VMware Horizon 2106 on VMware vSAN 7.0 U2 using VMware Cloud Foundation

Executive Summary

VMware Cloud Foundation™ along with the deployment of VMware Horizon® 2106 Infrastructure using VMware vSAN™ as the key storage component of VMware Cloud Foundation, delivers radically simple storage, superior performance that scales, and pay-as-you-grow affordability for desktop and application virtualization. VMware NSX® Data Center along with NSX Advanced Load Balancer™ effectively manages, provides high availability, load balancing, and security for Horizon workloads.

Business Case

VMware Horizon enables IT departments to run remote desktops and applications on-premises as well as in the cloud. Horizon provides a single, modern platform for rapidly deploying fully featured, personalized virtual desktops and applications to employees. Horizon can be deployed as a managed service to improve client computing security, deliver greater enterprise mobility, and streamline management. Desktop and application virtualization requires several data center infrastructure layers, from storage and hypervisor to desktop brokers—that must work together seamlessly and be managed throughout their lifecycle. To respond to the ever-increasing demand for faster innovation, organizations are looking to shift to a more agile, service-oriented IT model that leverages both private and public clouds.

VMware Cloud Foundation provides the ideal platform on which to run enterprise workloads and containerized applications across both private and public environments. VMware Cloud Foundation makes it easy to deploy and operate a hybrid cloud by delivering common infrastructure that is fully compatible with a consistent cloud operational model for your on and off-premises data centers and public cloud environments. Integrated into VMware Cloud Foundation is vSAN a highly performant and distributed storage model that is easily extensible, lowers management overhead and is highly resilient. By giving you a high-performance flash-accelerated datastore, you can comfortably and affordably grow vSAN without a large capital investment. Providing software-defined networking and security services for VMware Cloud Foundation is NSX Data Center. Software-defined networking enables and accelerates the provisioning of core network and security services, simplifying operations and improving economics. VMware NSX provides speed and simplicity to Virtual Desktop Infrastructure (VDI) networking with secure policies that dynamically follow end users across infrastructure, devices, and locations. This creates a secure end-user computing environment,

Horizon can be deployed on-premises and in any public cloud that supports VMware Software Defined Data Center stack consisting of vSphere, vSAN, and NSX. Customers can deploy VDI by utilizing VMware Cloud Foundation on-premises as a unified and standardized SDDC stack from vSphere up to Horizon. This makes providing VDI workloads access between on-premises and the public cloud supporting the VMware SDDC stack almost effortless.

Business Values

Listed are the top benefits of deploying and managing Horizon on VMware Cloud Foundation: 

  • Integrated management: VMware Cloud Foundation simplifies planning and design with a standardized and tested solution fully optimized for VDI workloads, it combines software-defined infrastructure for compute, storage, networking, and security. When combined with the capabilities of VMware Horizon, organizations can deploy and manage a complete, secure, and easy-to-operate virtualized desktop and application solution.
  • Simple scalability: Using the Horizon Pod architecture, organizations can easily scale their virtual desktop infrastructure based on their requirements.
  • Simplified VDI networking and increased security: NSX and NSX Advanced Load Balancer can create, change, and manage load balancing and security policies across the entire VDI infrastructure from a centralized software console which gives enterprises better automation and operational simplicity for VDI deployments.
  • Availability and business continuity: vSAN storage level protection ensures resiliency for virtual desktops and VMware Cloud Foundation to be scaled quickly and efficiently in a highly available topology, IT can respond to challenges posed by shifting workforce locations, business continuity concerns, and bursts in demand for virtual desktops.

Scope

This document provides the deployment details and product integration validation of 544 virtual desktops on an 8 all-flash VMware ESXi™ hosts vSAN cluster using VMware Horizon 2106 with NSX Advanced Load Balancer, running Microsoft Windows 10 with Office 2021, provisioning via instant clone on vSphere 7.0 U2.

  • Demonstrates storage performance, efficiency, and resilience of Horizon based VDI deployments using all-flash vSAN on VMware Cloud Foundation.
  • Verify NSX along with NSX Advanced Load Balancer provides Enterprise-grade, high-performance load balancing for Horizon and consolidates security and policies for end user compute resources.
  • Validate instant clones work well with vSAN to provide an excellent desktop and application end-user experience.

Audience

This reference architecture is intended for customers—IT architects, consultants, and administrators—involved in the early phases of planning, design, and deployment of VDI solutions using VMware Horizon running on all-flash vSAN. It is assumed that the reader is familiar with the concepts and operations of Horizon technologies and VMware vSphere products.

Technology Overview

Overview

This section provides an overview of the technologies that are used in this solution:

VMware Cloud Foundation 4.3

 VMware Cloud Foundation integrates compute, storage, networking, security, and cloud management services, to create a consistent, and dynamically configurable infrastructure for applications. Cloud Foundation delivers best-in-class lifecycle automation for VMware software stack – from tasks that include deployment, configuration of the environment, provisioning infrastructure pools, and one of the biggest pain points for our customers – automated patching and upgrading.

  • Standardized deployment and configuration of VMware SDDC
  • Standardized deployment methodology across environments – ready for Cloud Pod Architecture
  • vSphere Life Cycle Management (vLCM) enables you to create cluster images for centralized and simplified lifecycle management of ESXi hosts including firmware.
  • On-demand provisioning of infrastructure tools
  • Automated patching and upgrades for increased uptime using tested software packages

Automated Lifecyle Management

Cloud Foundation offers Automated Lifecycle Management on a per-Workload Domain basis. It delivers simple management of your environment with built-in automation of day 0 to day 2 operations of the software platform.

Elastic and Scalable Infrastructure

Customers can deploy new Horizon workloads, scale up or down capacity for the existing Horizon workloads easily with Cloud Foundation. As the demand for virtual desktops and applications increases or diminishes, ESXi hosts can be easily added or removed from the Horizon Workload Domain.

Management and Operational Simplicity  

When deployed with vRealize Suite, Cloud Foundation enables self-driving operations from applications to infrastructure to help organizations plan, manage, and scale their SDDC efficiently.

Highly Available and Secure Virtual Desktops and Applications

Cloud Foundation can be used to install and configure VMware NSX in each Horizon Workload Domain to effectively manage, provide high availability, load balancing, and security for Horizon workloads. For external communication with Horizon virtual desktops that are initiated by a Web browser or a mobile application, a VMware NSX edge services gateway manages and optimizes north–south network. Load balancing is included through automated deployment of NSX inline, or the NSX Advanced Load Balancer Basic Edition included with VMware Cloud Foundation.

