In today's post-COVID 19 world, it has become crucial for businesses to enable remote work strategies for their teams while enhancing security, reducing infrastructure costs, and simplifying overall IT management. Azure Virtual Desktop allows users to continue to work in any location using Microsoft's latest desktop and application virtualization cloud technology, enabling companies to provide a secure, productive experience in this ever-changing world.
This book provides a complete guide to Azure Virtual Desktop. We will start with the essentials for understanding desktop virtualization, as well as planning, designing, implementing, and supporting an Azure Virtual Desktop environment.
Virtual Desktop Infrastructure (VDI), also known as Desktop Virtualization, refers to virtualization and virtual machines that provide and manage virtual desktops. Users access these virtual machines remotely from any supported device, including remote locations, and the compute processing is completed on the host server. Users connect to their virtual desktop sessions through a connection broker. This broker is essentially a software layer that acts as the intermediary between the user and server, enabling the orchestration of user sessions to virtual desktops or published applications.
VDI is usually deployed in an organization's data center and managed by its IT department. Typical on-premises providers include Citrix, VMware, and Remote Desktop Services. VDI can be hosted on-premises or in the cloud. Some organizations use the cloud to scale virtual desktop environments, enabling a hybrid capability that allows IT admins to meet changing organizational demands quickly.
Azure Virtual Desktop – what is it?
Azure Virtual Desktop is a desktop and app virtualization service that runs on Microsoft Azure. Azure Virtual Desktop works across devices, including Windows, Mac, iOS, Android, and Linux, with apps that you can use to access remote desktops and apps. You can also use modern browsers to access Azure Virtual Desktop.
Providing the best user experience
Users have the freedom to connect to Azure Virtual Desktop from any capable device over the internet. You can use an Azure Virtual Desktop client to connect to published Windows desktops and applications. There are three flavors of client that you can use to connect: a native application on the device, a mobile app, or the Azure Virtual Desktop HTML5 web client.
You can improve application performance on session host virtual machines (VMs) by running apps near services by connecting to your data center or the cloud. This will reduce the risk of long loading times and keep your users productive.
User sign-in to Azure Virtual Desktop is much faster because user profiles are containerized using FSLogix profile containers. The user profile container is dynamically attached to the session host or VM in question at user sign-in. The user profile is made available and appears in the system exactly as a local user profile would.
You can provide individual ownership to session desktops using personal (persistent) desktops for those specific use cases. For example, you may want to offer personal remote desktops for members of a web development team. They would be able to add or remove programs without impacting other users on that virtual desktop.
Azure Virtual Desktop provides centralized security for users' desktops with Azure Active Directory (Azure AD). You can further enhance security by enabling multi-factor authentication (MFA) to provide secure user access. You can also secure access to data by using Azure's granular role-based access control (RBAC) for users.
Azure Virtual Desktop separates the data and apps from the local hardware and runs both resource types on a remote server. The risk of confidential data being left on a personal device is significantly reduced when using Azure Virtual Desktop.
Azure Virtual Desktop improves security by using reverse connect technology, a more secure connection type than the Remote Desktop Protocol (RDP). However, the session hosts do open inbound ports to the session host VMs.
Azure Virtual Desktop is a Microsoft Azure service that's familiar to Azure admins. You use Azure Active Directory and RBAC to manage access to resources. With Microsoft Azure, you are provided with the tools to automate VM deployments, manage VM updates, and provide disaster recovery.
As with other Microsoft Azure services, Azure Virtual Desktop uses Azure Monitor for monitoring and alerts. This allows IT admins to identify issues through a single interface.
Managing Azure Virtual Desktop performance
You can configure session load balancing to occur as users sign in to session hosts, also known as breadth mode. Breadth mode essentially means that users are sequentially allocated across the host pool for your workload. You also have the option to configure your VMs for depth mode load balancing to save costs, where users are fully allocated on one VM before moving to the next. In addition, Azure Virtual Desktop provides the tools and the capability to automatically provision additional VMs when incoming demand exceeds a specified threshold.
Multi-session Windows 10/11
Azure Virtual Desktop enables and headlines Windows 11 and 10 Enterprise multi-session since they are the only Windows operating systems (client-based) that enable multiple concurrent users on a single Windows 11/10 VM.
