Deploying Horizon Cloud Edges

Objective and Tasks

Deploy a Horizon Cloud edge and bind it to an existing Active Directory domain:

1. Deploy the Edge and Unified Access Gateway

2. Configure Back-End Pools for a Load Balancer

3. Configure DNS to the Edge

Task 1: Deploy the Edge and Unified Access Gateway

You bind Horizon Cloud to Active Directory, configure access to Workspace ONE Access cloud, and deploy the Horizon Cloud edge and Unified Access Gateway.

The Horizon Cloud edge and Unified Access Gateway provide access to the resources that end users require.

  1. Go to https://connect.omnissa.com and log in to the Omnissa Cloud Services console.
    • User name: horizonseals<student_number>@techseals.co
    • Password: Omnissa1!Omnissa1!
    • Under Workspace ONE Cloud, click LAUNCH SERVICE.
    • Under Horizon Cloud, click LAUNCH.
  1. Navigate to Domain Registration.  
    • Under Horizon Cloud Service, click SELECT.
    • Under Domain Registration, click REGISTER DOMAIN.
  1. On the Domain Registration page, configure the domain details.
    • Name: TECHSEALS
    • DNS Domain Name: techseals.co
    • Default OU: CN=Computers
    • Description (optional): Domain information for Computer Accounts
    • Click NEXT.
    • Domain Bind Accounts page opens.
  1. On the Domain Bind Accounts page, configure the domain details.
    • Bind Username: dbind
    • Bind Password: Omnissa1!Omnissa1!
    • Auxiliary Bind Username: abind
    • Auxiliary Bind Password: Omnissa1!Omnissa1!
    • Click NEXT.
    • Domain Join Accounts page opens.
  1. On the Domain Join Accounts page, configure the domain details.
    • Bind Username: djoin
    • Bind Password: Omnissa1!Omnissa1!
    • Auxiliary Bind Username: ajoin
    • Auxiliary Bind Password: Omnissa1!Omnissa1!
    • Click NEXT.
    • Domain Enrollment Services Accounts page opens.
  1. Leave the default option unchanged for Domain Enrollment Service Accounts
    • Click NEXT.
    • Protocol page opens.
  1. On the Protocol page.
    • Set to LDAP from the drop-down.
    • Click SAVE.
  1. Configure Identity & Access.
    • On the Deploy and Configure page of Horizon Cloud, Select IDENTITY & ACCESS.
    • Note:- Step 9 shows how to fetch the Omnissa Access URL
  1. To fetch the Omnissa Access URL,
    • Go back to My Workspace portal on the browser
    • Lauch Access
    • Make a note of Omnissa Access URL as shown in the picture above
  1. From the Identity Provider drop-down menu,
    • select Omnissa Access Cloud
    • Tenant subdomain , add first part of the Access
    • Access tenant FQDN, add the Access tenant FQDN noted in step 9
    • See the example above from step 9 and step 10
  1. Deploy Horizon Edge.
    • Under Horizon Edge, click START DEPLOYMENT.
    • Enter <geo>hcsmadm<student_number>-edge in the Horizon Edge Name text box.
    • Enter Edge for Class Training in the Description text box.
    • Click NEXT.
    • Primary Provider page opens.
  1. In the Primary Provider page, configure the following settings.
    • Azure Subscription: Leave the default option unchanged.
    • Provider Name: Enter <geo>hcsmadm<student_number>-provider in the text box.
    • Subscription ID: Provided by the instructor.
    • Azure Cloud Type: Select Azure  Commercial from the drop-down.
    • Azure Region: Provided by the instructor.
    • Directory ID: Provided by the instructor.
    • Application ID: Provided by the instructor.
    • Application Key: Provided by the instructor.
    • Leave the other options unchanged and click ADD.
    • Once the Provider details are added, click NEXT.
    • Secondary Providers page opens, leave the default option unchanged and click NEXT.
    • Networks page opens.
  1. In the Networks page, configure the following settings.
    • Click Select.
    • From the Network Selection list, select the check box for your network <geo>hcsmadm-vnet<student_number>
    • Click SAVE.
    • Click NEXT.
    • Site page opens.
  1. On the Site page.
    • Enter Default in the Site Name text box.
    • Click NEXT.
    • Connectivity page opens, leave the default option and click NEXT.
    • Horizon Edge Gateway page opens.
  1. Configure the settings under Horizon Edge Gateway.
    • Deployment Type: Leave it to default option unchanged.
    • Cluster outbound type: Leave NAT gateway selected.
    • User Assigned Managed Identity:  Select <geo>-AMI-<student_number> from the drop-down menu.
    • Virtual Network: Select <geo>hcsmadm-vnet<student_number> from the drop-down menu.
    • Management Subnet: Select Management from the drop-down menu.
    • Service CIDR: Enter 10.0.0.0/27 in the text box.
    • Pod CIDR: Enter 10.244.0.0/21 in the text box.
    • AKS Cluster DNS Prefix: Leave the default option unchanged.
    • Use SSO: Leave the default option unchanged.
    • Use outbound proxy: Leave the default option unchanged.
    • Click DEPLOY.
      • Horizon Edge Gateway deployment gets initiated.
      • It might take 5 to 10 mins
    • Click NEXT.
    • Unified Access Gateway page opens.
  1. Configure the settings under UAG.
    • Access type: Leave the default option unchanged.
    • Automatic Public IP: Leave the default option unchanged.
    • External FQDN: Enter <geo>-uag<student_number>.techseals.co
    • Certificate Type: Select PFX from the drop-down menu.
    • Certificate: Upload the certificated provided by the Instructor.
    • Password: Omnissa1!Omnissa1!
    • VM Model: Leave the default option unchanged.
    • UAG VMs: Leave the default option unchanged.
    • Virtual Network: Select <geo>hcsmadm-vnet<student_number> from the drop-down menu.
    • VM Subnet: Select the VMs from the drop-down menu.
    • Management Subnet: Select Management from the drop-down menu.
    • DMZ Subnet: Select DMZ from the drop-down menu.
    • Click SAVE.
    • In the Deployment in Progress dialog box, click OK.
    • Click OK.

