Forum Discussion

simondury's avatar
simondury
Copper Contributor
Jul 11, 2024

DNS configuration in Azure With an Azure DC VM

Hi,   I'm thinking about to create an architecure for a customer who want to migrate all onpremise ressources to Azure. Currently, they have 1 DC, 1 Connection Broker, 7 RDS and 1 app servers (All...
MathieuVandenHautte's avatar
MathieuVandenHautte
Iron Contributor
Jul 11, 2024

Hi Sim

I recommend using in Azure:
- One (or two) domain controllers (with the DNS server role)
- Multiple Azure Virtual Desktop session hosts, joined to the ADDS domain
- Azure Files
- A Network Virtual Appliance, acting as a VPN server (IPsec) and firewall

On premises, I recommend using a security appliance, acting as a:

- VPN server (IPsec)
- DNS server (resolver and forwarder)
- DHCP server

simondury's avatar
simondury
Copper Contributor
Jul 11, 2024

Thank you MathieuVandenHautte 

 

It seems the best approach.

I was thinking that use DNS role on DC will be to old school in Azure.

 

So the AVD SH can be in hybrid with Entra ID to manage some aspects with Intune?

 

Do you recommend to join Azure files (for enterprise datas like Word, Excel, not fslogix) into ADDS or use Microsoft Entra Kerberos?

 

Thank you for your help.

 

 

 

 

  • MathieuVandenHautte's avatar
    MathieuVandenHautte
    Iron Contributor
    Jul 11, 2024

    Hi simondury

    In most cases, you don't need Intune and classic GPO's will still do the trick.
    Regarding shared data, most of the time I use Azure files using AD DS and sometimes even a classic fileserver (Azure VM).
    If you go the classic fileserver road, you might also want to manage your users profile containers (FSlogix) there.

Resources