Global contingency has brought back the projects of desktop virtualization of an entire company. It is possible to centralize the management of desktops and save costs when you think on Virtual Desktops. However, despite remote work being a couple of years old for IT folks, enabling it for an entire business could be more challenging.
If you are facing a similar challenge now, please consider the following experience and simple recommendations. This is not a step-by-step deployment guide; it just focuses on some adventures to deploy an urgent project of Windows Virtual Desktop for more than 2000 users in two weeks. It tries to highlight some key points that were identified during the deploy in a production environment.
Windows Virtual Desktop (WVD) is a cloud-based virtualization solution running on the Microsoft Platform, which is an elastically scalable service that delivers remote desktop and remote app experiences without having to manage the underlying server infrastructure.
Before to continue, let’s get familiarized with some concepts:
In addition to the Azure Prerequisites and licensing, we highly recommend thinking on the following topics to understand possible inconvenience during the deployment into production.
Managing the requirements
Ensure different user from all business units and operating systems are involved during initial project conversations. Define which users require a dedicated single-session and which ones can accommodate in a sharing sessions. Also consider users accessing just a remote application and, why not, users with a physical machine.
On top of that, we recommend analyzing total users, concurrency, and estimate hours per week and possible compute available for the project.
Those definitions allow us to plan the right infrastructure that will give the best experience identifying the workload type: Power, Heavy, Medium, or Light users.
Also consider understand the security controls that need your company for remote users, related to Networking, there are several ways you can limit traffic, including using Azure Firewall and Network Virtual Appliances or Proxy, but this is another project.
Analyze the level of management you want to administer for the solution, this project required automated deployment and autoscaling and monitoring. Nerdio manager for WVD was chosen for this project due to the simplification of these activities. Updating of OS images as well as user control was streamlined.
Legacy Applications
Considering that Windows 7 single-session and Windows Server 2012 R2 and higher are supported, If your WVD scenario is multi-session you need to understand which applications works on those environments because multi-session is based on Windows10, allowing to use one worker to host several users. Companies tend to think about WVD as a response to legacy systems. Yes, it is the alternative to address Windows 7 End of Support, but we need to check status of legacy applications and policies about image distributions. Validate with your Operative Systems Team which percentage of applications has been tested to works with Windows 10. Hopefully, those are many today, but you should feel comfortable asking: “Hey, SO guys, can we deploy Windows 10 considering that our standard is Windows 7 as corporate Desktop?” If you are going for a deployment in a shared scenario, it’s important to know what happen if you want to publish client-server applications and must check the behavior of them in a multi-session (pooled) environment.
How can we size the environment?
You can run an estimation by defining total users, peak concurrency, usage hours and the scenario: multi-session or single-session. Costs are mainly driven by VM instances, where numbers of instances and instance size are the main parameters to pick up.
Depending on your industry, you may know which hardware footprint/configuration tends to work well with a typical user. But do you know how much memory consume a typical user in their notebooks? How many browser tabs they keep opened along the day?
To give the same experience in a Virtual Desktop, it is necessary to add this variable to our sizing to define users with personal desktop and other sharing sessions. To make it easier, in our case we grouped users into 4 zones and hence 4 Host pools and 4 File Shares to manage the profile. This allowed us to manage different maintenance windows, impacting a small number of users. You can also use such zones to differentiate users, for example those with more compute than others.
We considered a sizing with Standard D8s v3 VMs for Host Pools with premium disks. We had an average of 20 concurrent users. To size the profile, we considered a size range of 5-10GB (which averages around 8GB) and 5 IOPS per user profile to select the VM with correct IOPS.
Other choice is using NetApp Files if you need to deploy a complete PaaS scenario to manage the profiles. It´s a better option if you don´t want to manage Windows File Sharing in an IaaS environment.
Use Azure Calculator, remember to use saving options with reserved instances, but we recommend waiting until the project is in production and understand the operation. If you reserve the instances and then you figure out that the quantity of VMs is lower than needed, you can cancel an Azure Reserved VM Instance at any time.
Image
Ensure spending enough time until your image baseline works well.
Recommended Settings for WVD Master Image:
If you will use multi-session, you must use shared computer activation to install Office, this lets you to deploy Microsoft 365 Apps to this image that will be accessed by multiple users. Check the Office operation several more times after installed. Consider attention to understand how shared computer activation works.
How many browsers will be installed on the image? Do they need some particular security configuration? Or you do control everything by corporate policies? Ask all these questions with your team and make sure Help Desk will not have receive cases due to application malfunctions.
Follow this article to customize a master image.
Profile Management
Profile Management enables a profile to follow the user regardless on which device they log on. Typically, every user logging on to an operative system has a locally stored user profile. A user profile is a collection of settings and information associated with a user (e.g. individual theme, background, OneDrive sign-in).
FSlogix is a next-generation app-provisioning platform recommended that reduces the resources, time and labor required to support virtualization.
Either if you are building the image by yourself or by using a 3rd party tool like Nerdio, Citrix or VMware, FSLogix Agent needs to be configured defining a central fileshare (SMB, NetApp Files or Azure Files). Optionally, you can manage it with the available ADMX Templates, but only implement the items which are absolutely necessary.
In this case, SMB fileshare were used to store the profiles so for securing access it is required to check weather WVD users have read/write permissions on that File Share. Several times it happens that a new user complained to Help Desk saying: “I have an error and it say “FSlogix, the user profile failed to attach.”.
FSlogix – Profiles
Deploy & Monitoring
Before the production deployment it is recommended to configure a Host Pool with a few of Workers: two or three. The idea is to see the behavior of your image and test all the applications again with a user granted to use WVD. Typically, you will look after how Office applications work, language, time zone, etc.
Sepago is a cloud-native solution to monitor WVD environments at very low level of the host pools, users, sessions, and applications. We configured Sepago to use an agent looking after events, performance consumption, network activities and more regarding each user experience in our WVD environment. The agent combine data from different sources and send them to your Log Analytics workspace in Azure.
How to enable Sepago in your deployment? here is a high level of the steps
Dashboards looks like this:
WVD also offers a diagnostics feature that allows the administrator to identify issues through a single interface. This feature logs diagnostics information whenever the Windows Virtual Desktop role is used. Each log contains information about which Windows Virtual Desktop role was involved in the activity, any error messages that appear during the session, tenant, and user information. The diagnostics feature creates activity logs for both user and administrative actions.
However, getting more detailed information may need to dive into the logs to find the answer: “Can I know what time a user logged in? How to identify where is the user connected from?”.
In those cases you need to use the Kusto query language to create your own Log Analytics queries. Here you can find some examples. In our case we saved those query in Log Analytics to use in a Logic App that allows send everyday information about user’s connections.
Other advices
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.