Before you log in to the Horizon Cloud Administration Console and run the pod deployment wizard for the first time, you must perform these preparatory tasks.

  1. Fulfill the prerequisites described in the prerequisites checklist, especially:
    • Ensure your Microsoft Azure account and subscription encompasses the pod's required number and sizes of virtual machines, including the optional Unified Access Gateway configurations if you plan to deploy those. See Microsoft Azure Virtual Machine Requirements for a Horizon Cloud Pod in Microsoft Azure.

      If you plan to deploy the pod with an external gateway configuration that uses its own subscription, separate from the pod's subscription, ensure that other subscription encompasses the external gateway's required number and sizes of virtual machines. For this use case, that separate subscription will need its own VNet, because VNets do not span subscriptions. Also, this subscription must be in the same region as the pod's subscription because the supported VNet topology is connecting VNets within the same Microsoft Azure region.

    • Ensure a virtual network (VNet) exists in the region in which you are going to deploy the pod and that virtual network meets the requirements for a Horizon Cloud pod. If you do not have an existing VNet, create one that meets the requirements. See Configure the Required Virtual Network in Microsoft Azure.

      If you plan to deploy the pod with an external gateway configuration that uses its own VNet, separate from the pod's VNet — or that uses its own subscription separate from the pod's subscription, ensure that VNet exists in the same region as the pod's VNet, and that it meets the documented Horizon Cloud VNet requirements. For this use case, those two VNets must be peered.

      Important: Not all Microsoft Azure regions support GPU-enabled virtual machines. If you want to use the pod for GPU-capable desktops or remote applications, ensure that the Microsoft Azure region you select for the pod provides for those NV-series VM types that you want to use and which are supported in this Horizon Cloud release. See the Microsoft documentation at for details.
    • If you want to manually create the subnets for the pod on your VNet in advance of deploying the pod, ensure that the required number of subnets is created on the VNet, that their address spaces meet the documented Horizon Cloud VNet requirements, and that they are empty of resources. In Advance of Pod Deployment, Create the Horizon Cloud Pod's Required Subnets on your VNet in Microsoft Azure.
      Caution: These subnets you create on your VNet for a pod deployment must be empty. You can create the subnets prior to deploying the pod, but do not put any resources on those subnets or otherwise use any of the IP addresses. If an IP address is already in use on the subnets, the pod might fail to deploy.

      If you do not want to create the subnets in advance, the pod deployment process will create them using the CIDR information you enter into the on-screen wizard.

    • Ensure that virtual network is configured to point to a valid Domain Name Services (DNS) server that is resolving external names. See Configure the DNS Server Settings Needed by the VNet Topology You Will Use for Your Horizon Cloud Pods in Microsoft Azure.
      Important: The pod deployment process requires external and internal name resolution. If the VNet points to a DNS server that cannot resolve external names, the deployment process will fail.
    • Ensure you have an Active Directory setup that is supported for use with this release, your virtual network can reach it, and the DNS server can resolve its name. See Active Directory Domain Configurations.
  2. Create a service principal and get your Microsoft Azure subscription ID, application ID, application authentication key, and Microsoft Azure AD Directory ID. These resources are used by Horizon Cloud to perform its operations on your Microsoft Azure environment. For detailed steps, see Create the Required Service Principal Needed by the Horizon Cloud Pod Deployer by Creating an Application Registration.
    Important: The service principal must have an assigned role in your subscription. The assigned role must allow the actions that Horizon Cloud needs to perform in your Microsoft Azure subscription to successfully deploy the pod and maintain it over time. You must assign to the service principal one of the following roles:
    • The Contributor role. The Contributor role is one of the Microsoft Azure built-in roles. The Contributor role is described in Built-in roles for Azure resources in the Microsoft Azure documentation.
    • A custom role that you have set up to provide the service principal with the minimum set of permitted actions that Horizon Cloud needs for pod deployment and maintenance operations.
  3. If you are deploying the pod with a Unified Access Gateway configuration, obtain the signed TLS/SSL server certificate that can allow your end users' clients to trust connections to the desktops and remote applications. This certificate should match your FQDN that your end users will use in their clients and be signed by a trusted Certificate Authority (CA). Also, all certificates in the certificate chain must have valid time frames, including any intermediate certificates. If any certificate in the chain is expired, unexpected failures can occur later in the pod onboarding process.

    Unified Access Gateway presents your CA-signed certificate, so that the end users' clients can trust the connections. To support trusted access from the Internet, you deploy an external Unified Access Gateway configuration for the pod. To support trusted access within your corporate network, you use an internal Unified Access Gateway configuration. Both configuration types can be deployed during the initial pod deployment process or post-pod deployment using the Edit Pod workflow.

    Important: This FQDN cannot contain underscores. In this release, connections to the Unified Access Gateway instances will fail when the FQDN contains underscores.
  4. If your signed SSL server certificate that you will use with the Unified Access Gateway configuration is not in PEM format or is not a single PEM file containing the full entire certificate chain with the private key, convert the certificate information to the required PEM format. See the steps in Convert a Certificate File to the PEM Format Required for Pod Deployment.
  5. Obtain a My VMware account and register for Horizon Cloud, if you are not already registered for it.

After you have completed those preparatory tasks, log in to the Horizon Cloud Administration Console at using your My VMware account. After logging in, you'll see the Add Cloud Capacity area on the screen and can click Add to start the pod deployment wizard. Complete the wizard by entering the required information in each screen. For detailed steps, see Deploy a Horizon Cloud Pod into Microsoft Azure.

Note: Login authentication into the Horizon Cloud Administration Console relies on My VMware account credentials. If the My VMware account system is experiencing a system outage and cannot take authentication requests, you will not be able to log in to the Administration Console during that time period. If you encounter issues logging in to the Administration Console's first login screen, check the Horizon Cloud System Status page at to see the latest system status. On that page, you can also subscribe to receive updates.