To support the use of Horizon Image Management Service (IMS) features in a first-generation Horizon Cloud environment, ensure that your system environment and components meet the following requirements.

Important: For additional important support and non-support information when using IMS features in a first-gen Horizon Cloud environment, review the Current Known Limitations and Issues of the First-Gen Release page.

Using this Page

Important: Use this page solely when you have a first-gen tenant environment and will use IMS features in that first-gen environment. As of August 2022, Horizon Cloud Service - next-gen is generally available and has its very own Using Next-Gen documentation set available here.

When you have a next-gen tenant, you would naturally use IMS features in that next-gen environment. Those next-gen IMS features and how to use them are located inside the next-gen documentation set starting at the page Next-Gen Managing Horizon Images.

One indication of having a next-gen environment is after you log in to your environment and see the Horizon Universal Console label, the browser's URL field contains a portion like /hcsadmin/. The first-gen console's URL has a different section (/horizonadmin/).

First-Generation Control Plane Requirements

For use of IMS in a first-generation Horizon Cloud environment, the first-gen tenant must be appropriately configured for use of Horizon Image Management Service. The admin console is dynamic and will display options for IMS-related workflows when the control plane account is configured with the appropriate features.

These control plane account settings might include enablement for use of:

  • Dedicated VDI desktops (sometimes referred to as persistent desktops)
  • Floating VDI desktops (sometimes referred to as non-persistent desktops)
  • App Volumes on Azure

When Using with First-Generation Horizon Cloud on Microsoft Azure Deployments

As described in the First-Gen Deployment Guide, these pods are based on the first-gen Horizon Cloud pod-manager technology and run in your Microsoft Azure subscription.

Pod requirements:
  • All of the first-gen tenant's pods on Microsoft Azure must be at manifest version 2632 or later.
  • Pods must be online and healthy before any imaging operations.
  • Pods must be in a single Microsoft Azure Active Directory (AAD) tenant.
Tenant requirements:
  • The tenant environment must be configured to use Universal Broker. See the Administration Guide, for information about setting up Universal Broker and end user assignments in a Horizon Cloud tenant environment.
  • Your tenant must be enabled for the Horizon Image Management Service features. If you want to verify with customer service that your tenant is enabled, you can open an informational (non-technical) service request (SR) as described in How to file a Support Request in Customer Connect (VMware KB 2006985).
Requirements for Microsoft Azure cores quota and public IP address provisioning for images sourced from Microsoft Azure Marketplace and managed on the Images (catalog) page:
  • Ensure that you have the required provision of CPU cores quota for the following compute sizes. If quota for the CPU cores are not sufficiently provisioned in your Azure subscriptions, the image management operations will fail with Microsoft Azure errors.
    • Standard_DS2_v2 for VMs without GPU and without Windows 11
    • Standard_D4s_v3 for VMs without GPU, using Windows 11
    • Standard_NV12s_v3 for VMs with GPU
  • Ensure that you have desktop subnets in the pod that allow a sufficient number of IP addresses. If the subnets are not sufficiently provisioned, then image management operations will fail with Microsoft Azure errors.
  • Ensure that you have the required number of public IP addresses provisioned in case you plan to use Microsoft Remote Desktop Protocol (RDP) to access the base VM for any customization. If the public IP addresses are not sufficiently provisioned, the image management operations will fail with Microsoft Azure errors.
Service principal requirements:
  • You must either use the same service principal across all pods and subscriptions or each service principal must have read access to every Microsoft Azure subscription being used by the pods in your environment.

    Because the pods are likely to be in different subscriptions, the above requirement enables each pod subscription to have line of sight to all other pod subscriptions, which is necessary to create an image based on an image in an Azure Shared Image Gallery, regardless of the location of the pod on which the gallery resides.