Azure Virtual Desktop also provides a familiar experience with broader application support than the traditional Windows Server-based remote desktop solutions.
What licenses do I need?
Azure Virtual Desktop is available at no additional cost if you have an eligible Microsoft 365 license. However, it is important to note that you pay for the Microsoft Azure resources that are consumed by Azure Virtual Desktop:
- You must have a Windows or Microsoft 365 license to be able to use Windows 11 Enterprise and Windows 10 Enterprise desktops and apps (eligible).
- You must have a Microsoft Remote Desktop Services (RDS) Client Access License (CAL) for Windows Server Remote Desktop Services desktops and apps (eligible).
What's managed by Microsoft and what you manage
What Microsoft manages
Azure Virtual Desktop provides a virtualization infrastructure as a managed service. Azure Virtual Desktop's core components are as follows:
- Web client: The Web Access service within Azure Virtual Desktop management enables users to access virtual desktops and remote apps through the HTML5-compatible web browser, as they would with a local PC – from anywhere and on any device. In addition, you can secure Web Access by using MFA in Azure AD.
- Diagnostics: Remote Desktop Diagnostics is an event-based aggregator service that's provided through Azure Virtual Desktop management that marks each user or administrator's action on the deployment as a success or failure. Administrators can query the aggregation of events to identify failing components.
- Management: With this option, you can manage Azure Virtual Desktop configurations in the Azure portal, as well as manage and publish host pool resources. Azure Virtual Desktop also includes several extensibility components. You can manage Azure Virtual Desktop by using Windows PowerShell or with the provided REST APIs, enabling support from third-party tools.
- Broker: The Connection Broker service manages user connections to virtual desktops and remote apps. This also handles load balancing and reconnecting to existing sessions.
- Load balancing: This option provides session host load balancing by depth-first or breadth-first. The broker controls how new incoming sessions are distributed across the VMs in a host pool.
- Gateway: The Remote Connection Gateway service connects remote users to Azure Virtual Desktop remote apps and desktops from any internet-connected device that can run an Azure Virtual Desktop client. The client connects to a gateway that then orchestrates a connection from the VM back to the same gateway.
Windows Virtual Desktop uses Azure infrastructure services for compute, storage, and networking.
What does the customer manage?
Desktop and remote apps
- Desktop: Remote Desktop application groups give users access to a full desktop. You can provide a desktop where the session host's VM resources are shared or pooled. You can give dedicated personal desktops to those users who need to add or remove programs without impacting other users.
- Apps: RemoteApp applications groups provide users access to the applications you individually publish to the application group. You can create multiple RemoteApp app groups to accommodate different user scenarios. For example, you can use RemoteApp to virtualize an app that runs on a legacy OS or needs secured access to corporate resources.
- Images: When you configure session hosts for application groups, you have a choice of images. You should use a recommended image such as Windows 10 Enterprise multi-session and Office 365. Alternatively, you can choose an image in your gallery or an image provided by Microsoft or other publishers.
Management and policies
- Profile management: Configure FSLogix profile containers with a storage solution such as Azure Files to containerize user profiles and provide users with a fast and stateful experience.
- Sizing and scaling: Here, you can specify session host VM sizes, including GPU-enabled VMs, as well as specify depth or breath load balancing when you create a host pool. Finally, you can configure automation policies for scaling.
- Networking policies: Define a network topology to access the virtual desktop and virtual apps from the intranet or internet based on the organizational policy.
- Connect your Azure Virtual Network to your on-premises network by using a virtual private network. Alternatively, you can use Azure ExpressRoute to extend your on-premises networks into the Microsoft cloud platform over a private connection.
- User management and identity: Use Azure AD and RBAC to manage user access to resources. Take advantage of Azure AD security features such as conditional access, MFA, and Intelligent Security Graph. Azure Virtual Desktop requires Active Directory Domain Services (AD DS). Domain-joined sessions host VMs on this service. You can also sync AD DS with Azure AD so that users are associated between the two. Once you've done this, you can use Azure AD Join to deliver virtual desktops to your users.
This chapter provided an introduction to Azure Virtual Desktop, some of the key benefits of the service, and an overview of its components and capabilities. In the next chapter, we will look at designing an Azure Virtual Desktop architecture.