This chapter takes a look at creating host pools and deploying session hosts. We will cover the creation process first using the Azure portal in the web browser and then using PowerShell, which is great for automation and repeat processes.
The following topics are covered in this chapter:
In this section, we'll look at creating and configuring host pools and session hosts. Host pools are essentially a collection of one or more virtual machines (VMs) within Azure Virtual Desktop (AVD) environments. These are typically identical and are created from a central image or the Azure Gallery, or a custom image. We'll also take a look at Azure Compute Galleries for template deployment in Chapter 9, Creating and Managing Session Host Images. In addition, each host pool can contain app groups that are used for user assignments. This section looks at creating a host pool for AVD through the Azure portal.
Before we get started, you need to ensure you have the following host pool prerequisites ready:
Important Note
You need to ensure that a virtual network exists in the Azure region of your choice and that it has a "line of sight" with the domain.
You also need to consider the following:
Tip
Make sure you have registered the Microsoft.DesktopVirtualization resource provider before attempting to deploy a host pool. When using an account with Global Administrator admin rights, the registration is automatically done during the host pool creation.
In this section, we will create our first host pool using the Azure portal:
Important Note
If you're signing in to the US government portal, go to https://portal.azure.us/ instead.
The Azure geography associated with the Azure region you selected is where the metadata for this host pool and related objects will be stored. Make sure you choose the region inside the geography you want the service metadata to be stored in:
Important Note
The AVD service metadata is independent of the VM location. It is also important to understand that the metadata locations are not available for all Azure regions.
If you choose Pooled, you need to specify the following information:
Load balancing algorithm has the following two options:
Important Note
A workspace is a logical grouping of application groups within AVD. Each AVD application group must be associated with a workspace for users to see the remote apps and desktops published to the workgroup.
We now take a look at creating VMs within the Create a host pool tab.
When setting up your VM within the host pool setup process, you need to complete the following:
Important Note
Availability sets offer a 99.95% Azure Service Level Agreement (SLA) and essentially provide a logical grouping of VMs. Microsoft recommends that you use two or more VMs within an availability set to provide high availability.
Availability zones allow you to control where in the Azure region your VMs are stored. There are three availability zones per supported Azure region. Each zone has what Microsoft describes as a distinct power source, network, and cooling. This enables you to split session host deployments between different zones.
If you choose Gallery, select one of the images from the drop-down menu:
Important Note
The Gallery images created by Microsoft include the FSLogix agent. Microsoft maintains these and keeps them updated with the latest patches and updates.
This table was taken from https://docs.microsoft.com/azure/virtual-desktop/overview#supported-virtual-machine-os-image.
The following screenshot in Figure 6.9 shows you some of the images available within the Azure Marketplace:
If you choose Storage Blob, you can use your image build through Hyper-V or an Azure VM. To do this, you need to enter the location of the image in the storage blob as a URI.
Tip
The image's location is independent of the availability option, but the image's zone resiliency determines whether that image can be used with the availability zone. Therefore, if you select an availability zone while creating your image, make sure you are using an image from the Gallery with zone resiliency enabled.
Important Note
The deployment process can create up to 400 VMs while setting up your host pool, and each VM setup process creates four objects in your resource group. The creation process doesn't check your subscription quota, so you need to ensure the number of VMs you enter within the Azure VM and the API limits for your resource group and subscription do not exceed the maximums. You can add more VMs after you finish creating your host pool.
Tip
Microsoft recommends using Premium SSD for AVD session hosts. See Chapter 5, Implementing and Manage Storage for Azure Virtual Desktop.
Tip
Ensure the virtual network can connect to the domain controller as the VMs need to join the domain. You should configure the virtual network DNS to be configured with the IP address of your domain controller.
The following screenshot shows where you would configure the virtual network DNS to point to the domain controller:
If you choose the Advanced option, select an existing network security group that you have already configured.
Important Note
For enhanced security, Microsoft recommends that you don't open public inbound ports.
Tip
When you specify an organizational unit, make sure you use the full path known as the distinguished name (DN). You can find a DN by enabling advanced settings within Active Directory and navigating to the Attributes section of an organizational unit.
When joining an Azure Active Directory Domain Services (Azure AD DS) domain, the account must be part of the Azure AD DS Administrators group. Additionally, the account password must also work in Azure AD DS.
Important Note
It is now possible to join session hosts directly to Azure Active Directory.
We'll now move on to setting up your new host pool: registering an app group to a workspace.