Because these external connections can have vastly different security requirements, customers can use VMware NSX to associate firewall rules at the router or at the virtual desktop level to achieve greater granularity. NSX micro-segmentation enables flexible security by providing East-West traffic security between virtual desktops or the RDSH (Remote Desktop Services Hosts) systems. Using the same methodology, NSX can provide the same level of micro-segmentation around the Horizon management components such as Connection servers, App Volumes, Unified Access Gateways and Dynamic Environment Manager. Figure 1 shows architecture of Horizon 2106 infrastructure deployment. In Figure 1, Active Directory and SQL Server marked as yellow are required for the customer to provide into the environment. Other components including Load Balancers, Unified Access Gateways (UAGs), DEM (Dynamic Environment Manager), vCenter Server, App Volumes are manually deployed in the VMware Cloud Foundation environment.

 

Figure 1.          Architecture of Horizon 2106 Infrastructure Deployment

VMware vSphere 7.0 U2

VMware vSphere 7.0 is the next-generation infrastructure for next-generation applications. It provides a powerful, flexible, and secure foundation for business agility that accelerates the digital transformation to cloud computing and promotes success in the digital economy. vSphere 7.0 supports both existing and next-generation applications through its:

  • Simplified customer experience for automation and management at scale
  • Comprehensive built-in security for protecting data, infrastructure, and access
  • Universal application platform for running any application anywhere

With vSphere 7, customers can run, manage, connect, and secure their applications in a common operating environment, across clouds and devices.

VMware vSAN 7.0 U2

vSAN is the industry-leading software powering VMware’s software defined storage and HCI (Hyperconverged Infrastructure) solution. vSAN helps customers evolve their data center without risk, control IT costs and scale to tomorrow’s business needs. vSAN, native to the market-leading hypervisor, delivers flash-optimized, secure storage for all your critical vSphere workloads. vSAN is built on industry-standard x86 servers and components that help lower TCO in comparison to traditional storage. It delivers the agility to easily scale IT and offers the industry’s first native HCI encryption. vSAN 7.0 U2 simplifies day-1 and day-2 operations, and customers can quickly deploy and extend cloud infrastructure and minimize maintenance disruptions. Secondly, vSAN 7.0 U2 lowers the total cost of ownership with a more efficient infrastructure.

VMware NSX Data Center

VMware NSX Data Center v3.12 is the network virtualization and security platform that enables the virtual cloud network, a software-defined approach to networking that extends across data centers, clouds, and application frameworks. NSX provides several security benefits to enhance an existing or new Horizon deployment for the Horizon infrastructure machines, RDSH Farms and VDI desktops pools. In a virtual desktop infrastructure, it is difficult to provide security at a granular level be it, user- based, application-based, or function-based. NSX helps secure desktop pools and allow communications as necessary based on the context of the communication, to applications that should be allowed, and denies the rest. NSX can provide this level of security by using a concept called Context-aware micro-segmentation.

VMware NSX Advanced Load Balancer

NSX Advanced Load Balancer (NSX ALB) provides multi-cloud load balancing, web application firewall, application analytics and container ingress services from the data center to the cloud. It provides a next generation Application Delivery Controller that delivers a flexible, analytics-driven, application services fabric with a centrally managed, software-defined architecture, NSX Advanced Load Balancer is 100% software-defined and some of the key features include:

  • Multi-cloud: Consistent experience across deployment of on-premises and cloud environments through central management and orchestration.
  • Intelligence: Built-in analytics drive actionable insights that make autoscaling seamless, automation intelligent, and decision making easy.
  • Automation: 100% REST APIs enable self-service provisioning and integration into the CI/CD pipeline for application delivery.

Note: In this reference architecture, the Advanced Load Balancer Enterprise Edition was used and is a separately licensed product

VMware Horizon 2106

Horizon 2106 enables IT to centrally manage images to streamline management, reduce costs, and maintain compliance. With Horizon, virtualized or hosted desktops and applications can be delivered through a single platform to end users. These desktop and application services—including RDS hosted apps, packaged apps with ThinApp, SaaS apps, and even virtualized apps from Citrix—can all be accessed from one unified workspace to provide end users with all the resources they want, at the speed they expect, with the e­fficiency business demands.

Drawing on the best of mobile and cloud, Horizon radically transforms virtual desktop infrastructure (VDI), giving you unprecedented simplicity, security, speed, and scale—all at lower costs. Horizon helps you get up and running up to 30x faster while cutting costs over traditional solutions by as much as 50%.

  • Just-in-time desktops—leverage Instant Clone Technology coupled with App Volumes to dramatically accelerate the delivery of user-customized and fully personalized desktops. Dramatically reduce infrastructure requirements while enhancing security by delivering a brand-new personalized desktop and application services to end users every time they log in.
  • VMware App Volumes—provides real-time application delivery and management.
  • VMware User Environment Manager™—offers personalization and dynamic policy configuration across any virtual, physical, and cloud-based environment.
  • Horizon Smart Policies—deliver a real-time, policy-based system that provides contextual, fine-grained control. IT can now intelligently enable or deactivate client features based on user devices, location, and more.
  • Blast Extreme—purpose-built and optimized for the mobile cloud, this new additional display technology is built on industry-standard H.264, delivering a high-performance graphics experience accessible on billions of devices including ultra-low-cost PCs.

VMware Unified Access Gateway

VMware Unified Access Gateway (UAG) is a virtual appliance that enables secure remote access from an external network to a variety of internal resources, including Horizon-managed resources.

When providing access to internal resources, Unified Access Gateway can be deployed within the corporate DMZ or internal network and acts as a proxy host for connections to your company’s resources. Unified Access Gateway directs authenticated requests to the appropriate resource and discards any unauthenticated requests. It also can perform the authentication itself, leveraging an additional layer of authentication when enabled. See Unified Access Gateway for more information.

NSX Data Center and Horizon Use Cases

The Horizon suite of products supports several features and deployment options for the desktop infrastructure. It provides for areas such as rapid deployment agility, security, and availability. When coupled with NSX Data Center, the Horizon platform can take advantage of several features that NSX-T can provide in the areas of contextual security, edge and partner services, and network virtualization.

Figure 2 showcases the features that NSX-T provides for a Horizon end user computing environment.

Figure 2.          NSX-T Use Cases for Horizon

Taking these main use cases, we can apply them to provide various protections around the Horizon components and infrastructure.

EUC Management Protection

The Horizon Management infrastructure consists of multiple components whose interaction allows administrators to provision desktops and users to connect to them. NSX-T secures inter-component communication within this infrastructure.

