Let’s talk about Azure Virtual Desktop

Kenny Li

Follow

--

Listen

Share

Desktop as a Service (DaaS) is a cloud computing solution that enables organizations to deliver virtual desktops and applications to end-users over the internet. In a traditional VDI (Virtual Desktop Infrastructure) setup, the infrastructure, hardware, and software required to host and manage virtual desktops are maintained on-premises. However, VDI is often considered a legacy approach due to its complexities and high costs of managing and scaling infrastructure.

In contrast, Desktop as a Service revolutionizes the way virtual desktops are deployed and managed. With DaaS, the entire virtual desktop infrastructure is hosted and managed in the cloud by a service provider. Organizations no longer need to invest in on-premises hardware, and they can scale resources up or down based on demand, allowing for increased flexibility and cost-effectiveness.

Azure Virtual Desktop, formerly known as Windows Virtual Desktop, is Microsoft’s fully managed Desktop as a Service solution. It is built on top of Azure cloud infrastructure and leverages the power of Microsoft’s remote desktop technology. Azure Virtual Desktop enables organizations to deploy virtualized Windows desktops and applications to their users, providing them with a seamless and secure desktop experience regardless of their location or device.

With Azure Virtual Desktop, organizations can quickly provision virtual desktops, deliver software updates centrally, and securely manage user access and permissions. It supports multi-session Windows 10 (and Windows 11), allowing multiple users to share the same virtual machine and efficiently utilize resources, leading to better cost optimization.

Azure Virtual Desktop also provides the flexibility to deploy virtualized applications alongside virtual desktops, enabling users to access critical applications from any device with an internet connection. Moreover, the integration with Microsoft’s cloud ecosystem, such as Azure Active Directory, simplifies user authentication and access control, ensuring a secure environment for virtual desktops and applications.

Let’s take a closer look at this DaaS solution offered by Microsoft.

Azure Virtual Desktop offers a range of powerful features that enhance the virtual desktop experience for organizations and end-users alike. One of the standout features is the support for multi-session Windows 10. Unlike traditional VDI solutions where each virtual machine serves a single user, Azure Virtual Desktop allows multiple users to share a single virtual machine concurrently. This unique capability optimizes resource utilization, significantly reducing infrastructure costs while ensuring a seamless and responsive desktop experience for users.

In the past, VDI solution providers like Citrix and VMware historically offered their solutions with multi-session capabilities using server OS for shared desktop scenarios. Azure Virtual Desktop offers a revolutionary capability by providing multi-session client OS machines, meaning that multiple users can share a single Windows 10 or 11 virtual machine concurrently. This allows users to experience a Windows desktop environment with the flexibility of a client OS. This is beneficial for organizations that rely on applications optimized for a client OS like Windows 10 or require features exclusive to Windows 10, not available in Windows Server.

The multi-session capability on a Client OS is vendor-locked and is only offered through Azure. As of now, Azure has two approved vendors, Citrix and VMWare, that can integrate their DaaS solutions with Azure Virtual Desktop to leverage the multi-session Windows Desktop capability.

Another essential feature of Azure Virtual Desktop is the ability to virtualize applications alongside virtual desktops. Organizations can deploy and manage applications centrally, making them available to users through Azure Virtual Desktop. This streamlines software delivery and updates, simplifying application management while maintaining consistency across the virtual desktop environment. Users can access these applications from any device, ensuring productivity and collaboration on the go.

Unlike traditional application deployment methods, where software needs to be installed on individual machines, Azure Virtual Desktop allows organizations to host applications on virtual machines in the cloud. This centralized approach streamlines application delivery and management, making it more efficient and consistent across the virtual desktop environment.

To get an app available for users, administrators first package the application into a virtualized format compatible with Azure Virtual Desktop. This can be done by creating an application package that includes all the necessary files and dependencies for the software to run.

Once the application package is prepared, administrators can deploy it to the virtual machines running in the Azure Virtual Desktop environment. These virtual machines act as hosts for the applications, ensuring that multiple users can access and run the same application concurrently. This is where the power of multi-session capabilities comes into play, allowing efficient resource utilization and a better user experience.