The host pool deployment process creates a desktop application group by default. This is the default app group of a host pool. For the host pool to function correctly, you'll need to publish this app group to users or user groups, and you must also register the app group to a workspace.
To register the desktop app group to a workspace, you need to complete the following steps:
If you select No, you can register the app group later. However, Microsoft recommends you complete the workspace registration during the host pool deployment.
Tip
Adding tags to group the objects with metadata is helpful for IT admins.
Important Note
The Review + create validation process doesn't check whether your admin password meets security standards or your architecture is correct. You must check your deployment before continuing.
This starts the deployment process, which creates the following Azure objects:
After that, you just need to wait for your deployment to finish:
This section looked at creating a host pool and deploying VMs into the new host pool. We will now take a look at an automated approach to creating AVD host pools using PowerShell.
This section looks at setting up PowerShell for AVD and deploying a new host pool using PowerShell.
Before we can get started, you first need to install the PowerShell module for AVD. You can do this by opening PowerShell in elevated mode.
Tip
Make sure you install the Az module. If you haven't already done so, run the Install-Module -Name Az -Force command.
Once you have opened PowerShell in elevated mode, run the following cmdlet:
Install-Module -Name Az.DesktopVirtualization
The following screenshot shows you how to install the Az.DesktopVirtualization PowerShell module:
As shown in Figure 6.18, you may be asked to confirm whether you trust the repository.
Next, you will need to connect to Microsoft Azure using the following cmdlet:
Connect-AzAccount
Once you have run the cmdlet, you will then see the Sign in to your account popup:
Enter your username/password and any MFA details that may be requested.
The output from completing this process is shown in Figure 6.20:
As shown in Figure 6.20, once you have connected to Azure, you should see the details of any subscriptions in the tenant.
The final step is to select the required subscription you plan to deploy AVD resources into.
Select the subscription you want to use; you can use the out-gridview cmdlet to select the one you want:
Get-AzSubscription | Out-GridView -PassThru | Select-AzSubscription
Once you have selected the subscription you require, click OK. In this example, there is only one subscription available:
In this section, we looked at setting up PowerShell for AVD. It is important to ensure you have the correct PowerShell modules and Azure connectivity via PowerShell working before continuing. We will now move on to deploying a host pool using PowerShell.
In this section, we'll look at creating some resources for AVD using PowerShell.
We will use PowerShell to do the following:
Once connected to Azure via PowerShell following the instructions set out in the Setting up PowerShell for AVD section, you can start to deploy your AVD host pool using PowerShell.
First, we need to create a resource group.
To do this, you can use the following cmdlets:
New-AzResourceGroup -Name <Resource Group Name> -Location <Region>
Example:
#Create Resource Group
New-AzResourceGroup -Name az140pw -Location "UK South"
Once we have created the resource group, we can then proceed with creating the host pool:
New-AzWvdHostPool -ResourceGroupName "<Resource Group Name>`
-Name <Host Pool Name> -WorkspaceName <Workspace Name> -HostPoolType <Host Pool Type>
-LoadBalancerType <Load balancer method> -Location <Region> -DesktopAppGroupName <App group Name> -PreferredAppGroupType <App group type>
Example cmdlets used to deploy a host pool using PowerShell are as follows:
#Create Host Pool
New-AzWvdHostPool -ResourceGroupName "az140pw"`
-Name "pwdeployment" -WorkspaceName "workspacename1" -HostPoolType "Pooled"`
-LoadBalancerType "BreadthFirst" -Location "UK South"-DesktopAppGroupName "az140pw" -PreferredAppGroupType "Desktop"
Figure 6.22 shows the output from running the creation of both a resource group and host pool:
As shown in Figure 6.22 we have now deployed our host pool using PowerShell. You can find out more about the cmdlets for creating a host pool at https://docs.microsoft.com/en-us/powershell/module/az.desktopvirtualization/new-azwvdhostpool?view=azps-6.1.0.
