Monthly Archives: November 2017

Comparison between Horizon Cloud and Citrix Cloud on Azure

The last couple of weeks I have been working with VMware Horizon Cloud for Microsoft Azure, and tesing the bits and pieces about the platform, and especially I’ve been looking at how it compares against Citrix Cloud in general. Therefore I decided to write this blog post to maybe enlighten how it differs in terms of deployment and operations and how to get it up and running. you can review the requirements for Horizon Cloud for Azure deployment here –> 

One thing I want to highlight that moving VDI to the cloud does not bring any real value unless it is for the proper reasons, in most cases the public cloud is still more expensive then running it on local infrastructure. The most common use-case if you can benefit from the automatic scaleability that cloud provides such as companies where the amount of users is fluctuating going from 10 – 100 users during working hours ( 7 AM – 5 PM) where you only need to pay for what you use in terms of infrastructure cost and licensing.

The architecture is quite simple, as Citrix Cloud it requres that we have an existing Azure subscription and with an existing Active Directory virtual machine running and an virtual network defined. After you have setup the connection it will deploy a Horizon Cloud Node(Node Manager) which acts as the hub between Horizon Cloud Control Plane and your servers and Active Directory.

It also provides simple update mechanism, so when an new version is available the node will automatically upgrade itself and the unified access gateway running in parralell and configuration information and system state is copied from the running SmartNode and Unified Access Gateways to the new ones. After the configuration information is copied and checks completed, the new SmartNode and Unified Access Gateways become active.

Architecture illustration of the node's resource groups, VMs, and subnets

To begin with let’s take a closer look at some of the capabilities that are included in the initial release of Horizon Cloud on Microsoft Azure.

* Application & Session Desktop Delivery
Ability to publish and manage RDS-hosted applications and desktops on Microsoft Azure while leveraging on-premises and cloud resource (VDI not available that is coming later)
* Hybrid Architecture
Support for both Horizon Cloud with on-premises infrastructure and Horizon Cloud on AzureMicrosoft Azure, in a single solution.
* User Experience & Access
Identity-based end-user catalog access via VMware Workspace ONE
Secure remote access for end users with integrated VMware Unified Access Gateway
Support for Blast Extreme, Blast Extreme Adaptive Transport (BEAT) protocol.
* Power Management
Ability to track and manage Microsoft Azure capacity consumption to keep costs low, allowing for scaling based upon sessions or schedule.
* Easy Deployment
Automated deployment of Horizon Cloud service components Integration with Microsoft Azure Marketplace to allow importing a Windows Server image on which the necessary agents get automatically applied.
* Simplified Management
Horizon Cloud always maintained at latest versions Under five-minutes, self-scheduled upgrades for components on Microsoft Azure via Blue-Green upgrades.
Unified Access Gateway deployed automatically in Microsoft Azure.
* Pricing
Horizon Cloud Apps
Named User – $8/month
Concurrent User – $13/month

One of the first inital things that struck me was the price model that they have for cloud. With is named user or concurrent user. If we are thinking about a global organization where task workers are roaming across different regions concurrent user would make a lot more sense also combined with the pay-as-you-go model that is in the cloud. Also that XenApp Essentials from Citrix cost 12$/month for each named user.
Another detail was that VMWare chooses to do automatic deployment of their Unified Access Gateway as a virtual appliance directly to Microsoft Azure, while in Citrix you would need to deploy this on your own, or using NGaaS service from Citrix. However the NGaaS Service all traffic is routed trough Citrix Cloud POPs which the unified gateway provides direct communication from the endpoint to the applications.

Another thing is when setting up agents in Azure, VMware has a limited set of virtual machine instances that they support  which are Standard_D2_v2, Standard_D3_v2, Standard_D4_v2 & Standard_NV6 not sure why they only have this list, Citrix Cloud supports all available instance types on Azure. Also one thing with the NV series. With this release, GPU is supported for use only in Microsoft Windows Server 2012 R2 due to a driver limitation in the Horizon agent in Microsoft Windows Server 2016.

Setting up Horizon Cloud against Azure we need to create an application service principal in our Azure AD account and this application ( service principal ) needs to have contributer right on the Azure subscription.
NOTE: is is important that the sign-on URL is http://localhost:8000 or else the wizard will fail.

Create App Registration screen with values for Hzn-Cloud-Principal

Doing all this work on setting up the service principal should be automated however, Citrix Cloud uses an Azure AD account to create a service account for the use. This way we don’t need to get all the info like App ID, Directory ID and such.

The initial wizard also requires us to have a precreated vNET. The wizard will automatically create the subnets within the vNET( Management, Desktop and DMZ). It will also handle the deployment og the access gateway.


Also the wizard will also automatically deploy a unified access gateway which will be accessable behind an Azure load balancer also equipped with a certificate. The only piece we need to fix is the public DNS record.

If you have a fresh account it will also validate the quota setup for the Azure account both to ensure the certificate, quota of users and make sure that the subsets are not already defined.


After you are done with the initial wizard it will start to provision a jumpbox server on the Azure account and start downloading agents and other VHD files. After the jumpbox server is up and running it will start to setup the node manager. The jumpbox will then self destruct after the node manager is up and running and is only provisioned/used when there is an update or building up a node manager.


