Continuing to PART – 01 post on prerequisites …
In this article let us discuss about Azure Capacity & Networking requirements
Table of Contents
Azure Capacity Requirements
Horizon Edge Gateway capacity requirements :
As of writing this post , there are 2 types of Edge deployments are supported
- Edge Gateway (AKS)
- Edge Gateway (VM based)
Edge Gateway (AKS)
There 2 modes supported in the AKS based Edge Gateway deployment
– HA
– No – HA
In HA based Edge AKS deployment by default 4 nodes will be deployed
In NON-HA Edge AKS , deployment creates single node AKS cluster
Supported model sizes are listed in the Horizon Cloud next-gen checklist page
Horizon Cloud frequently updates the AKS Edge with latest supported versions of AKS on Azure . Hence make sure 10 vCPU Quota available ( 8 vCPU for Edge + 2 vCPU for Upgrades)
Edge Gateway (VM Based)
VM based edge deployment is a straight forward approach and requires 4 vCPU Quota to be available before deployment
Supported model sizes are listed in the Horizon Cloud next-gen checklist page
Unified Access Gateway (UAG) capacity requirements :
With the deployment minimum of 2 UAGs will be deployed and in next-gen UAG’s having light-weight management overhead and pre-dominantly used for only Protocol traffic
Supported model sizes are listed in the Horizon Cloud next-gen checklist page
Network Requirements
Edge Gateway
| Edge Gateway ( AKS) | Edge Gateway ( VM | |
|---|---|---|
| vNET | vNET to be created by customer from Azure portal with a valid Address space for the subnets Note : Due to Azure AKS limitations , make sure the vNET address space isn’t belonging to below IP ranges 169.254.0.0/16 172.30.0.0/16 172.31.0.0/16 192.0.2.0/24 | vNET to be created by customer from Azure portal with a valid Address space for the subnets There is no specific limitations with IP ranges |
| Subnets | 3 Subnets required DMZ – /27 minimum Management – /26 minimum Desktop – /27 minimum For Edge deployment only Management subnet needed For UAG deployment DMZ & Desktop subnets are required | 3 Subnets required DMZ – /27 minimum Management – /26 minimum Desktop – /27 minimum For Edge deployment only Management subnet needed For UAG DMZ & Desktop subnets are required |
| Virtual IP address | Since this deployment is AKS based and it required below CIDR details Service CIDR – /27 minimum Pod CIDR – /21 minimum Please make sure above CIDR ranges not conflict with any other IP ranges in your network environment specifically with AD , DNS , DHCP and etc IP ranges | Not Applicable |
| vNET DNS | Valid Internal DNS Server to provided Note : For a successful Edge deployment , the deployment will try accessing external DNS names hence make sure that External URL’s are resolved with the DNS server provided | Valid Internal DNS Server to provided Note : For a successful Edge deployment , the deployment will try accessing external DNS names hence make sure that External URL’s are resolved with the DNS server provided |
| Outbound type | NAT Gateway / User defined routes AKS Based deployment requires outbound connectivity to the Edge Gateway – hence to provide that customer requires either a NAT Gateway or Firewall to achieve it Customer has to create a NAT Gateway in Azure if they would like to go with it | Not Applicable |
| route table | If customer using User defined routes for outbound type then customer has to attach the route table used by firewall for management subnet Also customer has to allow required ports / DNS URL’s as per the list provided below 1 – DNS URL’s 2 – Port and Protocol For NATGateway – we don’t need to create route table and allowing any URL’s and ports If customer using Firewall & NAT Gateway both then Firewall will take a precedence | Not Applicable but if customer would like to route the traffic through firewall then they have to make sure all the required ports / DNS URL’s be allowed in firewall 1 – DNS URL’s 2 – Port and Protocol |
| Proxy | Supported and Optional | Supported and Optional |
Unified Access Gateway ( UAG )
| Description | |
|---|---|
| vNET | UAG’s can be deployed in the same VNET as Edge or in the Different vNET If you would like to to deploy in different vNET make sure Edge vNET having a pairing with new vNET |
| Deployment types | There are 3 types deployments are possible with UAG at this time of writing the post 1 – External only 2 – Internal & External 3 – Internal only |
| Subnets | External only deployment : Requires 3 subnets – DMZ , Management & Desktop Internal & External deployment : Requires 3 subnets – DMZ , Management & Desktop Internal only deployment : Requires 2 subnets – Management & Desktop |
| route table | make sure not to attach route table (if you are using) on DMZ subnet because it causes session launches to fail because of assemetric routing |
| Outbound internet | With External only & Internal and External deployments – make sure *.horizon.vmware.com is allowed on DMZ subnet and also URL’s ending with .horizon.vmware.com to be resolvable else session launch will fail With Internal only (Allow internal access over a corporate network) – please add NAT Gateway / Firewall to be added to Management subnet for outbound traffic and allow required URL’s |
| Certificate | PEM / PFX are supported FQDN name provided for UAG should be matched with certificate FQDN or you need to use a wildcard certificate |
| Certificate with CRL / OCSP | Supported but the CRL / OCSP DNS names to be reachable from DMZ ( for External & Internal and External deployment ) and Management ( For Internal only – corporate network ) |