In today's post-COVID 19 world, it has become crucial for businesses to enable remote work strategies for their teams while enhancing security, reducing infrastructure costs, and simplifying overall IT management. Azure Virtual Desktop allows users to continue to work in any location using Microsoft's latest desktop and application virtualization cloud technology, enabling companies to provide a secure, productive experience in this ever-changing world.
This book provides a complete guide to Azure Virtual Desktop. We will start with the essentials for understanding desktop virtualization, as well as planning, designing, implementing, and supporting an Azure Virtual Desktop environment.
Virtual Desktop Infrastructure (VDI), also known as Desktop Virtualization, refers to virtualization and virtual machines that provide and manage virtual desktops. Users access these virtual machines remotely from any supported device, including remote locations, and the compute processing is completed on the host server. Users connect to their virtual desktop sessions through a connection broker. This broker is essentially a software layer that acts as the intermediary between the user and server, enabling the orchestration of user sessions to virtual desktops or published applications.
VDI is usually deployed in an organization's data center and managed by its IT department. Typical on-premises providers include Citrix, VMware, and Remote Desktop Services. VDI can be hosted on-premises or in the cloud. Some organizations use the cloud to scale virtual desktop environments, enabling a hybrid capability that allows IT admins to meet changing organizational demands quickly.
Azure Virtual Desktop is a desktop and app virtualization service that runs on Microsoft Azure. Azure Virtual Desktop works across devices, including Windows, Mac, iOS, Android, and Linux, with apps that you can use to access remote desktops and apps. You can also use modern browsers to access Azure Virtual Desktop.
Users have the freedom to connect to Azure Virtual Desktop from any capable device over the internet. You can use an Azure Virtual Desktop client to connect to published Windows desktops and applications. There are three flavors of client that you can use to connect: a native application on the device, a mobile app, or the Azure Virtual Desktop HTML5 web client.
You can improve application performance on session host virtual machines (VMs) by running apps near services by connecting to your data center or the cloud. This will reduce the risk of long loading times and keep your users productive.
User sign-in to Azure Virtual Desktop is much faster because user profiles are containerized using FSLogix profile containers. The user profile container is dynamically attached to the session host or VM in question at user sign-in. The user profile is made available and appears in the system exactly as a local user profile would.
You can provide individual ownership to session desktops using personal (persistent) desktops for those specific use cases. For example, you may want to offer personal remote desktops for members of a web development team. They would be able to add or remove programs without impacting other users on that virtual desktop.
Azure Virtual Desktop provides centralized security for users' desktops with Azure Active Directory (Azure AD). You can further enhance security by enabling multi-factor authentication (MFA) to provide secure user access. You can also secure access to data by using Azure's granular role-based access control (RBAC) for users.
Azure Virtual Desktop separates the data and apps from the local hardware and runs both resource types on a remote server. The risk of confidential data being left on a personal device is significantly reduced when using Azure Virtual Desktop.
User sessions can be isolated in both single and multi-session virtual desktop deployments.
Azure Virtual Desktop improves security by using reverse connect technology, a more secure connection type than the Remote Desktop Protocol (RDP). However, the session hosts do open inbound ports to the session host VMs.
Azure Virtual Desktop is a Microsoft Azure service that's familiar to Azure admins. You use Azure Active Directory and RBAC to manage access to resources. With Microsoft Azure, you are provided with the tools to automate VM deployments, manage VM updates, and provide disaster recovery.
As with other Microsoft Azure services, Azure Virtual Desktop uses Azure Monitor for monitoring and alerts. This allows IT admins to identify issues through a single interface.
Azure Virtual Desktop provides you with options to load balance users on your VM host pools. Host pools are collections of VMs with the same configuration assigned to multiple users.
You can configure session load balancing to occur as users sign in to session hosts, also known as breadth mode. Breadth mode essentially means that users are sequentially allocated across the host pool for your workload. You also have the option to configure your VMs for depth mode load balancing to save costs, where users are fully allocated on one VM before moving to the next. In addition, Azure Virtual Desktop provides the tools and the capability to automatically provision additional VMs when incoming demand exceeds a specified threshold.
Azure Virtual Desktop enables and headlines Windows 11 and 10 Enterprise multi-session since they are the only Windows operating systems (client-based) that enable multiple concurrent users on a single Windows 11/10 VM.
Azure Virtual Desktop also provides a familiar experience with broader application support than the traditional Windows Server-based remote desktop solutions.
Azure Virtual Desktop is available at no additional cost if you have an eligible Microsoft 365 license. However, it is important to note that you pay for the Microsoft Azure resources that are consumed by Azure Virtual Desktop:
Azure Virtual Desktop is easier to deploy and manage than traditional RDS or VDI environments. You don't have to provision and manage servers and server roles such as the gateway, connection broker, diagnostics, load balancing, and licensing.
The following diagram shows what services Microsoft manages and what you manage:
Azure Virtual Desktop provides a virtualization infrastructure as a managed service. Azure Virtual Desktop's core components are as follows:
Windows Virtual Desktop uses Azure infrastructure services for compute, storage, and networking.
Now, let's look at what you, as the customer, manage. First, we'll look at the desktop and remote apps part of Azure Virtual Desktop.
With this option, you can create application groups to group, publish, and assign access to remote apps or desktops:
Now, let's look at the customer responsibilities for management and policies:
This chapter provided an introduction to Azure Virtual Desktop, some of the key benefits of the service, and an overview of its components and capabilities. In the next chapter, we will look at designing an Azure Virtual Desktop architecture.