In Horizon Cloud, you create desktop assignments to provision virtual desktops to your end users. You create dedicated VDI desktop assignments using the Assignments area of the Horizon Cloud Administration Console. When your Horizon Cloud tenant is configured to use the single-pod type of brokering with your pods in Microsoft Azure, you follow the steps here to create a desktop assignment that brokers the virtual desktop from a single pod.

Note: When your tenant is configured to use the Universal Broker with your pods in Microsoft Azure, instead of following these steps here, you would configure what is called a multi-cloud assignment, which can provision resources from multiple pods within the same assignment. See Setting Up a Brokering Method and End-User Assignments in Your Horizon Cloud Tenant Environment.

For general information about desktop assignments in your tenant environment, see About Desktop Assignments for Your Horizon Cloud Environment's Pods in Microsoft Azure.

Prerequisites

  • In some deployments, you might see a message displayed on the console's assignment-related pages that states you must set up the broker configuration before you can create assignments involving your pods. If you see that message, follow the on-screen guidance.
  • Verify that you have at least one published image, with a Microsoft Windows client operating system. You cannot create the VDI desktop assignment without such an image. To verify, navigate to the Images page and make sure it lists an appropriate image. For steps on creating a published image, see Convert a Configured Image VM to an Assignable Image in Horizon Cloud.
  • Decide whether you want the desktops to have encrypted disks. You must specify disk encryption when creating the VDI desktop assignment. You cannot later add disk encryption after the assignment is created. For a description of the disk capability, see Using Microsoft Azure Disk Encryption with Your Farms and VDI Desktops in Your Horizon Cloud Environment.
    Important: This release does not support having disk encryption for floating VDI assignments that use image VMs with attached data disks. Make sure the image you plan to use in the assignment does not have data disks.
  • Decide whether you want the ability to use NSX Cloud features with the desktop VMs. You must enable NSX Cloud management when creating the VDI desktop assignment. You cannot later enable the assignment for NSX Cloud management after the assignment is created. The published image you select for this assignment must have the NSX agent installed in it. You must have installed the NSX agent before publishing the image. See VMware NSX Cloud and Horizon Cloud Pods in Microsoft Azure and its subtopics.
  • Decide whether you want this assignment's desktop VMs to be connected a VM subnet that is different from the pod's primary VM subnet (also known as the tenant subnet). If your pod is running manifest 2298 or later and you have edited the pod to add additional VM subnets, you can specify use of those subnets for this desktop assignment. For this use case, you must verify that the VM subnet you want to use is listed on the pod's details page's Networking section in a Ready state so that the subnet will available for you to select in the workflow steps. For details, see Overview of Using Multiple Tenant Subnets with Your Horizon Cloud Pod for Your Farms and VDI Desktop Assignments.

Procedure

  1. Navigate to the assignments-related console pages, locate the one on which VDI desktop assignments are created and start the new assignment workflow.
    Tip: The console is dynamic and reflects the workflows and settings that are appropriate for the up-to-the-moment situation in your Horizon Cloud tenant environment. The labels displayed for the console's assignment-related pages will vary depending on factors such as the tenant's configured brokering setting, the types of cloud-connected pods in your fleet, the tenant's regional cloud plane, and features that are based on specific licensing.
  2. In the New Assignment start screen, click the Desktops icon.

    Screenshot depicting the Desktops icon

    The New Desktop Assignment window opens to the first wizard step.
  3. Select Dedicated.
  4. Complete the selections on the Definition step and then click Next.
    Note: You might have to use the scroll bar to see all the required fields.
    Option Description
    Location Select the location of the pod from which you want the desktops to be provided.
    Pod Select the pod.
    Tip: If you do not see any pods to select, verify that the Location list is not displaying a location without pods. The Location field works on the Pod list to filter out pods that are not associated with the selected location. If you previously had a pod at a location and then deleted that pod or moved it to a different location, so that the displayed location no longer has any pods, the Pod list will display no entries. Because the locations are listed alphabetically, when the screen opens, it automatically selects the one that is first in the alphabet. If that location no longer has any pods associated with it, you must switch the location to a different entry.
    Specify VM Subnet(s) Enable this toggle to select one or more specific subnets to which the assignment's desktop VMs will be connected. After enabling the toggle, you can select the specific subnets from the displayed list.