Desktop Pool Protection

Virtual desktops rarely need to communicate with each other, and some organizations may require external contractors to have their own desktop pool to connect into. NSX-T secures the communications between desktops in the same pool and between desktops in different pools creating complete isolation based on requirements. NSX-T also provides desktop machines with access to 3rd party services such as IDS/IPS and Guest Introspection to off-load additional security protections.

User and Enterprise App Protection

NSX-T allows user level context micro-segmentation using the identity of the user to allow or disallow access from the desktop or RDS host to the enterprise application. This enables the creation of fine-grained access control and visibility for each desktop or RDSH session based on the individual user.

Figure 3.          NSX-T Protection for Horizon

Solution Configuration

This section introduces the resources and configurations for the solution including architecture diagram, hardware, and software resources, and other relevant VM and storage configurations.

Overview

Introduce the component configuration for the solution including:

  • Architecture diagram
  • Hardware resources
  • Software resources
  • Virtual Machine test image build
  • Network configuration
  • vSAN configuration
  • Horizon on VMware Cloud Foundation Deployment
  • NSX-T and Horizon Validated Topology
  • Horizon Configuration Settings

Architecture

Figure 4 shows management cluster in dotted line is in VMware Cloud Foundation Management Domain, and Horizon Desktops cluster is in a workload domain.

SDDC Manager is the centralized management software in Cloud Foundation used to automate the lifecycle of components, from bring-up, to configuration, to infrastructure provisioning to upgrades/patches. SDDC Manager complements vCenter Server and the vRealize Suite of products by delivering new functionality that helps cloud admins build and maintain the SDDC.

We continued to use vCenter Server as the primary management interface for the virtualized environment after the deployment.

Figure 4.             Management Cluster in VMware Cloud Foundation Management Domain

In Figure 5, we show the VMware Cloud Foundation management cluster in the VMware Cloud Foundation Management Domain, and the Horizon Desktop cluster which is also referred to as a VMware Cloud Foundation Workload or Horizon Desktop Domain.

Figure 5.             Architectural Design of VMware Cloud Foundation Management and Horizon Desktop Domains

Hardware Resources

Table 1 shows a 4-node all-flash vSAN cluster that was deployed to support virtual desktops.

Table 1.  Hardware Resources for Horizon Desktop Cluster

Property

Specification

Server

4 x rack PowerEdge R740xd Server

CPU

2 sockets, Intel(R) Xeon(R) Gold 6150 CPU @ 2.70GHz 24 cores

RAM

384GB

Network Adapter

2 x Mellanox ConnectX-4 Lx 25Gb/s SFP

Storage Adapter

1 x Dell HBA330 mini

Disks

Cache Tier:  3x 1.46TB NVMe SSD

Capacity Tier: 6x 1.82TB SSD

Software Resources

Table 2 and Table 3 show software resources used in this solution and list system configurations for different server roles.

Table 2.  Software Resources

Software

 

Version

Purpose

VMware vCenter and ESXi

7.0 Update 2

 

ESXi cluster to host virtual machines and provide vSAN cluster. VMware vCenter server provides a centralized platform for managing VMware vSphere environments.

 

 

VMware Cloud Foundation

4.3

 

VMware Cloud Foundation provides integrated cloud infrastructure (compute, storage, networking, and security) and cloud management services to run enterprise applications in both private and public environments.

 

VMware vSAN

7.0 Update 2

 

Software-defined storage solution for hyperconverged infrastructure.

 

VMware Horizon

2106

 

Horizon 2106 offers greater simplicity, security, speed, and scale in delivering on-premises virtual desktops and applications while offering cloud-like economics and elasticity of scale.

 

 

VMware NSX-T Data Center

 

V3.12

Provides a variety of new features to offer new functionalities for virtualized networking and security for private, public, and multi-clouds.

NSX Advanced Load Balancer Enterprise Edition

V2.01

Can be deployed on on-prem or on any cloud ecosystem which allows for easy deployment to load balance Horizon traffic in any ecosystem (on-prem, AVS, VMC)

Table 3.  System Configuration

Infrastructure VM Role

vCPU

RAM (GB)

Storage (GB)

OS

Active Directory

4

8

50

Windows Server 2016 64-bit

SQL Server (Events DB)

4

8

125

Windows Server 2016 64-bit

Horizon 2106 Connection Servers 1 and 2

2

16

50

Windows Server 2016 64-bit

Login VSI Management Console

4

8

220

Windows Server 2016 64-bit

Login VSI Launcher

2

4

40

Windows Server 2016 64-bit

Virtual Machine Test Image Build

Two different virtual machine images were used to provision desktop sessions in the Horizon 2106 environment, one for instant clone and the other for instant clone with App Volumes with Login VSI. We used optimization tools according to VMware OS Optimization Tool. For our tests, we selected the Horizon Instant Clone Agent for instant clone.

Table 4.  Virtual Machine Template Configuration

Attribute

Login VSI Image

Desktop OS

Windows 10 Enterprise Version 21H1 64-bit

Hardware

VMware Virtual Hardware version 19

vCPU

2

Memory

2.5GB

Memory reserved

2560MB

Video RAM

32MB

3D graphics

Disabled

NICs

1

Virtual network adapter 1

VMXNet3 Adapter

Virtual disk--VMDK1

48GB

SCSI controller

VMware Paravirtual

Applications

Microsoft Office 2021 (Office 2019 encountered performance issues with MAK version)

Internet Explorer 11

Adobe Reader 11

Adobe Flash Player 11

Doro PDF 1.82

VMware Tools

11360(11.3.0)

VMware Horizon Agent

8.3.0-18287218

Windows components

Disabled the usage of OneDrive for file storage to avoid CPU spike issue on template virtual machine

Network Configuration

A VMware vSphere Distributed Switch (VDS) acts as a single virtual switch across all associated hosts in the data cluster. This setup allows virtual machines to maintain a consistent network configuration as they migrate across multiple hosts. Figure 6 shows the network configuration of the Horizon environment.

Figure 6.          Network Configuration of Horizon Environment

Note the network settings are configured during the VMware Cloud Foundation deployment.

Table 5 lists VMware Cluster configuration. We should enable VMware vSphere High Availability (vSphere HA) and VMware vSphere Distributed Resource Scheduler™ (DRS) features in VMware Cluster.

