Azure Virtual Desktop is a desktop and application virtualization service that runs in the Azure cloud. This article helps Desktop Infrastructure Architects, Cloud Architects, Desktop Administrators, or System Administrators explore Azure Virtual Desktop and build virtualized desktop infrastructure (VDI) solutions at the enterprise scale. Enterprise-scale solutions generally cover 1,000 virtual desktops and above.
Potential use cases
Most demand for enterprise virtual desktop solutions comes from:
Security and regulation applications like financial services, healthcare, and government.
Elastic workforce needs like remote work, mergers and acquisitions, short-term employees, contractors, and partner access.
Specific employees like bring your own device (BYOD) and mobile users, call centers, and branch workers.
Specialized workloads like design and engineering, legacy apps, and software development tests.
Architecture
Components
Azure Virtual Desktop service architecture is similar to Windows Server Remote Desktop Services. Microsoft manages the infrastructure and brokering components, while enterprise customers manage their own desktop host virtual machines (VMs), data, and clients.
Components Microsoft manages
Microsoft manages the following Azure Virtual Desktop services as part of Azure :
Web Access:
The Web Access service within Window Virtual Desktop lets users access virtual desktops and remote apps through an HTML5-compatible web browser as they would with a local PC, from anywhere on any device. You can secure Web Access using multifactor authentication in Azure Active Directory.
Gateway:
The Remote Connection Gateway service connects remote users to Azure Virtual Desktop apps and desktops from any internet-connected device that can run an Azure Virtual Desktop client. The client connects to a gateway, which then orchestrates a connection from a VM back to the same gateway.
Connection Broker:
The Connection Broker service manages user connections to virtual desktops and remote apps. The Connection Broker provides load balancing and reconnection to existing sessions.
Diagnostics:
Remote Desktop Diagnostics is an event-based aggregator that marks each user or administrator action on the Azure Virtual Desktop deployment as a success or failure. Administrators can query the event aggregation to identify failing components.
Extensibility components:
Azure Virtual Desktop includes several extensibility components. You can manage Azure Virtual Desktop using Windows PowerShell or with the provided REST APIs, which also enable support from third-party tools.
Components you manage
Customers manage these components of Azure Virtual Desktop solutions :
Azure Virtual Network:
Azure Virtual Network lets Azure resources like VMs communicate privately with each other and with the internet. By connecting Azure Virtual Desktop host pools to an Active Directory domain, you can define network topology to access virtual desktops and virtual apps from the intranet or internet, based on organizational policy. You can connect an Azure Virtual Desktop to an on-premises network using a virtual private network (VPN), or use Azure ExpressRoute to extend the on-premises network into the Azure cloud over a private connection.
Azure AD:
Azure Virtual Desktop uses Azure AD for identity and access management. Azure AD integration applies Azure AD security features like conditional access, multi-factor authentication, and the Intelligent Security Graph and helps maintain app compatibility in domain-joined VMs.
AD DS:
Azure Virtual Desktop VMs must domain-join an AD DS service, and the AD DS must be in sync with Azure AD to associate users between the two services. You can use Azure AD Connect to associate AD DS with Azure AD.
Azure Virtual Desktop session hosts:
A host pool can run the following operating systems:
o Windows 7 Enterprise
o Windows 10 Enterprise
o Windows 10 Enterprise Multi-session
o Windows Server 2012 R2 and above
o Custom Windows system images with pre-loaded apps, group policies, or other customizations
You can choose VM sizes, including GPU-enabled VMs. Each session host has an Azure Virtual Desktop host agent, which registers the VM as part of the Azure Virtual Desktop workspace or tenant. Each host pool can have one or more app groups, which are collections of remote applications or desktop sessions that users can access.
Azure Virtual Desktop workspace:
The Azure Virtual Desktop workspace or tenant is a management construct to manage and publish host pool resources.
Personal and pooled desktops
Personal desktop solutions, sometimes called persistent desktops, allow users to always connect to the same specific session host. Users can typically modify their desktop experience to meet personal preferences and save files in the desktop environment. Personal desktop solutions:
Let users customize their desktop environment, including user-installed applications and saving files within the desktop environment.
Allow assigning dedicated resources to a specific user, which can be helpful for some manufacturing or development use cases.
Pooled desktop solutions, also called non-persistent desktops, assign users to whichever session host is currently available, depending on the load-balancing algorithm. Because the users don't always return to the same session host each time they connect, they have limited ability to customize the desktop environment and don't usually have administrator access.
Windows servicing
There are several options for updating Azure Virtual Desktop instances. Deploying an updated image every month guarantees compliance and state.
Microsoft Endpoint Configuration Manager (MECM) updates server and desktop operating systems.
Windows Updates for Business updates desktop operating systems like Windows 10 multi-session.
Azure Update Management updates server operating systems.
Azure Log Analytics checks compliance.
Deploy a new (custom) image to session hosts every month for the latest Windows and applications updates. You can use an image from the Azure Marketplace or a custom Azure-managed image.
Relationships between key logical components
Considerations
Numbers in the following sections are approximate. The numbers are based on a variety of large customer deployments, and they might change over time.
Also, note that:
You can't create more than 500 application groups per single Azure AD tenant.
We recommend that you don't publish more than 50 applications per application group.
Azure Virtual Desktop limitations
Azure Virtual Desktop much like Azure has a number of service limitations that you need to be aware. You can address some of these limitations in the design phase to avoid changes in the scaling phase.
Pricing
Architect your Azure Virtual Desktop solution to realize cost savings. Here are five different options to help manage costs for enterprises:
Windows 10 multi-session:
By delivering a multi-session desktop experience for users that have identical compute requirements, you can let more users log onto a single VM at once, resulting in considerable cost savings.
Azure Hybrid Benefit:
If you have Software Assurance, you can use Azure Hybrid Benefit for Windows Server to save on the cost of your Azure infrastructure.
Azure Reserved Instances:
You can prepay for your VM usage and save money. Combine Azure Reserved Instances with Azure Hybrid Benefit for up to 80 percent savings over list prices.
Session host load-balancing:
When setting up session hosts, Breadth-first is the standard default mode, which spreads users randomly across session hosts. Depth-first mode fills up a session host server with the maximum number of users before it moves on to the next session host. You can adjust this setting for maximum cost-benefit.
Comments