Windows Virtual Desktop
35 TopicsWindows Virtual Desktop learning and readiness resources
Would you like to learn more about Windows Virtual Desktop? Consider watching these Ignite sessions: Scott Manchester's Mechanics Live (20 minutes) Windows Virtual Desktop Overview (43 minutes) Windows Virtual Desktop Deep Dive (56 minutes) A tour of Microsoft Windows Virtual Desktop (20 minutes) Office in Virtual Desktop environments (53 minutes) New multi-session virtualization capabilities in Windows (32 minutes) Register via http://aka.ms/wvdpreview to be notified for the public preview which will launch later this year.7KViews16likes1Comment(Azure) Virtual Desktop Optimization Tool now available
Optimizing images has always been an important component of preparing images as part of a traditional Remote Desktop Services (RDS) infrastructure or virtual desktop infrastructure (VDI). Optimizing session hosts, in particular, can increase user density and eventually lower costs. With the Virtual Desktop Optimization Tool, you can optimize your Windows 10, version 2004 multi- and single-session deployments in Windows Virtual Desktop. Note: The information in this post is community-driven; nothing has yet been officially launched by the Windows Virtual Desktop product team. Credit goes to Robert M. Smith and Tim Muessig from Microsoft, previously known as the VDIGuys, for creating this tool and make it available for free for the community. Windows 10 multi-session image name change As noted in recent announcements, Office 365 ProPlus is now Microsoft 365 apps for Enterprise. With this name change, we have updated the Windows Virtual Desktop image names in Azure Marketplace. As a result, when you are looking for an image in the Azure Marketplace image gallery, you should begin by selecting Windows 10 Enterprise multi-session, version 2004 + Microsoft 365 Apps – Gen1 as your baseline image. How the Virtual Desktop Optimization Tool works The (Windows) Virtual Desktop Optimization Tool disables services in the operating system that you most likely won’t need for your Windows Virtual Desktop session host. To make sure that your line-of-business (LOB) applications continue running as they should, there are some preliminary steps that should first performed. Note: There are settings default disabled when you run the scrip out of the box such as AppX Packages for the Windows Calculator. We strongly suggest analyzing the tool via the JSON files that include the default settings. This also gives you the opportunity to enable them before running the tool so they remain untouched. I'll explain more about this later on in the article. The full list of enhancements for native Windows services will be available soon. Bookmark Run and tune your Remote Desktop Services environment for the latest updates. Expected performance gains Windows Virtual Desktop value-added services provider and Microsoft partner LoginVSI performed early tests with the Virtual Desktop Optimization Too and gained over 100 users in their internal benchmarking lab environment with a Windows 10, version 2004 single session. We, therefore, assume that this gain will also be possible with Windows 10 Enterprise multi-session. VSImax asserts a maximum number of users that are able to log on to the virtual desktop hosts pool as part of the underlying infrastructure. That number is the "sweet spot" as going over that number will decrease performance for all users. (Thanks to LoginVSI for sharing these results with us.) Note: We recommend you use simulation tools to test your deployment using both stress tests and real-life usage simulations to ensure that your system is responsive and resilient enough to meet user needs Remember to vary the load size to avoid surprises. Desktops in the Cloud on Performance Optimizations for Windows Virtual Desktop with Robert and Tim (aka VDI Guys) We recently had the creators of the Virtual Desktop Optimization tool as guests on our Desktops in the Cloud video-podcast. Robert and Tim explained everything you should know, as well as best practices and lessons learned. A must watch in extension to this article. Watch it below. How to use the Virtual Desktop Optimization Tool The Virtual Desktop Optimization Tool makes it possible to disable uncommon services for virtual desktop environments, such as Windows Virtual Desktop. Note: We recommend that you run the script after the Sysprep (System Preparation) process, most likely as startup script w with a large set of virtual machines. This is due to the AppX Packages that conflict and most likely the sysprep will fail. Download all scripts from the Virtual-Desktop-Optimization-Tool GitHub repository. Select Clone or download, followed by Download ZIP. Unzip the folder to your Windows Virtual Desktop session host(s) to a specified folder (e.g. C:\Optimize or C:\Temp). Note: You could also run the scripts as part of your image management procedure e.g. Azure image Builder (AIB) or Azure DevOps. Important information before running the tool There are settings default disabled when you run the scrip out of the box such as AppX Packages for the Windows Calculator. We strongly suggest analyzing the tool via the JSON files that include the default settings. This also gives you the opportunity to enable them before running the tool so they remain untouched. You can find the JSON file in the Windows built number folder, under ConfigurationFiles - e.g. C:\Optimize\2004\ConfigurationFiles. You've to put the settings to Enabled - that you want to