Note: This process takes about 15 to 20 minutes to deploy. You can monitor the status by selecting Resources > Capacity in the left navigation pane and refreshing the page until the value under Status changes to Connected.

You should also see Ready in the Unified Access Gateway column and Connected in the Horizon Edge Gateway column.

Task 2: Configure Back-End Pools for a Load Balancer

This lab is only for viewing purpose. In latest versions, Loadbalancers are configured automatically.

You configure the back-end pools and load-balancing rules for a load balancer so that you can access the environment as an end user in later labs.

  1. Configure the VNet Peering:
    • If necessary, log in to Microsoft Azure
    • Go to portal.azure.com on your browser
    • Username: <company>.<full_name>.<student_number>
    • Password: Omnissa1!Omnissa1!
    • To expand the left navigation pane, click the hamburger icon on the menu bar.
    • In the left navigation pane, select Load balancers.
    • Click <geo>-UAG-LB-<Student_number>.
  1. On the <geo>-UAG-LB-<Student_number> page.
    • In the left navigation pane, navigate to Settings > Backend pools.
    • Click + Add.
  1. Configure the settings on the Add backend pool page.
    • Name:  Enter <geo>-uag-<student_number>-bepool in the text box.
    • Virtual network: Select <geo>hcsmadm-vnet<student_number> from the drop-down.
    • Backend Pool Configuration: Select the IP addresses.
    • Click Save.

Note: You can select only two IP addresses from the available subnets. The addresses should be in the subnet for the 10.4.<student_number>.192/27 Unified Access Gateway.

Choose any two IP addresses from the usable range, for example:

  • 10.4.<student_number>.196
  • 10.4.<student_number>.197
  1. Configure HTTP load balancing rules:
    • In the left navigation pane, select Load balancing rules.
    • On the Load balancing rules page, click +Add.
    • Name: Enter http in the text box.
    • IP Version: Select IPv4.
    • Frontend IP address: Select the FEIP from the drop-down menu.
    • Backend pool: Select the <geo>-uag-<Student_number>-bepool back-end pool that you created.
    • Protocol: Select TCP.
    • Port: Enter 80 in the text box.
    • Backend port: Enter 80 in the text box.
    • Health Probe: Select lb-probe (HTTPS:443/favicon.ico).
    • Session persistence: Select Client IP.
    • Enable TCP Reset: Leave the default options unchanged.
    • Enable Floating IP: Leave the default options unchanged.
    • Outbound Source Network Address translation: Select Recommended.
    • Click Save.

Note: When you configure the Health Probe setting, you must not select lb-udp-probe.

  1. Configure the HTTPS load-balancing rules:
    • On the Load balancing rules page, click +Add.
    • Name: Enter https in the text box.
    • IP Version: Select IPv4.
    • Frontend IP address: Select the FEIP from the drop-down menu.
    • Backend pool: Select the <geo>-uag-<Student_number>-bepool back-end pool that you created.
    • Protocol: Select TCP.
    • Port: Enter 443 in the text box.
    • Backend port: Enter 443 in the text box.
    • Health Probe: Select lb-probe (HTTPS:443/favicon.ico).
    • Session persistence: Select Client IP.
    • Enable TCP Reset: Leave the default options unchanged.
    • Enable Floating IP: Leave the default options unchanged.
    • Outbound Source Network Address translation: Select Recommended.
    • Click Save.

Note: When you configure the Health Probe setting, you must not select lb-udp-probe.

