Extending Omnissa Horizon to Amazon WorkSpaces Core

Updated October 2024

Customers want to use desktop services to deliver business-critical application and desktops to their end users at scale. Customers who have deployed a Omnissa Horizon 8 or newer ask how Amazon Web Services (AWS) can extend capabilities, without having to buy additional hardware.

The use cases might be temporary workers, extending an existing data center to AWS or how to set up disaster recovery environment. Organizations can use Omnissa Horizon 8 with Amazon WorkSpaces Core to extend your Horizon deployment with the latest versions of Omnissa Horizon. In this blog we explore how to extend and expand your Omnissa Horizon deployment using Amazon WorkSpaces Core.

Omnissa Horizon 8 2406 or newer on AWS can be deployed as you would deploy in an on-premises environment. The deployment, and management experiences are the same. The user experience can remain the same depending on the architecture. Consult your Omnissa Horizon license agreement to confirm if your license allows to run anywhere including AWS.

Recently released features of WorkSpaces including WorkSpaces Core gives customer more flexibility. Customers can manage Amazon WorkSpaces programmatically while using Omnissa Horizon protocols like Blast or PCoIP. This includes programmatically adding desktops to Amazon WorkSpaces that have Horizon agents in it. When deployed the agents will add the desktop to the Connection Servers.

Requirements before starting

• An AWS account.
• A Amazon Virtual Private Cloud (VPC). You can create a new VPC in the Region that you are deploying your Omnissa Horizon resources to.
• Access to Microsoft Active Directory resources in the AWS account.
  • Omnissa Horizon requires Microsoft Active Directory for user authentication.
  • Amazon WorkSpaces also requires AWS Directory Services (DS) as well.
• When using Amazon WorkSpaces with Omnissa Horizon
  • There is a requirement to have 120-ms or less latency from on-premises Connection Servers to the WorkSpaces desktops when extending your Horizon pod deployment.
  • Windows desktop licenses support Amazon WorkSpaces Bring Your Own License (BYOL) model. For more information, review the Administration Guide for WorkSpaces bring your own Windows desktop licenses.
• Omnissa Horizon 8 build 2406 or newer installation files
• Omnissa Horizon licenses to support deploying on AWS Cloud
• Deploy Omnissa Horizon Cloud Connector when you are using Horizon Universal license subscription
• Decide if your organization is going to expand with new or extend existing Omnissa Horizon infrastructure servers into AWS, see below section for details on each method.

Expanding Omnissa Horizon on AWS

One option would be to expand an existing Horizon deployment for a hybrid Horizon deployment. Launch Amazon Elastic Compute Cloud (EC2) to deploy Horizon infrastructure servers on. The Horizon deployment would be an additional pod using Horizon Cloud Pod Architecture (CPA) or a standalone deployment in AWS. Use the latest Omnissa Horizon deployment guides to deploy the Horizon management servers and components on AWS using federated architecture. Join the Omnissa Horizon Connection Servers to AWS Directory Services (DS) that was previously setup from the requirements section.

Once the AWS VPC is deployed, you configure each component. This can include tasks such as:

• Deploy Horizon management servers through partner or using the Omnissa Horizon deployment guide
• Adding licenses to Connection Servers
• Adding Microsoft Active Directory to the Horizon Connection Server console
• Adding the Active Directory Security Groups in Connection Server console
• Configuring database for Events database logging

Figure 1 – Expanding Omnissa Horizon deployment to AWS

Figure 1 shows an example of how to build a new Omnissa Horizon to AWS and connect it to Amazon WorkSpaces. Figure 1 also shows the Unified Access Gateway (UAG) is deployed in Public Subnet. Use Elastic Load Balancer (ELB) to connect the UAG appliance to an external facing Fully Qualified Domain Name (FQDN). For more information, review the Omnissa documentation on deploying UAG to Amazon EC2. The ELB you choose is based on the ports that you must open. If you are using HTTPS or Blast protocol, you can use an Application Load Balancer. For other protocols, you can use a combination of Network Load Balancer and Application Load Balancer.

Extending Omnissa Horizon with Amazon WorkSpaces

Another option is to extend your existing Omnissa Horizon pod to AWS Cloud and Amazon WorkSpaces. One of the requirements is to insure you have 120-ms or less latency from on-premises Connection Servers to Amazon WorkSpaces desktops over a private connection.