Table 5.  ESXi Cluster Configuration

Property

Setting

Setting

Cluster Features

vSphere HA

Enabled

DRS

Partially Automated

The storage controller of ESXi Server supports both pass-through and RAID (Redundant Array of Inexpensive Disks) mode. It is recommended to use controllers that support the pass-through mode with vSAN to lower complexity and ensure performance.

vSAN Configuration

VMware Horizon instant clones used vSAN for storage. Each ESXi server has the same configuration of two disk groups, each consisting of one 1.46TB cache-tier NVMe and three 1.8TB capacity-tier SSDs (Solid State Disks).

vSAN Storage Policy

vSAN can set availability, capacity, and performance policies per virtual machine if the virtual machines are deployed on the vSAN datastore. Horizon creates default storage policies automatically. We need to modify the storage policy to enable or deactivate certain vSAN features. Table 6 shows the storage policy setting of RAID 1. vSAN compression was activated for all the testing.

Table 6.  vSAN Storage Setting with RAID 1

Storage Capability

RAID 1 Setting

Number of Failures to Tolerate (FTT)

1

Number of disk stripes per object

1

Flash read cache reservation

0%

Object Space reservation

0%

Deactivate object checksum

No

Failure tolerance method

Mirroring

Storage Savings

Compression Only

Horizon on VMware Cloud Foundation Deployment

Horizon includes the connection servers, events database, and the unified gateway servers in the Management Domain, they are deployed manually by the administrator.

See Create a Horizon Domain for detailed prerequisites and procedures.

Figure 7.        Workload Domain of the VMware Cloud Foundation

A design for Horizon with NSX-T starts with the foundational deployment of NSX-T and the components that Horizon will consume. Horizon deployments are designed to be highly resilient, and NSX-T should be designed to provide resilient networking, networking services, and security infrastructure which Horizon can consume.

Horizon instances are deployed in pods and divided into multiple blocks to scale the Horizon deployment. Each pod contains two physical blocks – the Horizon Management Block and Horizon Resource Block. The Resource block is also mapped to a VMware Cloud Foundation Workload Domain. Figure 8 shows the addition of NSX-T to the pod and the block architecture of Horizon. The Horizon components positioned in the VCF Management Domain can also be seen in this figure.

Figure 8.         Horizon and NSX-T Pod Configuration

When incorporating NSX-T with a Horizon deployment, failure domains need to be established that align to both Horizon and NSX-T to maintain consistent resiliency between platforms. Horizon establishes failure domains by breaking pods into blocks. VMware Cloud Foundation creates a single Management Domain, and all other created domains are referred to as Workload Domains. NSX-T establishes failure domains by using guidance in the NSX-T Design Guide and recommends distinct management, compute, and edge clusters for large-scale deployments utilizing NSX-T micro-segmentation, edge services, and network virtualization capabilities. Breaking the Horizon pod architecture into NSX-T Server and Horizon Domains, allows a separation of failure domains for Horizon that can align with NSX-T design. All NSX-T Cluster managers sit in the VCF Management Domain while each Workload Domain can share or deploy its own NSX-T Edge Node cluster as required. Listed below is a clarification of the various domains mentioned in this document.

VMware Cloud Foundation Management Domain

The VMware Cloud Foundation Management Domain is the point of management for the VMware Cloud Foundation deployment. It is the first VMware Cloud Foundation domain and is created during the deployment of VMware Cloud Foundation. The management domain contains all the components required to manage, update, back up, and recover the VMware Cloud Foundation deployment. The first NSX-T management cluster and edge node cluster is created here. Control of the VMware Cloud Foundation deployment is established, and updates are performed here to keep the VMware Cloud Foundation deployment operating smoothly.

VMware Cloud Foundation Workload Domain

The VMware Cloud Foundation Workload Domain is an optional construct in a VMware Cloud Foundation deployment. It is created to support applications. The NSX-T management cluster and edge node cluster is established to provide east-west traffic and using a gateway, north-south traffic. The workload domain can be managed independently of the VMware Cloud Foundation Management Domain, but patches and updates must be managed using the VMware Cloud Foundation Management Domain tools. Multiple workload domains can be deployed as required within a VMware Cloud Foundation deployment.

Server Domains

The Server Domain consists of all the clusters that provide the resources for managing, servicing, and monitoring a Horizon deployment. NSX-T provides networking and security services for all the objects in this domain. This domain encompasses the management components for the entire data center, typically, and includes the Horizon management infrastructure as well. Enterprise Applications and even Horizon components such as Connection Servers, reside on the Compute Clusters in this domain. Edge connectivity is handled by NSX-T Edge Nodes and is also separated so that a failure in the Horizon Domain does not impact the Server Domain.

Horizon Domains

The Horizon Domain consists of all the clusters that provide the resources for hosting, servicing, and maintaining a Horizon VDI and RDS Farm deployment. NSX-T provides networking and security services for all the objects in this domain. The Horizon Domain scales out independently as NSX-T supports more than one vCenter Server as a Compute Manager and supports large scale numbers of virtual machines under its services. Edge connectivity is handled by NSX-T Edge Nodes and is also separated so that an Edge failure in the Server Domain does not impact the Horizon Domain.

NSX-T and Horizon Validated Topology

Horizon deployments, like NSX-T deployments, can accommodate a wide range of deployment topologies and options. NSX-T needs to align at logical boundaries with Horizon to scale similarly. Not every customer requires a topology that scales to the Horizon Cloud Pod Architecture limits, but guidance helps showcase the options.  All scale recommendations are based on maximums of both NSX-T Data Center and Horizon. These topologies are

not meant to be comprehensive or to replace a services-led engagement recommendation but provide guidance on what would be required to build each scenario based on each platform’s provided maximums. For more information, see Deployment Topology for Horizon with X-T in NSX-T Data Center and EUC Design Guide.

The chosen Horizon deployment topology was configured modeling the NSX-T and Horizon–Medium Topology–Single Pod with the capability of supporting up to 10,000 desktops as Figure 9 shows. The ‘Medium’ topology represents the physical splitting of the Management, Edge, and Compute clusters. This Horizon and NSX-T topology aligns from an NSX-T design perspective with the Collapsed Management and Edge Cluster design in the NSX-T Reference Architecture. This topology collapses the Management and Edge Clusters into one cluster to minimize the amount of hardware required for deployment. The topology was configured exactly as described in the section above that covered the Horizon Deployment Topologies except for the number of Unified Access Gateways (UAGs) and Horizon Connection servers.

