A typical Horizon FLEX deployment includes the Horizon FLEX server, a file server, an HTTPS proxy, a read-only domain controller (RODC), and offsite and onsite end-user systems.

Sample Horizon FLEX Deployment Without Mirage shows the relationships between the major components of a Horizon FLEX deployment

Sample Horizon FLEX Deployment Without Mirage
A diagram that shows a Horizon FLEX deployment.

The Horizon FLEX server is composed of the Horizon FLEX Admin Console and the Horizon FLEX Policy Server. The Horizon FLEX server provides the following functionality.

Assigns Horizon FLEX virtual machines to users and groups from a directory service

Maintains a record of Horizon FLEX virtual machines in use by individual users

Provides security certificate management to ensure the secure and trusted communication between the deployed Horizon FLEX virtual machines and the Horizon FLEX server.

Enforces policy settings to the client

Enables modification of policy settings for a given user and Horizon FLEX virtual machine combination

Monitors Horizon FLEX virtual machine status

The Mirage Management Console is the graphical user interface used for scalable maintenance, management, and monitoring of deployed endpoints. The Mirage Web Manager mirrors Mirage Management Console functionality.

By default, port 7443 is used by the Horizon FLEX Policy Server for external access, and port 8443 is used by the Mirage Management Server to communicate with the Horizon FLEX Policy Server. You must configure your firewall policies to allow the required ports. For a complete list of ports used by Mirage, see the Mirage documentation at https://www.vmware.com/support/pubs/mirage_pubs.html.

A file server stores the TAR files that contain the source virtual machine files for Horizon FLEX virtual machines. The file server can be on any server that a client user can access without entering credentials. The file server is located inside the DMZ in this example but that is not required.

An HTTPS proxy enables offsite end-user systems to reach the Mirage Management Console and get policy updates.

An RODC enables office end-user systems to log in to their Horizon FLEX virtual machines and join the Active Directory domain for the first boot up of the VM. An RODC is required only if you are allowing outside users to log in without using a VPN. The RODC is inside the DMZ.

Horizon FLEX supports load balancing using multiple policy servers. Set up an active/passive Windows server set for fault tolerance for your Horizon FLEX topology.