Mastering Azure Virtual Desktop

5 (1 reviews total)
By Ryan Mangan
    What do you get with a Packt Subscription?

  • Instant access to this title and 7,500+ eBooks & Videos
  • Constantly updated with 100+ new titles each month
  • Breadth and depth in over 1,000+ technologies
  1. Free Chapter
    Chapter 1: Introduction to Azure Virtual Desktop
About this book

Azure Virtual Desktop is a cloud desktop virtualization platform that securely delivers virtual desktops and remote apps. Mastering Azure Virtual Desktop will guide you through designing, implementing, configuring, and maintaining an Azure Virtual Desktop environment effectively. This book can also be used as an exam preparation guide to help you sit the Microsoft AZ-140 exam.

You’ll start with an introduction to the essentials of Azure Virtual Desktop. Next, you’ll get to grips with planning an Azure Virtual Desktop architecture before learning how to implement an Azure Virtual Desktop environment. Moving ahead, you’ll learn how to manage and control access as well as configure security controls on your Azure Virtual Desktop environment. As you progress, you’ll understand how to manage user environments and configure MSIX app attach and other Azure Virtual Desktop features to enhance the user experience. You’ll also learn about the Azure Active Directory (AD) join and getting started feature. Finally, you’ll discover how to monitor and maintain an Azure Virtual Desktop environment to help you support your users and diagnose issues when they occur.

By the end of this Microsoft Azure book, you’ll have covered all the essential topics you need to know to design and manage Azure Virtual Desktop and prepare for the AZ-140 exam.

Publication date:
March 2022
Publisher
Packt
Pages
734
ISBN
9781801075022

 

Chapter 1: Introduction to Azure Virtual Desktop

In today's post-COVID 19 world, it has become crucial for businesses to enable remote work strategies for their teams while enhancing security, reducing infrastructure costs, and simplifying overall IT management. Azure Virtual Desktop allows users to continue to work in any location using Microsoft's latest desktop and application virtualization cloud technology, enabling companies to provide a secure, productive experience in this ever-changing world.

This book provides a complete guide to Azure Virtual Desktop. We will start with the essentials for understanding desktop virtualization, as well as planning, designing, implementing, and supporting an Azure Virtual Desktop environment.

 

Desktop virtualization

Virtual Desktop Infrastructure (VDI), also known as Desktop Virtualization, refers to virtualization and virtual machines that provide and manage virtual desktops. Users access these virtual machines remotely from any supported device, including remote locations, and the compute processing is completed on the host server. Users connect to their virtual desktop sessions through a connection broker. This broker is essentially a software layer that acts as the intermediary between the user and server, enabling the orchestration of user sessions to virtual desktops or published applications.

VDI is usually deployed in an organization's data center and managed by its IT department. Typical on-premises providers include Citrix, VMware, and Remote Desktop Services. VDI can be hosted on-premises or in the cloud. Some organizations use the cloud to scale virtual desktop environments, enabling a hybrid capability that allows IT admins to meet changing organizational demands quickly.

 

Azure Virtual Desktop – what is it?

Azure Virtual Desktop is a desktop and app virtualization service that runs on Microsoft Azure. Azure Virtual Desktop works across devices, including Windows, Mac, iOS, Android, and Linux, with apps that you can use to access remote desktops and apps. You can also use modern browsers to access Azure Virtual Desktop.

 

Providing the best user experience

Users have the freedom to connect to Azure Virtual Desktop from any capable device over the internet. You can use an Azure Virtual Desktop client to connect to published Windows desktops and applications. There are three flavors of client that you can use to connect: a native application on the device, a mobile app, or the Azure Virtual Desktop HTML5 web client.

You can improve application performance on session host virtual machines (VMs) by running apps near services by connecting to your data center or the cloud. This will reduce the risk of long loading times and keep your users productive.

User sign-in to Azure Virtual Desktop is much faster because user profiles are containerized using FSLogix profile containers. The user profile container is dynamically attached to the session host or VM in question at user sign-in. The user profile is made available and appears in the system exactly as a local user profile would.

