Phoenix Software Ltd

VMware Horizon Cloud Service on Microsoft Azure

Horizon Cloud on Microsoft Azure: a VMware subscription service and includes software that allows the deployment and use of desktops and applications hosted on your Microsoft Azure infrastructure capacity and access to the VMware-hosted cloud control plane the management console (“Horizon Cloud Manager”) to orchestrate and manage the virtual workloads.

Features

  • Desktops and applications delivered from the public cloud or on-premises
  • Fullymanaged virtual desktop and application infrastructure 99.9% guaranteed uptime
  • Remote access
  • Global data center locations
  • Automated updates delivered to cloud-hosted control plane

Benefits

  • Access Windows desktops and applications from any device and location
  • Improve productivity by getting desktops up and running in minutes
  • Simplify IT management with easy to use management console

Pricing

£5.93 a user a month

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@phoenixs.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

1 2 4 7 0 2 9 2 9 1 2 2 9 8 8

Contact

Phoenix Software Ltd Jonny Scott
Telephone: 01904 562200
Email: gcloud@phoenixs.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Hybrid cloud
Service constraints
Horizon Cloud on Microsoft Azure supports six different series of Microsoft Azure VM Instance-types for virtual desktops and Farms across Azure’s global regions. During your Subscription Term: Provision any mix of applications and desktops up to the total quantity of seats purchased. The number of desktops that can be hosted will vary on the selected desktop model, the virtual machine instance type, and the hardware resource capacity available within your current Microsoft-Azure limits, up to a recommended maximum of 2,000 concurrent connected sessions per Horizon-Cloud Node. VM operating-system licensing requires use of your licenses purchased through your Microsoft licensing distributor
System requirements
  • You must use your licenses purchased through Microsoft licensing distributor
  • Customer must provide anti-virus system licensing on their own
  • Additional licensing information: https://bit.ly/2UOoWOu

User support

Email or online ticketing support
Email or online ticketing
Support response times
VMware Cloud Service Support Policies are published: https://www.vmware.com/support/policies/saas-support.html Critical (SaaS Severity 1)

VMware Partner Enablement G Cloud 12
30 minutes or less: 24x7 Major (SaaS Severity 2) 4 business hours Minor (SaaS Severity 3) 8 business hours Cosmetic (SaaS Severity 4) 12 business hours
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
VMware supports software components of VMware Horizon Cloud Service on Microsoft Azure that are hosted by VMware in the cloud and deployed to your Microsoft Azure cloud. It includes support for the deployment of the Pod, VDI Desktops, RDS-desktop and remote application availability, access to the components in the Horizon Cloud Service cloud control plane, and the software components of VMware Horizon Cloud Service on Microsoft Azure that are deployed to your Microsoft Azure cloud Horizon Cloud on Microsoft Azure provides 24/7/365 coverage for severity 1 incidents and unlimited online support requests for all support levels - We offer the following levels of support: Basic, Production and Mission Critical - Basic: Core 12/5 support and unlimited support requests via phone and online - Production: Core 12/5 support, faster severity 1 response target, direct access to level two resources and unlimited support requests via phone and online - Mission Critical: Core 12/5 support, additional weekend support hours for severity two issues, unlimited designated customer contacts, designated support account manager and support reviews, direct access to level two resources -- As part of Mission Critical Support, your VMware Support Account Manager is your designated resource to help keep mobility environment running 24x7
Support available to third parties
Yes

Onboarding and offboarding

Getting started
"For IT Admins, extensive training and support is provided to ensure a successful deployment. This training is conducted by a dedicated deployment team with support from our solution architecture group.

Customers are responsible for training their end users in how to use the View clients. Documentation is available on VMware.com though the clients are very simple to use."
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Users have a variety of ways to extract the data via 3rd party tools such as Data Backup, File Shares or by using USB Drive Redirection or Client Drive Redirection to copy files from the VDI Desktop to an on-prem location.
End-of-contract process
Full termination of the Horizon Cloud on Microsoft Azure service due to contract expiration, termination, cancellation, or any other cause will result in permanent loss of access to the environments, discontinuation of account services, and a deletion of such environments, configurations and data according to VMware’s internal data retention policy. Data from a terminated Service will not be retained by VMware beyond termination date. Prior to terminating the Horizon Cloud on Microsoft Azure service we would recommend that all data be removed by the customer from the desktops and platform. VMware take no responsibility for backing up or retaining customer data

