Horizon Cloud on IBM Cloud Setup Form: A Step-by-Step Guide
Once you subscribe to Horizon Cloud, you will receive an email with a link to the form. Login with your MyVMware account to get started. This guide provides answers to some of the most commonly asked questions when filling out the form. If you have any questions about this guide or filling out the Horizon Cloud on IBM Cloud setup form, please contact your VMware representative for assistance.
For more information about Horizon Cloud on IBM Cloud, please review the Deployment Considerations and Networking Overview white papers under Plan & Design.
Note: Please ensure that a representative from each key team involved in your project reviews the form.
Select the Data Center Region that you will be provisioning to, along with a Tenant Name and the Horizon Cloud Data Center in the specific region selected. Click Done when finished.
Tenant List – Start Provisioning
The list of tenants created will be displayed.
DaaS Configuration Dashboard
The process diagram for tenant provisioning will be displayed. This is the step-by-step process for provisioning your Horizon Cloud Tenant and will update as you progress through the process. The VMware VPN Public IP is also displayed which can be used to configure the IPsec VPN tunnel between your data center and Horizon Cloud. To start the process, click “Continue”.
Choose your VPN type for connectivity between your Data Center and your Horizon Cloud Tenant. The options are:
- IPSEC – Using an IPsec VPN Tunnel
- ECX – Using Equinix Cloud Exchange along with VMware Network Exchange
- Direct Connect – Using a Network Service Provider along with VMware Direct Connect with Cross Connect
- Island Account – No connectivity to Horizon Cloud
How would you like to access your desktops?
Select Horizon Cloud URL if you want to use VMware’s public DNS name (yourname.horizon.vmware.com) along with VMware’s SSL certificates.
Select Corporate Subdomain if you want to use your DNS name (desktops.customer.com) and provide VMware the SSL certificates for your DNS Domain in Apache2 format that contains the appropriate .crt files and the private .key file, along with creating internal and/or public DNS records. For more information on how to generate an SSL certificate, please see the Appendix at the bottom of the page.
Split DNS is the preferred method of accessing your Horizon Cloud environment when users are connecting from inside and outside your network, whether you are using the Horizon Cloud URL or your own corporate subdomain. Split DNS enables users on your local network to connect through the internal network to a private IP address, and external users to connect to a public IP address using the same URL. This method simplifies access with a single URL for users both inside and outside the network. For more information, see Split DNS in the Networking Overview white paper.
If you selected Horizon Cloud URL above, you will enter a subdomain that is one word (no further subdomains). If you selected Corporate Subdomain, you will enter your own DNS subdomain.
Internet Accessible Desktops
Horizon Cloud gives you the option to either allow or disallow users to access their desktops and applications securely over the internet.
- If you select Yes, then users will be able to securely access their desktops and applications over the internet.
- If you select No, users will not be able to access their desktops and applications over the internet, and you will need to set up a VPN, Dedicated Connection, MPLS or Network Exchange between your Data Center and your Horizon Cloud Tenant (unless you are creating an Island Tenant that is isolated and self-contained).
Allow VMware Team to Update?
Select Yes or No if you would like the VMware Team to update information in this worksheet on your behalf.
Desktop Networking Configuration
Services Subnet (CIDR)
This subnet will contain the Horizon Cloud Tenant Appliances along with any other appliances deployed to support your Horizon Cloud environment such as AD, DNS, DHCP, File Servers, etc. These are called Utility Servers. Please enter one subnet in CIDR format. For example: 192.168.10.0/24. This subnet cannot currently be in use in your environment.
This subnet (or subnets) will contain your desktops and RDSH Servers that are provisioned in your Horizon Cloud Tenant. Please enter one or more subnets depending on your number of desktops, in CIDR format. For example: 192.168.11.0/24 or 22.214.171.124/23. This subnet cannot currently be in use in your environment.
Maximum Transmission Unit
This is the largest packet size, measured in bytes, that can be transmitted over the VPN tunnel. The default value is 1500 and the default value will be set if not changed or left blank.
