You will want to ensure these listed resource providers have Registered status before running the pod deployment wizard. That is a result of standard Microsoft Azure behavior, where they have a set of resource providers typically registered for all Azure subscriptions. You might see that some of the resource providers in this list already have Registered status while others do not. In the pod's subscription, the following resource providers must all have Registered status. For more information, see the Custom Roles section near the bottom of this page. If used, the custom role needs to provide for the specific API calls that Horizon Cloud needs to use. If your organization prefers to avoid use of the Contributor role in the pod's subscription, Horizon Cloud also supports use of a custom role instead. The use of a group-based assignment of a role - in which the role is assigned to a group and the app registration is a member in that group - is currently unsupported. The role assignment must be a direct assignment. The reason why the Contributor role is used is because this role covers all of the API calls that Horizon Cloud would need to perform within the pod's subscription. Typically the built-in Contributor role is the role used by Horizon Cloud with the pod's subscription. The Horizon Cloud app registration must have an assigned role in the pod's subscription. About Assigning a Role to the App Registration In this case, an app registration and client secret key are needed in that subscription in addition to the ones for the pod's subscription. If you want to use the feature where the external Unified Access Gateway configuration is deployed in its own subscription, separate from the pod's subscription, Horizon Cloud must also have the ability to call APIs in that subscription at the time you run the wizard to deploy that external gateway. The client secret key must be generated in the Azure Portal and a role assigned to the Horizon Cloud app registration to operate at the level of the pod's subscription. Creation of the app registration automatically creates a service principal object in the pod subscription. Create the App Registration Before Running the Pod Deployerīecause the pod deployer needs to call the APIs during the pod deployment process for programmatically creating the pod's resources within the pod's subscription, the app registration and client secret key must exist before you start the deployment wizard. Post-pod-deployment, the service uses API calls to create the base image VMs for the golden images, run sysprep on the golden images, create farm hosts and VDI desktop VMs, add and edit the pod's gateway configurations, and to maintain and upgrade the pod. Then, after pod deployment, Horizon Cloud must continue to have the ability call APIs in the pod's subscription. These API calls perform actions in the pod's subscription to create items such as the pod manager VM, the VM's NICs, the network security groups (NSGs) on those NICS - all of the resources that a Horizon Cloud pod requires. Brief Introductionįor the initial deployment of the pod, the pod deployer calls the APIs in the Microsoft Azure subscription that you have chosen to use for the pod. To provide the ability for Horizon Cloud to use its API calls in the pod's subscription, you create an app registration. For Horizon Cloud Service on Microsoft Azure deployments, the service uses API calls to deploy the pod into a Microsoft Azure subscription and manage that pod and the pod-provisioned VDI desktops and farms.
0 Comments
Leave a Reply. |