  1. Configure the BLAST-TCP load-balancing rules:
    • On the Load balancing rules page, click +Add again.
    • Name: Enter blast-tcp in the text box.
    • IP Version: Select IPv4.
    • Frontend IP address: Select the FEIP from the drop-down menu.
    • Backend pool: Select the <geo>-uag-<Student_number>-bepool back-end pool that you created.
    • Protocol: Select TCP.
    • Port: Enter 8443 in the text box.
    • Backend port: Enter 8443 in the text box.
    • Health Probe: Select lb-probe (HTTPS:443/favicon.ico).
    • Session persistence: Select Client IP.
    • Enable TCP Reset: Leave the default options unchanged.
    • Enable Floating IP: Leave the default options unchanged.
    • Outbound Source Network Address translation: Select Recommended.
    • Click Save.

Note: When you configure the Health Probe setting, you must not select lb-udp-probe.

  1. Configure the PCoIP load-balancing rules:
    • On the Load balancing rules page, click +Add again.
    • Name: Enter PCoIP in the text box.
    • IP Version: Select IPv4.
    • Frontend IP address: Select the FEIP from the drop-down menu.
    • Backend pool: Select the <geo>-uag-<Student_number>-bepool back-end pool that you created.
    • Protocol: Select TCP.
    • Port: Enter 4172 in the text box.
    • Backend port: Enter 4172 in the text box.
    • Health Probe: Select lb-probe (HTTPS:443/favicon.ico).
    • Session persistence: Select Client IP.
    • Enable TCP Reset: Leave the default options unchanged.
    • Enable Floating IP: Leave the default options unchanged.
    • Outbound Source Network Address translation: Select Recommended.
    • Click Save.
  1. Configure the BEAT load-balancing rules:
    • On the Load balancing rules page, click +Add again.
    • Name: Enter beat in the text box.
    • IP Version: Select IPv4.
    • Frontend IP address: Select the FEIP from the drop-down menu.
    • Backend pool: Select the <geo>-uag-<Student_number>-bepool back-end pool that you created.
    • Protocol: Select UDP.
    • Port: Enter 8443 in the text box.
    • Backend port: Enter 8443 in the text box.
    • Health Probe: Select lb-udp-probe (TCP:443).
    • Session persistence: Select Client IP.
    • Enable Floating IP: Leave the default options unchanged.
    • Outbound Source Network Address translation: Select Recommended.
    • Click Save.
  1. Configure the PCoIP-UDP load-balancing rules:
    • On the Load balancing rules page, click +Add again.
    • Name: Enter pcoip-udp in the text box.
    • IP Version: Select IPv4.
    • Frontend IP address: Select the FEIP from the drop-down menu.
    • Backend pool: Select the <geo>-uag-<Student_number>-bepool back-end pool that you created.
    • Protocol: Select UDP.
    • Port: Enter 4172 in the text box.
    • Backend port: Enter 4172 in the text box.
    • Health Probe: Select lb-udp-probe (TCP:443).
    • Session persistence: Select Client IP.
    • Enable Floating IP: Leave the default options unchanged.
    • Outbound Source Network Address translation: Select Recommended.
    • Click Save.

Note: Verify that seven load-balancing rules are configured. Four rules use the lb-probe, and three rules use the lb-udp-probe.

Task 3: Configure DNS to the Edge

You add the edge to the TECHSEAL DNS to ensure that the edge.

  1. Go to https://connect.omnissa.com and log in to the Omnissa Cloud Services console.
    • User name: horizonseals<student_number>@techseals.co
    • Password: Omnissa1Omnissa1
    • Under Workspace ONE Cloud, click LAUNCH SERVICE.
    • Under Horizon Cloud, click LAUNCH.
Click to copy
  1. Record the load balancer IP:
    • From the navigation pane on the left, select Resources > Capacity.
    • Click <geo>hcsmadm<student_number>-edge.
    • Scroll down to the Unified Access Gateway section and record the load balancer IP address.
  1. Login to Workspace ONE cloud connector that you created :
    • Go to portal.azure.com on your browser
    • Click the hamburger icon to expand the left navigation pane and select Virtual machines.
    • Click the Workspace ONE cloud connector that you created WS1-CC-<student_number>
    • Navigate to Connect > Bastion.
    • Username: HCSMAAdmin
    • Password: Omnissa1!Omnissa1!
    • Click Connect.
    • When windows login complets, Server Manager page opens.
  1. Configure the DNS Settings.
    • On the Server Manager page, navigate to Tools > DNS.
    • On the DNS Manager page, expand WS1-CC-<student_number>.
    • Expand Forward Lookup Zone.
    • Right click techseals.co and select New Host (A or AAAA).
  1. Add New Host.
    • Name: Enter <geo>-edge<student_number> in the text box.
    • Fully qualified domain name: Leave the default value unchanged.
    • IP Address: Enter the IP address that you recorded in an earlier step.
    • Select the check box for Create associated pointer (PTR) record.
    • Click Add Host.

 

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.