    When this toggle is disabled, the desktop VMs will be connected to the pod's primary VM subnet by default.

    Filter Models Set one or more filters to control the models available in the Models drop-down menu. You can filter models by type, series, number of CPUs, memory, and tags. For more information about selecting models, see Managing VM Types and Sizes for Farms and Assignments, which describes the options on the VM Types & Sizes page (Settings > VM Types & Sizes).

    To set a filter, you first select the criterion in the drop-down menu and then enter the desired values. By default, there is a single filter with the criterion 'Tag' the value 'VMware Recommended'. You can edit this first filter and add more filters connected by And and Or operators.

    The following are the criteria you can use for filters and descriptions of the values you can enter for each.

    Type


    When you select this option, the second drop-down menu defaults to GPU and High Performance - Models with GPU.
    Note: If you choose a GPU model (for example, Standard_NV6), then the list of images shown will contain only images that were created with the Include GPU flag selected, so you need at least one such image in order to create a farm or pool using a GPU model. If you choose a non-GPU model, then the list of images shown will contain only images that were created without the Include GPU flag.
    Series


    When you select this option, you can then select a series of models from a second drop-down menu. You can also filter this list by entering text in the Filter text box at the top of the list.
    CPUs


    When you select this option, you can then enter a CPU range.
    Important: For production environments, to avoid unexpected end-user connection issues, use VM models that have a minimum of two (2) CPUs.
    Memory


    When you select this option, you can then enter a range of memory in GBs.
    Tag


    When you select this option, you can then select a tag from a second drop-down menu. You can also filter this list by entering text in the Filter text box at the top of the list. Tags available in the drop-down menu are both hard-coded system tags and custom tags that you created on the VM Types & Sizes page ( Settings > VM Types & Sizes).

    You can set additional filters by performing the following steps for each filter:

    1. Click the Add link.
    2. Select either And or Or as the operator between the previous filter and the new one you are creating.
    3. Set the new filter by selecting a criterion and entering values.
    Model Select the model to use for the desktop instances. This selection defines the set of underlying resources that will be used when the desktop instances are created, in terms of capacity (compute, storage, and so on). The available choices map to standard VM sizes that are available in Microsoft Azure.
    Important: For production environments, select a VM model that has a minimum of two (2) CPUs. VMware scale testing has shown that using 2 CPUs or more avoids unexpected end-user connection issues. Even though the system does not prevent you from choosing a VM model with a single CPU, you should use such models for tests or proof-of-concepts only.
    Disk Type
    Select a supported disk type from the available options. Disk type options are based on the model selected, and your Azure subscription and region. The following are some commonly available disk types.
    • Standard HDD - Default disk type.
    • Standard SSD
    • Premium SSD - Option only appears if you selected a model that supports premium IO.

    You can edit your selection after creating the assignment if desired.

    Disk Size
    Enter the OS disk size in GB for the VMs in this assignment.
    • The default value is the base image OS disk size (typically 128 GB).
    • If you edit the size, the value you enter must be greater than the base image OS disk size, and cannot exceed the largest size (typically 1024 GB) supported by the selected model.
    • You can also edit this value later if desired.
    Important: If you edit the disk size, there are additional actions you must take to ensure that the VMs are created as expected. For more information, see Required Administrator Actions When the Disk Size for a Farm or VDI Desktop Assignment is Increased.
    Domain Select the Active Directory domain registered with your environment.
    Join Domain Select Yes so that the desktop instances are automatically joined the domain when they are created.
    Encrypt Disks Select Yes so that the desktop instances have encrypted disks.
    Important: If you want disk encryption, you must make this selection when creating the VDI desktop assignment. You cannot later add disk encryption after the assignment is created.
    NSX Cloud Managed Select Yes so that you can use features of NSX Cloud with the assignment's desktop instances. For a description of using NSX Cloud features with your desktops in Microsoft Azure, see VMware NSX Cloud and Horizon Cloud Pods in Microsoft Azure and its subtopics.
    Important:
    • If you want to use NSX Cloud with the desktop instances, you must make this selection when creating the VDI desktop assignment. You cannot later enable NSX Cloud management after the assignment is created.
    • For the NSX Cloud management features to work with the assignment's desktop instances, the image that you select for this assignment must have the NSX agent already installed on it. When you set this toggle to Yes, ensure that the image you select in Image has the NSX agent installed on it. The system does not verify if the selected image has the NSX agent when it creates the VDI desktop assignment.
    Use Availability Set Select Yes so that Availability Sets are created for the new assignment in Microsoft Azure.