RemoteApp is a feature in Azure Virtual Desktop that allows users to access and run specific applications remotely, without the need to access the entire desktop environment. With RemoteApp, administrators can publish individual applications from the Azure Virtual Desktop environment to specific user groups, making them available for remote access from any device with an internet connection.

When users launch a published application, it appears as if the application is running locally on their device, even though it is executing on the virtual machine in the Azure cloud. This provides a seamless and integrated user experience, as users can access and work with the application as if it were installed on their own device.

RemoteApp is particularly useful when users need access to specific applications but do not require the full desktop experience. It streamlines the user’s workflow by allowing them to launch only the applications they need, reducing the complexity and potential distractions associated with a complete desktop environment.

In addition to RemoteApp, users can also access published applications through other methods, such as the Azure Virtual Desktop client (formerly known as the Remote Desktop client), web browser, or mobile applications. The Azure Virtual Desktop client is available for various platforms, including Windows, macOS, iOS, and Android, enabling users to access their virtual desktops and published applications from their preferred devices.

The web browser option, called the Azure Virtual Desktop web client, allows users to access their published applications directly from a compatible web browser without needing to install additional software. This provides a convenient way for users to access applications from devices where they cannot install the Azure Virtual Desktop client.

Scalability is a key benefit of AVD. Being a cloud-based service on Microsoft Azure, AVD offers the advantage of elastic scalability. The Azure Virtual Desktop Autoscale feature empowers organizations to dynamically adjust the number of virtual machines in their AVD host pool based on user demand. This capability ensures that the virtual desktop environment scales efficiently to meet changing workload needs, optimizing resource utilization and cost-effectiveness.

Autoscale operates on predefined scaling rules and schedules that determine when and how to add or remove VMs from the host pool. These rules are based on metrics like connected users, CPU utilization, and session activity, and administrators can set threshold values to trigger scaling actions. Additionally, time-based schedules can be configured to automate scaling up during peak usage hours and scaling down during periods of low activity, such as nights and weekends.

The feature also includes load balancing capabilities to evenly distribute user connections across available VMs, ensuring optimal performance and user experience. Proactive monitoring continuously evaluates the health and performance of the host pool, VMs, and user sessions, enabling timely scaling actions to meet demand.

The elastic scalability of AVD also enables organizations to adapt quickly to changing business needs. Whether it’s onboarding new employees, accommodating temporary contractors, or responding to unexpected business growth, AVD provides the agility to adjust resources in real-time, ensuring that the virtual desktop environment can scale effortlessly to meet evolving requirements.

Flexibility is another advantage of AVD. With the ability to access virtual desktops and applications from any device with an internet connection, users gain freedom and mobility in their work. Whether using a desktop computer, laptop, tablet, or even a mobile phone, AVD ensures a consistent and secure experience, allowing users to be productive from anywhere, at any time. This capability breaks down the barriers of traditional desktop computing and enables a seamless, cross-platform experience, enhancing productivity and collaboration for users on the go.

Whether an employee is working from their office desktop, a laptop at a coffee shop, a tablet during a business trip, or even a smartphone while commuting, AVD ensures a consistent and secure experience across all devices. This level of versatility revolutionizes how users interact with their virtual desktops and applications, promoting a flexible work environment that adapts to individual preferences and needs.

Moreover, AVD’s flexibility extends beyond device compatibility to encompass location independence. Users are no longer confined to a specific physical location to access their work environment. Instead, they can securely connect to their virtual desktops and applications from anywhere in the world with internet connectivity. This geographical independence fosters a new era of remote and distributed work, enabling organizations to embrace remote-first strategies and attract talent from diverse regions.

Additionally, the seamless mobility offered by AVD contributes to business continuity and disaster recovery. In the event of a physical office disruption or unforeseen circumstances, employees can effortlessly switch to working from their virtual desktops on alternative devices, ensuring minimal interruption to business operations.

AVD is a global service managed by Microsoft, with multiple instances distributed across various Azure regions. In case of any unexpected component outage, traffic is redirected to a remaining instance, or a full failover to redundant infrastructure in another Azure region is initiated.

