This chapter introduces Azure Virtual Desktop (AVD) and its capabilities. It also covers the different virtual desktop infrastructure (VDI) platforms compared to AVD. Additionally, this chapter provides detail about AVD prerequisites, licensing, pricing, different AVD types (personal/pooled), and AVD components.
After reading this chapter, you will understand the use of Azure Virtual Desktop including its high-level components that the support team needs to manage and the best desktop options for your organization.
What Is Azure Virtual Desktop?
Azure Virtual Desktop was previously known as Windows Virtual Desktop (WVD). AVD officially launched in September 2019, and Microsoft rebranded Windows Virtual Desktop as Azure Virtual Desktop in June 2021.
Microsoft Azure Virtual Desktop is a cloud-based virtual desktop that runs in Azure and allows end users to access organization-specific internal applications securely. Azure Virtual Desktop provides desktop and application virtualization capabilities for the enterprise with some exclusive features such as Windows 10 enterprise multisessions, which allows multiple users to concurrently connect to a remote desktop on a cloud-based virtual machine. AVD provides a familiar user experience to RDS users with optimal app compatibility and no RDS CAL licensing on Windows 10 multisessions. Windows 7 is also available with extended support so you can run your legacy apps securely and efficiently in the cloud.
Traditionally, deploying a VDI was often considered time-consuming and complex because of the hardware and software license procurement for VDI deployment for each region. Additionally, VDI depends on several key components including VDI brokers, database servers, session host machines, domain controllers, and more to work together seamlessly. Azure Virtual Desktop is a cloud-based VDI solution that provides all the benefits of the cloud such as easy scalability, availability, security, high availability, easy disaster recovery, and most importantly cost. The Azure Virtual Desktop service is available in most regions so you can deploy a desktop in any available region with less lead time.
The pandemic has accelerated the number of companies leveraging cloud resources; with most employees are working from home, it is difficult to accommodate the high demand for infra resources with limited on-premises infrastructure and network setup. That’s where Azure Virtual Desktop is useful. Organizations can simply deploy desktops in the cloud based on the organization’s requirements and following its security and compliance policies.
What Does Microsoft Azure Virtual Desktop Do?
Azure Virtual Desktop is a desktop-as-a-service (DaaS) offering that allows customers to run virtual apps and desktop services from the Azure public cloud. Admins deploy the solution through the Azure portal and can leverage Azure Active Directory and a host of operating system options to deliver resources to users. Since Azure Virtual Desktop is a cloud-based solution, you don’t have to worry about hardware procurement or any other license cost.
Due to the ongoing pandemic, most companies are allowing employees to work from home across the world. That’s why demand for VDI/VPNs has increased, but at the same time expanding a VDI/VPN infrastructure is time-consuming, so companies started looking for alternative. Microsoft came up with a solution to allow companies to set up a VDI in the cloud on demand with multiregion support.
What Are the Benefits of Using Azure Virtual Desktop?
In the past, VDI solutions have been complex, time-consuming, expensive, and difficult to manage. Small and medium-sized businesses don’t want to use VDI solutions as a large server infrastructure and dedicated team are required to manage/run VDI infrastructure on-premises. Azure Virtual Desktop makes this affordable and easier for all businesses.
Windows 10 multisession advantage: Multiple users can log in and share back-end host/VM resources with a pooled host pool.
Office 365 Pro plus support: Azure Virtual Desktop is optimized for Office 365.
Windows 7: Azure Virtual Desktop supports Windows 7 with free extended support for legacy applications.
Full desktops and remote apps: A full desktop as well as applications can be published on Azure Virtual Desktop.
Auto scaling: It is easy to scale up and down in less time based on the organization demand (with automation).
Low lead time and fast enablement of virtual desktop: Enable remote users in hours compared to on-prem VDI solutions.
Simple to deploy and configure: You can deploy and manage virtual desktops and apps, assign users, and have access to monitoring and diagnostics. All of this is available to you in a single interface.
