In this blog, I am going to walk you through the deployment of Horizon Pod on Azure Cloud from scratch. For this setup, I am deploying Active Directory in the same subscription in different Virtual network.
There are many requirements for Horizon Pod on Azure which you can find on official docs. I am listing high level of what all we need to deploy pod on Azure. Below are must requirements and rest we can carry out during the provisioning.
- Azure Tenant with Valid Subscription
- Horizon Cloud Control Plane
- Active Directory Domain Services
- On-premises AD
- AD in Azure Cloud
- Azure AD Domain Services
- You should have sufficient quota of Compute resources available in your subscription for which you need to raise to support request with Microsoft.
- Next, we need to create Service Principal in Azure which will be used by Horizon Cloud Control Plane to deploy POD and Workload on Azure platform.
- Click on Hamburger icon in Azure portal and navigate to Azure Active Directory > App Registration and click on +New Registration
- Enter Name <Horizon On Azure> for the App and select radio button against Single Tenant and click Register
- Note down the Application ID & Directory ID to be used in Horizon Cloud Tenant.
- Navigate to Certificates & Secrets under Manage of the App and click on +New client secret
- Enter Description and select validity of secret, then click on Add
- Copy the secret Value.
Note: Once you navigate away from this page, secret will no more be visible and new secret need to be created.
- Now, assign appropriate rights to this App on the subscription.
- Navigate to Subscription and Click on Access Control (IAM) > +ADD > Add role assignments
- Select below and click on Save
Role: Contributor
Assign access to: Azure AD user, group, or service principal
Select: <Horizon On Azure>
- Ensure your Azure subscription does have below resource provider registered:
- Microsoft.Compute
- Microsoft.insights
- Microsoft.Network
- Microsoft.Storage
- Microsoft.KeyVault
- Microsoft.Authorization
- Microsoft.Resources
- Microsoft.ResourceHealth
- Microsoft.DBforPostgreSQL
- Microsoft.Sql
- We will create a new Virtual Network for Horizon Pod.
- Click Hamburger Menu> Virtual Network and Provide following date and click on Next.
Resource Group: <HCoA-RG-01>
Name: <HCoA-vNet-01>
Region: <West US>
- Enter CIDR for Address space and add a default subnet <HCoA-Subnet-01>. Click on Add and then Review + Create.
- On validation screen, click on Create.
- As I have mentioned above Active Directory is in same subscription in other Virtual Network. In order to provide connectivity to AD network from Horizon Pod we need to do peering between Virtual Network where AD is connected and Virtual Network where Horizon Pod will be deployed.
Note: For customer deployments, you may need to VPN to provide AD access from on-premises. - Click on HCoA-vNet > Peerings > +Add
- Enter below details and click Save
Name for Peering from HCoA to AD Virtual Network
Select AD Subscription, Virtual Network
Name for Peering from AD Virtual Network to HCoA
Select Enabled for all traffic.
- In order to communicate and join VMs to domain, Provide DNS server IP in the Horizon Pod Virtual Network. Navigate to HCoA virtual Network, click on DNS server under Settings and enter DNS IP and click on Save
- In next Blog, we will discuss further in this series and deploy Horizon Pod on Azure.
Thanks for sharing !