Horizon Cloud on IBM Cloud Setup Form: A Step-by-Step Guide

Once you subscribe to Horizon Cloud, you will receive an email with a link to the form. Login with your MyVMware account to get started. This guide provides answers to some of the most commonly asked questions when filling out the form. If you have any questions about this guide or filling out the Horizon Cloud on IBM Cloud setup form, please contact your VMware representative for assistance.

For more information about Horizon Cloud on IBM Cloud, please review the Deployment Considerations and Networking Overview white papers under Plan & Design.

Note: Please ensure that a representative from each key team involved in your project reviews the form.

Tenant Management

In order to provision a new Horizon Cloud Tenant, click New. Please note that any existing Tenants that have already been created or that are in the process of provisioning will be listed after login.
Configure Tenant

Configure Tenant

Select the Data Center Region that you will be provisioning to, along with a Tenant Name and the Horizon Cloud Data Center in the specific region selected. Click Done when finished.

Tenant List – Start Provisioning

Tenant List – Start Provisioning

The list of tenants created will be displayed.

DaaS Configuration Dashboard

DaaS Configuration Dashboard

The process diagram for tenant provisioning will be displayed. This is the step-by-step process for provisioning your Horizon Cloud Tenant and will update as you progress through the process. The VMware VPN Public IP is also displayed which can be used to configure the IPsec VPN tunnel between your data center and Horizon Cloud. To start the process, click “Continue”.

General

VPN

Choose your VPN type for connectivity between your Data Center and your Horizon Cloud Tenant. The options are:

  • IPSEC – Using an IPsec VPN Tunnel
  • ECX – Using Equinix Cloud Exchange along with VMware Network Exchange
  • Direct Connect – Using a Network Service Provider along with VMware Direct Connect with Cross Connect
  • Island Account – No connectivity to Horizon Cloud

 

Access

How would you like to access your desktops?

Select Horizon Cloud URL if you want to use VMware’s public DNS name (yourname.horizon.vmware.com) along with VMware’s SSL certificates.

Select Corporate Subdomain if you want to use your DNS name (desktops.customer.com) and provide VMware the SSL certificates for your DNS Domain in Apache2 format that contains the appropriate .crt files and the private .key file, along with creating internal and/or public DNS records. For more information on how to generate an SSL certificate, please see the Appendix at the bottom of the page.

Split DNS

Split DNS is the preferred method of accessing your Horizon Cloud environment when users are connecting from inside and outside your network, whether you are using the Horizon Cloud URL or your own corporate subdomain. Split DNS enables users on your local network to connect through the internal network to a private IP address, and external users to connect to a public IP address using the same URL. This method simplifies access with a single URL for users both inside and outside the network. For more information, see Split DNS in the Networking Overview white paper.

Service URL

If you selected Horizon Cloud URL above, you will enter a subdomain that is one word (no further subdomains). If you selected Corporate Subdomain, you will enter your own DNS subdomain.

 

Internet Accessible Desktops

Horizon Cloud gives you the option to either allow or disallow users to access their desktops and applications securely over the internet.

  • If you select Yes, then users will be able to securely access their desktops and applications over the internet.
  • If you select No, users will not be able to access their desktops and applications over the internet, and you will need to set up a VPN, Dedicated Connection, MPLS or Network Exchange between your Data Center and your Horizon Cloud Tenant (unless you are creating an Island Tenant that is isolated and self-contained).

Allow VMware Team to Update?

Select Yes or No if you would like the VMware Team to update information in this worksheet on your behalf.

Network

Desktop Networking Configuration

Services Subnet (CIDR)

This subnet will contain the Horizon Cloud Tenant Appliances along with any other appliances deployed to support your Horizon Cloud environment such as AD, DNS, DHCP, File Servers, etc. These are called Utility Servers. Please enter one subnet in CIDR format. For example: 192.168.10.0/24. This subnet cannot currently be in use in your environment.

Desktop Subnet(s)

This subnet (or subnets) will contain your desktops and RDSH Servers that are provisioned in your Horizon Cloud Tenant. Please enter one or more subnets depending on your number of desktops, in CIDR format. For example: 192.168.11.0/24 or 192.158.11.0/23. This subnet cannot currently be in use in your environment.

