Due to the recent COVID-19 coronavirus outbreak, many organizations came with working from home strategies for their employees. There are organizations will have a strict corporate policy, hardware or the data of employee’s computer cannot leave the company premises.
Setting up a full VDI solution involves many stages such as new hardware, network, installing all the VDI software components, creating virtual desktop images, setting up applications, deploying virtual images. To complete the full VDI deployment will take 2-3-week time and on the current situation COVID-19, the organization cannot wait for so long for setting up a solution to support the business continuity.
Understanding the importance of business continuity and current situation VMware provides this solution which will address the challenge, where the users are tied to their on-premises desktop systems. This solution will help the organization to continue business by providing secure remote access to employees’ office desktops to work remotely. This solution can deploy very quickly with minimal hardware requirements and user impact.
This solution required less CAPEX since the company will be using existing hardware and windows licenses, also no additional OPEX required because the organizations already managing all the hardware, OS and Applications.
VMware Horizon On-Premises Solution Design
This solution has three components that are required to complete the deployment.
Connection Server
One of the main components of the solution is the Connection server and it provides entitlement and connectivity for users to the desktop system. Connection servers can be installed on a supported Windows server operating system on the physical server, or a Virtual machine. Connection server manages sessions between users and their virtual desktops or published applications.
UAG (Unified Access Gateway)
UAG is an addon component of Horizon Solution and available as a virtual appliance and can be deployed easily without any additional license and cost. UAG is one of the efficient security measures for Horizon VDI solution
UAG will allow the users from outside the corporate network to access their virtual desktops through the secure gateway rather than a VPN. UAG supports FIPS and for authentication, smart cards, certificates, SAML, Passthrough, RADIUS, and RSA SecurID.
Horizon Agent
Horizon agent is a software that will be installed on the desktop machines to communicate with the connection server. This agent will help to provide a continuous connection to desktop machines and determine the groups of users who are entitled to their desktops.
Solution Overview
To set up the Horizon VDI solution in your environment, you should have an active directory domain and physical desktop machines, all the desktop machines which we need to be published through horizon should be part of the domain.
As part of the Horizon VDI solution, you need to deploy and configure VMware Horizon Connection Server and VMware Unified access gateway. Once these components are deployed, you must install the VMware Horizon Agent on all the desktop machines and map them to the connection server while installing. Once desktop machines are visible on your connection server, you will be able to entitle the desktop to respective users as per the organization’s requirements.
There are two options available for end-user to access your physical desktop through Horizon VDI, User can install and access desktops through Horizon client which will support PCoIP, VMware Blast and RDP display protocol or user can access VDI using any web browser with help of HTML5 with VMware Blast protocol.
UAG will be deployed in DMZ zone and Connection Server in your internal network you can specify which users can use their desktop machines. Once a user authenticates through the UAG and connection server and is associated with the physical machine, a connection will be made directly from the physical machine through UAG to the horizon VDI client on the end-user device.
The main advantage of using Horizon with physical machines is the security that the VMware Unified Access Gateway (UAG). UAG will only allow the traffic through to the internal network and the physical machine only after successful authentication.
Advantages of this Solution
Conclusion
This is one the easiest solution can be deployed in On-premises with exiting infrastructure in a very secure way. In the current situation COVID-19 Pandemic, the organization required such a solution for business continuity with less CAPEX and OPEX.