For the Horizon pods in your tenant's fleet, after you save the Universal Broker settings, you can change those pods from monitored to managed state. Changing a pod to managed state lets you add assignments from that pod to a Universal Broker environment. Also, then you can leverage the features of Image Management Service (IMS), an additional service provided by Horizon Cloud.
You run the change-state workflow from the Horizon Universal Console's Capacity page. You must first save the Universal Broker settings using the console's Broker page before running the change-state workflow from the Capacity page.
- Ensure that the Horizon pod meets the requirements for Universal Broker, as described in System Requirements for Universal Broker.
- Install the Universal Broker plugin on every Connection Server instance within the pod. See Horizon Pods - Install the Universal Broker Plugin on the Connection Server.
- If you want to support use of this pod by end users on external networks or use two-factor authentication, then you must configure external Unified Access Gateway instances for the pod. See Horizon Pods - Configure Unified Access Gateway for Use with Universal Broker.
- If you want to use two-factor authentication for Universal Broker, ensure that all external Unified Access Gateway instances within the pod are configured with the same two-factor authentication settings. Also, ensure that these settings match the two-factor authentication settings on every Unified Access Gateway instance across all the other pods participating in multi-cloud assignments.
- Enable and configure Universal Broker as the tenant-wide connection broker for your Horizon pods. See Start the Universal Broker Enablement Using the Horizon Universal Console and Configure Universal Broker Settings.
- If two-factor authentication is already configured in your tenant's Universal Broker settings, the console will enforce that an external Unified Access Gateway and external FQDN is specified in this workflow.
- Click Pods tab if it is not already selected. . Select the
- Select the pod in the list and then click
.The console displays the window for the change-state workflow.
- In the change-state workflow's window, configure the pod's site association.
- To associate the pod with a new site, select New and enter the name of the new site.
- To associate the pod with an existing site, select Existing and select a site from the drop-down menu.
- (Optional) If you want to support use of this pod by end users on external networks or use two-factor authentication, then enable the toggle to indicate that, and specify the external FQDN (fully-qualified domain name). The FQDN is typically defined as follows:
- When the pod has multiple external Unified Access Gateway instances, specify the address of the local load balancer as the pod's FQDN.
- When the pod has only one external Unified Access Gateway instance, specify the address of that Unified Access Gateway instance as the pod's FQDN.
- (Optional) When the pod also has internal Unified Access Gateway instances, optionally enable the toggle to indicate that you will have internal end users accessing their desktops on your internal network, and then specify the internal FQDN.
After enabling the toggle, a field will display to provide the pod's internal FQDN.
- When the pod has multiple internal Unified Access Gateway instances, specify the address of the local load balancer used by those instances as the pod's internal FQDN.
- When the pod has only one internal Unified Access Gateway instance, specify the address of that Unified Access Gateway instance as the pod's internal FQDN.
- Click Save.
What to do next
If your pod has internal Unified Access Gateway instances and you configured Universal Broker to use two-factor authentication, but you want to bypass that two-factor authentication for your internal end users, then proceed to define internal network ranges so that Universal Broker will identify those as internal connections for the purpose of skipping the two-factor authentication for them. See Define Internal Network Ranges for Universal Broker.