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Horizon Cloud on Microsoft Azure supports mobile access with the use of the Horizon Client or HTML 5 from a supported browser. Features specific for mobile devices include easy navigation and access to program and user's files called unity touch, external keyboards, native gestures, onscreen keyboard and external monitor support. The VMware Horizon HTML Access client does not support certain features when used in mobile browsers. See features listed in the note on this topic page in the VMware Horizon HTML Access User Guide 4.10: docs.vmware.com/en/VMwareHorizon-HTML-Access/4.10/html-accessuser/ GUID-20F0C9F6-7DE9-4D3D-8095391C9F795F54.html .

VMware Partner Enablement G Cloud 12
documentation topic at docs.vmware.com/en/VMware-Horizon-HTMLAccess/4.10/html-accessinstallation/ GUID-649151B0-070F-463B-B7FD12B500973BF0.html.
Service interface
Yes
Description of service interface
The Service Offering includes access to two self-service consoles: VMware Account Management Console (“My VMware™”) provides access to subscription status, integrating navigation, viewing and management of all VMware product licenses and support under a single account. It also allows you to download the Horizon Cloud on Microsoft Azure software components such as Agents, etc. VMware Horizon Cloud Manager (“Console”) is the primary interface for consumption and management of the Service Offering, including domain binding, gold pattern management, desktop provisioning, application provisioning, user customization provisioning, end user entitlement, and other management operations.
Accessibility standards
None or don’t know
Description of accessibility
VMware is dedicated to support customers to make VMware products and technologies accessible to people with disabilities. However, Horizon Cloud on Microsoft Azure has not undergone an accessibility assessment at this time
Accessibility testing
Please visit https://www.vmware.com/uk/help/accessibility.html for an overview of the accessibility testing conducted on the various VMware products and services at this time
API
Yes
What users can and can't do using the API
Horizon Cloud customers can use administrative credentials to programmatically (via REST API) instruct any action that is available via the Horizon Cloud Administration Console. That includes but is not limited to provisioning and changing pools, entitling users to pools, and extracting reporting information.
Documentation is available upon request. There is no test environment for the API.
API documentation
Yes
API documentation formats
  • PDF
  • Other
API sandbox or test environment
No
Customisation available
No

Scaling

Independence of resources
Scalability of the solution is contingent on your licensed Microsoft Azure Infrastructure capacity You must verify licensing requirements and restrictions with your Microsoft Licensing distributor.

Analytics

Service usage metrics
Yes
Metrics types
Use the Reports page to access various reports related to end users' desktop and application sessions.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller (no extras)
Organisation whose services are being resold
VMware

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
"Users can export their data using USB Drive Redirection or Client Drive Redirection which is part of Horizon Cloud
Users have a variety of ways to extract the data via 3rd party tools such as Data Backup, File Shares or by using USB Drive Redirection or Client Drive Redirection to copy files from the VDI Desktop to an on-prem location."
Data export formats
  • CSV
  • Other
Other data export formats
  • Export or print data from the Service Center user interface:
  • Export to CSV, Excel or PDF formats
  • Import templates from Horizon View with Helpdesk Console
  • Tool includes three folders (export, repos, software) and five files:
  • Hvexport.bat
  • Hvexport.jar
  • Hvexport.sh
  • ImgUploadSvc.conf
  • Readme.txt
Data import formats
Other
Other data import formats
  • Import desktop templates from Horizon View
  • Tool includes three folders (export, repos, software) and five files
  • Hvexport.bat
  • Hvexport.jar
  • Hvexport.sh
  • ImgUploadSvc.conf
  • Readme.txt

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
'- Virtual desktop session security depends on the remoting protocol in use (RDP, PCoIP / Blast,)
-- RDP: Use RDP 6 or higher for encrypted sessions to avert man-in-the-middle attacks on virtual desktop sessions.
-- PCoIP/Blast: Encrypted sessions by default.
-- Each of these remote display protocols has embedded controls and channels to allow the administrator to provide policy based redirection of end user peripherals such as USB drives, printers or clipboard.