To ensure user connectivity during a region outage, organizations must design their infrastructure with high availability and disaster recovery in mind. A typical disaster recovery plan involves replicating virtual machines to a different location. During outages, the primary site fails over to the replicated VMs in the secondary location, allowing users to access applications without interruption. Additionally, user identities and profile containers need to be replicated, and line-of-business applications and data in the primary location must fail over to the secondary location.

There are two types of disaster recovery infrastructure: active-passive and active-active. Active-passive plans involve having a region with active resources and another region with resources turned off (passive), which can be activated when needed. In contrast, active-active deployments use both sets of infrastructure simultaneously, limiting the impact of outages to users in the affected region while users in the functioning region remain unaffected.

To replicate VMs to the secondary location, organizations can use Azure Site Recovery, which automates the process and ensures VMs are connected to the service instance closest to them. Administrators need to end user connections in the current region before failing over VMs to the secondary region.

Organizations must also consider network connectivity during an outage, setting up a virtual network in the secondary region and ensuring access to on-premises resources through VPN, ExpressRoute, or virtual WAN connections.

Ensuring the availability of domain controllers in the secondary location is also an important aspect for disaster recovery planning, and organizations can achieve this by having Active Directory Domain Controllers in the secondary location, using on-premises Active Directory Domain Controllers, or replicating Active Directory Domain Controllers using Azure Site Recovery.

Managing user profiles with tools like FSLogix is recommended, and organizations should back up their data using appropriate backup solutions based on the storage used for user profiles.

Finally, business applications dependent on data in the primary region must be configured to fail over to the secondary location, ensuring seamless operation during disasters. Disaster recovery testing is essential to ensure the effectiveness of the plan and the smooth functioning of applications during failover. Organizations should conduct tests during maintenance windows and cover all business-critical applications and data while limiting the number of VMs failed over at a time for optimal results.

Azure Virtual Desktop is composed of several essential components that work together to deliver a virtual desktop and application experience to users. These components are designed to provide a flexible and scalable virtualization solution in the cloud. Here are the key components of AVD:

Host pools are a fundamental building block of AVD. They are a collection of identical virtual machines that are used to host user sessions. Host pools come in two types: personal and pooled.

Personal host poolsPersonal host pool offers dedicated virtual machines to individual users. Unlike the pooled host pool, where multiple users share a single VM concurrently, the personal host pool assigns a specific VM to each user. This approach provides a more personalized desktop experience, allowing users to customize their environment, install applications, and maintain their settings without affecting other users.

The personal host pool is an excellent choice for scenarios where users have distinct requirements or need a consistent and isolated workspace. For example, power users, developers, or employees with specific software needs may benefit from having their dedicated VMs to achieve maximum performance and customization.

Setting up a personal host pool involves creating individual VMs for each user and associating them with the respective users in the Azure Virtual Desktop environment. This requires careful planning and resource allocation to ensure that each user receives an appropriate VM size and performance capabilities based on their usage patterns and workloads.

Administrators have the flexibility to manage the VMs in the personal host pool individually, allowing for customized updates, patching, and application installations. This control over each VM ensures that any changes or updates do not impact other users, maintaining a stable and personalized experience for each user.

Pooled host poolsA pooled host pool enables multiple users to share virtual machines concurrently. Unlike the personal host pool, where each user has their dedicated VM, the pooled host pool provisions a group of VMs that users can access as needed. When a user connects to the virtual desktop environment, they are assigned to an available VM from the pool, providing a dynamic and scalable desktop experience.

Pooled host pools are particularly useful in scenarios where users have similar requirements and do not need dedicated resources. For example, in call centers, classrooms, or corporate environments, many users perform similar tasks and require a standardized desktop experience. By using a pooled host pool, organizations can efficiently utilize resources and streamline the management of virtual desktops.

To set up a pooled host pool, administrators define a template VM with the required software and configurations. Azure Virtual Desktop then creates multiple VMs based on this template, ensuring consistency across the pool. When users log in, they are automatically directed to an available VM with their session while maintaining their individual profiles and data.

One of the key benefits of the pooled host pool is its efficient use of resources. Since VMs are shared among multiple users, resource utilization is optimized, and it becomes more cost-effective compared to individual VMs for each user. Additionally, administrators can take advantage of Azure Virtual Desktop Autoscale feature to automatically scale the number of VMs based on user demand, ensuring optimal performance during peak usage periods and saving costs during low-activity periods.