For the tested deployment, a 4 node vSAN cluster was used with Failures to Tolerate (FTT) set to 1. In larger deployments where the management components running as well, we would recommend a 5 node vSAN cluster with FTT set to equal 2. In this deployed topology, two UAGs and Horizon Connection servers were deployed. In the tests, all Horizon components were deployed in the VMware Cloud Foundation Management domain, and 544 desktops were configured on the Horizon Desktop Cluster. Separate NSX-T Compute Clusters were used for the Server and Horizon Domains. All desktops were configured not to allow east-west communications and could not communicate with each other. The Horizon infrastructure components were configured to allow east-west and north-south communications to the required components such as the NSX Advanced Load Balancer, UAGs, Connection Servers, VMware vCenter, Microsoft SQL Server Active Directory, and other required non-VMware infrastructure services. In Figure 10, we show a logical representation of the validated environment.

Figure 9.                        Example NSX-T and Horizon Medium Topology Architecture

Figure 10.      Validated Horizon and NSX-T Pod Configuration

Horizon Configuration Settings

vCenter Server Settings

Horizon Connection Server uses vCenter Server to provision and manage Horizon desktops. vCenter Server is configured in Horizon Manager as shown in Table 7.

Table 7.  Horizon Manager—vCenter Server Configuration

Attribute

Specification

Description

vCenter Server

SSL

On

Port

443

Advanced Settings:

Max Concurrent vCenter Provisioning Operations

Max Concurrent Power Operations

Max Concurrent Instant Clone Engine Provisioning Operations

 

24

50

24

 

Solution Validation

In this section, we present the test methodologies and processes used in this operation guide.

Test Overview

The solution validates that Horizon desktops work well on vSAN using VMware Cloud Foundation with NSX. NSX Advanced Load Balancer and NSX security features such as micro segmentation, distributed firewall and security policies. And it includes the following tests:

  • Integration testing: to validate NSX Advanced Load Balancer Enterprise Edition with VMware Cloud Foundation provides Enterprise-grade, high-performance load balancing for Horizon, and consolidates security and policies for end-user compute resources. It also validates that NSX brings speed and simplicity to VDI networking with security policies that dynamically follows end users across infrastructure, devices, and locations.
  • Functional testing: to validate Horizon performs well on vSAN with Horizon desktop deployments.
  • Operation testing: to validate vSAN storage with Compression together with the use of Horizon instant clones to reduce the total storage needed to provide an exemplary performance on Horizon 2106.
  • Host failure testing: to ensure vSAN can support sustainable workload under predictable failure scenarios.

Test Tools

We used the following monitoring and benchmark tools in the solution:

  • vSAN Performance Service

vSAN performance service collects and analyzes performance statistics and displays the data in a graphical format. vSAN administrators can use the performance charts to manage the workload and determine the root cause of problems. When the vSAN performance service is turned on, the cluster summary displays an overview of vSAN performance statistics, including IOPS, throughput, and latency. vSAN administrators can view detailed performance statistics for the cluster, for each host, disk group, and disk in the vSAN cluster.

  • Login VSI (4.1.40.1)

Login Virtual Session Indexer (Login VSI) is the industry standard load-simulation testing tool for measuring the performance and scalability of centralized Windows desktop environments, such as VDI and hosted applications. Login VSI is used for simulating a typical user activity using the virtual desktop. Login VSI is 100% vendor independent and works with standardized user workloads. This standardization makes all conclusions that are based on Login VSI test data objective, verifiable, and repeatable. 

Login VSI has several different workload templates depending on the type of user to be simulated. Each workload differs in application operations and the number of operations executed simultaneously. In the tests, the workload type is ‘Knowledge Worker * 2vCPU’. The medium-level Knowledge Worker workload was selected because it provides the closest comparison to the average desktop user in our customer deployments. 

We took the following parameters into consideration to measure the testing performance:

  • Test running time
  • Benchmark VSImax
  • CPU memory usage percent
  • vSAN IOPS and IO latency
  • Capacity

Apply NSX Advanced Load Balancer to the VDI Environment

NSX Advanced Load Balancer is VMware’s preferred load balancer for Horizon. It delivers an unprecedented level of automation and application insights to simplify VDI deployments and troubleshooting of end user experience issues to provide high availability to the configuration, Horizon has requirements for load balancing to provide highly available access to its components. The following components all benefit from using the NSX Advanced Load Balancer to provide high availability of Enterprise Horizon:

  • Horizon Connection Servers
  • Horizon Unified Access Gateways
  • Other deployed Horizon components (for example, VMware  App Volumes)

Figure 11 is the architecture of NSX Advanced Load Balancer for Horizon integration. There are several considerations for deploying NSX Advanced Load Balancer for Horizon load balancing, and we can configure several options based on use cases. For detailed information, refer to NSX ALB Reference Architecture for Horizon.

Figure 11.                 NSX Advanced Load Balancer Deployment Architecture

Figure 12.        Editing the Horizon Connection Pool

We configured Unified Access Gateway (UAG) with HA and the NSX Advanced Load Balancer is used as the load balancer for UAG and configured for use in front of the Horizon Connection Servers. NSX Advanced Load Balancer Basic Edition is included as part of VMware Cloud Foundation. NSX Advanced Load Balancer Enterprise Edition was used in configuring and validating this environment. For more information about the NSX Advanced Load Balancer Editions, refer to the VMware NSX Advanced Load Balancer Editions doc.

In our design, a single VIP configured on the NSX Advanced Load Balancer is used for handling both primary protocols and secondary protocols. The virtual IP (VIP) is listening on HTTPS:443 and on the required TCP/UDP ports for secondary protocols.

The load balancer routes the secondary protocols to the same UAG appliance as that selected for the primary Horizon protocol using host header set as part of 307 redirect mechanism.

Since this does not rely on source IP affinity, it works well in the cases where there are many clients behind a single NAT (an edge site) and all connections present the same source IP address. This is the recommended design option for UAG load balancing. This configuration is more than capable of supporting greater than the 10,000 desktop Cloud Pod configuration for Horizon as more service engines can be deployed as required to support additional desktops.

Validation Steps:

Horizon Unified Access Gateways are deployed in a scalable fashion with a requirement for at least N+1 redundancy. Refer to Unified Access Gateway High Availability for configuration. To achieve this redundancy, UAGs can take advantage of NSX-T Load Balancing services provided for the XML-API authentication traffic to the Horizon Connection Servers. See VMware Horizon Unified Access Gateway (UAG) deployment and configuration for Horizon for more information.

Since our desktop pool was relatively small, we did functional verification of the NSX Advanced Load Balancer. A total of 544 desktops were deployed and tested using Login VSI to verify the desktop connections and applications functionality. Traffic through the NSX Advanced Load Balancer was not a bottleneck and all sessions were able to log in the desktops successfully. During this testing, the Login VSI VSIMax threshold was not reached, and all tests were completed successfully.

