I know I have been quiet the last few months, but this is because I have been doing some large VMware PSO projects: designing Hybrid cloud solutions and implementing Horizon on VMC on AWS deployments. Which took most of my time but now I want to translate all the experiences I have had during these projects, into a nice blog article.
During one of these projects, I was the lead architect in creating an extension of their existing Horizon solution in VMC on AWS. Essentially creating a Horizon hybrid cloud solution for the customer to expand and eventually decommission the on-premises solution.
In this blog, I will try to explain my core design decisions and thoughts on why I made certain design decisions.
Why choosing Horizon on VMC on AWS:
Some of you might think, why go with a solution like Horizon on VMC on AWS, where we have the Horizon Cloud Solution?
The Horizon Cloud solution is namely a fully managed solution by VMware that allows for the same scalability and flexibility as VMC on AWS.
Apps, apps, and apps:
This can be best answered by asking the customer a simple question, do you still have legacy applications running?
In 99,99% of the cases, the answer will be yes or something like that eventually resulting in a pretty large list containing “business-critical apps” that can be considered as legacy applications.
To clarify the term legacy application, this terminology can be best described in my opinion in two ways:
1) An application that is a couple of years old, and has never been patched/maintained to be compatible with recent OS versions.
Most likely the developer has left the company or there is a lack of documentation but the service is considered business-critical.
2) A 3 tier application that has multiple interconnections with other backend systems. Most of the time these are complex, have multiple layers of services and have hard requirements on underlying databases and such.
So when it comes to Horizon cloud or VMC on AWS, the applications and most certainly the legacy applications can be a major factor in your design decisions. As we are still designing a Horizon solution, it all comes down to the end-user accessing and working with corporate applications in an efficient and performant manner.
So key take away:
– Application latency?
– Server-client requirements?
These can make a solution like Horizon on VMC on AWS be a better candidate.
As both can host the application infrastructure and Horizon solution side by side and still, provide the benefits of direct cloud service integration compared to on-premises solutions.
DC evacuation and DR/BC
Another business driver might be Horizon service/solution availability and recoverability in case of maintenance, disaster, failure,…
Choosing a Solution like VMC on AWS or even Horizon cloud allows for direct extension towards a secondary site.
This potentially eliminated the need for the customer to invest in a secondary data center.
Combined with instant cloning technology and elastic scaling within VMC allows for scaling on demand when additional resources are needed. This provides the customer to start with a minimum deployment size and scale when needed in case of disaster.
So key take away:
– Geo-dispersed High-Availability options (Multi-AZ deployments)?
Security
A third factor that might influence the selection of which Horizon solution is best suited for the customer might be security.
With Horizon on VMC on AWS, the entire management and governance of the Horizon environment remain in the hands of the customer.
Combined with options as vRealize Network insight and log insight in combination with NSX in your SDDC, provides administrators to fully implement a zero-trust Horizon solution.
So key take away:
– Is security a primary requirement?
Start designing Horizon on VMC on AWS
With some details of why Horizon on VMC on AWS is still a viable solution for customers, we can start taking a look at important design decisions. I will make a shortlist of some of the possible design decisions that can help you in designing a Horizon on VMC on AWS solution.
Existing Horizon Solution? Integration:
Does the customer have an existing Horizon solution on-premises? Does this need to be integrated?
We can use functionalities like Cloud Pod, Universal broker, or Workspace One Access to provide a single point of access.
VMC SDDC:
Single or multi-region / AZ deployment?
Single cluster or multiple clusters within the SDDC?
CIDR range already decided?
On-premises connectivity:
Will we have an integrated solution with the on-premises or completely air-gapped?
Can we use the existing VPN solution, HCX L2 ext., AWS Direct-Connect?
WAN connectivity throughput, latency.
Infrastructure core services:
AD/DS, DHCP, DNS, NTP, KMS, Print, File, Database services will they be available within the SDDC?
If additional services are deployed make sure AD Sites and Services are correctly configured.
Will we utilize AWS Native services like AWS RDS, FSx, EC2 for core services?
Licensing:
Does the customer have the correct Horizon / Workspace One Licenses for Horizon on VMC on AWS?
Desktop and application delivery:
Do we require isolation from internal and external access flows?
SAML Integration with Workspace One or other IDP.
Will any existing base image be reutilized within the Horizon solution?
Architecture overview:
Does the following standard Horizon deployment from the AWS blueprint meet the customer’s requirement?
Or do we need to add additional regions / AZ’s / Clusters/components for High-Availability..
These all can have a major impact on the design requirements.
Additional documentation:
The following links should help you in designing your Horizon on VMC on AWS solution:
https://techzone.vmware.com/resource/horizon-on-vmware-cloud-on-aws-architecture
https://kb.vmware.com/s/article/58539
https://bobbarna.com/2020/12/29/vmc-on-aws-advanced-design-choices/
https://hcx.design/2019/12/13/hcx-network-port-diagrams/
https://www.sharingforbetter.net/aws-elastic-load-balancer-for-horizon-on-vmc-deployment/
https://communities.vmware.com/t5/Horizon-Documents/Load-Balancing-across-VMware-Unified-Access-Gateway-Appliances/ta-p/2777028
https://d1.awsstatic.com/architecture-diagrams/ArchitectureDiagrams/load-balance-horizon7-on-vmware-cloud-on-aws.pdf?ntwd_nsa4
I hope this blog was helpful to you if you are designing your Horizon Hybrid cloud solution utilizing Horizon on VMC on AWS solution. I will continue this blog series on Horizon on VMC on AWS with lessons learned follow-up.
Interested in obtaining your VCIX-DTM, read my study guide for the design exam: VCAP7-DTM Design study guide – part 1