Your overall first-gen Horizon Cloud environment consists of the VMware-hosted cloud service, your provided capacity, and VMware software deployed into that capacity and connected to the cloud service. When the VMware software installed in that capacity is appropriately configured and connected to the cloud service, that configured entity is now a cloud-connected pod. Having at least one cloud-connected pod and completing the Active Directory registration process unlocks use of the cloud- and web-based Horizon Universal Console for management and administrative tasks involving those pods, including health monitoring, and help desk services.

Remember: As described in KB article 92424, the end of availability of the first-gen Horizon Cloud control plane has been announced. The first-gen Horizon Cloud product documentation has been updated to align with that announcement.

About this Page

Attention: Use this page solely when you have access to a first-gen tenant environment in the first-gen control plane. As described in KB-92424, the first-gen control plane has reached end of availability (EOA). See that article for details.

As of August 2022, Horizon Cloud Service - next-gen is generally available and has its own Using Next-Gen documentation set available here.

An indication of which environment you have, next-gen or first-gen, is the pattern that appears in the browser's URL field after you log in to your environment and see the Horizon Universal Console label. For a next-gen environment, the console's URL address contains a portion like /hcsadmin/. The first-gen console's URL has a different section (/horizonadmin/).

Brief Introduction

For an overall introduction about a first-gen tenant environment, see Introduction to Horizon Cloud and Onboarding Pods to Become Cloud-Connected Pods. Supported capacity environments are ones such as Microsoft Azure cloud or a VMware-supported SDDC. Each of these capacity environments provides for a specific pod type:

Having at least one cloud-connected pod and completing the Active Directory registration process opens up use of the console for performing administrative tasks in the environment. The console provides an integrated view and centralized access to the cloud-based services that Horizon Cloud provides. This web-based console works in an industry-standard Web browser. For the list of supported Web browser types and versions, see First-Gen Tenants - Tour of the First-Gen Horizon Universal Console.

Depending on the type of capacity you have access to, you can use this same console for an automated pod deployment into that capacity and configure that pod for connection to Horizon Cloud. For some types of pods, even though they cannot be automatically deployed and configured, you can still cloud-connect those pods and work with them in this same administrative console, after performing some required connection steps.

Getting Started High-Level Sequence

Before you can use any cloud-hosted services or the console with a Horizon Cloud pod, you must:

  • Connect your first pod to Horizon Cloud. Depending on the pod type you want to deploy first, see
  • Register at least one Active Directory domain and grant the Super Administrator role to at least one of your Active Directory groups.
    Registering the domain involves providing both:
    • A primary domain-bind account and an auxiliary domain-bind account, used by Horizon Cloud to perform lookups in the Active Directory. By providing an auxiliary domain-bind account when you first register the domain, you prevent locking your administrator users out of the console if the primary bind account becomes inaccessible.
    • A domain-join account, used by Horizon Cloud in pod operations that require joining virtual machines to the domain, such as when importing a VM from the Microsoft Azure Marketplace, creating farm RDSH instances, creating VDI desktop instances, and so on.
    Note: In this release, the domain-join account is used by system operations primarily with pods in Microsoft Azure. Cloud-connected Horizon pods do not make use of the domain-join account that you specify in the Active Directory domain registration steps. However, even when you have only cloud-connected Horizon pods for your environment, it is prudent to complete the domain-join account step to ensure that the subsequent prompt to assign the Super Administrators role is activated. Assigning that role to an Active Directory domain group is a required step for all types of cloud-connected pods.

    For the requirements on these domain-bind and domain-join accounts, see Service Accounts That Horizon Cloud Requires for Its Operations.

For details about the domain registration workflow , see First-Gen Tenants - Perform the First Required Active Directory Domain Registration for Your Horizon Cloud Control Plane Tenant.

Afterwards, a best practice is to follow the recommended actions displayed in the Getting Started wizard.

Important: Due to a known issue, when connecting Horizon pods using Horizon Cloud Connector, unexpected results can occur if you do not complete the Active Directory domain registration process for the first pod before attempting to run the connector's cloud-pairing workflow for subsequent pods. Even though the connector's cloud-pairing workflow allows you to run it for multiple pods prior to completing the first Active Directory domain registration with Horizon Cloud, if you have not yet completed the first domain registration before running that cloud-pairing process on the next pod, this domain registration process might fail. In that case, you will have to:
  1. Use the Unplug action in the web-based Horizon Cloud Connector configuration portal to remove the connection between each of the cloud-connected pods until you are down to a single cloud-connected pod.
  2. Use the Horizon Universal Console to remove the failed registration, by following the steps in remove the failed Active Directory domain registration from Horizon Cloud.
  3. Complete the first Active Directory domain registration process, related to that pod.
  4. In the web-based Horizon Cloud Connector configuration portal, re-run the connector's cloud-pairing workflow on the other pods.

After the first Active Directory domain is registered with Horizon Cloud for the pod's use, you can subsequently register additional Active Directory domains. Registering additional Active Directory domains provides for the ability to specify those domains' user accounts within the various Horizon Cloud workflows that you perform using the administrative console, such as entitling your end users to pod-provisioned resources and assigning administrative roles to your administrative users. After the first Active Directory domain is registered, you can also configure additional auxiliary domain bind accounts and an auxiliary domain join account.

Important: In this release, all pods must have line of sight to all of the cloud-configured Active Directory domains. When you register an Active Directory domain in the console, that domain is added to the set of cloud-configured Active Directory domains for your Horizon Cloud environment.
Important: The administrative console is dynamic and reflects what is available at the current service level. However, when you have cloud-connected pods that are not yet updated to the latest levels of the pod's software, the console does not display those features that depend on the latest pod software level. Also, in a particular release, Horizon Cloud might include separately licensed features or features that are only available for particular tenant account configurations. The console dynamically reflects the elements related to such features only when your license or tenant account configuration includes use of such features. For examples, see Tour of the Cloud-Based Console Used for Administrative Tasks in Horizon Cloud.

When you are expecting to see a feature in the administrative console and do not see it, contact your VMware account representative to verify whether your license and tenant account configuration entitles its usage.