Availability and resilience

Guaranteed availability
"- 99.9% SLA
- Additional information is available here: https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/support/vmware horizon- cloud-on-azure-service-level-agt.pdf
Approach to resilience
"- The Horizon Cloud Service is designed for high availability through dedicated hardware and services per tenant. More information is available on request.
- The Horizon Cloud service has a 99.9% uptime
https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/downloads/eula /vmweuc- consolidated-service-licence-agreement-jan-2020.pdf
Outage reporting
Up-to-date service uptime and maintenance information is available here: https://status.horizon.vmware.com
- Customers can optionally subscribe to updates "

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Other user authentication
The Horizon Cloud on Microsoft Azure service is integrated and tied to a customers Active Directory environment. End Users authenticate with their credentials along with optional 2FA. Administrators can also use 2FA for authentication to the Administration Console. - Authenticate access via identity provider when Horizon Cloud is integrated with Workspace ONE
Access restrictions in management interfaces and support channels
"- VMware Support does not have access to the Administration Console, your desktops, applications or user data.
- VMware implements least privilege and multifactor access controls for supporting the hosted environment. "
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
360 Advanced
PCI DSS accreditation date
1/7/2019
What the PCI DSS doesn’t cover
Customer managed Microsoft Azure infrastructure capacity that is paired with the Horizon Cloud Service on Microsoft Azure service. See the VMware Horizon Service Description for additional information on customer and VMware-managed components for the service.
Other security certifications
Yes
Any other security certifications
  • SOCII
  • https://www.vmware.com/security/certifications.html

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
"- We model our security framework using the NIST SP 800-53 and ISO 27001 guidelines.
- We have an Information Security Governance Committee (ISGC) that is chaired by members of senior management and representatives from our Information Security, IT Operations, HR, Marketing, Facilities and Legal teams.
"
Information security policies and processes
"- Our Information Security Program is modeled using industry best practices and regulatory standards, including NIST SP 800-53 and ISO 27001. We maintain our own Information Security Program and Policies to protect customer data hosted in our systems and perform annual reviews and audits of our program to ensure the integrity of our hosted offering.
-- The VMware Information Security team manages the enforcement, development, and maintenance of information security policies and standards to ensure VMware Information Assets are preserved in a security environment, in accordance with generally accepted best practices, focusing on VMware business and risk objectives. The VMware Information Security Team is responsible for updating policies as threats and technologies change, initiating and managing periodic reviews of the information security policies and standards, as well as evaluating exceptions to information security policy and standards.
-- Our Information Security team oversees organizational compliance while team leads in conjunction with IT and HR teams help enforce department-level compliance."

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
- Our Change Management process for updating the solution is executed according to our standard internal change management policy. The process involves completion and submission of change control forms, review and analysis of the change by the appropriate operations teams and scheduling of the update or change according to its severity level. All changes undergo our standard testing and validation process. If for any reason a change is unsuccessful or does not pass the required testing phases, our teams execute a fallback plan as documented in the change control form.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
VMware has a Vulnerability Management program backed by approved and tested policies and procedures. Vulnerability scans are performed regularly on internal and external systems. System and application owners are required to address critical/high vulnerabilities with a plan of corrective action within 5 days of discovery. Other vulnerabilities need to be addressed with a plan of corrective action within a reasonable timeline. Risk analysis/acceptance are performed on vulnerabilities to confirm the vulnerability and determine the appropriate means of addressing it. Senior management ,IT, Information Security senior management are required to approve the existence of risks associated with vulnerabilities that are notpatched.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
"- Our cloud support staff have configured the system to notify IT personnel if the central processing unit (CPU) utilization is too high, disk space limited, memory issues, key service failures, bandwidth utilization, power consumption, or other performance items.
- IT Operations has subscriptions to pertinent vendor security and bug-tracking mailing lists.
- After analyzing the severity and impact, network, utility and security equipment is patched or upgraded. "
Incident management type
Supplier-defined controls
Incident management approach
- In the unlikely event of an incident, we follow a formal Incident Management Plan that is maintained as part of our Information Security Program. Incidents and breaches are reported to the appropriate Cloud Operations team for categorization and resolution, and issues are escalated to senior management according to a pre-defined protocol (e.g., if the incident is categorized as "Urgent"). Alerts, responses and resolutions are tracked through to completion, and a post mortem report is prepared for review by internal stakeholders and our Information Security Governance Committee.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£5.93 a user a month
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@phoenixs.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.