Apply NSX Features to Secure the VDI Environment

NSX-T provides several security benefits to enhance an existing or new Horizon deployment for the Horizon infrastructure machines, RDSH Farms, and VDI desktops pools. In a virtual desktop infrastructure, it is difficult to provide security at a granular level be it user-based, application-based, or function-based. NSX helps secure desktop pools and allow communications as necessary based on the context of the communication, to applications that should be allowed, and denies the rest. NSX-T can provide this level of security by using a concept called Context-aware micro-segmentation. Context-aware micro-segmentation provides three foundational security capabilities: Isolation, Segmentation, and Advanced Services.

We have done validation to highlight the security features of the NSX product. Security to the VDI environment was applied based on NSX best practices and tested to ensure communication only occurs to the required components of the VDI environment. Separate security policies with rules to restrict access were created for desktop services and Horizon infrastructure components.

NSX-T Groups were created to combine Horizon components as well as those components that were standalone. Figure 13 are the groups that were created to combine Horizon components together as well as separate groups for standalone objects included in the infrastructure. 

Figure 13.     NSX-T Groups Created for Horizon

Figure 14 shows the membership of the Horizon Infrastructure component group called HRZ-Connection-Servers. We used this group to apply like security policies and manage the Horizon Connection Servers as one entity.

Figure 14.       Example of a Group Member

Policies were created for the Horizon component and desktop entities and rules were added with the appropriate services to allow, block, or drop. Because all Horizon desktops were deployed on an NSX-T Segment, the east-west rules were applied to the Segment to block traffic from desktop to desktop. Figure 15 is an example of the security policies that were created to secure the Horizon Infrastructure components as well as secure the Horizon Desktop Pool from east-west communication.

Figure 15.     Example of Secured Desktops Policy

Table 8 is all the security policies created for the Horizon Component and Desktop entities.

Table 8.  Security Policies for Horizon Components and Desktop Entities

Rule #

Rule Name

Source

Destination

Port

Protocol

1

HRZ-FW-Infra Services to Horizon Infra

Non-VMware Infra Svcs

Connection Server

Any

Any

Horizon Desktop Subnet

Virtual Center Server

Unified Access Gateways

Virtual Center Server

2

HRZ-FW-Horizon Infra to Infra Services

Virtual Center Server

Non-VMware Infra Svcs

Any

Any

Connection Server

Horizon Desktop Subnet

Virtual Center Server

Unified Access Gateways

3

HRZ-FW-Desktop to Connection Server JMS

Horizon Desktop Subnet

Connection Server

4001, 4002

JMS, JMS-SSL

4

HRZ-FW-Isolate Desktops from Desktops

Horizon Desktop Subnet

Horizon Desktop Subnet

Deny All

Deny All

5

HRZ-FW-Connection Servers to Desktops

Connection Server

Horizon Desktop Subnet

4172, 3389

PCOIP TCP/UDP, RDP

6

HRZ-FW-Connection Servers to vCenters

Connection Server

Virtual Center Server

443, 80

HTTPS, HTTP

7

HRZ-FW-vCenters to Connection Servers (* Validate)

Virtual Center Server

Connection Server

443

HTTPS

8

HRZ-FW-Admin Browser Access

Any

Connection Server

443, 80

HTTPS, HTTP

9

HRZ-FW-Internal Client to Desktop

Any Internal

Horizon Desktop Subnet

22443, 4172, 9427, 3389, 32111, 443, 42966

Blast Extreme TCP/UDP, PCOIP TCP/UDP, 9427 TCP, RDP TCP, HTTPS, HP RGS

10

HRZ-FW-Internal Client to UAG

Any Internal

Unified Access Gateways

8443, 443

TCP, HTTPS

11

HRZ-FW-External Client to UAG

Any External

Unified Access Gateways

22443, 4172, 9427, 3389, 32111, 443

Blast Extreme TCP/UDP, PCOIP TCP/UDP, 9427 TCP, RDP TCP, HTTPS

12

HRZ-FW-UAG to Desktops

Unified Access Gateways

Horizon Desktop Subnet

22443, 4172, 9427, 3389, 32111, 443

Blast Extreme TCP/UDP, PCOIP TCP/UDP, 9427 TCP, RDP TCP, HTTPS

13

HRZ-FW-UAG to Connection Servers

Unified Access Gateways

Connection Server

8009, 4001, 4002, 500, 4500

AJP13, JMS, JMS-SSL, IPSec (UDP), NAT-T ISAKMP (UDP)

14

HRZ-FW-Connection Servers to UAG

Connection Server

Unified Access Gateways

500, 4500

IPSec (UDP), NAT-T ISAKMP (UDP ESP)

Functional Testing

The VDI workload in general is very CPU intensive. vSAN can support more desktops per host from the storage perspective. But we found that the host CPU could be completely saturated during Login VSI knowledge worker workload when the number of desktops per host reached a certain level. Therefore, we focused our tests on baseline testing desktop numbers to observe the system performance. 

Instant Clone with Native Install Applications

Microsoft Windows 10 version 21H1 was used for the desktop image and we used optimization tools according to VMware OS Optimization Tool before provisioning the image. Initially, we tested 500 desktops, the peak average CPU usage indicated we could add additional desktops. We added 44 additional desktops. The maximum memory percent of active sessions was nearly 99 percent. We deployed 544 desktops as the stable number of the test workloads.

As shown in Appendix Performance Test Diagram References, Login VSI tests successfully passed with 544 knowledge worker workloads on the 4-node vSAN cluster. Instant clones performed well on vSAN with Login VSI knowledge worker workload.

IOPS increased steadily because the number of active sessions increased. Peak write IOPS was 15,640 and peak read IOPS was 7,281. The peak write latency was 0.594ms and the peak read latency was 0.396ms.

Operations Testing

Provision Instant Clone Desktops

In this test, a new pool of 544 instant clone virtual desktops was provisioned on the vSAN datastore, with about 135 desktops per ESXi host. Run the following operations to complete the task:

  • Create internal VMs such as the internal template, replica VMs, and parent VMs, which is called the priming phase.
  • Use VMware Instant Clone Technology to create desktops and prepare the operating system with the use of the Clone Prep Feature.

Testing Results

Figure 16.        Pool Deployment

It took 5 minutes for priming and 9 minutes for 544 desktops to become “available” in the R1 configuration.

The total used capacity was 9.20TB including 4.79TB physically written space, the vSAN system overhead was 3.13 TB. The compression savings were 4.18 TB (ratio: 2.22x).