Cost effective: Azure Virtual Desktop is a cost-effective VDI solution as you pay for the virtual machines only when your virtual desktops are running, and the management plane is managed by Microsoft without any additional cost. There is a significant cost advantage of low per user cost with a pooled host pool.
Flexible: Like with all Microsoft Cloud Services, there are no contractual commitments with Azure Virtual Desktop, and the organization can easily delete virtual desktops at any time. The service itself is flexible, and it allows you to publish a full desktop experience or offer only a specific virtual application.
Who Should Use Azure Virtual Desktop?
The Azure Virtual Desktop solution is suitable for businesses of all sizes. Many organizations are allowing their employees to work from home due to the covid-19 pandemic, and AVD is particularly useful in this case because it allows organizations to set up all the security controls on the cloud-based desktop, which can be accessed over the Internet securely. In some scenarios, AVD is useful in case organizations want their external consultants/venders to connect to organization-specific internal application/infrastructure resources.
What Are the Differences Between Traditional VDI and AVD DaaS?
Differences Between Traditional VDI and AVD
Traditional VDI | AVD Desktop-as-a-Service |
---|---|
Fixed VM size | Scale on demand |
Rely on AVD for Windows 10 multisession | Windows 10 multisessions supported, which helps to lower per user cost |
Additional efforts to enable use of Office 365 | Office 365 optimized |
Long implementation time | Fast implementation |
Self-managed control plane (Broker, Gateway) | Control plane managed by Azure |
Difficult and time-consuming to set up globally | Globally available and easy to set up on demand |
Software/hardware procurement required for each additional workload; time-consuming process | On-demand procurement |
Fix hardware/software required to set up DR | Easy to set up disaster recovery for business-critical users and user automation to scale DR on demand |
Annual/long-term perpetual licensing/hardware procurement | Monthly or pay-as-you-go billing |
Azure Virtual Desktop Types: Personal vs. Pooled Desktops
Lets users customize their virtual desktop including user-installed applications and save files within the virtual desktop
Allows users to assign dedicated resources (CPU/memory/storage) to a specific user, which can be helpful when users are running applications requiring complex configuration
A pooled desktop solution is also called a nonpersistent desktop. In a pooled desktop, a load balancer sends a user session request to the currently available session host (back-end VM) depending on the load-balancing type selected for the host pool. Since the users don’t always return to the same session host each time, they have a limited ability to customize the virtual desktop including additional application installation. A user profile can be stored on remote storage using FSLogix so that user will get same profile every time they log into the pooled desktop.
Differences Between Pooled and Personal AVD
Pooled AVD Desktop | Personal AVD Desktop |
---|---|
Nonpersistent desktop. | Persistent desktop. |
Need Windows 10 multisession OS image. | Windows 10 OS image. |
Multiple users can share single VM. | Dedicated VM per user. |
Per user cost will be less. | Per user cost will be higher than pooled. |
Depth/breadth-first load balancing for user sessions. | Direct session to dedicated VM. |
One user can use all resources (CPU, RAM) from the pooled VM as there is no per user resource restriction, and this may cause performance issue for other users on the same VM. | Dedicated resources (CPU, RAM, storage). |
User-centric app installation required so that the app will be available for all user. | Both user/system-centric installations are supported. |
Application needs to be installed on all VMs in the pooled host pool so that it will be available for user. | App installation on dedicated VM. |
FSLogix required to store user profile on remote storage to keep the same profile during every login. | FSLogix is not required/mandatory. |
Autoscaling can be added to stop /start a VM on demand and help to reduce cost. | Start VM on connect, and auto-shutdown features can be used to stop /start an AVD VM and reduce cost. |
Azure Virtual Desktop Components
AVD Components Managed by Microsoft
Web Access: The Web Access service within Window Virtual Desktop lets users access virtual desktops and remote apps through an HTML5-compatible web browser with multifactor authentication in Azure Active Directory.
Gateway: The Remote Connection Gateway service connects remote users to Azure Virtual Desktop apps and desktops from any Internet-connected device with an Azure Virtual Desktop client. The client connects to a gateway, which then orchestrates a connection from a session host VM back to the same gateway.
