The Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing aligned to the CSA best practices, that is considered the de-facto standard for cloud security and privacy. The accompanying questionnaire, CAIQ, provides a set of “yes or no” questions based on the security controls in the CCM.
Will focus on VMware Horizon Desktop-as-a-Service (DaaS) offering that is specifically designed for VMware Service Provider Partners (VSPP).
Horizon DaaS allows Service Providers to:
Provide a single management console for provisioning and delivering virtual desktops and applications from the service provider service center
Host multi-tenants, providing dedicated compute resources across dedicated or shared VMware vSphere clusters
Allows tenants to bring in their own network services (Active Directory, DNS, DHCP, File Servers, etc.) to provide the same level of security and control as if the workloads were running on-premises
High Level DaaS Architecture
Components of VMware Horizon DaaS
Horizon Version Manager appliance – HVM Provides orchestration and automation for Horizon DaaS components. The HVM holds the appliance template, and runtime scripts, which allow for the automatic creation of the Service Provider appliances and the Resource Manager appliances. This is a Linux virtual appliance that is deployed from an OVA file in vCenter Server.
Horizon Air Link appliance – Once the HVM appliance is deployed and the template and scripts copied to the machine, the next stage to deploy the HAL appliance from the HVM admin portal. The HAL is responsible for sending API operations to the vCenter Server to create the appliances.
Service Provider appliances – This is deployed as a pair for high availability. The SP provides the Service Provider administrators access to a web-based portal (Service Center) where they can manage the Horizon DaaS environment. This is the main console from where tenants are deployed, which resource cluster they use, as well as creating desktop collections, which are essentially capacity models for virtual desktops.
Resource Manager appliances – Like the SPs, this is deployed by the HAL in a pair. The role of the RM is to provide access and show the hardware resources available from the vCenter Server(s) that is configured for Horizon DaaS. The RM allows the Service Provider administrators to configure the compute resources for the tenants by allocating resources.
Tenant appliances – The tenant appliances (pair) TA are created from the Service Center portal. You configure the settings for the tenant, such as quotas for user licensing and desktop capacity. Per tenant, a pair is being created.
Unified Access Gateway – This is a hardened Linux appliance that is deployed within the DMZ network to provide secure incoming traffic from external environments. External Horizon Clients make a connection to the UAG and do not see the backend environment, it is the UAG that communicates with the backend Horizon environment. The UAG supports multi-factor authentication to provide further security when accessing virtual desktops and applications from the Internet. The new UAGs will have the capability of SSL offloading as seen on ADC Application Delivery Controllers.
Below is the list of official documentation provided by the Vendor.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
__cfduid
1 month
The cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Cookie
Duration
Description
__cf_bm
30 minutes
This cookie is set by CloudFare. The cookie is used to support Cloudfare Bot Management.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Cookie
Duration
Description
YSC
session
This cookies is set by Youtube and is used to track the views of embedded videos.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Cookie
Duration
Description
IDE
1 year 24 days
Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie
15 minutes
This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE
5 months 27 days
This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