  • Any custom role that you intend to use (instead of, for example, the contributor role) must have the requisite permissions as shown in the JSON file below.
    Note: The following JSON illustrates the permissions required for a Horizon Cloud on Microsoft Azure deployment including the five additional Microsoft.Compute/galleries/ permissions that IMS requires. See also When Your Organization Prefers to Use a Custom Role for the Horizon Cloud App Registration.
    For the steps required to create a custom role using a JSON file, see the Microsoft documentation topic Create or update Azure custom roles using the Azure portal and use the 'Start from JSON' option.
    "properties": {
        "roleName": "<Give a name say such as IMS-custom-role",
        "description": "Minimum set of Horizon Cloud pod required operations + Image Management functionality",
        "assignableScopes": [
            "/subscriptions/<Fill the subscription id>"
        ],
        "permissions": [
            {
                "actions": [
                    "Microsoft.Authorization/*/read",
                    "Microsoft.Compute/*/read",
                    "Microsoft.Compute/availabilitySets/*",
                    "Microsoft.Compute/disks/*",
                    "Microsoft.Compute/images/*",
                    "Microsoft.Compute/locations/*",
                    "Microsoft.Compute/virtualMachines/*",
                    "Microsoft.Compute/virtualMachineScaleSets/*",
                    "Microsoft.Compute/snapshots/*",
                    "Microsoft.DBforPostgreSQL/*",
                    "Microsoft.KeyVault/*/read",
                    "Microsoft.KeyVault/vaults/*",
                    "Microsoft.KeyVault/vaults/secrets/*",
                    "Microsoft.Network/loadBalancers/*",
                    "Microsoft.Network/networkInterfaces/*",
                    "Microsoft.Network/networkSecurityGroups/*",
                    "Microsoft.Network/publicIPAddresses/*",
                    "Microsoft.Network/virtualNetworks/read",
                    "Microsoft.Network/virtualNetworks/write",
                    "Microsoft.Network/virtualNetworks/checkIpAddressAvailability/read",
                    "Microsoft.Network/virtualNetworks/subnets/*",
                    "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/read",
                    "Microsoft.Resources/subscriptions/resourceGroups/*",
                    "Microsoft.ResourceHealth/availabilityStatuses/read",
                    "Microsoft.Resources/deployments/*",
                    "Microsoft.Storage/*/read",
                    "Microsoft.Storage/storageAccounts/*",
                    "Microsoft.Compute/galleries/read",
                    "Microsoft.Compute/galleries/write",
                    "Microsoft.Compute/galleries/delete",
                    "Microsoft.Compute/galleries/images/*",
                    "Microsoft.Compute/galleries/images/versions/*"
                    "Microsoft.MarketplaceOrdering/offertypes/publishers/offers/plans/agreements/read"
                    "Microsoft.MarketplaceOrdering/offertypes/publishers/offers/plans/agreements/write"
                ],
                "notActions": [],
                "dataActions": [],
                "notDataActions": []
            }
        ]
    }
}
Additional support considerations around images sourced from first-gen Horizon Cloud on Microsoft Azure deployments
Refer to IMS Support for Images Sourced from First-Gen Horizon Cloud on Microsoft Azure Deployments. These sorts of additional considerations involve image-specific items such as use of Windows 11 as the guest operating system.

Microsoft Azure VMs - Generations Support Matrix in First-Gen Horizon Cloud

The following table details the support matrix for use of Microsoft Azure VM models Generation 1 VM, Generation 2 VM, with respect to guest operating systems Windows 10 and Windows 11.

Azure VM Model Windows 10 Windows 11
Generation 1 VM Supported Unsupported
Generation 2 VM Unsupported Supported

NSX Ecosystem Setup for NSX Agent Install During Image Version Publishing

In a first-gen Horizon Cloud environment, you will see an option to install the NSX agent during the publishing of an image version. However, because image operations are tenant-wide, you must have first set up a complete NSX ecosystem on all required pods on your tenant before you can use this option. Alternatively, you can have NSX set up on a limited number of pods and use this option when publishing to only those NSX-enabled pods. Before selecting the Install NSX Agent option during publish, ensure that all relevant NSX components are installed and configured on all pods to which you are publishing. Enable NSX Cloud networking and security features for assignments associated with this pod. See VMware Horizon Cloud Service Product Documentation for information about VMware NSX Cloud with Horizon Cloud pods in Microsoft Azure.
Note: You can only use this option if NSX Cloud version 3.1.1 or later is installed on the pod's virtual network. For NSX Cloud versions earlier than 3.1.1, configure the Microsoft Azure private DNS for NSX Cloud gateways as described in https://kb.vmware.com/s/article/81158 or the image publish will fail.

When Using with Horizon Pods in a First-Gen Environment

As described in the First-Gen Deployment Guide, these pods are based on the Horizon Connection Server software.

Currently, the supported Horizon deployment model for IMS in a first-gen tenant is the on-premises deployment type.

The following requirements apply to all of the currently supported deployment models, except where model-specific needs are indicated.

Horizon deployment software requirements:

Then, in context of the supported Horizon deployment models, ensure that the following items are met in the Horizon deployments supported by IMS that you intend to use with IMS:

  • Running Horizon Connection Server version 7.13 or later, with a valid license.
  • Deployed and configured according to the applicable Horizon Connection Server deployment information. For version 7.13, refer to Horizon 7 Documentation. For later versions, refer to VMware Horizon Documentation.
  • Connected to Horizon Cloud using a Horizon Cloud Connector version that provides support for IMS.

