Finally, the long wait is over and Microsoft virtual desktop infrastructure (VDI) solution "Windows Virtual Desktop" preview is now available in Azure. If you ever worked with on-premises VDI solutions such as Microsoft RDS or Citrix solution, you may already know how much planning, management involve with it. It is costly as performance & availability of the solution depends on so many things such as networking, hardware resources, skills, connection, etc. But now with a cloud-based solution, we can create a robust, scalable VDI solution with few clicks.
According to Microsoft we can do following with Windows Virtual Desktop,
- Set up a multi-session Windows 10 deployment that delivers a full Windows 10 with scalability
- Virtualize Office 365 ProPlus and optimize it to run in multi-user virtual scenarios
- Provide Windows 7 virtual desktops with free Extended Security Updates
- Bring your existing Remote Desktop Services (RDS) and Windows Server desktops and apps to any computer
- Virtualize both desktops and apps
- Manage Windows 10, Windows Server, and Windows 7 desktops and apps with a unified management experience
Windows Virtual Desktop's Key capabilities are recognized as following,
- Create a full desktop virtualization environment in your Azure subscription without having to run any additional gateway servers.
- Publish as many host pools as you need to accommodate your diverse workloads.
- Bring your own image for production workloads or tests from the Azure Gallery.
- Reduce costs with pooled, multi-session resources. With the new Windows 10 Enterprise multi-session capability exclusive to Windows Virtual Desktop and Remote Desktop Session Host (RDSH) role on Windows Server, you can greatly reduce the number of virtual machines and operating system (OS) overhead while still providing the same resources to your users.
- Provide individual ownership through personal (persistent) desktops.
Windows Virtual Desktop preview setup required following,
- Azure Active Directory – Windows Desktop Machines must join to the Azure AD in the stranded method. It can't be Azure AD-Join
- Virtual Desktop only should be Windows 10 Enterprise multi-session or Windows Server 2016/2019
- OS should have one of the following licenses – Microsoft E3, E5, A3, A5, Business Windows E3, E5, A3, A5
- VM should be using subnet which has a connection to the same virtual network as Azure AD.
- Azure AD & VM should be in the same region.
As same as any other VDI solution, user experience has a huge impact from "connectivity". Therefore Microsoft says,
- Round-trip (RTT) latency from the client's network to the Azure region where host pools have been deployed should be less than 150 ms.
- Network traffic may flow outside country borders when VMs that host desktops and apps connect to the management service.
- To optimize network performance, we recommend that the session host's VMs are collocated in the same Azure region as the management service.
There are few new terms related to the Windows Virtual Desktop setup, let's see what are they.
It is the primary interface for managing Windows Virtual Desktop environment. Each tenant must be associate with Azure Active Directory instance.
Host pool is collection of virtual machines which will serve the users as session hosts. each of machine in the pool should have same OS and configuration. Host pool operations can categorize in to two types,
App group is a logical group which includes applications installed in host pool’s sessions hosts. There are two types of app groups,
When a host pool is created, by default system generates a desktop app group called “Desktop Application Group”. A host pool only can have one desktop app group but it can contain multiple remote app groups.
In this demo I am only going to use desktop app group. I will be writing another blog post to cover remote apps.
Tenant groups help to manage multiple Windows Virtual Desktop tenants at once. This is helpful if you are a service provider.
In this blog post, I am going to demonstrate how to set up a desktop application group. before start let's see how is the environment looks like.
In my demo setup, I have Azure AD Domain Service enabled for tenant rebeladmlive.onmicrosoft.com
This is set up under resource group called AAD and it is using subnet called AAD-vnet
I also set up a subnet called AAD-VM for session hosts.
Setup permissions for Windows Virtual Desktop Preview service
As the first step of the configuration, we need to grant Azure AD permissions for the service. In order to do that,
1. Go to Windows Virtual Desktop consent page using https://rdweb.wvd.microsoft.com/
2. In the page, select the Server app for the Consent Option. Then provide Azure AD Tenant GUID in the relevant field. This can be found under Azure Active Directory | Properties | Directory ID
Then click on Submit to complete.
3. In the next page, it asks for the permissions. Click on Accept to grant permissions.
4. Once permissions are successfully granted, we can see the confirmation.
5. As the next step, we need to do the same and grant permission for the Client app.
Assign TenantCreator application role to an Azure AD user
A new Windows Virtual Desktop tenant can only be created by a user who has TenantCreator application role associated.
To assign this role to a user,
1. Log in to the Azure Portal as Global Administrator (under the same tenet as above)
2. Click on Azure Active Directory | Enterprise Applications
3. Then click on Windows Virtual Desktop from the list.
4. In the new page, click on Users and Groups
5. Then click on + Add User
6. in the new window, select the user and click on Assign.
7. then go back to home page and confirm the role assignment.
Create Windows Virtual Desktop Preview tenant
This is a PowerShell based process so we need to start by installing relevant modules.
1. Launch PowerShell console in your PC as administrator
2. Type Install-Module -Name Microsoft.RDInfra.RDPowerShell and press Enter
3. Then type Import-Module -Name Microsoft.RDInfra.RDPowerShell and press Enter to import the module.
4. As the next step type Add-RdsAccount -DeploymentUrl https://rdbroker.wvd.microsoft.com and press Enter. This asks for sign in and log in with the user who as TenantCreator role assigned.
5. Then, to create the tenant type
New-RdsTenant -Name <tenant name> -AadTenantId <Directory ID> -AzureSubscriptionId <Subscription ID>
In the above command,
<tenant name> is the Azure AD instance name. This can be found under Azure AD Domain Service | Name column
<Directory ID> is the Azure AD directory id and this can be found under Azure AD Domain Service | Properties
<Subscription ID> is the tenant's subscription ID. This can be found under Cost Management + Billing | Overview
Create Host Pool
This is the last leg of the configuration. To create the host pool,
1. Log in to Azure portal as Global Administrator
2. Click on + Create a resource
3. Then search for Windows Virtual Desktop – Provision a host pool and click on it.
4. In the new window, Click on Create
5. In the next window, first, provide a name for Host Pool. Then select the Desktop type. in my demo, I am using Pooled option. Under Default desktop users type the users for the host pool. You can separate the users using a comma. We can add/remove users after host pool is created as well. Under the resource group select an empty RG or create a new one for the host pool. As the last option, select the Location. It should be the same region used for the AAD.
6. In the next window, select the number of users for the host group and the size of the VM. We also need to define VM naming prefix under Virtual machine name prefix
7. In the next step, first, select the OS image source. This can be a custom image or one from the gallery. In this demo, I am going to use one from the gallery. Once it is done, select the OS version under the option Image OS version. under option Disk Type we can define the type of the disk to use. Once the session host is created in the pool, we need to add it to the domain. To do that we need to define an admin account which is part of "AAD DC Administrators" group by using AD domain join UPN field. The next important option is to select the relevant virtual network and the subnet. This virtual network should have access to the AAD.
8. In the next window, as the first option, we can define the name for the group. Then we need to define the Windows Virtual Desktop tenant name. This is the same as the AAD name. under the option UPN, we need to specify a user who has permissions to create a host pool. In the demo I am using a global admin account for it with TenantCreator application role permissions.
9. The system will validate the configuration. once validation is completed, click OK to proceed.
10. As the final step, accept the agreement and click on Create.
Depending on the size of the host pool it can take some time to complete the process.
Once the host pool is created, we can proceed with the testing.
There are two ways to connect to an application group. It is either using a remote desktop client or using a web interface.
Let's go ahead and see how we can connect using the client. You can download it using https://go.microsoft.com/fwlink/?linkid=2068602
Once it is installed, launch it and login as a user who was assigned for the above host pool.
Then it should show the allocated resource. Double click on the icon to connect.
We also can open it using a web client. You can launch it via https://rdweb.wvd.microsoft.com/webclient
Once you log in with relevant details, You can see the allocated resources.
This marks the end of this post. I hope this was useful and in the next post, I am going to talk more about app groups. If you have any questions feel free to contact me on firstname.lastname@example.org also follow me on twitter @rebeladm to get updates about new blog posts.