Figure 17 demonstrates the resource usage during 544 instant clone provisioning. CPU resource usage for the cluster was measured at 98.9%.

Figure 17.      544 Instant Clones Provision Resource Usage

We summarized the storage performance of instant clones as shown in Figure 18 and Figure 19. Peak write IOPS at 74,029 and peak read IOPS at 25,102. Peak write latency and read latency were exceptionally low.

Figure 18.      Instant Clones Provision Storage Performance (IOPS)

Figure 19.      Instant Clones Provision Storage Performance (Latencies)

Push Image of Instant Clone Desktops

You can change the image of an instant clone desktop pool to push out changes or to revert it to a previous image. You can select any snapshots from any virtual machines to be the new image.

Testing Results

It took just 23 minutes to push a new image to 544 instant clone pools in the default R1 configuration.

Figure 20.      Instant Clones Push Image Completion

Figure 21 shows the resource usage during the new image push operation. The average CPU consumption was less than 50 percent in the R1 configuration. The memory usage was 33.60 percent in the R1 configuration.

                                             

Figure 21.         CPU Utilization during Image Push to 544 Desktops

Figure 22.         Memory Utilization during Image Push to 544 Desktops

As shown in Figure 23 and Figure 24, the overall vSAN performance was good.

Figure 23.      Storage Performance (IOPS)

Figure 24.      Instant Clones Push Image Storage Performance (Latency)

Resiliency Testing—One Node Failure

By powering off a single ESXi node, a single vSAN node hardware failure was simulated for a vSAN Cluster with 4 hosts and 544 running instant clone virtual desktops, all under simulated workload for virtual desktops with FTT=1.

In the configuration, vSphere HA and DRS behaved as expected, VMware vSphere HA recreated 136 desktops the failed nodes on other nodes in the cluster. The 136 desktops were restarted, and all desktops were ready for user login. VMware vSphere DRS rebalanced the load across all hosts in the vSAN cluster. For host failures, it did not return any IO error, vSAN had a configurable repair delay time (60 minutes by default) and components were rebuilt across the cluster after the delay time. vSAN prioritizes the current workload by rebuilding to minimize the impact on cluster performance.

Best Practices

This section provides the best practices to be followed, based on solution validation. We provided the following best practices based on our solution validation:

  • Operation parameters
  • NSX-T and Horizon design recommendation

Operation Parameters

The running time of instant clone operations might improve when the max concurrent operations change. If the backend storage performance is good, we can increase the value to a larger number.

For instant clones, the default value of Max Concurrent Instant Clone Engine Provisioning Operations is 20, the provision time is good. We can increase the value to a larger number if the storage latency does not cause contention during the provision. Otherwise, a larger number will not get a quicker provision.

NSX-T Design Recommendation

Table 9 is the design decision for NSX-T component deployment.

Table 9.  NSX-T Component Deployment Recommendation

          

NSX-T Design Decision

 

Decision

 

Justification

 

Independent NSX-T Management Clusters for a Horizon single-site pod deployment topology

 

Splits NSX-T domain into Server and Horizon for NSX-T management and services. Allows independent domain scalability like Horizon Pod scale-out

Horizon 2106 supports up to 10,000 desktops per vCenter Server, 8,000 recommended. A single NSX-T Manager Cluster supports a maximum of 25,000 Segment ports, which aligns with the expected and supported Horizon recommendations.

 

A single NSX-T Management Cluster supports up to 16 vCenter Server instances as Compute Managers. Per Horizon pod, there will be a minimum of 3 vCenter Server instances, two vCenter Server instances for the Horizon Domain and one for the Server Domain.

 

 

NSX-T Edge Nodes are placed in separate Edge Clusters for the Server and Horizon Domains

 

Placement of NSX-T Edge Nodes into separate clusters puts the Edge Nodes and the services they provide as close to the workloads as possible.

Positioning spreads out the failure domain of the Edge Nodes to align with the Server and Horizon Domain logical layout thereby eliminating the possibility of entire failure in case of Management or other Workload Domain failures.

 

See Appendix Performance Test Diagram References for further information about the small, medium, and large topologies.

Conclusion

VMware Cloud Foundation™ is an integrated cloud infrastructure that provides an ideal platform on which to run enterprise workloads and containerized applications across both private and public environments. VMware Cloud Foundation makes it easy to deploy and run a hybrid cloud by delivering common infrastructure that is compatible with a consistent cloud operational model for your on and off-premises data centers and public cloud environments.

Horizon on VMware Cloud Foundation simplifies planning and design with a standardized and tested solution fully optimized for VDI workloads. VMware Cloud Foundation provides a software-defined infrastructure for VMware Horizon for a complete, secure, and easy-to-operate desktop and application virtualization solution. By delivering Horizon virtual desktops through VMware Cloud Foundation, IT organizations can accelerate desktop and application deployments and effectively manage, provide high availability, load balancing, and security for Horizon workloads. Extensive workload, operations, and resiliency testing show that Horizon 2106 when deployed on VMware Cloud Foundation delivers exceptional performance, a consistent end-user experience, and a resilient architecture with end-to-end security, all at a relatively low price.

Appendix Performance Test Diagram References

Test– Information 544 Desktops

 

 

NSX-T and Horizon – Small (HCI) Topology – Single Pod up to 4,000 Desktops

 

NSX-T Design Recommendations

 

Recommendation

 

Justification

Collapsed Management, Edge, and Compute Clusters into one cluster for both Server and Horizon Domains

 

A converged cluster consists of a minimum of 4 ESXi hosts to provide redundancy and high availability for the infrastructure.

 

High Availability is provided by vSphere HA.

 

 

One NSX-T Cluster—Singular UI for policy enforcement

 

NSX-T supports 16 vCenter Servers for unified policy enforcement across the vCenter inventory.

 

No IP sets are required for security policies across the vCenter inventory.

 

One Server and One Horizon Edge Cluster

 

Dedicated Edge Nodes for pools of resources for the Horizon Domain.

Dedicated Edge Nodes for pools of resources for the Server Domain.

 

Four large NSX-T Edge Nodes for two large clusters of Edge Nodes

 

One Edge Cluster in HA for the Server Domain.

One Edge Cluster in HA for the Horizon Domain.

Large NSX-T Edge Nodes for all services that are required.

One Large Load Balancer.

 

One vCenter Server

 

Converged clusters can only have one vCenter as the datastore is shared across the entire cluster.

 

 

One Tier-0 Gateway

 

Each Tier-0 Gateway supports 400 Tier-1 logical routers.