    Read on for the Horizon Cloud Connector requirements.

For more information about setting up a cloud-connected pod for use with IMS, see First-Gen Tenants - Getting Started with IMS.

Horizon Cloud Connector requirements specific to IMS support:

Even though support for IMS debuted with Horizon Cloud Connector version 1.8, that version is superseded by Horizon Cloud Connector version 2.1.2 and later.

It is most prudent to update to the most recent version of Horizon Cloud Connector to obtain the latest fixes and improvements.

  • If your deployment is running vCenter Server 7.0.3, Horizon Cloud Connector version 2.3.0 or later is required.
  • If your deployment is currently running Horizon Cloud Connector 1.8 or 1.9, VMware strongly recommends that you upgrade to the latest Horizon Cloud Connector version. However, if you intend to continue running with that old, superseded version and want to use the IMS features, be aware of the following points:
    • If that connector was deployed with the Basic Feature profile, IMS's Image Locality Service is inactive by default and you must manually activate the Image Locality Service. For details, see information about manually activating Horizon Cloud services for Horizon Cloud Connector in VMware Horizon Cloud Service Product Documentation
    • If that connector was deployed with the Full Feature profile, the Image Locality Service is activated by default.
vCenter Server requirements:

To support IMS functions, ensure that:

  • You are running vCenter Server 6.0 or later in all the deployment sites that you want to manage.

    To use vSphere content libraries for image replication and storage, IMS requires an appropriate version of vCenter Server.

  • All vCenter Server instances that you want participating in the IMS workflows must have network line-of-sight and authentication trust established with each other. You must manually configure the network line-of-sight and authentication trust.
    Note: IMS does not support a clustered topology, in which different groups of vCenter Server instances use different identity providers.
  • The vCenter Server user is configured with all the standard privileges required by a Horizon deployment. See information about privileges required for the vCenter Server user in VMware Horizon Documentation. In addition to these standard privileges, Horizon Image Management Service requires the following privileges:
    • Virtual Machine: All privileges in this group
    • vApp: All privileges in this group
    • Content Library: All privileges in this group (grant access to the vCenter Server user under Global Permissions)
    • Resource: Assign Virtual Machine to Resource Pool
  • The vCenter Server IP address or hostname listed in the vCenter Server certificate and thumbprint is also listed in Horizon Console. Follow the appropriate method to add vCenter Server instances to a VMware Horizon deployment. See VMware Horizon Documentation.

    Additionally, to use IMS with the Horizon pods associated with the vCenter Server environment, also observe the following guidelines:

    • If the vCenter Server certificate and thumbprint identifies the server name (common name/Subject Alternative Names) value of the vCenter Server by IP Address, then that IP address must be listed in Horizon Console also.
    • If the vCenter Server certificate and thumbprint identifies the server name value of the vCenter Server by hostname, then that hostname must be listed in Horizon Console also.
Image requirements:

To manage Horizon images using IMS in your first-gen Horizon Cloud tenant, observe the following requirements.

  • Verify that the latest Windows updates and system patches are installed on the images and that the installation process for these items is complete.
    Note: If any of these installations are still in progress when you attempt to publish an image, the agent installation can get stuck.
  • Verify that all Windows configuration (such as time zone, region, and keyboard layout) has been completed.
  • Verify that the latest version of VMware Tools is installed on the operating systems of the images.
  • Currently Horizon Image Management Service supports the management of images saved in the following formats: virtual machine (VM) templates and VM snapshots. The images must be resident on a vCenter Server instance.
  • Follow the standard and traditional Horizon guidance for preparing the image's guest Windows operating system for use in desktop pools. For example, to use a Windows Server operating system type as a single-session virtual desktop, the Horizon documentation states you must perform certain steps before the Horizon Agent is installed in the VM. For the standard Horizon guidance, refer to the information according to your pod's Connection Server software version:
  • Before using the service, prepare the source image in the format required by your use case.
    • A VM template is a copy of a virtual machine that you can use to create automated desktop pools containing full virtual machines. For information about creating a VM template on vCenter Server, see VMware vSphere Documentation.
    • A VM snapshot is a vCenter Server object that captures the state and data of a parent virtual machine at the time you take the snapshot. You can use VM snapshots to create instant-clone desktop pools. For information on how to take a VM snapshot, see VMware vSphere Documentation.