For every Horizon Cloud pod deployed into your Microsoft Azure cloud, a network security group (NSG) is also created in the pod's resource group to act as a template. You can use this template to ensure you have opened those additional ports that you might need for the VDI desktops provided by your VDI desktop assignments.
In Microsoft Azure, a network security group (NSG) governs the network traffic to the resources connected to Azure Virtual Networks (VNet). An NSG defines the security rules that allow or deny that network traffic. For more detailed information about how NSGs filter network traffic, see the Microsoft Azure documentation topic Filter network traffic with network security groups.
When a Horizon Cloud pod is deployed into Microsoft Azure, an NSG named
vmw-hcs-podID-nsg-template is created in the pod's same resource group named
podID is the pod's ID. You can obtain the pod's ID from the pod's details page, navigating from the Capacity page in the .
By default, the pod's template NSG is configured with no outbound security rules and with the following inbound security rules. These default inbound security rules support your end-user clients' access to their VDI desktops using Blast and PCOIP and USB redirection.
In addition to this template NSG, when a VDI desktop assignment is created, the system creates an NSG for that assignment's pool of desktops by copying the template NSG. Every VDI desktop assignment's pool has its own NSG that is a copy from the template NSG. A pool's NSG is assigned to the NICs of that pool's VDI desktop virtual machines (VMs). By default, every VDI desktop pool uses the same default security rules as configured in the pod's template NSG.
You can modify both the template NSG and the per-VDI-desktop-assignment NSGs. For example, if you have an application in a VDI desktop that you know needs an additional port opened for that application, you would modify the corresponding VDI desktop assignment pool's NSG to allow network traffic on that port. If you are planning to create multiple VDI desktop assignments that need the same port opened, a simple way to support that scenario is to edit the template NSG prior to creating the VDI desktop assignments.