Overview of VMware DaaS
As recent times have show, many organisations require the ability to work from any location and have secure access to their desktops and applications at all time. Typically, this would require substantial CAPEX investment to run the infrastructure as well as having an operational overhead to manage the environment efficiently.
VMware's Horizon Cloud offerings give organisations the flexibility to run their desktop and application workloads but in purpose-built Cloud platforms, thus reducing the CAPEX costs and moving to an OPEX model based on subscriptions.
Other benefits that VMware Horizon Cloud provide include:
Provide predictable resource requirements. For example increased demands during seasonal periods or when new projects require a burst of new systems to be commissioned and decommissioned
Maintain the same level of security and control as if the workloads are hosted on-premises
Speed and flexibility to deliver services to the masses without the traditional procurement delays
VMware offers several solutions for providing virtual desktops and applications as listed below:
Horizon 7 On-Premises
Horizon 7 on VMware Cloud on AWS
Horizon Cloud on IBM Cloud
Horizon Cloud on Microsoft Azure
This blog post will focus on VMware's Desktop-as-a-Service (DaaS) offering that is specifically designed for VMware Service Provider Partners (VSPP) as part of the broader VMware Cloud Provider Program (VCPP).
VMware Horizon DaaS allows Service Providers to:
Provide a single management console for provisioning and delivering virtual desktops and applications from the cloud without the tenants needing to understand the underlying infrastructure
Host multi-tenants, providing dedicated compute resources across dedicated or shared VMware vSphere clusters
Allows tenants to bring in their own network services (Active Directory, DNS, DHCP, File Servers, etc.) to provide the same level of security and control as if the workloads were running on-premises
Horizon DaaS Architecture
The figure below shows an example of a Horizon DaaS architecture where a Service Provider is providing the resources to two separate tenants in an isolated deployment, with their own vCenter Servers. The tenants can also be deployed on a shared resource cluster and also be the clusters can be managed by a single vCenter Server, the design comes down to a number of factors such as; number of tenants, number of desktops and applications per tenant, security requirements, etc.
Figure 1: Horizon DaaS Architecture Example
Components of VMware Horizon DaaS
Horizon Version Manager appliance - Provides orchestration and automation for Horizon DaaS components. The HVM holds the appliance template, runtime scripts, which allow for the automatic creation of the Service Provider appliances and the Resource Manager appliances. This is a Linux virtual appliance that is deployed from an .OVA file in vCenter Server.
Horizon Air Link appliance - Once the HVM appliance is deployed and the template and scripts copied to the machine, the next stage to to deploy the HAL appliance from the HVM admin portal. The HAL is responsible to sending API operations to vCenter Server to create the appliances.
Service Provider appliances - This is deployed as a pair for high availability. The SP provides the Service Provider administrators access to a web-based portal (Service Center) where they can manage the Horizon DaaS environment. This is the main console from where tenants are deployed, which resource cluster they use, as well as creating desktop collections, which are essentially capacity model for virtual desktops.
Resource Manager appliances - Like the SPs, this is deployed by the HAL in a pair. The role of the RM is to provide access and show the hardware resources available from the vCenter Server(s) that is configured for Horizon DaaS. The RM allows the Service Provider administrators to configure the compute resources for the tenants by allocating resources.
Tenant appliances - The tenant appliances (pair) are created from the Service Center portal. You configure the settings for the tenant, such as quotas for user licensing and desktop capacity.
Unified Access Gateway - This is a hardened Linux appliance that is deployed within the DMZ network to provide secure incoming traffic from external environments. External Horizon Clients make a connection to the UAG and do not see the backend environment, it is the UAG that communicates with the backend Horizon environment. The UAG supports multi-factor authentication to provide further security when accessing the virtual desktops and applications from the Internet.