    Availability Sets are groups of VMs that Microsoft Azure uses to ensure higher availability. For more information, see the Microsoft Azure documentation.

    • This option appears only if the pod is at manifest version 2298.0 or higher and your VMware representative has enabled the display of this option. If the pod is at manifest version 2298.0 or higher and this option is not displayed, then Availability Sets will be created for the assignment, since this is the default for these pods.
    • The maximum number of VMs in an Availability Set is 200, so assignments larger than that will have multiple Availability Sets.
    Image Select an image that you want to assign to the end users.

    Only those published images in the selected pod that are appropriate for VDI desktops are listed here. A published image, sometimes called a sealed image or an assignable image, is one that was published to the system by converting a base or golden image into a desktop.

    Important: If you set the NSX Cloud Managed toggle to Yes, ensure that the image you select here has the NSX agent installed on it. For the NSX Cloud management features to work with the assignment's desktop instances, the image that you select for this assignment must have the NSX agent already installed on it. The system does not verify if the selected image has the NSX agent when it creates the VDI desktop assignment.
    Assignment Name Type a friendly name for this dedicated VDI desktop assignment. Entitled end users who have not yet claimed or been assigned a desktop from this assignment might see a form of this assignment name in the client they use to access their desktops.

    The name must contain only letters, hyphens, and numbers. Spaces are not allowed. The name cannot start with a non-alphabetic character.

    VM Names Base name for the desktop VMs created in this assignment. The VM names will have numbers appended to this base name, for example, win10-1, win10-2, etc. The name must start with a letter and can contain only letters, dashes, and numbers. The end users see a form of this name in the client they use to access their desktops.
    Default Protocol Select a default display protocol you want the end-user sessions to use.

    Circumstances might occur that cause another protocol to be used instead of the default protocol. For example, the client device does not support the default protocol or the end user overrides the default protocol selection.

    Note: For images with the Microsoft Windows 7 Enterprise operating system, RDP is the only supported choice.
    Preferred Client Type Select the preferred client type used when end users launch their desktops from Workspace™ ONE™ Access, either a Horizon Client or a browser for HTML Access.
    Note: For images with the Microsoft Windows 7 Enterprise operating system, Horizon Client is the only supported choice.
    Capacity Type the number of desktops required in the assignment.

    Min Desktops

    Max Desktops

    Tip: This Min Desktops setting for a dedicated VDI desktop assignment works slightly different from how the setting works for a floating VDI desktop assignment. For a dedicated VDI desktop assignment, the Min Desktops setting refers to the unassigned desktops. When a desktop becomes assigned to a user, that desktop VM is no longer an unassigned desktop, and as a result, is not considered part of the set of desktops governed by the Min Desktops setting. If the number of unassigned desktop VMs in the assignment are less than the value for Min Desktops, you will observe that the number of powered-on VMs is less than the Min Desktops value
    • Min Desktops — Sets the number of powered-on unassigned desktop VMs to have in the pool defined by this assignment. When the assignment is first created, zero desktop VMs are assigned out of the total of maximum possible for the assignment (set by the Max Desktops number). Therefore, at that time, the number you set here is the subset of the number of unassigned VMs that you want powered on initially out of that possible maximum. When you specify zero (0) for Min Desktops, it indicates that you want none of the unassigned desktop VMs to be powered-on when the assignment is initially created.

