The last couple of weeks I have been working with VMware Horizon Cloud for Microsoft Azure, and tesing the bits and pieces about the platform, and especially I’ve been looking at how it compares against Citrix Cloud in general. Therefore I decided to write this blog post to maybe enlighten how it differs in terms of deployment and operations and how to get it up and running. you can review the requirements for Horizon Cloud for Azure deployment here –> https://docs.vmware.com/en/VMware-Horizon-Cloud-Service/services/com.vmware.hconmsazure.getstarted.doc/GUID-DC011997-CE9E-4B38-9C4F-57104226218C.html#GUID-DC011997-CE9E-4B38-9C4F-57104226218C
One thing I want to highlight that moving VDI to the cloud does not bring any real value unless it is for the proper reasons, in most cases the public cloud is still more expensive then running it on local infrastructure. The most common use-case if you can benefit from the automatic scaleability that cloud provides such as companies where the amount of users is fluctuating going from 10 – 100 users during working hours ( 7 AM – 5 PM) where you only need to pay for what you use in terms of infrastructure cost and licensing.
The architecture is quite simple, as Citrix Cloud it requres that we have an existing Azure subscription and with an existing Active Directory virtual machine running and an virtual network defined. After you have setup the connection it will deploy a Horizon Cloud Node(Node Manager) which acts as the hub between Horizon Cloud Control Plane and your servers and Active Directory.
It also provides simple update mechanism, so when an new version is available the node will automatically upgrade itself and the unified access gateway running in parralell and configuration information and system state is copied from the running SmartNode and Unified Access Gateways to the new ones. After the configuration information is copied and checks completed, the new SmartNode and Unified Access Gateways become active.
To begin with let’s take a closer look at some of the capabilities that are included in the initial release of Horizon Cloud on Microsoft Azure.
* Application & Session Desktop Delivery
Ability to publish and manage RDS-hosted applications and desktops on Microsoft Azure while leveraging on-premises and cloud resource (VDI not available that is coming later)
* Hybrid Architecture
Support for both Horizon Cloud with on-premises infrastructure and Horizon Cloud on AzureMicrosoft Azure, in a single solution.
* User Experience & Access
Identity-based end-user catalog access via VMware Workspace ONE
Secure remote access for end users with integrated VMware Unified Access Gateway
Support for Blast Extreme, Blast Extreme Adaptive Transport (BEAT) protocol.
* Power Management
Ability to track and manage Microsoft Azure capacity consumption to keep costs low, allowing for scaling based upon sessions or schedule.
* Easy Deployment
Automated deployment of Horizon Cloud service components Integration with Microsoft Azure Marketplace to allow importing a Windows Server image on which the necessary agents get automatically applied.
* Simplified Management
Horizon Cloud always maintained at latest versions Under five-minutes, self-scheduled upgrades for components on Microsoft Azure via Blue-Green upgrades.
Unified Access Gateway deployed automatically in Microsoft Azure.
Horizon Cloud Apps
Named User – $8/month
Concurrent User – $13/month
One of the first inital things that struck me was the price model that they have for cloud. With is named user or concurrent user. If we are thinking about a global organization where task workers are roaming across different regions concurrent user would make a lot more sense also combined with the pay-as-you-go model that is in the cloud. Also that XenApp Essentials from Citrix cost 12$/month for each named user.
Another detail was that VMWare chooses to do automatic deployment of their Unified Access Gateway as a virtual appliance directly to Microsoft Azure, while in Citrix you would need to deploy this on your own, or using NGaaS service from Citrix. However the NGaaS Service all traffic is routed trough Citrix Cloud POPs which the unified gateway provides direct communication from the endpoint to the applications.
Another thing is when setting up agents in Azure, VMware has a limited set of virtual machine instances that they support which are Standard_D2_v2, Standard_D3_v2, Standard_D4_v2 & Standard_NV6 not sure why they only have this list, Citrix Cloud supports all available instance types on Azure. Also one thing with the NV series. With this release, GPU is supported for use only in Microsoft Windows Server 2012 R2 due to a driver limitation in the Horizon agent in Microsoft Windows Server 2016.
Setting up Horizon Cloud against Azure we need to create an application service principal in our Azure AD account and this application ( service principal ) needs to have contributer right on the Azure subscription.
NOTE: is is important that the sign-on URL is http://localhost:8000 or else the wizard will fail.
Doing all this work on setting up the service principal should be automated however, Citrix Cloud uses an Azure AD account to create a service account for the use. This way we don’t need to get all the info like App ID, Directory ID and such.
The initial wizard also requires us to have a precreated vNET. The wizard will automatically create the subnets within the vNET( Management, Desktop and DMZ). It will also handle the deployment og the access gateway.
Also the wizard will also automatically deploy a unified access gateway which will be accessable behind an Azure load balancer also equipped with a certificate. The only piece we need to fix is the public DNS record.
If you have a fresh account it will also validate the quota setup for the Azure account both to ensure the certificate, quota of users and make sure that the subsets are not already defined.
After you are done with the initial wizard it will start to provision a jumpbox server on the Azure account and start downloading agents and other VHD files. After the jumpbox server is up and running it will start to setup the node manager. The jumpbox will then self destruct after the node manager is up and running and is only provisioned/used when there is an update or building up a node manager.
After the node manager is up and it has successfully connected back to the control plane (Horizon Cloud) you just need to complete the wizard setup, and setup integration with Active Directory.
After you have integrated Horizon Cloud with Active Directory will need to reauthenticate to VMware cloud and also after login again you will also need to authenticate against Active Directory which the node manager is integrated with.
After you are authenticated you need to create an image which will be used to deploy your applications. You can either bring you own image or you can import a VM from the marketplace.
- Horizon will essentially create a VM using a image from the Azure marketplace (Which is either 2012 R2 or 2016) and it will preinstall the agent and such which we then can convert to an image.
- After the desktop from the marketplace was created we can go ahead and convert to an image after we have adjustments to it. This makes it easy to create a master image with doing just a small piece of the image setup.
- After that I need to create an farm based upon the image, where I have the same list of machine models that are supported. I also specify what kind of protocol, domain and client type I want to use. Further down I also specify the logon idle timeout value as well (before a session is kicked out)
Next I specify the update/maintance sequence, where it will do automatic draning of each server, as best practice for virtual machine maintenance is to restart the VMs from time to time, to clear out cached resources or any memory leaks from third-party applications in the VM. I can also specify what the servers should do during maintance window, such as restart or rebuild.
- so after I’ve specified the amount of VM’s it will start to provision the farm based upon the image and machine instance type in Azure.
- And last but not least, do an assigment of a desktop to a set of users.
From the first impression, I do love the work that VMware has done with Azure in terms of integration. It does provide and supports many of the Azure features.
* Using Azure AD Service Principal for authenticating with Azure and also checking the storage quota.
* Using Managed Disks for VM provisioned on the farms
* Power Management for virtual machines using ARM underlying API.
* Automatic starting of another node in a farm if one goes down suddenly.
Also that they provide the simple deployment of the Unified Access Gateway and certificate management can be done using the Horizon Cloud HTML5 portal which makes it easy to manage the remote access. Now I enjoy working with NetScaler, but Citrix should do something simliar to have simple deployment of remote access where they just deploy a VPX instance directly to Azure.
- A couple of things I would like to see for the future setup.
* Support for Encrypted Disks in Azure
- * Support for other machine model and instances in Azure
* Be able to define my own resource grups.
* Provide OMS module for Monitoring ( yes please! )
* Specify disk size use of managed disks.
- Looking forward to seeing this develop moving forward!