You can check that the resource group and host pool have been created by navigating to the path in the Azure portal. As shown in the following screenshot, you can see the AVD resources have been deployed into the resource group:
The next step would be to create a registration token for the deployment of session hosts into a host pool. This can be done by using the following cmdlets:
New-AzWvdRegistrationInfo -ResourceGroupName <Resource group name> -HostPoolName <Host pool name> -ExpirationTime $((get-date).ToUniversalTime().AddHours(<hours eg (2)>).ToString('yyyy-MM-ddTHH:mm:ss.fffffffZ'))
The following provides an example of what the cmdlet should look like:
# create a registration token
New-AzWvdRegistrationInfo -ResourceGroupName az140pw -HostPoolName pwdeployment -ExpirationTime $((get-date).ToUniversalTime().AddHours(2).ToString('yyyy-MM-ddTHH:mm:ss.fffffffZ'))
The following screenshot, Figure 6.24, shows the output of generating a new registration token:
As shown in Figure 6.24, you can see that the new token has been generated ready for deploying VMs in a custom deployment. Token generation is taken care of natively.
Before we recap on deploying session hosts into a host pool, let's look at adding users and groups to a host pool via app groups.
To assign a user to an app group, you would use the following cmdlets:
New-AzRoleAssignment -SignInName <User UPN [email protected]> -RoleDefinitionName "Desktop Virtualization User" -ResourceName <App group Name> -ResourceGroupName <Resource Group Name> -ResourceType 'Microsoft.DesktopVirtualization/applicationGroups'
The following example shows the assignment of a user to an app group within a host pool:
New-AzRoleAssignment -SignInName [email protected] -RoleDefinitionName "Desktop Virtualization User" -ResourceName az140pw -ResourceGroupName az140pw -ResourceType 'Microsoft.DesktopVirtualization/applicationGroups'
The following screenshot, Figure 6.25, shows the output of running the New-AzRoleAssignment cmdlet:
Figure 6.25 shows the assignment of a user to the app group for the newly created host pool.
You can also assign a group rather than a user using the object ID of the group. You would use the following cmdlets to add a group to an app group:
New-AzRoleAssignment -ObjectId <Group Object ID> -RoleDefinitionName "Desktop Virtualization User" -ResourceName <App Group Name> -ResourceGroupName <Resource Group Name> -ResourceType 'Microsoft.DesktopVirtualization/applicationGroups'
An example showing the cmdlets to add a group to an app group is as follows:
New-AzRoleAssignment -ObjectId c203d0fa-a05a-40be-acd5-d203b252435a -RoleDefinitionName "Desktop Virtualization User" -ResourceName az140pw -ResourceGroupName az140pw -ResourceType 'Microsoft.DesktopVirtualization/applicationGroups'
The screenshot in Figure 6.26 shows the use of the New-AzRoleAssignment cmdlet to assign a group via object ID:
As shown in Figure 6.26, the group has been assigned to the app group.
Once we have finished setting up the host pool and assigning users and groups, we can add session hosts to the host pool. This is typically done using the UI. You can follow the steps detailed in the Creating VMs within the Create a host pool tab section.
To add VMs, you need to make sure that you have created a registration token and the previous one has not expired. If it has expired, you will need to run the Create registration token cmdlets script again to enable the ability to add VMs to the host pool.
The following details the process to add or expand a host pool by adding VMs:
The screenshot in Figure 6.27 shows the button to add session hosts to a host pool:
Figure 6.28 shows the Add virtual machines to a host pool page within the Azure portal for deploying VMs into a host pool:
Important Note
Although it's possible to edit the image and prefix of the VMs, Microsoft does not recommend editing them if you have VMs with different images in the same host pool. Edit the image and prefix only if you plan on removing VMs with older images from the affected host pool.
Tip
Ensure your admin names comply with the information given onscreen and MFA is not enabled on the account.
Tip
You can also deploy the host pool and create session host VMs using an ARM template. You can download an example from https://github.com/Azure/RDS-Templates/tree/master/ARM-wvd-templates.
It is also important to note that if you are using an automated process to build your AVD environment, you will need to use the latest configuration JSON file available. You can download this from https://wvdportalstorageblob.blob.core.windows.net/galleryartifacts/armtemplates/Hostpool_10-13-2021/CreateHostpoolTemplate.json.
You are now skilled with configuring PowerShell, then creating a resource group, deploying a host pool, generating a registration token, and configuring users/groups.
In this chapter, we looked a creating a host pool using the Azure portal and using PowerShell. We looked at some of the requirements and gotchas associated with creating a host pool and how to overcome them. We also deployed a host pool using PowerShell and assigned users access to the host pool via app groups.
In the next chapter, we will continue our journey through AVD and take a look at configuring host pools and session hosts. This includes creating Windows Server session hosts, configuring host pool settings, assigning users to host pools, and finally, applying updates and security and compliance settings to session hosts.