On the 30th of April the Spring Update Release of Windows Virtual Desktop (WVD) entered Public Preview.
This means anyone can go to the Azure Portal and deploy an WVD Workspace and test the new capability. This article discusses the new updates and capabilities in this new release, as well as changes and other items you need to consider when deploying Spring Update WVD deployments.
"Spring Update"
First thing - the name, "Spring Update". WVD is now a first class Azure service (more on that below). Azure does not have versions. It is a platform that gets constant updates continually dropped in. This is the same with WVD. As such this is the set of updates being applied in the Spring. WVD receives many continuous updates, however major changes such as this shift to ARM are bundled into a larger periodical update. Expect future continuous updates to be dropped into platform in the future in a similar manner, with some larger updates getting some kind of seasonal naming.
WVD is now an ARM service
Up to this point WVD has not been an Azure Resource Manager service. But rather the WVD objects have all existed within a separate database. With the Spring Update all WVD objects now are ARM resources in their own right. Azure Resource Manager is the service that sits between the user and the underlying Azure Fabric and is responsible for the provisioning and management of all Azure services. This is achieved by "Resource Providers". Each Azure service has a resource provider i.e. Compute Resource Provider, that ARM can interact with to construct a Virtual Machine for example. More information on ARM is here.
WVD becoming an ARM service has a number of benefits all of its own summarised below:
Azure AD Groups
Up until the Spring Update it was only possible to publish RemoteApps and Desktops to individual users. Now in ARM you can publish these to Azure AD Groups, which is a significant improvement and time saver in its own right.
Azure RBAC for access control
In WVD there are four RDS specific admin roles, that can be applied against the tenant or host pools. This has now been moved into native Azure Role Based Access Control. This can be applied at every single WVD ARM object enabling you to have a full rich delegation model.
Azure Portal Integration
This is a big one for most customers. Prior to the Spring Update the options to manage a WVD tenant was, PowerShell or a simple Management App Service Web App, or a third party tool. The Azure portal was shown a long time back by Scott Manchester but this now goes live, more info below.
Dedicated Scale out capability
Prior to the spring update if you wanted to scale out a host pool you would run the Azure Marketplace deployment or the Github template a second time and reference the existing Resource Group and Host pool. You would specify the number of VM's you wanted to end up in the host pool, i.e. 10. If your host pool had five VM's it will deploy five VM's to make up the difference.
Now with Spring Update there is a specific option to scale out your host pool - no need to rerun anything, and you just specify how many VM's you want to add, more info below.
Shared Image Gallery
The Host Pool deployment now is fully integrated with Azure Shared Image Gallery SIG is a separate Azure service for the storage of VM image definitions, that includes versioning, which opens the door for monthly (or any cadence) updates to your image. The image has a property called "latest" that allows you to just reference the image definition every time and SIG will supply the latest image version every time seamlessly. Hence you can automate the session host pool deployment to always use your latest build which includes the latest patches, or application updates etc. It also manages the replication of the images to any Azure region around the globe, so that you don't have to, as well as the number of replica's which is important if you require a large number of deployments. The more replica's you have the higher the throughput. SIG is integrated into the Host pool creation process, as well as the expansion process.
WVD Monitoring
Again consumption of monitoring information was via either PowerShell or another Diagnostics App Service Web App. This has now been moved into Log Analytics within the Azure portal natively. Each WVD ARM object can independently be connected to the same or a different Log Analytics Workspace form where you can run Kusto queries or you can integrate with PowerBI to create visual reports
Consent for consuming Azure Active Directory
The very first step in creating a WVD tenant was to consent for the WVD service to use your specific AAD tenant. This was because the WVD service was not a first class Azure citizen. Now that it is, there is no longer a requirement for this consent to happen. However, note that with the consent page you could specify exactly what AAD tenant you wanted to use for user authentication into the WVD service i.e. it could be separate to the AAD tenant that your Azure subscription that you deploy the WVD session hosts into is itself linked to. Now with ARM the AAD tenant that your Azure subscription is the same AAD tenant used to authenticate your users to WVD, as well as provide RBAC controls for your admin users. Hence your selection of an appropriate Azure subscription is more critical as you have slightly less flexibility than before.