After the node manager is up and it has successfully connected back to the control plane (Horizon Cloud) you just need to complete the wizard setup, and setup integration with Active Directory.


After you have integrated Horizon Cloud with Active Directory will need to reauthenticate to VMware cloud and also after login again you will also need to authenticate against Active Directory which the node manager is integrated with.


After you are authenticated you need to create an image which will be used to deploy your applications. You can either bring you own image or you can import a VM from the marketplace.

    • image
      • Horizon will essentially create a VM using a image from the Azure marketplace (Which is either 2012 R2 or 2016) and it will preinstall the agent and such which we then can convert to an image.
        • image
        • After the desktop from the marketplace was created we can go ahead and convert to an image after we have adjustments to it. This makes it easy to create a master image with doing just a small piece of the image setup.
        • After that I need to create an farm based upon the image, where I have the same list of machine models that are supported. I also specify what kind of protocol, domain and client type I want to use. Further down I also specify the logon idle timeout value as well (before a session is kicked out)
  • image

    Next I specify the update/maintance sequence, where it will do automatic draning of each server, as best practice for virtual machine maintenance is to restart the VMs from time to time, to clear out cached resources or any memory leaks from third-party applications in the VM. I can also specify what the servers should do during maintance window, such as restart or rebuild.

    • image
  • so after I’ve specified the amount of VM’s it will start to provision the farm based upon the image and machine instance type in Azure.
  • image
  • And last but not least, do an assigment of a desktop to a set of users.
  • image

One thing I notice is that I love the dashboard showing issues directly related to Azure such as quota management, since most subscriptions in Azure have a soft quota which should be increased. image

From the first impression, I do love the work that VMware has done with Azure in terms of integration. It does provide and supports many of the Azure features.
* Using Azure AD Service Principal for authenticating with Azure and also checking the storage quota.
* Using Managed Disks for VM provisioned on the farms
* Power Management for virtual machines using ARM underlying API.

* Automatic starting of another node in a farm if one goes down suddenly.
Also that they provide the simple deployment of the Unified Access Gateway and certificate management can be done using the Horizon Cloud HTML5 portal which makes it easy to manage the remote access. Now I enjoy working with NetScaler, but Citrix should do something simliar to have simple deployment of remote access where they just deploy a VPX instance directly to Azure.

  • A couple of things I would like to see for the future setup.
    * Support for Encrypted Disks in Azure
  • * Support for other machine model and instances in Azure
    * Be able to define my own resource grups.
    * Provide OMS module for Monitoring ( yes please! )
    * Specify disk size use of managed disks.
  • Looking forward to seeing this develop moving forward!

More info on VMware HCX

After looking into the blog post announcements on VMware HCX after VMworld I decided to get a bit more info what HCX actually is. This blog post will try to summarize what it is and what it can do. HCX is not a single product, but a combination of multiple VMware products which will be available is a single solution.
HCX is a also a cloud product which is delivered together with HCX Providers such as IBM or OVH.

So what can HCX Provide? It is essentially works as an extension between your existing infrastructure and a HCX Provider or a bridge. This allows for instance use of

  • Disaster Recovery 
  • Hybrid Cloud 
  • Migration to newer platforms

On the HCX provider side we have a VMware Cloud Foundation setup. Cloud Foundation is based off of  VMware vSphere, vSAN, NSX, and SDDC Manager, where the last part automates and orchestrates the entire deployment process on the providers end. Using NSX on the providers end opens up for a new way to do software-defined network where all traffic is wrapped into VXLAN traffic. On the client’s or customers end we only need to deploy a single virtual machine (which is the HCX Client) this runs on your existing VMware infrastructure. The HCX client will be backwards compatible with as old versions ESX 5.1, and allow for management from the existing VMware console.

HCX will also come with WAN optimization and will allow us to connect our existing DC over regular internet or we can use a direct connection with the cloud provider. Regardless all traffic will be encrypted using AES 256 bits encryption.

So HCX will provide secure Live vMotion – HCX proxies vMotion, resulting in a secure, zero downtime live migration to the cloud, over the HCX interconnect fabric described above.  It will also provide built-in business continuity – HCX provides DRaaS to enable business continuity while migrating/moving applications, and will allow customers can define as low as 5-minute RPO/RTO for VMs.

So some question that I am left with (Which I’m guessing will be answered when it will be released.)

1: How will the HCX Client provide redudancy on the customer side? can we setup multiple HCX clients which can load balance across the traffic?
2: How can we handle disaster recovery when it comes to layer two network failure?
3: How does it integrate with older versions of VMware where we don’t have web based console?
4: Since it doesn’t require us to have NSX on the customer side, and we pay for the license as part of the cloud offering what kind of functionality will we get?

When will it be available?
November – 2017 ( Later this month ) so looking forward to testing this on IBM Bluemix especially. IBM is also consolidating both of their platforms (Bluemix and Softlayer) into a single platform from a management perspective as well. So it should be available from the different IBM Softlayer locations pretty soon –>