

Enter the company name, time zone and local admin credentials.

Click on Publish

The imaging process is started…

The process will now create a snapshot / clone of the machine

And the process is done, the image is ready to use

Switch back to the getting started dashboard

 Dashboard view

Extra: Update agent in Images

Keep this in mind, it can make your life much easier in the future – Did you saw the update agent button in the images menu? That button updates the agent software of Horizon completely automated for you.

Assign Desktops to Users or Groups

Now the fun and easiest part of the procedure starts, the assignment of the Virtual Desktop and Apps to your end-users.

Click on New 

Select a type of desktop

 

Dedicated – means an own Virtual Desktop per user, including persistence of user settings and software installations (if allowed). The Desktop layer is completely persistent for the assigned user. 

Floating – means pooled or better say a random Virtual Desktop which is non-persistent. The users settings can reside in a UEM tooling, such as VMware UEM, but the OS layer will not persists settings or installations. 

Session – means multi-user session for a Windows Server Operating system.

Select the sizing

Update: VMware recently announced new Azure Virtual Machine sizing support at VMworld. See them all below. 

Make sure to select the right sizing for your end-users

I’m using Windows 10 – and for normal task workloads, at least 2 CPU’s are required. 

Use the Enterprise A4v2 only for heavy users

 Give a friendly name to identify the assignment in the system that starts with a letter [a-Z] and contains only letters [a-Z], dashes [-], and numbers. 

Name for all VMs in this assignment, which will have a number appended to it (Server Name 1, Server Name 2, . . . ). It must start with a letter[a-Z] and can contain only letters [a-Z], dashes [-], and numbers. 

Choose which source to use to launch assignments associated with this pool – the client software or completely browser HTLM5 based.

Choose either PCoIP or Blast protocol to be the default protocol for the end user session.

Enter the minimum and maximum number of usable desktops that can run at the same time

Click on Next

Assign the Desktop(s) to a User or Groups

Click Next

Configure session management as your own business needs

Configure PowerManagement to savecosts on Azure resource consumption after business hours. Machines will shut-down automatically after the end time, and turn on at the start time/

When you’re done with the setup – confirm all the settings in the summary.

Click Submit 

 

The DesktopAssignment process is finished

 

Create the RDSH (Windows Server – Multi-Session) Image

The following steps are only needed when you want to Publish Applications based on a Multi-User Server Operating System environment to your end-users. When you only have to publish Windows 10 Virtual Desktops, these steps are not required. You already performed the steps for Virtual Desktop OS in the previous steps. 

As I already showed this procedure in the previous steps, I don’t repeat the same steps here.

Please open again the Import VM menu and click on Go 

 We now need to repeat the same Virtual Machine – image creation steps that we did for Windows 10, but now for Windows Server OS. Please check the steps earlier in this blog if you need help.

Virtual Machine is being deployed…

 

Switch again to Image Managed and create a new image based on the Windows Server OS

Select the created RDSH Image

Click on Publish

Note: Make sure that the agent status is active – this can take a while.

 Click on Configure

Create Application Farm

Click on New

 

Enter the required information 

Select the RDSH image

Click on Next

Select your sizing wisely

 

Use the following reference– to choose the best user density / cost effective sizing’s in Azure.

 

Active a Power Management time schedule

 Click Next

Verify the summary – Click on Submit

Click on Go – next to Application Inventory

 Note: The process if Virtual Machine deployment is now busy – it can take up to 30 minutes to have the Virtual machines ready for the next steps.

Click on New

 

 Click Auto-Scan from Farm

 

Click on Next

Select the apps that you want to Publish

 Click Next

 Change the shortcuts if needed

 Click Next

 

 Click Submit

All the selected Apps are now added to the Farm 

Assign Published Apps to Users or Groups

Switch back to the Dashboard screen for the last step

Click on New 

Enter an Assignment Name

 Give a friendly name to identify the assignment in the system that starts with a letter [a-Z] and contains only letters [a-Z], dashes [-], and numbers.

 Click Next

 

Select the Apps you want to Publish

Click Next

Select a User or Group

Click Next

 

Verify the settings on the Summary page

Click on Submit 

 

Repeat the same steps for all the other Apps in your environment

Activate Workspace ONE in Horizon Cloud Identity Management

These steps are optional and not required for the use of Desktops and Apps only (without 2FA). With the free vIDM VMware give Horizon Cloud + Workspace ONE configured out of the box. There is no additional benefit then 2FA with Workspace ONE/vIDM. But of course, with the (payed) Workspace ONE solution customer get hundreds of additional features also for the apps and desktops delivered via Horizon Cloud or Citrix. 

Go to the Settings menu > followed by Identity Management

 

Click on New

Enter the Identity Manager URL, SSO timeout, location, node, datacente, and TenantAddress.

Click on Save

The Workspace ONE URL is successfully added

Make sure that the Status is green

 

Open your Workspace ONE URL in a browser

Enter in your user credentials

And your new Desktops and Apps are published to you and ready to start! 

And we are inside the Windows Server 2016 RDSH VM – activated with a Nvidia M60 GPU inside an HTML5 browser session 

Note: Make sure to switch to browser mode if you want to use Workspace ONE without the need for the Horizon Client. 

 

Get an own impression – Horizon Cloud + Workspace ONE demo 

See below in a quick video I recorded how Workspace ONE works together with Horizon Cloud with Apps and Desktops placed in Azure Infrastructure-As-a-Service.

Troubleshooting

Do you have sysprep errors in Horizon Cloud on Azure with Windows 10 1709 and 1803 build images? Check this great follow-up article from Felix Block around creating Windows 10 images in Azure the good way:

VMware and Microsoft created already official KB articles on this (VMware KB 2079196; Microsoft KB 2769827) but I think it is still useful to explain the solution in detail. Please be aware that the following steps will remove all AppX Packages, disable the Windows Store and Windows Update on the machine. You can enable them after you created the farm inside Horizon Cloud i.e. via a GPO to meet your company requirements. See the full article below.

https://blogs.vmware.com/horizontech/2018/11/how-to-create-a-windows-10-image-for-horizon-cloud-on-azure.html

That’s it for now. Thanks again for stopping by. 

When you have any questions, please leave them in the comment section.

Cheers,

Christiaan Brinkhoff