There are two types of session hosts: those in pooled host pools and those in personal host pools. In a pooled host pool, a session host is a virtual machine running on Microsoft Azure that enables multiple users to share the same VM concurrently. This efficient multi-session capability is a result of AVD’s advanced technology, optimizing resource utilization and reducing infrastructure costs compared to traditional virtual desktop infrastructure (VDI) solutions.

On the other hand, in a personal host pool, a session host is also a virtual machine on Azure, but it operates in a dedicated one-to-one mapping with users. Each session host serves a single user at a time, providing a personalized and isolated desktop experience tailored to their needs. This setup allows users to have exclusive access to their desktop environments and applications, ensuring privacy and a more customized work experience.

Application groups allow administrators to publish applications and make them available to users. Applications within an application group can be virtualized and presented as remote applications to users, allowing them to access and run these applications seamlessly from their virtual desktop sessions. Application groups provide a centralized and efficient way to manage application delivery, updates, and user access.

In Azure Virtual Desktop, an Application Group is a logical container that holds one or more applications, making it easier for administrators to organize and present applications to specific user groups. By grouping applications together, administrators can efficiently assign access permissions and publish applications to targeted sets of users, ensuring that each user has access to the relevant applications based on their role and responsibilities.

Application Groups offer flexibility in application delivery, enabling administrators to choose between two types of publishing methods: RemoteApp and Desktop. With the RemoteApp publishing method, individual applications are presented to users, allowing them to access specific applications directly from their local devices without launching a full virtual desktop session. This approach is ideal for scenarios where users require access to specific applications without the need for a complete virtual desktop environment.

On the other hand, the Desktop publishing method offers a comprehensive virtual desktop experience, where users access a complete desktop environment that includes multiple applications and resources. This option is suitable for users who need access to a range of applications and workspaces within a virtualized desktop session.

Application Groups also support seamless integration with Azure AD , enabling administrators to leverage existing user identities and security groups to manage access to applications. This integration ensures that only authorized users can access the applications within the designated groups, enhancing security and data confidentiality within the AVD environment.

Furthermore, administrators can easily update and manage applications within an Application Group, ensuring that users always have access to the latest versions and patches. This centralized application management approach simplifies the process of software deployment and maintenance, reducing the administrative overhead and ensuring a consistent application experience for all users.

A workspace serves as a central management unit that helps organize and deliver virtual desktops and applications to end-users. Think of a workspace as a logical container that holds all the resources and configurations necessary to provide a seamless user experience. When users log in to AVD, they are presented with the resources available within their assigned workspace, ensuring that they have access to the right virtual desktops and applications based on their role and permissions.

Workspaces in AVD simplify administration by allowing IT administrators to group users, applications, and virtual desktops together based on organizational needs. This granular control makes it easier to manage access and assign resources to different user groups, ensuring that each user receives the appropriate virtual desktop environment and applications tailored to their work requirements.

Furthermore, workspaces facilitate consistent policy enforcement and security settings across the virtual desktop environment. Administrators can apply security policies, access controls, and compliance measures at the workspace level, ensuring that data and applications are protected from unauthorized access and potential security breaches. This centralized management approach simplifies IT governance and compliance, providing a secure and efficient way to deliver virtual desktops and applications to end-users.

Workspaces are designed to be scalable and flexible, allowing organizations to adapt to changing business needs. As the organization grows or evolves, administrators can easily add or remove users, virtual desktops, and applications within a workspace, streamlining resource allocation and maintaining productivity. This dynamic flexibility ensures that AVD workspaces can accommodate the organization’s growth while providing a consistent and reliable user experience.

As AVD allows users to access virtual desktops and applications from various devices and locations, ensuring secure and controlled access becomes paramount. Azure AD is the foundation for managing user identities in AVD, offering robust identity and access management capabilities.

With Azure AD, administrators can define user identities, assign roles and permissions, and control access to AVD resources. This centralized identity management approach allows organizations to enforce strong authentication methods, such as multi-factor authentication, providing an extra layer of security to protect against unauthorized access. By integrating with Azure AD, AVD can ensure that only authenticated and authorized users can access virtual desktops and applications, enhancing data security and privacy.