      The benefit of setting some unassigned VMs to be powered on is primarily to have some unassigned VMs ready for users to quickly log in to. Over time, as these powered-on unassigned desktops get assigned to users — either from users doing their initial logins which claim desktops for them or from an administrator using the Assign action to explicitly assign a desktop to a user — the system powers on additional unassigned desktops until it reaches the Max Desktops number. Finally, when all of the desktop VMs in the assignment are assigned to users, the Min Desktops value is not much use until a time when you explicitly start unassigning desktops from users.

    • Max Desktops — Sets the total number of desktop VMs you want in the pool of VMs defined by this assignment.
    Power Off Protect Time Specify the number of minutes that you want the system to wait before automatically powering off a powered-on desktop. You can enter a value from 1 to 60. The default is 30 minutes.

    This protect time is used primarily for the situations where the system will automatically power off a desktop VM. You can use this Power Off Protect Time setting to tell the system to wait the specified time before starting to power off the VM. For example, if there is a schedule defined in the Schedule Power Management, the system can automatically power off desktops to meet the configured schedule. If you manually power on one of the assignment's desktops within the configured schedule, the system waits the time specified for the Power Off Protect Time before powering off the VM to match the configured schedule. The default wait time is 30 minutes.

    Windows license question The wizard asks you to confirm you have an eligible license to use the Microsoft Windows operating system that is in the image and which will be in the desktop VMs. Follow the on-screen instructions.

    For a client operating system, Horizon Cloud sets the VDI assignment's desktop VMs to use the Windows Client license type by default and you cannot change that setting.

    Optionally configure the advanced properties.
    Option Description
    Computer OU Active Directory Organizational Unit where the desktop VMs are to be located. Enter the Active Directory Organizational Unit using the distinguished name, for example, OU=RootOrgName,DC=DomainComponent,DC=eng, and so on. The OU and each path in a nested OU can contain any combination of letters, numbers, special characters, and spaces, and can have a maximum of 64 characters.

    If you need to use nested Organization Units, see Considerations For Using Nested Active Directory Domain Organizational Units

    Note: If the Computer OU is set to CN=Computers, the system uses the default Active Directory Computers container for VMs. Your Active Directory might have this default container redirected to an organizational unit class container.
    Run Once Script

    (Optional) Location of a script that you want run in the assignment's desktop VMs after the VM creation process.

    Note: The script must end with a reboot step to reboot the VM. Otherwise, the end user will not be able to log in the desktop until doing a manual restart. A sample reboot line as a Windows command is:
    shutdown /r /t 0

    The reason why the script must end with a reboot step is due to the sequence when the script is run after the sysprep process. When the system creates a desktop VM for the assignment, the VM boots up and completes the sysprep process in the Windows operating system. When the sysprep process completes, the agent in the desktop VM reaches out to do the domain join. At the same time, the agent gets the script path you specify here. The agent sets the Windows RunOnce path (System run once) and then restarts the desktop VM. On the next restart, the system logs in to the Windows operating system using the local administrator account and runs the script. It is only after another subsequent restart, specified in the script, that the desktop VM is ready for a user to log in.

    Max Desktop Deletions This sets the number of desktop VMs that can be deleted in the assignment before counting them against the rate you set for Deletion Protection on the Settings > General Settings page. Select one of the following options from the drop-down menu.
    • Unlimited - Unlimited desktop VMs can be deleted from the assignment. In this case, the Deletion Protection setting is no longer relevant.
    • None - No additional desktop VMs can be deleted before counting them against the rate you set for Deletion Protection. In this case, the system uses only the Deletion Protection to authorize or block deletions. None is the default value for Deletion Protection.
    • Custom - Number of additional desktop VMs that can be deleted before counting them against the rate you set for Deletion Protection. If you select Custom, you must also enter a numerical value to the right of this drop-down menu.

      For example, you might set Max Desktop Deletions to 10 and Deletion Protection to 1. In this case, after the first 10 VMs are deleted (no matter how long it takes for the count to reach 10), the system only allows 1 additional VM to be deleted per hour from that time forward.

    Important: If you specify a new image for a dedicated desktop assignment, the system changes the Max Desktop Deletions setting if necessary so that all unassigned desktop VMs can be rebuilt with the new image.
    Note: If you select Unlimited for Deletion Protection, there is no need to use the Max Desktop Deletions setting.
    For more information about the Deletion Protection setting, see Customizable General Settings for Your Horizon Cloud Tenant Environment.

    To prevent all VM deletions in a dedicated desktop assignment, use the Prevent Deletions setting on the Assignments page. See Prevent Deletions or Allow Deletions for a Dedicated Desktop Assignment.

    Session Timeout Interval This time interval is the amount of time the end users' sessions can be idle before the system forces a log off from the desktops. This time out applies to the logged-in session to the underlying Windows operating system. The time you specify here is different from the time out settings that govern the end users' Horizon Client or HTML Access logged-in session.
    Caution: When the system forces the log off in the underlying Windows operating system session, any unsaved data is lost. To prevent an unintended loss of data, set this interval high enough to accommodate the business needs of your users.

    The default interval is one week (10080 minutes).

    Note: If no user activity occurs before the timeout interval is reached, a message indicates that the user will be logged off if they do not click OK in the next 30 seconds. If the logout occurs, any unsaved user data, such as documents or files, is lost.
    Azure Resource Tags

    (Optional) Create custom tags to be applied to Azure resource groups. Azure resource tags are only applied to the resource groups, and are not inherited by the resources in the groups.

    To create the first tag, enter information in the Name and Value fields. To create an additional tag, click Add and then enter information in the Name and Value fields that appear below the existing ones.

    • You can create a maximum of 10 tags.
    • The tag name is limited to 512 characters, and the tag value is limited to 256 characters. For storage accounts, the tag name is limited to 128 characters, and the tag value is limited to 256 characters.
    • Tag names cannot contain the following characters:

      < > % & \ ? /

    • Tag names cannot contain these case-insensitive strings:

      ‘azure’, ‘windows’, ‘microsoft’

    After an assignment has been created, you can add more Azure resource tags and edit or delete tags for that assignment.

  5. In the wizard's Management step, complete the fields and make your selections as appropriate and then click Next.
    Option Description
    Image Updates

    The Concurrent Quiescing Desktops setting controls the number of unassigned desktops in this dedicated VDI desktop assignment that can be concurrently quiesced during the time the assignment's image is being updated. For example, when you later edit this dedicated VDI desktop assignment to use another image, the system will power off at the same time this number of unassigned desktops. Then the system performs the required actions to provision the new image to that set of powered-off unassigned desktops.

    Note: Desktops in a dedicated VDI desktop assignment that are mapped to users are said to be assigned to those users. Unassigned desktops in a dedicated VDI desktop assignment are desktops which have not yet been mapped to specific users.
    Timeout Handling Configure how you want the system to handle the desktops' user sessions.
    Note: The user sessions governed by these settings are the user logins to the desktops' Windows operating system. These sessions are not the user logins in Horizon Client, Horizon HTML Access, or Workspace ONE.

    The user's session begins when the user authenticates to the desktop's Windows operating system.

    • Log Off Disconnected Sessions - Select when the system will log the user off of a disconnected session.
    • Max Session Lifetime - Specify the maximum number of minutes the system should allow for a single user session.
    Schedule Power Management

    To help optimize savings and performance of the desktop VMs in Microsoft Azure, you can optionally configure schedules to adjust the minimum number of powered-on unassigned desktop instances on a recurring weekly basis. For example:

    • For weekends or night hours when you know that your end users will not be using their desktops, you can have a schedule for zero or a low number of powered-on unassigned desktops.
    • For specific days or specific hourly stretches that you can predict will have increased end user demand, you can have a schedule that increases the minimum number of powered-on unassigned desktops to be available to meet that demand.

    You can specify up to 10 schedules for the dedicated VDI desktop assignment. If any schedules have overlapping time periods but specify different minimum unassigned desktop numbers, the system uses the largest value minimum unassigned desktops for the overlapping time period.

    Caution: By default, when you configure a schedule here for a dedicated VDI desktop assignment, the system keeps all of the already assigned desktop VMs powered on, regardless of the schedule. That is:
    • If you set any schedule here, it results in the system leaving the currently assigned (mapped to a user) desktop VMs on. The schedule only controls the power state of unassigned desktops, if any.
    • Having a schedule here changes the system's treatment of the power-on behavior of the assigned desktops from what it would be in the absence of a schedule. When there is no schedule configured here, the system powers off the assigned desktops that have no logged-in users.

    For example, if all of the desktops in this dedicated VDI desktop assignment are mapped to users (assigned), and there is a schedule configured here, the system does not power off those assigned desktops by design. This design is for ensuring an assigned desktop is ready to meet its mapped-to user's request to log in, even when a schedule is in effect.

    As a result, if all of the desktops are in assigned state, when a schedule is set here, those assigned desktops will remain powered on, even when their assigned users are not logged in. If you want all assigned desktop VMs to be powered off during a specific day, like a weekend day, do not configure any schedules here.

    To configure a schedule:

    1. Click the + icon to add the first row in the Schedule Power Management section.
    2. Type an identifying name for the first schedule.
    3. Select the days for the first schedule.
      Note: One day is automatically selected by default when the row is added. If you do not want to include the selected day in this schedule, click the drop-down and deselect that selected day.
    4. Specify the applicable hours in the specified days. Either:
    5. Select the time zone. The time zone closest to your end users' location is recommended. As appropriate for the selected time zone, Daylight Savings Time is automatically applied.
      Note: If two schedules have the same time zone setting and have overlapping times, a warning is displayed. However, if two schedules have different time zone settings and overlap, the warning is not displayed. As an example, if you have two all-day Saturday schedules and one has Europe/London time zone selected and the other has America/Toronto selected, the overlap warning does not display.
    6. In the Min Desktops field, type the minimum number of unassigned desktops you want powered on during the specified time period. During the specified time period, that number of unassigned desktops at a minimum will be powered on to be available to take end user requests during that time. The number can range from zero (0) up to the number specified for Max Desktops for the overall dedicated VDI desktop assignment.
      Important: The Min Desktops field in the power management schedules controls only the unassigned desktops. Assigned desktops do not participate in the power management schedule. When all desktops in the dedicated VDI desktop assignment are in Assigned state, this Min Desktops value, which controls the unassigned desktops, defaults to zero (0).

      When this number is zero (0) and there are no active end user sessions at the schedule's starting time point, the assignment's desktops are powered off. In that scenario, if an end user subsequently attempts to connect to a desktop from this assignment during the scheduled time period, there will be a delay before the desktop is in a usable state because the underlying desktop VM has to power on.

    Note: By default, when a user logs off of a desktop at a time that lies outside of a schedule's time period, the system protects the desktop VM from powering off for the time specified in the Power Off Protect Time field. The default is 30 minutes.
  6. On the Users step, search for users and groups in your registered Active Directory domains, select the ones you want to entitle to use desktops from this assignment, and then click Next.
  7. On the Summary step, review the configuration and then click Submit.

Results

The system begins the process of configuring the desktop instances to provide VDI desktops to the selected users. On the Assignments page, the Status column reflects the current progress.

Note: Creation of an encrypted desktop VM takes approximately twice as long as creating a non-encrypted VM. As a result, the end-to-end time to complete creating a VDI desktop assignment that has disk encryption enabled is approximately twice as long as creating that VDI desktop assignment without disk encryption enabled.

Also, when the image VM has a data disk, additional time is needed for creating an encrypted desktop VM based on that image VM. The longest times occur for data disks of larger, terabyte sizes.

What to do next

If the VDI desktop has applications that require opening special ports, you might need to modify this VDI desktop assignment's associated Network Security Group (NSG) in Microsoft Azure. For details about the pod's NSG, see About Network Security Groups and Your VDI Desktops.

If you specified NSX Cloud management for this assignment, you can use your NSX Cloud environment's Service Manager (CSM) to see that the desktop VMs are managed in NSX Cloud. Log in to your environment's CSM and navigate to Clouds > Azure > Instances. When that Instances page shows a status of Managed for the desktop instances, you can start implementing NSX policies on them.