keep as default. Below is the example file for AppX Packages, there are JSON files for Services and scheduled tasks as well. Another option is to remove the while entry out of the JSON file. AppxPackages.json - Example Windows Calculator App { "AppxPackage": "Microsoft.WindowsCalculator", "VDIState": "Enabled", "URL": "https://www.microsoft.com/en-us/p/windows-calculator/9wzdncrfhvn5", "Description": "Microsoft Calculator app" }, Services.json - example Windows Update Service { "Name": "UsoSvc", "VDIState": "Enabled", "Description": "Update Orchestrator service, manages Windows Updates. If stopped, your devices will not be able to download and install the latest updates." }, Prepare to launch Windows PowerShell and select Run as Administrator. In PowerShell, change the directory to the folder to which you downloaded the scripts, e.g. C:\Optimize or your own specific folder. Run the following command: Set-ExecutionPolicy -ExecutionPolicy Bypass Run the Virtual Desktop Optimization Tool using the following command: .\Win10_VirtualDesktop_Optimize.ps1 -WindowsVersion 2004 -Verbose Note: When you use a different version of Windows 10, you must change the WindowsVersion parameter. Version 1803 and later are supported for Windows 10 Enterprise. Windows 10 multi-session support is only available with Windows 10, version 2004 and later. Select Yes when prompted to reboot the session hosts(s). Start your Windows Virtual Desktop session. As you can see in the Task Manager comparison below, the number of threads and handles has decreased noticeably after running the Virtual Desktop Optimization Tool. Do you have any problems with orphaned Start Menu shortcuts after running the tool? Have the user open Task Manager, then end the following two processes: ShellExperienceHost.exe StartMenuExperienceHost.exe Have them check the Start Menu and they should be gone. Happy optimizing! 🙂 Let us know your feedback on the tool in the comment section below. Prefer to watch and learn? There’s also a video on Azure Academy available later this week by Dean Cefola. You can find it here.165KViews11likes41CommentsAnnouncing new management, security, and monitoring capabilities in Windows Virtual Desktop
With the global pandemic, we are seeing increasing demand for technologies that enable remote work. We’ve seen significant growth in the use of Windows Virtual Desktop, as organizations use it to ensure that their employees have access to the desktops and tools they need to stay productive. To help customers continue to accelerate this move to secure remote work with Windows Virtual Desktop, we are announcing several new capabilities that make it even easier to deploy, secure, and scale your virtual desktop deployments. These new capabilities will be available in public preview by the end of the calendar year 2020. Before we dive into the new capabilities, we want to take a moment to share some of the experiences of our customers. Sebastian Meyer, the Global Service Owner for Modern Client Technologies at Beiersdorf Shared Services, shared his thoughts in moving to Windows Virtual Desktop to modernize his virtual desktop infrastructure. "What Microsoft has developed here is simply phenomenal! Windows Virtual Desktop serves so many use cases and is very close to the end user. We were able to achieve maximum success with the project." You can read the full story here. Internally here at Microsoft, we are of course facing the same challenges as many of you. For example, getting a corporate laptop in the hands of new employees and interns takes time and impacts productivity. Windows Virtual Desktop is helping our new hires by providing a secure and productive remote work experience with access to the apps they need to get working immediately: “Windows Virtual Desktop allows you to create virtual desktops that work just like a physical Windows PC would,” says Mark Lawrence, a senior program manager on Microsoft’s digital security team. “That means the people who use one—new hires, interns, and so on—get access to the Windows Start menu, with Microsoft’s productivity applications, the Microsoft Edge browser, and everything else they would need to work at any location. No more waiting for a physical device delivery.” You can read the full story here. Simplified Management With Windows Virtual Desktop, you can move from a simple proof-of-concept (PoC) to a fully operational environment faster than ever before. As you start to scale your deployment, here are some new capabilities that will help you manage and operate your deployment efficiently. Microsoft Endpoint Manager integration Microsoft Endpoint Manager allows you to manage policies and distribute applications across devices. You can now enroll Windows Virtual Desktop virtual machines that are hybrid Azure Active Directory domain-joined (joined to your on-premises Active Directory and registered with your Azure Active Directory) with Microsoft Intune and manage them in the Microsoft Endpoint Manager admin center the same way as physical devices. This simplifies management, provides a centralized view across both physical devices and virtual desktops, and creates new areas of collaboration. The Microsoft Endpoint Manager integration is generally available for Windows 10 Enterprise desktops - you can learn more in the public FAQ. The public preview for Windows 10 Enterprise multi-session will be available in the coming months and will initially support policies at the device level. MSIX app attach in Azure portal MSIX app attach is an