Your Horizon Cloud deployment requires subnet support in the Microsoft Azure region, which requires the existence of a Microsoft Azure Virtual Network (VNet) in that region.

Create a VNet in a Microsoft Azure region with applicable address space for the required subnets.

For Horizon Cloud, you must create subnets in advance.

Create three non-overlapping subnet address ranges in classless interdomain routing (CIDR) format in the VNet. The following subnet requirements are minimum. For larger environments, larger subnets might be necessary.


  1. Create the Management subnet by configuring a NAT gateway because a Horizon Edge using an AKS cluster needs a NAT Gateway for outbound connectivity.
    Ensure that the Management subnet does not conflict with the following IP ranges.
  2. Create the desktop (tenant) subnet.
    For the primary desktop (tenant) subnet, create /27 minimum subnets, but size appropriately based on the number of desktops and RDS servers. You can add more subnets as required.
    Note: If you are using an internal load balancer, ensure that all VM subnets for your desktop VMs fall in the IP ranges described in RFC1918.
  3. Create the DMZ subnet.
    Create /27 minimum subnets for the cluster of Unified Access Gateway.
    Note: Deploying the Unified Access Gateways requires three subnets. Each Unified Access Gateway VM has three NICs, one from each subnet. The external load balancer backend pool is attached to the DMZ subnet NICs. The internal load balancer backend pool is attached to the desktop subnet NICs. Verify that there are no NSGs or firewall rules blocking ingress to the DMZ network from the internet. The only NSGs that VMware deploys are ones attached to the NICs (not subnet) and by default allow ingress. Any firewall or NSG rules blocking incoming traffic from the internet to the DMZ NICs will cause issues when attempting to connect to the Unified Access Gateways via the external load balancer.