 

One Tier-1 Gateway

 

Each Tier-1 Gateway supports 20,000 ARP entries for workloads attached to segments.

 

One Large Load Balancer on Tier-1 Gateway (if using NSX LB) not NSX ALB

 

1,000 Virtual Servers

3,000 Pools

7,500 Pool Members

 

 

 

NSX-T Design Recommendations

 

 

Recommendation

 

Benefit

 

 

A single vSAN datastore

 

A converged cluster cannot have more than 1 vSAN datastore per cluster.

 

4,000 workloads total

 

Workload is used because there can be a mixture of Server and Horizon workloads present.

 

 

3 Horizon Unified Gateways for N+1 design

 

Horizon recommends N+1 for UAGs. UAGs support up to 2,000 connections per appliance.

 

 

3 Horizon Connection Servers for N+1 design

 

Horizon recommends N+1 for Horizon Connection Servers. Horizon Connections Servers support up to 2,000 connections per Connection Server.

 

 

NSX-T and Horizon – Medium Topology – Single Pod up to 10,000 Desktops

 

NSX-T Design Decision

 

Recommendation

 

 

Benefit

 

Collapsed Management and Edge. Separate Compute clusters for Server and Horizon Domains

 

A collapsed Management and Edge cluster reduces the amount of equipment required to provide physical separation of Management and Edge.

High Availability is provided by vSphere HA.

 

 

 

One NSX-T Cluster – Singular UI for policy enforcement

 

 

NSX-T supports 16 vCenter Servers for unified policy enforcement across the vCenter inventory.

No IP sets are required for security policies across the vCenter inventory.

 

One Server and One Horizon Edge cluster

 

Dedicated Edge Nodes for pools of resources for the Horizon Domain.

Dedicated Edge Nodes for pools of resources for the Server Domain.

 

 

Four Large NSX-T Edge Nodes for two clusters of two Edge Nodes

 

One Edge cluster in HA for the Server Domain.

One Edge cluster in HA for the Horizon Domain.

One Large Load Balancer.

 

One vCenter Server for Server Domain

 

Logical separation of the vCenter that manages the Enterprise Application Server VMs and the Horizon workloads.

 

Two vCenter Servers for the Horizon Domain

 

Horizon 2106 supports 8,000 instant clones per vCenter. Two vCenter Servers are necessary to achieve 10,000 desktops total. One vCenter can be used if there are less than 8,000 desktops in the pod.

 

One Tier-0 Gateway

 

 

Each Tier-0 Gateway supports 400 Tier-1 logical routers.

 

 

One Tier-1 Gateway

 

Each Tier-1 Gateway supports 20,000 ARP entries for workloads attached to segments.

 

 

One Large Load Balancer on Tier-1 Gateway (if using NSX LB) not NSX ALB

 

 

1,000 Virtual Servers

3,000 Pools

7,500 Pool Members

 

 

NSX-T Design Recommendations

 

 

Recommendation

 

Benefit

 

 

Single Horizon Pool

 

Horizon 2106 supports 10,000 workloads per Pod.

 

 

10,000 workloads total

 

Workload is used because there can be a mixture of Server and Horizon workloads present.

 

 

6 Horizon Unified Gateways for N+1 design

 

 

Horizon recommends N+1 for UAGs. UAGs support up to 2,000 connections per appliance.

 

6 Horizon Connection Servers for N+1 design

 

Horizon recommends N+1 for Horizon Connection Servers. Horizon Connections Servers support up to 2,000 connections per Connection Server.

 

NSX-T and Horizon – Large Topology – Multi-Pod for 10000+ Desktops

 

 

NSX-T Design Benefits

 

Recommendation

 

 

Benefit

 

Shared Management host cluster for Server and Horizon Domains

 

A shared Management cluster for the Server and Horizon Domains reduces the amount of hardware required to provide physical separation of the Management components of the Server Domain and each Horizon Pod Domain. These could also be separated as necessary.

 

 

Separate Edge Host and Compute cluster per Pod per Horizon Domain

 

 

 

Separated to allow scaling as needed

 

Separate Edge Host and Compute cluster for Server Domain

 

 

 

Separated to allow scaling as needed

 

 

Two Large NSX-T Edge Nodes for Server Domain

 

One cluster in HA for the Horizon Domain for each Pod

Large NSX-T Edge Nodes for all services necessary for each Pod

One Large Load Balancer per Pod

 

 

Two Large NSX-T Edge Nodes for Horizon Domain per Pod

 

One cluster in HA for Server Domain

Large NSX-T Edge Nodes for all services necessary for each Pod

One Large Load Balancer per Pod

 

 

One NSX-T Singular UI for policy enforcement per Pod

 

NSX-T supports 16 vCenter Servers for unified policy enforcement across the vCenter inventory.

 

IP Sets are required for security policies across the Server and Horizon Domains.

 

 

 

NSX-T Design Recommendations

 

 

Recommendation

 

Benefits

 

 

One or multiple Horizon Pools

 

Horizon 2106 supports 10,000 workloads per pod, 50 Pods per Cloud Pod Architecture for a total of 250,000 sessions.

 

 

10,000 workloads total

 

Workload is used because there can be a mixture of Server and Horizon workloads present.

 

 

6 Horizon Unified Gateways for N+1 design

 

Horizon recommends N+1 for UAGs. UAGs support up to 2,000 connections per appliance.

 

 

6 Horizon Connection Servers for N+1 design

 

Horizon recommends N+1 for Horizon Connection Servers. Horizon Connections Servers support up to 2,000 connections per Connection Server.

 

 

Global Site Load Balancer

 

 

Global Site Load Balancer required for access to multiple Pods.

 

 

About the Author

Charles A. Windom, Senior Solution Architect in the Solutions Architecture team of the Cloud Infrastructure Business Group, wrote the updated version of this paper.

Sophie Yin, Senior Solution Architect in the Solutions Architecture team of the Cloud Infrastructure Business Group is the co-author of this paper.

The following colleagues also contributed to this solutions paper:

  • Hilko Lantinga, Staff Architect in EUC, VMware
  • Geoff Wilmington, Senior Product Line Manager in NSBU, VMware
  • Gregory Smith, Senior Product Manager in NSBU, VMware
  • Charles Lee, Senior Solution Architect in the Solutions Architecture team of the Cloud Infrastructure Business Group
  • Abhinav Modi, AVI Product Line Manager in NSBU, VMware

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Filter Tags

Cloud Foundation 4.3 vSAN File Services Document Reference Architecture