Download Configuration Setting Instructions
Select your VPN/Firewall vendor. If your vendor is not listed, select Other and manually enter your vendor name.
Your VPN Settings
Enter your VPN settings in order to create the IPsec tunnel between your Data Center and Horizon Cloud. The applicable information will need to be entered on your VPN device/router when creating the IPsec tunnel. Note the VMware VPN Public IP is again provided in order to configure the IPsec tunnel on your VPN device/router. Please provide the exact VPN vendor and model to facilitate troubleshooting. Additional VPNs can be added by clicking “Add Another VPN”.
- Name – The name of the VPN site. Value must be unique across all VPNs.
- Router Vendor – The VPN device/router vendor being used
- Router Model – The Model of the VPN device/router being used
- Endpoint IP – Your public IP that will be used to create the IPsec tunnel between your Data Center and Horizon Cloud
- Endpoint ID – Your VPN ID that is configured on your VPN device/router. Best practice is to have the same value here as the Endpoint IP
- Authentication Type – Pre-Shared Key (PSK) used for authentication
- PSK Key – Enter the Pre-Shared Key value that is configured on your VPN device/router, and must be an alphanumeric of minimum length 32 characters and a maximum of 128 characters
- Confirm PSK Key – confirm the Pre-Share Key value
- Encryption – AES256 and needs to be configured on your VPN device/router
- Diffie-Hellman Group – DH2, DH5, DH14, DH15 or DH16 and needs to be configured on your VPN device/router
- Internal Networks – Customer side subnets that need access to the Horizon Cloud networks (services subnet and desktop subnets). Enter one or more subnets in CIDR format, separated by commas. For example: 192.168.1.0/24,192.168.2.0/24,192.168.3.0/24
- Perfect Forward Secrecy (PFS) – This should be set to yes (true) always for high security and should be set on your VPN device / router
Domain Name Server (DNS)
Enter your Domain Name Server IP Address. It must belong to one of the subnets previously provided on the Network page, under VPN Internal Networks.
Dynamic Hosted Configuration Protocol (DHCP)
Enter your DHCP Server IP Address. It must belong to one of the subnets previously provided on the Network page, under VPN Internal Networks.
Active Directory (AD)
Enter your Active Directory Server IP Address. It must belong to one of the subnets previously provided on the Network page, under VPN Internal Networks.
Select to enable or disable Blast-HTML 5 Access for your end users, for their desktops and applications.
Choose someone that the Horizon Cloud technician will contact in order to perform the VPN test. Enter any notes for scheduling and additional comments.
Review the information entered and make any necessary changes. Once the information is correct and complete, click Submit.
DaaS Configuration Dashboard - VPN
At this point, you should configure the IPsec Tunnel on your VPN device/router in order to establish the connectivity between your Data Center and Horizon Cloud. Use the applicable values you entered in the VPN section of the Network page along with the VMware VPN Public IP. You can track the provisioning process and configuration of the VPN by clicking on the VPN1 icon on the DaaS Configuration Dashboard.
Appendix: SSL Certificates
When choosing to use your own DNS name for Horizon Cloud, you will need to provide VMware the SSL Certificate to be used on your Horizon Cloud Tenant. If you already have an SSL Certificate for the DNS Domain you will be using, please send the appropriate .crt files and the .key file to your VMware representative. When sharing via email, add a .txt extension to the files to avoid filtering. If you do not have an existing SSL Certificate, please generate a CSR (Certificate Signing Request) using openssl or another CSR tool and submit it to a signing authority such as GoDaddy, DigiCert, Verisgn, etc. and request an SSL certificate for an Apache Web Server (Apache2 format). Ensure the CSR has the following information when submitting to a signing authority:
City or Locality:
State or Province:
Once you have the .crt files and the .key file for your SSL Certificate, please email the information to your VMware representative. When sharing via email, add a .txt extension to the files to avoid filtering.