VMware Horizon Community
StevenJames59
Contributor
Contributor
‎12-08-2017 04:01 PM
Jump to solution

What permissions are needed for Horizon Cloud Service to access my Azure account?

Hi there,

i'm getting started and trying to set up my service principle (see my other question on that!)

but, Im interested to know what permissions I need to configure that with to allow Horizon Cloud Service to access my Azure Subscription.

are these fine grained permissions, or is it just an super-admin type role that we need to provide?

many thanks in advance,

Steven

Labels (2)
Tags (1)
0 Kudos
1 Solution

Accepted Solutions
peterbrown05
VMware Employee
VMware Employee
‎12-11-2017 01:50 PM
Jump to solution

Hi Steven,

Good question - specifically Horizon Cloud Service on Microsoft Azure requires the 'Contributor' role attached to the Application registration (Service principle) for the correct operations to be performed.

The reasons for this are that;

1. the automatic deployment of the environment will create networks and subnets along with adding VM's and configuring network security groups (NSGs)

2. once the environment is built, then ongoing management of desktop/application assignments (e.g. RDSH Farms) requires VM's to be life-cycle managed (created, powered on/off, deleted)

3. if you need to delete the node for any reason then the deletion will remove vms subnets etc if they are not in use. (to do this go to Settings->Capacity , then select Node-->Node Details ---> Delete)

As such, these require the contributor role to do so.

This is covered in more detail in the Pre-Requisites document and the Getting Started Guide.

both linked in the VMware docs portal (VMware Horizon Cloud Service Documentation) and also in the Overview of this community.

Hope this helps,

cheers

peterb

View solution in original post

0 Kudos
2 Replies
peterbrown05
VMware Employee
VMware Employee
‎12-11-2017 01:50 PM
Jump to solution

Hi Steven,

Good question - specifically Horizon Cloud Service on Microsoft Azure requires the 'Contributor' role attached to the Application registration (Service principle) for the correct operations to be performed.

The reasons for this are that;

1. the automatic deployment of the environment will create networks and subnets along with adding VM's and configuring network security groups (NSGs)

2. once the environment is built, then ongoing management of desktop/application assignments (e.g. RDSH Farms) requires VM's to be life-cycle managed (created, powered on/off, deleted)

3. if you need to delete the node for any reason then the deletion will remove vms subnets etc if they are not in use. (to do this go to Settings->Capacity , then select Node-->Node Details ---> Delete)

As such, these require the contributor role to do so.

This is covered in more detail in the Pre-Requisites document and the Getting Started Guide.

both linked in the VMware docs portal (VMware Horizon Cloud Service Documentation) and also in the Overview of this community.

Hope this helps,

cheers

peterb

0 Kudos
StevenJames59
Contributor
Contributor
‎12-11-2017 06:28 PM
Jump to solution

thanks. this helps

0 Kudos