It’s been quiet for a while on this blog, which was primarily related due to a very successful AVD Tech Fest, which we have performed in November. With a new year, there are new blogs and content to share and I’m happy to present you another blog series, this time about VMware’s Horizon Cloud on Azure service.
I’ve seen some blogs around Citrix Cloud on Azure and though it would be a good idea to explain, what people need to know about VMware’s solution and if we’re talking about an Azure Virtual Desktop extension or just another control plane that extends the features of Azure Virtual Desktop!
This article series will focus on the technical implementation Horizon Cloud on Azure has to offer compared with the features of Azure Virtual Desktop natively. I will walk you through an entire setup of an infrastructure and explain the bits and pieces and how they extend the capabilities of AVD.
Description what is Horizon Cloud on Azure
What is Horizon Cloud on Azure?
Based on the general description, Horizon Cloud extends the capabilities of an on-premises Horizon deployment and adds the powerful capabilities of the Azure cloud to offer a highly scalable service, managed through a single pane of glass – the Horizon Cloud Service Control Plane.
This means, that VMware is responsible for hosting the Cloud Service control plane and provides dynamically feature updates and extensions to the service. In addition, the control plane hosts the common management interface, which is called the Horizon Cloud Universal Console.
Compared to a classic deployment of Horizon, the following services play a major role in the deployment.
Responsible for the administrative environment. From the control plane, access to all entitled resources (Desktops and Apps) will be provided to end users.
Horizon Cloud Administration Console
Besides the Cloud Control Plane, Horizon offers the administration console, that provides capabilities to administrators to create, manage and remove desktop and RDSH / Windows 10 Multi-Session farms. It also enables administrators for efficient cost savings due to autoscaling capabilities and dynamic app assignment functionalities.
The Unified Access Gateway (hereafter described as UAG) is the appliance that ensures secure connections to the cloud desktops from anywhere in the world. Technically, it’s a Linux based VM (or set of VMs), that host VMware’s UAG service.
The Horizon agent is a component installed on the virtual machines to offer computing resources to end users.
An Active Directory domain is needed to provide authentication, domain join and Group Policy Management in the cloud infrastructure. The placement of the domain controllers can be as a native Azure VM, Azure ADDS, or an on-premises DC with a Site-2-Site VPN or an Express Route Connectivity to the Azure tenant.
All in all, the logical architecture of an Horizon deployment on Azure could look like this:
The picture illustrates the components stated (except the deployed Azure native resources, which will be covered later) in the Azure environment.
But VMware goes one step further with the Control Plane, as it is NOT exclusively for Azure workloads. Furthermore it is intended to interconnect other SDDCs, Hyperscalers like Google or AWS together to build a real multi-cloud architecture. This enables administrators to leverage their infrastructure to provide a high availability across hyperscalers if needed.
In this article, we will not further focus on the Multi-Cloud journey, but there will be articles, in which I will state and explain such an architecture and configuration setup.
Why would I want to have Horizon Cloud on Azure and not just use AVD?
This is a question I hear quite often when it comes down to Control Planes of each kind in combination with Azure Virtual Desktop or Azure resources. Horizon Cloud on Azure doesn’t extend AVD because it’s not using Microsoft’s Control Plane. It’s a dedicated SaaS offering by VMware which can be run on Azure native infrastructure and benefits from Microsoft’s Windows 10 / 11 Enterprise Multi-Session for full compatibility with Microsoft 365 Apps for Enterprise (including Teams and OneDrive for Business) as well as profile solutions such as FSLogix.
Another, non-technical advantage is, that customers that have been leveraging Horizon on-premises for a while don’t nessecairly need too adopt to much, because the SaaS offering is managing the required Azure components for you (except storage accounts / required infrastructure for AD etc.). That gives companies the time to adopt and train their staff for cloud operations while benefiting from the great capabilities of both worlds.
A topic not to underrate is the flexibility of having a Subscription-Based licensing. The licensing model has been introduced in May 2021 and allows organiziations to take advantage of a single entitlement to all Horizon components.
Currently, VMware offers the following licensing models:
Horizon Universal – Desktops and App delivery for cloud and on-premises
Horizon Apps Universal – App delivery for cloud and on-premises
Horizon Subscription – Desktops and App delivery for cloud deployments only
Horizon Apps Subscription – App delivery for cloud deployments only
Horizon Enterprise Edition Term – Allows to run the agreed Enterprise Edition with all features for either three or twelve months.
What about managing Images?
Building images on Azure is really easy using the Horizon Universal Console! With the image creation capabilities, VMware allows you to first import the required virtual machine from the marketplace and configure the machine if required with a GPU, performs a Domain Join, optimizes the image for the best possible performance and user density and much more!
And what happens if you have multiple Azure PODs that you have to manage? You can now easily spread and replicate those images to all existing PODs using the “Images Multi-POD” option from the console. This reduces especially the administrative overhead, when maintaining common images across the organization.
Which Azure resources will be managed by the service?
In the previous chapter, I’ve outlined, that Horizon Cloud on Azure enables organizations to use the service without deep knowledge on the Azure platform. Which is right, in terms of the VDI platform. Services like Active Directory domains, the creation of virtual networks and Service Principals must be taken in charge by the customer to enable the service. In the next posts, I will walk you through the exact configuration settings and give advices on settings which aren’t documented officially by VMware.
But if you’re still curious, what kind of components will be deployed, please find an overview of the resources being deployed by the service into your Azure subscription when enrolling:
Resource Groups (UAGs, Nodes, Diagnostics, Images, Base VMs)
Key Vaults
Storage Accounts (for automation and custom script extensions)
Azure Database for PostgreSQL Server
NSGs
Loadbalancers for the UAGs
Public IP
Virtual Machines for the Nodes and the UAGs (deployed in a pair each – all VMs are Linux based and don’t consume any Windows license)
Other components will be deployed over time, when the environment starts to grow. We will have a closer look at these components in the upcoming blog posts!
Conclusion
Finally we can say, that even if Horizon Cloud on Azure is in the partner system of Microsofts AVD, it is a SaaS service which is hosted on the Azure platform and gets extended by the Windows 10 / 11 Enterprise Multi-Session image. The huge advantage of Horizon is, that it offers nearly the same features than on-premises to its customers (which we will explore in the upcoming blogs) and offers huge advantages over AVD native in terms of image management, cost savings and scaling in general. Furthermore, it helps organizations to apply a real multi-cloud strategy if this is in the company’s focus.
In the upcoming blog post, I will walk you through all the bits and pieces of the initial Horizon Cloud on Azure infrastructure and am already looking forward to your feedback!
Cheers,
Patrick!