You can provide individual ownership to session desktops using personal (persistent) desktops for those specific use cases. For example, you may want to offer personal remote desktops for members of a web development team. They would be able to add or remove programs without impacting other users on that virtual desktop.

 

Enhanced security

Azure Virtual Desktop provides centralized security for users' desktops with Azure Active Directory (Azure AD). You can further enhance security by enabling multi-factor authentication (MFA) to provide secure user access. You can also secure access to data by using Azure's granular role-based access control (RBAC) for users.

Azure Virtual Desktop separates the data and apps from the local hardware and runs both resource types on a remote server. The risk of confidential data being left on a personal device is significantly reduced when using Azure Virtual Desktop.

User sessions can be isolated in both single and multi-session virtual desktop deployments.

Azure Virtual Desktop improves security by using reverse connect technology, a more secure connection type than the Remote Desktop Protocol (RDP). However, the session hosts do open inbound ports to the session host VMs.

 

Simplify management

Azure Virtual Desktop is a Microsoft Azure service that's familiar to Azure admins. You use Azure Active Directory and RBAC to manage access to resources. With Microsoft Azure, you are provided with the tools to automate VM deployments, manage VM updates, and provide disaster recovery.

As with other Microsoft Azure services, Azure Virtual Desktop uses Azure Monitor for monitoring and alerts. This allows IT admins to identify issues through a single interface.

 

Managing Azure Virtual Desktop performance

Azure Virtual Desktop provides you with options to load balance users on your VM host pools. Host pools are collections of VMs with the same configuration assigned to multiple users.

You can configure session load balancing to occur as users sign in to session hosts, also known as breadth mode. Breadth mode essentially means that users are sequentially allocated across the host pool for your workload. You also have the option to configure your VMs for depth mode load balancing to save costs, where users are fully allocated on one VM before moving to the next. In addition, Azure Virtual Desktop provides the tools and the capability to automatically provision additional VMs when incoming demand exceeds a specified threshold.

Multi-session Windows 10/11

Azure Virtual Desktop enables and headlines Windows 11 and 10 Enterprise multi-session since they are the only Windows operating systems (client-based) that enable multiple concurrent users on a single Windows 11/10 VM.

Azure Virtual Desktop also provides a familiar experience with broader application support than the traditional Windows Server-based remote desktop solutions.

What licenses do I need?

Azure Virtual Desktop is available at no additional cost if you have an eligible Microsoft 365 license. However, it is important to note that you pay for the Microsoft Azure resources that are consumed by Azure Virtual Desktop:

  • You must have a Windows or Microsoft 365 license to be able to use Windows 11 Enterprise and Windows 10 Enterprise desktops and apps (eligible).
  • You must have a Microsoft Remote Desktop Services (RDS) Client Access License (CAL) for Windows Server Remote Desktop Services desktops and apps (eligible).
 

How does Azure Virtual Desktop work?

Azure Virtual Desktop is easier to deploy and manage than traditional RDS or VDI environments. You don't have to provision and manage servers and server roles such as the gateway, connection broker, diagnostics, load balancing, and licensing.

 

What's managed by Microsoft and what you manage

The following diagram shows what services Microsoft manages and what you manage:

Figure 1.1 – Services managed by Microsoft and you

Figure 1.1 – Services managed by Microsoft and you

What Microsoft manages

Azure Virtual Desktop provides a virtualization infrastructure as a managed service. Azure Virtual Desktop's core components are as follows:

