In this article, you will learn how to integrate Azure Virtual Desktop (AVD) session hosts that are joined to Azure AD with Azure NetApp Files (ANF). It will show you the reference architecture required to support this integration and demonstrate how users, logging in to AVD session hosts that are Azure AD joined, can access ANF seamlessly.
As businesses increasingly embrace remote work and cloud-based solutions, Azure Virtual Desktop (AVD) has emerged as a powerful platform for enabling secure and scalable virtual desktop experiences. To further enhance its capabilities, organizations can leverage Azure AD join, Azure NetApp Files, and FSLogix in conjunction with AVD session hosts. This powerful combination not only provides streamlined user management and authentication but also delivers high-performance storage and efficient profile management. This article will explore how customers can utilize AVD session hosts that are Azure AD joined with Azure NetApp Files and FSLogix, highlighting the benefits and advantages they offer.
This scenario will demonstrate how organizations that require the AVD session hosts to be Azure AD joined, can leverage ANF to host user profiles, home folders and departmental shares. It is important to note that this scenario still requires Active Directory Domain Services (ADDS) to be available within the infrastructure as ANF requires Active Directory Domain Services (ADDS) or Azure Active Directory Domain Services (AADDS) for authentication.
The observant amongst you will notice that this scenario does not solely use Azure AD, and still requires Active Directory Domain Services. The majority of customers will still have an Active Directory presence. However, those organizations that are looking to future proof AVD deployments and benefit from the management capability of Microsoft Intune can have the best of both worlds with this Hybrid approach.
Using Azure AD for authenticating hybrid user identities allows Azure AD users to access Azure NetApp Files SMB shares. This means your end users can access Azure NetApp Files SMB shares without requiring a line-of-sight to domain controllers from hybrid Azure AD-joined and Azure AD-joined VMs. Cloud-only identities aren't currently supported.
The diagram below shows a high-level overview of the scenario:
The following requirements need to be met to allow for this Hybrid configuration.
More information on how to install and configure Azure AD Connect can be found here.
The configuration for this scenario would be as follows:
With this configuration in place, once the user logins in via Azure AD, their user profile is stored on the ANF volume:
Within the user profile directory, you can see the FSLogix managed .VHD file and meta data:
Using the same credentials, the user can also map their home folder which is also hosted on an ANF volume:
The process is seamless to the user with no prompt for authentication.
The integration of Azure AD join, Azure NetApp Files, and FSLogix with AVD session hosts brings numerous benefits to organizations seeking robust virtual desktop solutions. By streamlining user management and authentication, providing high-performance storage, efficient profile management, and bolstering security measures, this combination empowers businesses to deliver seamless, productive, and secure virtual desktop experiences. Embracing these technologies ensures organizations can optimize their AVD environments for enhanced performance, scalability, and cost-effectiveness, driving productivity and empowering the modern remote workforce.
For more information also see Azure NetApp Files | Access SMB volumes from Azure Active Directory joined Windows virtual machines.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.