Connection Broker: The Connection Broker service manages user connections to virtual desktops and remote apps. The Connection Broker provides load balancing and reconnection to existing sessions.
Diagnostics: Remote Desktop Diagnostics is an event-based aggregator that marks each user or administrator action on the Azure Virtual Desktop.
Extensibility components: Azure Virtual Desktop includes several extensibility components. You can manage Azure Virtual Desktop using Windows PowerShell or using the provided REST APIs, which also enable support from third-party tools.
AVD Components Managed by the User
Azure Virtual Network: Azure Virtual Network lets Azure resources like VMs communicate privately with each other and with the on-premises network. You can connect an Azure Virtual Desktop to an on-premises network using a site-to-site VPN or using ExpressRoute to extend the on-premises network into the Azure cloud over a private connection for an AVD session host domain join or to access a specific application from AVD desktop.
Azure AD: Azure Virtual Desktop uses Azure AD for identity and access management. On-premises domain user accounts can be synced with Azure AD, and the same account can be used for AVD authentication so that the user doesn’t have to manage multiple credentials. Azure AD can also provide MFA, which is an additional layer of security when users are accessing AVD from the Internet.
AD DS: Azure Virtual Desktop VMs must domain-join an AD DS service, and the AD DS must be in sync with Azure AD (via Azure AD Connect) to associate users between the two services.
- Azure Virtual Desktop session hosts: A host pool can have a session host (Azure VM) with the following operating systems:
Windows 7 Enterprise
Windows 10 Enterprise
Windows 10 Enterprise multisession
Windows Server 2012 R2 and above
Custom Windows system images (above OS) with preloaded apps, group policies, or other customizations
Azure Virtual Desktop workspace: The Azure Virtual Desktop workspace or tenant is a management construct to manage and publish host pool resources.
Before Getting Started with Azure Virtual Desktop
Azure Virtual Desktop is a desktop-as-a-service. There are some prerequisites that need to be in place before an AVD implementation:
Licensing (check the “Licensing” section in following Chapter 3 for details about the types of licenses available)
- Azure subscription
Azure Active Directory setup with Azure AD Connect to sync on-premises AD user for AVD authentication
Contributor and user administrator (or owner) permission with a subscription to create AVD resources and assign users to AVD
- Domain controller and DNS
AD must be in sync with Azure AD
Domain-join credentials to join an AVD VM to AD
DNs to resolve domain names as well as all other name resolution
Optional: Azure AD Domain Services (instead of a domain controller)
Profile containers network share (Azure file share or Azure NetApp to store pooled user profiles)
- Network connectivity to on-premises
Networking/on-premises connectivity via ExpressRoute or a site-to-site VPN so that a VM can join to an AD domain controller for user authentication and access on-premises application from the AVD
Open required port and IP address (monitoring, patching and security agents, AD, DNS, other application) on a firewall between on-premises and Azure
OS image (Windows 10 for personal and/or a Windows 10 multisession image for pooling with all agents/software installed in it)
How Much Does Azure Virtual Desktop Cost?
User access rights/license cost
License entitlement: There is no additional cost if you have an eligible Windows, Microsoft 365, or Microsoft Remote Desktop Services (RDS) Client Access License (CAL). Check the “Licensing” section in Chapter 3 for details about the types of licenses.
Azure infrastructure costs: In addition to user access, the following are the Azure components required to host Azure Virtual Desktop that have additional cost:
Virtual machines
- Storage
Operating system (OS) storage
Data disk (wherever applicable)
User profile storage (pooled AVD)
Networking (user data transfer cost)
Additional optional infrastructure costs
Log analytics
Automation account (autoscaling)
Summary
In this chapter, you were introduced to Microsoft Azure Virtual Desktop, including its benefits, different types of desktops, different components involved, and prerequisites needed by the support/operation team. You also learned about AVD licensing requirements, costs, and other details.