Introduction

The VMware Horizon Cloud Service on Azure belongs to a family of cloud services delivered by VMware that enables the delivery of virtual desktops and applications to end-users on any device, anywhere. VMware Horizon Cloud on Azure provides two distinct workload options: Horizon Cloud Desktops and Horizon Cloud Apps. Within these workload options, customers are able to create RDSH farms for Published Applications and session-based desktops or create stateless and stateful VDI assignments.
Starting from March this year, Horizon Cloud on Azure also supports Windows Virtual Desktop (WVD). With the support for WVD, customers can benefit from the Multi-Session Windows 10 capabilities from Microsoft with the enrichment of advanced management capabilities and user experience from VMware.

The Horizon Cloud on Azure environment is, as the name states, hosted in the Microsoft Azure datacenters. Customers can access their VMware Horizon resources via the internet, VPN, or ExpressRoute connections as if it were a branch office in their own environment.

The following illustration shows a high-level overview of the Horizon Cloud on Azure environment, including the infrastructure components.

With Horizon Cloud on Azure, the control plane is consumed as-a-service and the workload capacity is hosted on a bring-your-own Azure subscription. Horizon Cloud on Azure has an easy deployment process, simplified management capabilities, and an multi-cloud architecture.

Within this blog we will focus on the image strategy for Horizon Cloud on Azure.

Image Creation

Before we explain what the recommended approach is to perform Image Management, lets first explain how Golden Images are initially created.

Within the Horizon Cloud on Azure service, there are two options for creating new Golden Images:

1. From Marketplace.

The recommended option creates the Golden Image using an Operating System image directly from the Microsoft Azure Marketplace. In the process, the VM is automatically downloaded and configured with the elements and agent-related software required to conform to the Horizon Cloud on Azure environment’s requirements. At the end of the creation process, the VM is listed on the Imported VMs page and customers can take further actions on it, such as pairing the VM with the cloud plane, customizing the VM, installing additional drivers, and so on.

2. Manual Built.

These steps are part of the alternative manual method for creating a Golden Image for a pod in Microsoft Azure. Manually building a Golden Image that conforms to the Horizon Cloud environment’s requirements is a multi-step process. Customers perform most of these steps in the Microsoft Azure portal. Customers must first create and configure a base VM, then install agent-related software components into that base VM, and then configure specific properties for those agent-related components. Once properly configured, the VM appears in the Imported Desktops menu of the Horizon Admin console and from there the VM can be converted to a Golden Image

Image Management

So, once the Golden Images are created, what’s the best way to maintain and update these images? A few options are listed below.

Please note: The options describe how to update and maintain images for stateless (non-persistent) VDI and RDSH or WVD farms. Persistent (stateful) desktops are initially created from a Golden Image, but once created they are managed individually (State Managed). This means you will have to make sure the changes are done on VM-level by using a System Management solution, much like traditional FAT clients are managed.

Option 1: Manual updates

Customers can decide to just edit the current image and manually perform the updates they need, for example, download the latest Windows Updates and install or upgrade applications.

The easiest way to do this is to create a duplicate from the already existing Golden Image. With this process, a fully cloned VM from the currently selected image is created.

Once the duplicate process is complete, customers can power on the newly created VM, connect and make their modifications.  The connection to the new VM can be created via RDP from the local network (LAN). When the modifications are complete, the VM can be converted to a new image, VDI desktop pools or RDSH farms can be updated. The duplicate function will ensure that customers can always revert to the previous Golden Image since the previous version Golden Image is not modified.

Whilst this is a very fast way to update the Golden Image, for production environments, I would always recommend customers to only use this update process for ad-hoc security updates. Updates that need to be installed as soon as possible, to mitigate security risks.

In all other cases, the recommendation is to not use manual updates. Manual steps can be a basis for human errors, higher labor costs, and most of the time results in a higher number of incidents from your customer after an update cycle.

Option 2: Golden Image desktop pool

The recommended approach is to fully automate the Golden Image update process.

From the Horizon Cloud Admin portal, in the Inventory page, the Import Desktop wizard can be started by clicking Import and then select the From Marketplace option, as described in the previous chapter. The Import Desktop wizard’s option allows customers to create the Master VM using one of the supported VM configurations from the Microsoft Azure Marketplace. The wizard automates building the Master VM and configuring the VM to conform to the Horizon Cloud environment’s requirements, including installing and configuring the appropriate agent-related software. The wizard also provides options for optimizing the VM. Customers can decide to not select this option and do their own customizations via a deployment solution.

The created Master VM can automatically join the Active Directory domain and will be created the Default OU specified in the Active Directory configuration of the Horizon Cloud Admin portal.

Customers can configure their deployment solution to automatically pick up the newly created VM by inventorying newly created VMs created in the Default OU and/or a certain naming pattern. The deployment solution can automatically install the customer applications, apply tuning Best Practices, and install the latest Windows Updates.

After the installation is complete, the Master VM can be converted to Golden Image using the Imported VMs option in the Horizon Cloud Admin Portal. The Golden Image can now be used to create a new or update an existing assignment in the Horizon Cloud Admin portal.

The following diagram illustrates the automated Golden Image installation process for Horizon Cloud on Azure:

Pros and cons

Although the automated image recreation method takes more time and effort to set up initially, it has many advantages like repeatability, predictability, and stability for your images. Also, all the know-how of the image is safely stored in the automation tool.

The below table shows the pros and cons of the two Image Management options: