Complete the following tasks to prepare your Horizon 7 environment on-premises or in VMware Cloud on AWS for connecting with Horizon Cloud. Ensure every step is completed as described below to complete a successful deployment.

Horizon Cloud Control Plane Requirements

Active My VMware account to log in to the Horizon Cloud control plane.
Valid Horizon Universal License. For more information, see the Horizon Universal License page.

Active Directory Requirements

Supported Microsoft Windows Active Directory Domain Services (AD DS) domain functional levels:
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows Server 2016
All cloud-connected pods in the same Horizon Cloud customer account must have line-of-sight to the same set of Active Directory domains at the time you deploy those pods. This requirement applies not only to additional Horizon pods that you subsequently cloud connect using the Horizon Cloud Connector after the first pod, but also to pods deployed into Microsoft Azure using the same customer account. You can see the checklist for Microsoft Azure pods at VMware Horizon Cloud Service on Microsoft Azure Requirements Checklist For New Pod Deployments - Updated for the March 2020 Service Release.
Domain bind account
  • Active Directory domain bind account (a standard user with read access) that has the following permissions:
    • List Contents
    • Read All Properties
    • Read Permissions
    • Read tokenGroupsGlobalAndUniversal (implied by Read All Properties)
    Note: If you are familiar with the VMware Horizon on-premises offering, the above permissions are the same set that are required for the Horizon on-premises offering's secondary credential accounts, stated in this Horizon on-premises documentation topic.

You should also set the account password to Never Expire to ensure continued access to log in to your Horizon Cloud environment.

For additional details and requirements, see Service Accounts That Horizon Cloud Requires for Its Operations

Auxiliary domain bind account — cannot use the same account as above
  • Active Directory domain bind account (a standard user with read access) that has the following permissions:
    • List Contents
    • Read All Properties
    • Read Permissions
    • Read tokenGroupsGlobalAndUniversal (implied by Read All Properties)
    Note: If you are familiar with the VMware Horizon on-premises offering, the above permissions are the same set that are required for the Horizon on-premises offering's secondary credential accounts, stated in this Horizon on-premises documentation topic.

You should also set the account password to Never Expire to ensure continued access to log in to your Horizon Cloud environment.

For additional details and requirements, see Service Accounts That Horizon Cloud Requires for Its Operations

Domain join account
  • Active Directory domain join account which can be used by the system to perform Sysprep operations and join computers to the domain, typically a new account (domain join user account)
  • Is a member of the Horizon Cloud Administrators Group
  • Set account password to Never Expire
  • This account requires the following Active Directory permissions: List Contents, Read All Properties, Read Permissions, Reset Password, Create Computer Objects, Delete Computer Objects.
  • This account also requires the Active Directory permission named Write All Properties on the OU descendant objects of the target Organizational Unit (OU) that you plan to use for farms and VDI desktop assignments.
  • For additional details and requirements, see Service Accounts That Horizon Cloud Requires for Its Operations
Auxiliary domain join account (Optional, cannot use the same account as above)
  • Active Directory domain join account which can be used by the system to perform Sysprep operations and join computers to the domain, typically a new account (domain join user account)
  • Is a member of the Horizon Cloud Administrators Group
  • Set account password to Never Expire
  • This account requires the following Active Directory permissions: List Contents, Read All Properties, Read Permissions, Reset Password, Create Computer Objects, Delete Computer Objects.
  • This account also requires the Active Directory permission named Write All Properties on the OU descendant objects of the target Organizational Unit (OU) that you plan to use for farms and VDI desktop assignments.
  • For additional details and requirements, see Service Accounts That Horizon Cloud Requires for Its Operations
Active Directory groups
  • Horizon Cloud Administrators — Active Directory security group for Horizon Cloud administrators. Contains the Horizon Cloud administrative users and domain join account. This group is added to the Super Administrators role in Horizon Cloud.
  • Horizon Cloud Users — Active Directory security group for the users which will have access to virtual desktops and RDS session-based desktops and published applications in Horizon Cloud.

Horizon 7 Pod and Horizon 7 Cloud Connector Requirements

Horizon 7 pod running a minimum of Horizon 7 7.10 or later. To obtain use of the latest cloud services and features with the cloud-connected pod, it must be running the most current version, Horizon 7 7.12.
Horizon 7 Cloud Connector virtual appliance, a minimum of version 1.5 or later. To obtain use of the latest cloud services and features with the cloud-connected pod, it must be running the most current version, Horizon 7 Cloud Connector version 1.6.
  • Static IP
  • DNS forward and reverse lookup records
Resource requirements for the Horizon 7 Cloud Connector virtual appliance:
  • For version 1.5: 8 vCPUs, 8 GB memory (RAM), 40 GB hard disk
  • For version 1.6 (latest): 8 vCPUs, 8 GB memory (RAM), 40 GB hard disk
Important: Along with reserving capacity for the Horizon 7 management components such as the Connection Server VMs, Unified Access Gateway VMs, and other components, you should plan on reserving capacity for the Horizon 7 Cloud Connector component. The Horizon 7 Cloud Connector is an infrastructure component that is deployed into your Horizon 7 pod environment to connect a Horizon 7 pod to Horizon Cloud for the use cases of using Horizon subscription licenses and cloud-hosted services with that pod.
Active Directory user used in the pod-onboarding process, when pairing the Horizon 7 Cloud Connector with the Horizon 7 Connection Server. This Active Directory user must have the Horizon 7 predefined Administrators role on the root access group, as displayed in your Horizon 7 pod's Horizon Console in Global Administrators View > Role Permissions > Administrators. In other words, the Active Directory user specified for the pod-onboarding process is a super user for that pod, as described in the Horizon 7 documentation's Horizon Console Administration guide.

Ports and Protocols Requirements

Specific ports and protocols are required for ongoing operations of the Horizon 7 Cloud Connector and your Horizon Cloud tenant environment. See DNS, Ports, and Protocols Requirements When Using Horizon 7 Cloud Connector and a Horizon 7 Pod.
Valid Horizon Universal License. For more information, see the Horizon Universal License page.

Licensing

Horizon Cloud does not provide any guest operating system licensing required for use of Microsoft Windows operating systems that you use in the course of using the Horizon Cloud workflows. You, the customer, have the responsibility to have valid and eligible Microsoft licenses that entitle you to create, perform workflows on, and operate the Windows-based desktop VMs and RDSH VMs that you choose to use in your Horizon Cloud tenant environment. The specific requirements for the items in the table below will be determined by your choices of the types you intend to use in your tenant environment.

Licensing for one or more of the following types: Microsoft Windows 7, Microsoft Windows 10
Licensing for one or more of the following types: Microsoft Windows Server 2012 R2, Microsoft Server 2016, Microsoft Server 2019
Microsoft Windows RDS Licensing Servers — for high availability, redundant licensing servers are recommended
Microsoft RDS User or Device CALs or both