  • Web client: The Web Access service within Azure Virtual Desktop management enables users to access virtual desktops and remote apps through the HTML5-compatible web browser, as they would with a local PC – from anywhere and on any device. In addition, you can secure Web Access by using MFA in Azure AD.
  • Diagnostics: Remote Desktop Diagnostics is an event-based aggregator service that's provided through Azure Virtual Desktop management that marks each user or administrator's action on the deployment as a success or failure. Administrators can query the aggregation of events to identify failing components.
  • Management: With this option, you can manage Azure Virtual Desktop configurations in the Azure portal, as well as manage and publish host pool resources. Azure Virtual Desktop also includes several extensibility components. You can manage Azure Virtual Desktop by using Windows PowerShell or with the provided REST APIs, enabling support from third-party tools.
  • Broker: The Connection Broker service manages user connections to virtual desktops and remote apps. This also handles load balancing and reconnecting to existing sessions.
  • Load balancing: This option provides session host load balancing by depth-first or breadth-first. The broker controls how new incoming sessions are distributed across the VMs in a host pool.
  • Gateway: The Remote Connection Gateway service connects remote users to Azure Virtual Desktop remote apps and desktops from any internet-connected device that can run an Azure Virtual Desktop client. The client connects to a gateway that then orchestrates a connection from the VM back to the same gateway.

Windows Virtual Desktop uses Azure infrastructure services for compute, storage, and networking.

What does the customer manage?

Now, let's look at what you, as the customer, manage. First, we'll look at the desktop and remote apps part of Azure Virtual Desktop.

Desktop and remote apps

With this option, you can create application groups to group, publish, and assign access to remote apps or desktops:

  • Desktop: Remote Desktop application groups give users access to a full desktop. You can provide a desktop where the session host's VM resources are shared or pooled. You can give dedicated personal desktops to those users who need to add or remove programs without impacting other users.
  • Apps: RemoteApp applications groups provide users access to the applications you individually publish to the application group. You can create multiple RemoteApp app groups to accommodate different user scenarios. For example, you can use RemoteApp to virtualize an app that runs on a legacy OS or needs secured access to corporate resources.
  • Images: When you configure session hosts for application groups, you have a choice of images. You should use a recommended image such as Windows 10 Enterprise multi-session and Office 365. Alternatively, you can choose an image in your gallery or an image provided by Microsoft or other publishers.

Management and policies

Now, let's look at the customer responsibilities for management and policies:

  • Profile management: Configure FSLogix profile containers with a storage solution such as Azure Files to containerize user profiles and provide users with a fast and stateful experience.
  • Sizing and scaling: Here, you can specify session host VM sizes, including GPU-enabled VMs, as well as specify depth or breath load balancing when you create a host pool. Finally, you can configure automation policies for scaling.
  • Networking policies: Define a network topology to access the virtual desktop and virtual apps from the intranet or internet based on the organizational policy.
  • Connect your Azure Virtual Network to your on-premises network by using a virtual private network. Alternatively, you can use Azure ExpressRoute to extend your on-premises networks into the Microsoft cloud platform over a private connection.
  • User management and identity: Use Azure AD and RBAC to manage user access to resources. Take advantage of Azure AD security features such as conditional access, MFA, and Intelligent Security Graph. Azure Virtual Desktop requires Active Directory Domain Services (AD DS). Domain-joined sessions host VMs on this service. You can also sync AD DS with Azure AD so that users are associated between the two. Once you've done this, you can use Azure AD Join to deliver virtual desktops to your users.
 

Summary

This chapter provided an introduction to Azure Virtual Desktop, some of the key benefits of the service, and an overview of its components and capabilities. In the next chapter, we will look at designing an Azure Virtual Desktop architecture.

About the Author
  • Ryan Mangan

    Ryan Mangan is an end-user computing specialist. He is a speaker, presenter and author who has helped customers and technical communities with end-user computing solutions, ranging from small to global 30,000-user enterprise deployments in various fields. Ryan is the owner and author of ryanmangansitblog, which has over 3 million + visitors and over 200+ articles. Some of Ryan’s community and technical awards include: Microsoft Most Valuable Professional (MVP), VMware vExpert 2014, 2015, 2016, 2017, 2018, 2019, 2020 & 2021, VMware vExpert EUC 2021, VMware vExpert Desktop Hypervisor 2021, Very Important Parallels professional program (VIPP) 2019, 20 & 21, LoginVSI Technology Advocate 19, 20.

    Browse publications by this author
Latest Reviews (1 reviews total)
Great AVD resource, easy to read!
Mastering Azure Virtual Desktop
Unlock this book and the full library FREE for 7 days
Start now