05-03-2019 06:00 AM
05-03-2019 06:00 AM
A lot of you know that Windows Virtual Desktop is now public preview. Lots of people wrote articles about it, and so did I. Most articles are covering information that is available everywhere, or just a subset of the service…
“If You Never Try, You'll Never Know” - Ben Francia
With this article, I’d like to cover the things you might not have caught. Some are deep(er) technical points, while some are just not part of the public message but still way too important not to share. It’ll hopefully help you as consultant or architect to bring the technical (and functional) message around Windows Virtual Desktop to your customers :smiling_face_with_smiling_eyes:!
If you are learning on Azure right now and want to quickly increase your brains with awesome cloud-related knowledge, as part of Project Byte-Sized we are releasing a new community book – covering Cloud principles and best practices in June. After a period of 3 months, we received a total number of 145 submissions from all over the globe (19 countries). Altogether 140 people contributed resulting in 300+ pages, which we think is truly awesome.
Catch a sneak preview here, so you know what names you can expect. It can help you gain knowledge from the best people in the community!
Byte-Sized Community survey, we asked almost 200 independent people if they already use Desktop-As-a-Service solutions and if they expect that Windows Virtual Desktop will have a major impact on DaaS going forward.
“Q2 - Once released, the Microsoft Windows Virtual Desktop #WVD will have a major impact on DaaS going forward“
To help you understand how Desktop-As-a-Service (DaaS) and traditional VDI are different from each other, I’ve had made this comparison matrix:
People that follow my blogs know that I explained the services and benefits earlier in this article. However, for the people who didn’t catch that yet, here is a short run-over.
“Windows Virtual Desktop, or WVD in short - is a born in the cloud Desktop-As-a-Service platform service offering on top of the Microsoft Azure Cloud. All the infrastructure services, such as brokering, web access, load-balancing, management and monitoring is all setup for you as part of the control plane offering. It also gives you access to the new Windows 10 Multi-User (EVD) Operating System – which is completely optimized for the sake of Office 365 ProPlus services, such as Outlook, OneDrive Files on Demand (per-machine), Teams etc.“
The only responsibility in terms of management effort is the golden images on top of Azure
Infrastructure-As-a-Service (IaaS). The rest is all managed for you through the Azure service SLAs. Sounds pretty cool, right?
For the people who lived offline the past 2 months, here are some things you must know before you start reading this article!
Azure RemoteApp was a great technology, but due to some problems it never took off and Microsoft decided to deprecate the service. Citrix Essentials was the replacement for certain use-cases in Azure IaaS as part of the Microsoft + Citrix increased partnership to emphasize the digital transformation to the Cloud.
Now, RemoteApp will be back in terms of functionality. The code is rewritten, and lessons learned from the past are used to improve the product. In case you were wondering about Windows 10 Multi-User, the answer is yes - you can use it with a RemoteApp solution.
One of the most interesting use-cases is consolidating your Win32 apps in Azure and place icons on the endpoint’s desktop - start menu and/or tiles in the start screen! The user doesn't see/know whether the app is locally installed or is running a RemoteApp in Azure. I personally think that this use-case will be very important for future Windows Virtual Desktop customers!
See below how fast and easy it works in conjunction with FSLogix/Microsoft Profile Containers as Profile Management solution!
The first step that you must do is the create the master image, or golden image in Citrix terms. Most often, this will be based on the new Windows 10 Enterprise for Virtual Desktops (Multi-User) Operating System, which is now available from the Azure Marketplace. After enrolling the server, you can start installing the application on the machine. When you’re done, you must capture the machine as an image to use as a base for your Windows Virtual Desktop deployment.
The Microsoft-managed control-plane is a completely redesigned infrastructure which leverages native Azure platform services to scale automatically. Think about Azure traffic manager for managing the RDP connection, Azure App Services in Azure for hosting the infrastructure services, and Azure SQL DB for hosting the RDS Brokering databases. Leveraging these services is the main reasons why this service is so cost-effective, which is the purpose of the Cloud and what it’s built for!
To give you a better understanding of how Windows Virtual Desktop connections work, I’m sharing the traffic flow. This is also useful for troubleshooting purposes.
Connecting from your endpoint to your Host Pool (session hosts in Azure Infrastructure-As-a-Service) works differently with Windows Virtual Desktop. It uses Reverse Connect, which means that no inbound ports need to be opened on the VM to setup the RDP connection.
Once the connection flow proceeds, bidirectional communication between your session hosts/host pool will go over port https (443). This port is almost always open from the inside to the outside, so it’s perfect for a remote connection to Windows Virtual Desktop!
See below in more depth how the traffic flow works.
Note: Windows Virtual Desktop can be used as worldwide service depending on your location and the location of the VMs. The control-plane persists currently in the US – east US 2 to be specific, however, your host pool can exist everywhere. Just remember your performance using a host pool outside of the US might vary until the control plane is added to other regions. If you set up a host pool in a non-US location with the US control plane, you will automatically switch to the local control plane when it’s rolled out for your region.
Migrating from your current Remote Desktop Solution – RDS environment to Windows Virtual Desktop is relatively easy. You could use Azure Site recovery to migrate your server infrastructure to Azure. Follow the next 5 steps after that and sessions can be launched via Windows Virtual Desktop.
Note: There are also ARM Templates available to automate the creation of the RDS Infrastructure components.
Having the best end-user experience for your users is probably one of the most important goals when using Desktop-As-a-Service. Though the cloud takes over a lot of management tasks after a migration, you’ll still need to handle image management. The following matrix gives a good baseline on how your Windows 10 Enterprise for Virtual Desktops (CVAD) must be sized for 4 types of users. The amount of data in your profile is depending on your settings, think about Outlook retention slider settings for example. Due to the support of OneDrive Files On-Demand, the storage allocation for files sync should be minimal.
The Windows Virtual Desktop Host Pool enrollment of the Azure Marketplace also advises your which Virtual Machine SKU in Azure fits best for the number of users you need / going to use.
Windows Virtual Desktop (WVD) is just released in Public Preview. What it also means is that the product will be improved before the GA release later this year.
Currently, there are some manual PowerShell tasks needed to assign Desktops and RemoteApps to your end-users or groups when you enroll in a WVD environment. Another thing that is missing in the public preview is a management console in the Azure Portal.
Both tasks will be simplified, and to give you a sneak preview – the following Azure Portal integration console will be part of the native solutions soon. It gives you the ability to manage and maintain desktop and RemoteApp assignments, check and change virtual machine status more.
Note: The new WVD management Portal below will be released after the GA date of Windows Virtual Desktop.
09-13-2019 12:14 AM
Thank you for your technical walkthrough.
We should control traffics between the WVD hostpool VMs and Internet by Network Virtual Appliance(NVA) deployed on Azure.
After we applied user defined route 0.0.0.0(nexthop: NVA) to the WVD hostpool VMs subnet, the access to the WVD hostpool VMs were stopped.
Could the WVD Broker and Gateway access via NVA to control the WVD hostpool VMs?