Maximum Transmission Unit

This is the largest packet size, measured in bytes, that can be transmitted over the VPN tunnel. The default value is 1500 and the default value will be set if not changed or left blank.

Download Configuration Setting Instructions

VPN Vendor

Select your VPN/Firewall vendor. If your vendor is not listed, select Other and manually enter your vendor name.

Your VPN Settings

VPN 1

Enter your VPN settings in order to create the IPsec tunnel between your Data Center and Horizon Cloud. The applicable information will need to be entered on your VPN device/router when creating the IPsec tunnel. Note the VMware VPN Public IP is again provided in order to configure the IPsec tunnel on your VPN device/router. Please provide the exact VPN vendor and model to facilitate troubleshooting. Additional VPNs can be added by clicking “Add Another VPN”.

  • Name – The name of the VPN site. Value must be unique across all VPNs.
  • Router Vendor – The VPN device/router vendor being used
  • Router Model – The Model of the VPN device/router being used
  • Endpoint IP – Your public IP that will be used to create the IPsec tunnel between your Data Center and Horizon Cloud
  • Endpoint ID – Your VPN ID that is configured on your VPN device/router. Best practice is to have the same value here as the Endpoint IP
  • Authentication Type – Pre-Shared Key (PSK) used for authentication
  • PSK Key – Enter the Pre-Shared Key value that is configured on your VPN device/router, and must be an alphanumeric of minimum length 32 characters and a maximum of 128 characters
  • Confirm PSK Key – confirm the Pre-Share Key value
  • Encryption – AES256 and needs to be configured on your VPN device/router
  • Diffie-Hellman Group – DH2, DH5, DH14, DH15 or DH16 and needs to be configured on your VPN device/router
  • Internal Networks – Customer side subnets that need access to the Horizon Cloud networks (services subnet and desktop subnets). Enter one or more subnets in CIDR format, separated by commas. For example: 192.168.1.0/24,192.168.2.0/24,192.168.3.0/24
  • Perfect Forward Secrecy (PFS) – This should be set to yes (true) always for high security and should be set on your VPN device / router

Domain

Domain Name Server (DNS)

Enter your Domain Name Server IP Address. It must belong to one of the subnets previously provided on the Network page, under VPN Internal Networks.

Dynamic Hosted Configuration Protocol (DHCP)

Enter your DHCP Server IP Address. It must belong to one of the subnets previously provided on the Network page, under VPN Internal Networks.

Active Directory (AD)

Enter your Active Directory Server IP Address. It must belong to one of the subnets previously provided on the Network page, under VPN Internal Networks.

HTML Access

Select to enable or disable Blast-HTML 5 Access for your end users, for their desktops and applications.

Schedule

VPN Test

Choose someone that the Horizon Cloud technician will contact in order to perform the VPN test. Enter any notes for scheduling and additional comments.

Summary

Summary

Review the information entered and make any necessary changes. Once the information is correct and complete, click Submit.

DaaS Configuration Dashboard - VPN

At this point, you should configure the IPsec Tunnel on your VPN device/router in order to establish the connectivity between your Data Center and Horizon Cloud. Use the applicable values you entered in the VPN section of the Network page along with the VMware VPN Public IP. You can track the provisioning process and configuration of the VPN by clicking on the VPN1 icon on the DaaS Configuration Dashboard.

Appendix: SSL Certificates

When choosing to use your own DNS name for Horizon Cloud, you will need to provide VMware the SSL Certificate to be used on your Horizon Cloud Tenant. If you already have an SSL Certificate for the DNS Domain you will be using, please send the appropriate .crt files and the .key file to your VMware representative. When sharing via email, add a .txt extension to the files to avoid filtering. If you do not have an existing SSL Certificate, please generate a CSR (Certificate Signing Request) using openssl or another CSR tool and submit it to a signing authority such as GoDaddy, DigiCert, Verisgn, etc. and request an SSL certificate for an Apache Web Server (Apache2 format). Ensure the CSR has the following information when submitting to a signing authority:

Common Name:

Organization Name:

Organization Unit:

City or Locality:

State or Province:

Country Code:

Once you have the .crt files and the .key file for your SSL Certificate, please email the information to your VMware representative. When sharing via email, add a .txt extension to the files to avoid filtering.

Ready to Get Started?