Figure 2 – Extending Omnissa Horizon pod to AWS.

Figure 2 shows an example of how to extend the Omnissa Horizon pod to AWS and connect to Amazon WorkSpaces desktops. The connection can either be a Virtual Private Network (VPN), or AWS Direct Connect to your Amazon VPC.

Amazon WorkSpaces configuration
Once you have determined how you want to deploy (expanding or extending) Omnissa Horizon infrastructure, you deploy and configure Amazon WorkSpaces. Below steps are for Windows desktops, steps on Linux desktops are on Omnissa documentation.

1. 1. To use Amazon WorkSpaces with Omnissa Horizon and Windows desktops, you must configure Amazon WorkSpaces BYOL through AWS support and Bring Your Own Protocol (BYOP) must also be enabled with your account. Work with your AWS account team to help setup BYOP.
   2. Configure Security Groups for network traffic between your end users, your Connection Servers, and Amazon WorkSpaces desktops.
      1. Add the ports to the AWS Security Groups that you will need opened between the different computer. Review the Omnissa Horizon documentation for the TCP and UDP ports to open like 443, 8443, 4172.
   3. Create the base image by following the steps from Bring Your Own Windows desktop license
      1. Follow the steps to import then image into Amazon EC2 next
   4. Then import the image from EC2 to Amazon WorkSpaces using the steps in Create a BYOL image using the WorkSpaces console
   5. Capture the image and then create a WorkSpaces custom bundle.
   6. Deploy new WorkSpaces instances from the custom bundle. Be sure to assign a user to the desktop during deployment.
   7. Once a WorkSpaces desktop is in a healthy state, remote desktop into the desktop to setup the Horizon Agent on the new base image.
      1. Install and configure all third-party software required for the image
      2. Install, and configure the Horizon 8 2406 or newer agent, when prompted do no reboot
      3. Go to the Omnissa Horizon Connection Server to register the Gold image
      4. Navigate to Settings > Registered Machines
      5. Select Others, the select WorkSpaces Core instance that the Horizon agent was installed on
      6. Select Set Gold Image, then OK
      7. Return to the desktop and click Finish to reboot the desktop
      8. Log back into the desktop and follow the steps to Create a customer WorkSpaces image and bundle
         1. Be sure to run Image Checker and fix any issues that arise. Specifically remove any installed Microsoft Appx Packages
   8. Create a Image of the desktop by going to the Amazon WorkSpaces console, locate and open the desktop in the console, and then select Create Image button.
      

      Create Image from a WorkSpaces desktop

   9. Once the image is finished create a Bundle by going into the Amazon WorkSpaces console and locate the image in the Image section of the console, then Create Bundle
   10. The new Bundle will be used to provision Omnissa Horizon automated pools
       1. If you need to create Manual pools follow the steps on how to Create Manual Pools

Customers want to use desktop services to deliver business-critical application and desktops to their end users at scale. Customers that are even looking for a hybrid deployment of Omnissa Horizon. Customers can use Omnissa Horizon with Amazon WorkSpaces to extend your Horizon standalone deployment or Horizon Cloud Pod Architecture (CPA) using the latest Omnissa Horizon 8 build 2209 or newer.

With this capability, you can add automation from existing business logic workflows. For example, use your information technology service management (ITSM), such as Service Now, to create a new virtual desktop when a new employee on-boards. You can use the Cost Optimizer for Amazon WorkSpaces solution to analyze your Amazon WorkSpaces usage data. The solution automatically converts the WorkSpaces to the most cost-effective billing option (hourly or monthly).

For more information, or to begin working with Omnissa Horizon with Amazon WorkSpaces Core, contact our sales support team.

The following resources can also be useful to learn more about Omnissa Horizon with Amazon WorkSpaces:

• Omnissa Explore 2022 presentation from Angela Ge and Kristina De Nike on What’s New with Horizon 8?
• AWS End User Computing (EUC) innovation day 2022 from Andrew Kloman Amazon WorkSpaces Core technical deep dive
• Deployment guide for Deploying Omnissa Horizon with Amazon EC2 and Amazon WorkSpaces