VMware Horizon Cloud – The Universal Console and The Universal Broker

by Davina Armstrong-Cruz
Sterling Senior Technical Architect and Master Specialist – Digital Workspace

In our most recent Sterling blogs, we briefly touched on VMware’s Horizon and Horizon Cloud. Let’s take a closer look now at Horizon Cloud and see how it can benefit any company with a virtual desktop infrastructure (VDI) presence. Horizon Cloud offers some services that are not available for on-premises deployments:

  • End-user access optimization
  • Image-management streamlining and automation
  • Monitoring and management in real-time

VMware’s Horizon Universal Console is cloud-based, so it is constantly updating with new features such as centralized-management console, the Horizon Image-Management Service, automatic Cloud-Pod updates, and much more. The Universal Console allows you to manage your on-prem and cloud-based Horizon environments in a single portal.

All of VMware’s JMP (just-in-time management platform) technologies are available and manageable through the Horizon Universal Console as well. The on-prem admin portal will still be available and accessible, so if you do not want service-desk or admin users to have access to all the pod deployments, you can have those individuals just continue using the on-prem admin portal.

A great feature of the Universal Console is a fast Horizon-on-Cloud-Pod deployment. Depending on how complex your Horizon-on-Cloud deployment is, you can deploy a VDI in as little as one hour. The quick auto-deployment includes three Azure subnets: Management, DMZ, and Desktop. (You can also just use your own self-created subnets within Azure, but for best practices, they must only be used for the VDI Infrastructure and desktop environment.)

Optimize End-User Access

With the Universal Broker deployed across your SDDC and Azure pods, you can create a multi-site brokering in which the broker will send the user’s session to the closest available pod. You can also just set the users to always receive their typical regional machine no matter their physical location.

Streamline and Automate Image Management

Horizon Cloud offers an Image Management Service that simplifies the organization, replication, and distribution of Horizon images across environments. No more are the days of having to update every single golden image on each VDI environment or having to update them in the content library. Leverage a central catalog and markers to orchestrate updates and rollbacks, track images, and reduce image sprawl.

Monitor and Manage in Real-Time

The Cloud Monitoring Service applies to any VDI environment that has been added to the Universal Broker. This service reduces downtime by monitoring, reporting, and troubleshooting the Horizon pods, sessions, and users in a single view.

System Architecture and Components of Universal Broker

The following components comprise the Universal Broker solution for cloud-based brokering of multi-cloud assignments from Horizon pods. The Universal Broker service is a multi-tenant cloud service that runs within the Universal Broker cloud, which is connected to Horizon Cloud. The Universal Broker services use a unique, dedicated FQDN. The Universal Broker client runs within the Horizon Cloud Connector for each on-prem Horizon pod. The Universal Broker plug-in runs within the Horizon Connection Server for every cloud-connected pod that participates in multi-cloud assignments.

Below is a simplified reference diagram with the following VMWare Horizon on-prem and Horizon on Azure with the Universal Broker Service enabled and installed at each site. The scenario below also assumes that the user is on an external network, outside of a corporate network, with an external UAG configured on the pod.



  1. User uses the Horizon Client to connect to the Broker URL (brokering FQDN).
  2. The Universal Broker determines that Pod 1 in Site 1 is the best available source for the desktop. The Universal Broker service sends a message to the Universal Broker client.
  3. The Universal Broker client forwards the message to the Universal Broker plug-in.
  4. The Universal Broker plug-in identifies the best available desktop to fulfill the request.
  5. Universal Broker service returns a response to the Horizon Client, which includes the FQDN of Pod 1 (typically the FQDN of the Pod 1 load balancer). Horizon Client establishes a connection with the load balancer to request a protocol session with the desktop.
  6. After passing the load balancer, the request goes to the UAG for Pod 1. The UAG validates that the request is trusted and prepares the chosen protocol session.
  7. Horizon Client user receives the specified desktop and establishes a session based on the chosen protocol.

The Future of VMware Horizon

We’ve talked about how VMware Horizon Cloud can help bring your on-prem VDI and cloud-VDI deployments together in one portal. However, the biggest concern, especially when deploying to the cloud, is often cost. An upcoming Sterling blog will explore the next generation of hybrid VDI architecture and go over how VMware Horizon Cloud – Horizon Next Generation will provide new features and actually lower your infrastructure costs.

Contact Sterling for Cloud Expertise

Recently Sterling earned yet another VMware Master Competency certification — this time precisely in Digital Workspace — to add to their list of VMware competencies. This designates that Sterling has the partner organizational expertise to design, deliver and support the ongoing management of customer apps, data, and virtual-desktop solutions whether on-premises or cloud-delivered. Achieving this competency validates the Sterling engineering team’s deep understanding and execution of VMware Horizon and VMware Workspace ONE end-user computing solutions.

 The Sterling Cloud engineering team has invested extensive time devoted to education to ensure we can provide Client to Cloud℠ solutions to our customers. If you are interested in pursuing VMware Horizon Cloud or other IT solutions for your enterprise, Sterling is here to assist you: https://sterling.com/client-to-cloud-journey-request/.

Share the Post: