The digital transformation era has ushered in a new age of remote work and collaboration. In this ever-evolving landscape, Microsoft Azure Virtual Desktop Infrastructure (VDI) has emerged as a powerful solution for organizations seeking secure, scalable, and efficient remote desktop services.
In our previous blog, Part 1 of this series, we looked at Azure VDI solution in-depth. We explored its remarkable features and laid out the essential prerequisites for a successful Azure VDI deployment journey. If you haven't had the chance to delve into Part 1 yet, you can catch up here.
Now, in Part 2, we move beyond theory and dive headfirst into the practical aspects of deploying Microsoft Azure VDI. We'll provide a comprehensive roadmap, share best practices, and offer valuable insights to ensure your Azure VDI deployment is a resounding success.
Deployment Methods of Azure VDI Solution
The deployment of Azure VDI can be accomplished using three different methods:
- Azure Portal: A user-friendly web interface that simplifies the deployment process for those who prefer a graphical approach.
- Azure CLI (Command Line Interface): Ideal for those comfortable with command-line operations, offering scripting capabilities and automation options.
- Azure PowerShell: Perfect for users who prefer managing resources programmatically, allowing for more fine-grained control and customization.
What is the Host Pool for Microsoft Azure Virtual Desktop
A critical step in deploying Azure VDI solution is creating a host pool. But what exactly is a host pool?
Host Pool: A host pool comprises a set of Azure Virtual Machines that are registered to serve as session hosts on Azure Virtual Desktop (AVD) when the agent is running. In order to ensure consistency in all user experience, all session host Virtual Machines within a host pool must be sourced from a single image. Users have control over resources published to them through application groups. We can control the resources published to users through application groups.
- Personal: Each session host is assigned to an individual user, providing dedicated desktops optimized for performance and data separation.
- Pooled: User sessions can be load-balanced across any session host within the pool. Multiple users can share a single session host simultaneously, promoting cost-efficiency and greater efficiency.
Creating the Host Pool Through the Azure Portal
Creating the host pool through the Azure portal involves several steps. Here's a breakdown of the process:
1. Fill in Basic Information
Navigate to the Azure portal, open the basics tab, and fill in the information below. Creating the host pool through the Azure portal involves several steps.
- Subscription: Select your desired subscription from the dropdown list.
- Resource Group: Create a new resource group or choose an existing one.
- One by providing a name.
- Host Pool Name: Enter a unique name for your host pool, e.g., Testpoolhost01.
- Location: Specify the Azure region to deploy your host pool.
- Validation Environment: Select "Yes" to create a host pool for validation purposes, or choose the default "No" for a regular host pool.
- Preferred App Group Type: Choose between "Desktop" or "Remote App."
- Host Pool Type: Decide whether your host pool will be "Personal" or "Pooled." If "Personal" is selected, an option for "Assignment type" (Automatic or Direct) will appear. For "Pooled," additional options for "Load balancing algorithm" and "Max session limit" will be available.
2. Adding Session Hosts (Virtual Machines)
Select "Yes" to add Azure virtual machines and configure the following:
- Resource Group: It defaults to the resource group chosen earlier, but you can select an alternative.
- Name Prefix: Define a prefix for your session host VMs, such as Test-AMC01-CH. This prefix will be used in naming your VMs.
- Virtual Machine Location: Choose the Azure region where your session host VMs will be deployed. It should match your virtual network's region.
- Availability Options: Pick from availability zones, availability set, or "No infrastructure dependency required." Additional parameters may appear depending on your choice.
- Security Type: Choose from "Standard," "Trusted launch virtual machines," or "Confidential virtual machines."
- Image: Select the desired OS image from the list or explore additional options.
- Virtual Machine Size: Choose an appropriate SKU or change the size from the list.
- Number of VMs: Specify the quantity of virtual machines to deploy.
- OS Disk Type: We can select the disk type for our session hosts, It is recommended to use Premium SSD drives for production workloads.
- Boot Diagnostics: Decide whether to enable boot diagnostics.
3. Adding Network and Security
Configure network and security settings, including:
- Virtual Network: Select your virtual network to prompt you to choose a subnet.
- Subnet: Choose a subnet within your virtual network.
- Network Security Group (NSG): Decide whether to use an NSG. Options include "Basic" (creates a new NSG for VM NIC), or "Advanced" (select an existing NSG). Microsoft recommends creating the NSG at the subnet level rather than here.
- Public Inbound Ports: Azure Virtual Desktop typically doesn't require public inbound ports, so it's advisable to select "No."
4. Domain to Join
Select the directory type, Azure Active Directory or Active Directory and provide relevant parameters based on your selection.
5. Creating Virtual Machine Administrator Account
Define the local administrator account for your session host VMs:
- Username: Specify a username.
- Password: Set a password.
- Confirm Password: Re-enter the password for confirmation.
6. Finishing the Custom Configuration
- ARM Template File URL: If you wish to incorporate an additional ARM template during deployment, you can provide the URL here.
- ARM Template Parameter File URL: Please input the URL pointing to the parameter file for the ARM template.
7. Applying Licensing
To ensure proper licensing for your session hosts for Microsoft Azure Virtual Desktop, you need to complete the following tasks:
- Windows or Windows Server License: With the necessary licenses to run Microsoft Azure Virtual Desktop workloads, you can apply a Windows Server license to your session hosts. This allows you to run them without incurring additional licensing costs. This licensing is automatically applied when creating session hosts with the Azure Virtual Desktop service. However, if you create session hosts outside of Azure Virtual Desktop, you may need to apply for the license separately.
- Remote Desktop Services (RDS) Client Access License (CAL): If your session hosts run a Windows Server OS, then from a Remote Desktop Licensing Server, you must also provide a Remote Desktop Services (RDS) Client Access License (CAL).
Azure AD-Joined Session Hosts
If your users will be connecting to session hosts joined to Azure Active Directory, you should perform the following tasks:
- Assign RBAC Roles: To enable users to connect to session hosts joined to Azure Active Directory, assign them the Virtual Machine Administrator Login RBAC role or Virtual Machine User Login. This assignment can be done on each virtual machine, the entire subscription, or the resource group containing the virtual machines. Assigning the Virtual Machine User Login RBAC role on the resource group containing your session hosts to the same user group as the one assigned to the application group is recommended.
- Custom RDP Properties: You should add the custom RDP property "targetisaadjoined:i:1" to the host pool's RDP properties for users connecting from Windows devices not joined to Azure AD or non-Windows devices,. This configuration allows these connections to enter usernames and passwords as credentials when signing into a session host.
By following these steps, you can ensure proper licensing and configuration for your Azure Virtual Desktop session hosts and enable user access for Azure AD-joined session hosts.
Endnote: Move Ahead with Jade
Jade, a certified Microsoft partner, specializes in delivering comprehensive Microsoft Azure Services to empower businesses to harness the complete capabilities of the Azure ecosystem. With our profound expertise in Microsoft Azure Services, we guarantee a seamless integration process and a frictionless shift towards Virtual Desktop Infrastructure (VDI), ultimately enabling your organization to excel in the contemporary digital workspace.