cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Azure Virtual Desktop connectivity to a application hosted on Azure VMs.

David-Haver
Copper Contributor

‎Sep 10 2021 07:21 AM

‎Sep 10 2021 07:21 AM

Azure Virtual Desktop connectivity to a application hosted on Azure VMs.

I have a customer who is deploying Azure Virtual Desktops.  They are also looking to move an application to run on Azure VMs.  This application would use AAD authentication so there would be no need to have an S2S VPN.  What I am trying to figure out is how the users of the virtual desktops would get access to the application running on Azure VMs.  Is that something that can be done via remote apps so that I don't have to expose the application to the internet?  Do I have to setup something like Azure Firewall to put the application behind to then allow the users to securely access the application?

 

 

994 Views
0 Likes
4 Replies
Reply
4 Replies
David-Haver

‎Sep 10 2021 08:55 AM

‎Sep 10 2021 08:55 AM

Re: Azure Virtual Desktop connectivity to a application hosted on Azure VMs.

Here is a different way to look at this question. What is the best way for user of Azure Virtual Desktops to access and a web application running on VMs in the same subscription? Can that be done without exposing the web application to the internet?
0 Likes
Reply
Sanjay Singh

‎Sep 16 2021 09:52 AM

‎Sep 16 2021 09:52 AM

Re: Azure Virtual Desktop connectivity to a application hosted on Azure VMs.

You may try to publish the application on internal hostname or url and restrict Restrict the others except AVDs on NSG level to access the app.
0 Likes
Reply
David Pazdera

‎Sep 16 2021 10:51 AM

‎Sep 16 2021 10:51 AM

Re: Azure Virtual Desktop connectivity to a application hosted on Azure VMs.

Hi @David-Haver,

 

This should be absolutely possible. With AVD you fully control the networking setup and configure what VNet is used for session hosts. AVD session hosts are regular Azure VMs, so depending on some additional requirements you might have with regards to isolating your AVD environment and those business apps you plan to host on Azure VMs, you could either:

  • host application VMs in the same VNet as your AVD session hosts, only in a different subnet
  • host those VMs in a different VNet that could then be peered with the AVD Vnet

In both scenarios, you can use Network Security Groups to control what traffic from AVD hosts is permitted to your application VMs. There is no need to publish your app to the Internet (attach a public IP address to the VM), network traffic between session hosts and the app servers can stay private.

0 Likes
Reply
Chandrasekhar_Arya

‎Oct 06 2021 07:51 AM - edited ‎Oct 06 2021 07:53 AM

‎Oct 06 2021 07:51 AM - edited ‎Oct 06 2021 07:53 AM

Re: Azure Virtual Desktop connectivity to a application hosted on Azure VMs.

you can use remote application groups and then define how the user/devices that are allowed to access the remote application group either via Azure AD conditional policies and Microsoft Intune. also if you are using Hub and spoke architecture control the access via Azure firewall in total you need to use Azure AD conditional access , Microsoft Intune and NSG and Azure firewall to explore the available options 

0 Likes
Reply