Architecting the Digital Workspace for Service Providers with Horizon 7
Posted on 27 Jan 2017 by Ray Heffer
I recently published a white paper aimed at service providers offering VMware Horizon 7 for tenants adopting the digital workspace. Horizon 7 is a single-tenanted VDI and application platform, allowing IT administrators to manage not only desktop pools, but application delivery to their end-users.
The ‘digital workspace’ isn’t just a marketing term, it’s actually a “consumer simple” digital platform for end-users accessing their day to day and most critical applications. Underneath the hood, however, is a VDI architecture that has evolved and long since the days of the traditional desktop broker.
This white paper breaks down the digital workspace into five distinct layers, which have a direct correlation to tenant-facing functionality, service provider boundaries (for instance, firewall ports, user portal integration), core and management infrastructure.
I like to describe these layers as follows:
This layer decouples datacenter constructs into the software-defined data center (SDDC) and provides virtual infrastructure compute resources, networking, and storage. This also includes tenant infrastructure: Active Directory, DNS, DHCP, and customer networks.
This layer contains the individual components from Horizon 7, including the virtual desktop and Remote Desktop Session Host (RDS Host) infrastructure that hosts applications and desktops.
Digital Workspace Layer
For the scope of this document, the digital workspace layer consists of identity management and application delivery.
Management of the platform requires access to these components.
This layer consists of the client-facing user interface (UI) and protocols that provide access to the digital workspace.
Horizon Pod and Block Design Methodology for Service providers
The Pod and Block design methodology has typically been associated with enterprise deployments of Horizon 7 since it provides scale from a handful to tens of thousands of desktops. The white paper discusses how the Pod and Block approach can be deployed by service providers.
The management block, which can either be dedicated to a tenant, or shared across multiple tenants, hosts the management components included with Horizon 7. A shared management block is managed in its entirety by the service provider, and only the service provider would have access to the management block vCenter Server. Within the management cluster, resource pools separate each tenant’s virtual machine workloads, which includes the tenant Connection Servers and Access Point appliances.
A dedicated management block provides tenants with a dedicated Horizon Pod, and tenant IT administrators are responsible for managing all components including the vSphere infrastructure.
Each tenant has one or more dedicated resource blocks (or clusters), which are delineated by a dedicated vCenter Server. The resource block hosts desktop virtual machines, and tenant IT administrators will have access to the resource vCenter server. A resource cluster starts at 4 hosts in order to meet availability requirements of vSAN, and would typically scale up to 32 hosts. Further blocks are added to provide scale up to 10,000 powered-on desktops in a pod, and multiple pods (Cloud Pod Architecture) provide scale to 50,000 desktops.