Azure AD’s role-based access control enables administrators to assign specific roles to users based on their responsibilities and access requirements. This fine-grained access control ensures that users have access only to the resources and applications relevant to their job roles, preventing unnecessary exposure to sensitive information. Administrators can also create custom RBAC roles to meet specific organizational needs, providing even more control over user access.

Additionally, Azure AD’s conditional access policies enable administrators to define access rules based on factors such as user location, device type, and risk level. This enables context-aware security, allowing organizations to tailor access controls based on real-time risk assessments. For example, administrators can enforce stricter access requirements for users accessing AVD from unfamiliar devices or locations, adding an extra layer of protection against potential threats.

The virtual network connects users to their virtual desktops and applications securely and efficiently. A virtual network in Azure is a private network that allows resources within the network to communicate with each other, providing isolation and control over network traffic.

When deploying AVD, administrators can create and configure a dedicated virtual network to host the virtual machines that serve as session hosts for users’ virtual desktops. This virtual network is where the AVD infrastructure operates, and it facilitates the communication between users and their virtual desktops.

One of the key benefits of using a virtual network for AVD is that it enables secure connectivity for remote users. By connecting to the virtual network through a VPN, ExpressRoute, or virtual WAN, remote users can access their virtual desktops and applications as if they were connected to the on-premises network, ensuring a consistent and secure user experience.

The virtual network also allows administrators to implement network security measures, such as Network Security Groups (NSGs) and Azure Firewall, to control network traffic and protect against unauthorized access. NSGs enable administrators to define inbound and outbound traffic rules for specific subnets or network interfaces, ensuring that only authorized communication is allowed. Azure Firewall, on the other hand, provides a managed, cloud-based firewall service that protects the virtual network from threats and provides application-level filtering and inspection.

FSLogix addresses one of the key challenges in virtual desktop deployments — managing user profiles efficiently. Traditionally, user profiles in virtual desktop environments can become large and unwieldy, leading to slow logon times and increased storage costs. FSLogix solves this problem by using innovative container technology to streamline profile management.

With FSLogix, user profiles are stored in a virtual disk container, which is mounted to the user’s session during logon. This container approach ensures that user profiles remain lightweight and easily portable, as all user-related data, such as application settings and personal files, is stored within the container. As a result, logon times are significantly reduced, and users experience faster and more responsive desktop sessions. Additionally, FSLogix supports the concept of “profile containers,” where the user’s profile can be dynamically attached to the virtual desktop or session host based on the user’s identity, making it highly adaptable in multi-user environments.

Another essential feature of FSLogix is its ability to address application conflicts in multi-user environments. When multiple users share the same virtual desktop or session host, application conflicts can arise due to differing application requirements or compatibility issues. FSLogix tackles this challenge by using “Application Masking” and “Java Redirection” technologies, which enable administrators to control application visibility and redirection for specific users or groups. This ensures that each user can access only the applications they need, avoiding conflicts and ensuring a seamless experience.

FSLogix is also highly scalable and compatible with various virtual desktop and session host platforms, making it a versatile solution for profile management. As part of the Microsoft ecosystem, FSLogix is fully integrated with Azure Virtual Desktop, providing a seamless and efficient way to manage user profiles in the cloud. It can also be deployed on traditional virtual desktop infrastructure solutions, Citrix environments, and other virtualization platforms.

In conclusion, Azure Virtual Desktop offers a host of impressive features and benefits for organizations seeking a modern and efficient virtual desktop solution. With support for multi-session Windows 10 and virtualized applications, AVD optimizes resource utilization and enhances user productivity. The scalability and flexibility of AVD enable organizations to adapt to changing needs seamlessly, while its cost-effectiveness makes it an attractive option for businesses looking to embrace the power of the cloud for their desktop infrastructure. Overall, AVD empowers organizations to deliver a superior virtual desktop experience, driving efficiency, collaboration, and mobility in the modern workplace.

learn.microsoft.com

learn.microsoft.com

learn.microsoft.com