Service meta-data storage location
The meta-data, i.e. the data about your deployment or all of the configuration of your overall deployment used to be only stored in the US. Starting with the Spring Update you will be able to select alternative locations staring with additional US regions, then the European geography, and additional locations will also become available over time. This is great for organizations with data sovereignty requirements.
PowerShell support
Prior to the Spring Update there was a RDS specific PowerShell module. This has now been replaced with WVD support being integrated with existing Az module: AzWvd. This is supported in PowerShell Core which runs on .NET Core. E.g. Get-AzWvdWorkspace. To install just run: Install-Module Az.DesktopVirtualization, and then run: Get-Command-Module Az.DesktopVirtualization to get a list of available commands.
Final consequence of the WVD objects moving to ARM is that they inherit a largely flat hierarchy rather than the top down hierarchy. This is illustrated here:
Some things that need to be considered as part of this change to the ARM object model are:
Azure Portal
This is the most visual of updates and what most customers and partners ask me about. So let's take a look at the new user experience, and create all of the WVD ARM objects.
As WVD is now an ARM object you need to register the Windows Virtual Desktop ARM Resource Provider. This enables you to interact with the service that orchestrates WVD within the ARM service.
Before we create anything, I have already created a Workspace, Host Pool and Application Groups. It's important to see that when you create hew Host pools and Application Groups you can register them with existing objects, or choose not to.
This is the Host Pool View:
This is the Application Groups View:
This is the Workspaces View:
Just to demonstrate that all of these ARM objects also reside within a Resource Group, in my case one single Resource Group, but you can place them in any Resource Group.
If you go back to the Overview tab the UI suggests creating a host pool first. However you could create a Workspace first if you wanted to if you wanted to follow the previous top down hierarchy.
Creating the host pool
If you have deployed a host pool prior to the Spring Update you will recognize most of the questions that need to be answered as well as the format.
Creating the Application Group
So we have a new host pool with a Desktop Application Group published to some users, lets now create a group to present actual applications directly - what's known as a RemoteApp Group.
This will deploy Your Application Group and Register it to your Workspace.
Create the Workspace
The third piece of the puzzle is to have a Workspace. This translates to a tenant in the previous model. You may well want to create this object first (at least that's how I have done this)
This will now create you a Workspace. If you open any of the WVD clients and log in as a user who had been assigned to the application group you should now see your workspace and those applications.
Note that throughout all of this the Host pool, Application Group and Workspace all need to be in the same Azure region to be associated with each other.
Scaling out a host pool
Prior to the spring update if you wanted to scale out a host pool you would run the Azure Marketplace deployment or the Github template a second time and reference the existing Resource Group and Host pool. You would specify the number of VM's you wanted to end up in the host pool, i.e. 10. If your host pool had five VM's it will deploy five VM's to make up the difference.
Now with Spring Update there is a specific option to scale out your host pool - no need to rerun anything.
On the Virtual Machines section, you just need to complete all the standard answers as before. The only difference is the Number of VMs. In here enter the number of new VM's you want to have deployed and added to this Host Pool:
On the Virtual Machines section, you just need to complete all the standard answers as before. The only difference is the Number of VMs. In here enter the number of new VM's you want to have deployed and added to this Host Pool.
Also the host name can not be changed, and the prefix is hardcoded to the pre-existing prefix. In my example it will add four session hosts, and as I have one existing VM called test2-0 it will create test2-1 through to -4.
RDP Settings
Another nice feature is the ability to set RDP Custom properties for each host pool directly in Azure Portal. This was previously only possible via PowerShell. Go to the Host pool and Properties, the RDP Settings. Here you enable any of the options you need.
WVD Monitoring
Each WVD ARM can be directly linked to either Log Analytics, Event Hub, or to Azure Storage.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.