application layering solution that allows you to dynamically attach an application (that is an MSIX package) to a user session. Separating out the application from the operating system makes it easier to create a golden virtual machine image, and you get more control with providing the right application for the right user. Previously, you had to use PowerShell scripts to enable MSIX app attach. We will be integrating the app attach capability in the Azure portal and Azure Resource Manager. This will eliminate the need for custom scripts and makes it possible to publish your packaged applications to application groups with a few clicks. Proactive Monitoring Proactively monitoring your deployment is important to ensure your deployment is always up and running and your employees have an optimal experience using virtual desktops. Azure Monitor workbook Azure Monitor workbook for Windows Virtual Desktop aims to provide you all the monitoring telemetry and visualizations you need to debug and troubleshoot issues. You can configure alerts to proactively identify issues before they impact your employees. You can look at connection and host level performance and also drill down to specific user session to see if there are any issues. You can also look at usage across host pools and make sure you are optimizing for cost and performance. Improved Security With Windows Virtual Desktop, you can use security capabilities such as Azure encryption, Azure Firewall, Azure Security Center, and Microsoft Defender to secure your entire VDI infrastructure and ensure that your corporate and customer data is protected and stored securely. We continue to add additional security capabilities: Screen capture protection One common attack vector with remote sessions is screen capture. To protect your sensitive information, we are adding the option to disable screen capture for your remote apps and desktop on all the supported Windows Virtual Desktop clients. Direct RDP to session host We are introducing a new capability that can be set at a host pool level and will take into account the type of network you are connecting from, and when possible, establish a direct peer-to-peer UDP connection to the session host rather than over the internal Windows Virtual Desktop gateways. By eliminating the intermediate hops and using a more efficient connection over a trusted network, you get a secure optimized experience with lesser connection latency and better performance. Thank you again for the amazing feedback that you have provided to us. You can track the progress of these upcoming public previews in our roadmap page. If you are attending Microsoft Ignite conference, you can learn more about these features and get your questions answered in our sessions and you can always reach us anytime at the Windows Virtual Desktop Tech Community page. You can also register here to attend our upcoming webinars.60KViews9likes5CommentsAzure Virtual Desktop: The flexible cloud VDI platform for the hybrid workplace
When we launched Windows Virtual Desktop nearly two years ago, no one predicted a global pandemic would force millions of workers to leave the office and work from home. Organizations around the world migrated important apps and data to the cloud to gain business resilience and agility. And to support the newly remote workforce, many of you turned to Windows Virtual Desktop to give remote users a secure, easy to manage, productive personal computing experience with Windows 10 from the cloud. It has been humbling to work alongside you as you pivoted your operations to meet new challenges – from supporting frontline healthcare workers at NHS to engineers at Petrofac to educators and students. Going forward, organizations will need to support an evolving set of remote and hybrid work scenarios. To help our customers and partners meet these new hybrid work demands, we are expanding our vision to become a flexible cloud VDI platform for nearly any use case – accessible from virtually anywhere. A modern VDI platform needs to be secure, scalable, and easy to manage, while delivering a seamless, high-performance experience to end users. It should also empower organizations with the flexibility to customize and build solutions with its core technology. To support this broader vision and the changing needs of our customers, today we are announcing new capabilities, new pricing for app streaming, and changing the name of the Windows Virtual Desktop service to Azure Virtual Desktop. New platform capabilities for security and management We are continually adding new capabilities to the core Azure Virtual Desktop platform. Today we are also pleased to announce the public preview of new features that will help you onboard and better manage your Azure Virtual Desktop deployment. Enhanced support for Azure Active Directory (coming soon in public preview): Azure Active Directory is a critical service used by organizations around the world to manage user access to important apps and data and maintain strong security controls. We are pleased to announce that you’ll soon be able to join your Azure Virtual Desktop virtual machines directly to Azure Active Directory (AAD) and connect to the virtual machine from any device with basic credentials. You’ll also be able to automatically enroll the virtual machines with Microsoft Endpoint Manager. For certain scenarios, this will help eliminate the need for a domain controller, help reduce cost, and streamline your deployment. While this is a major milestone, it’s just the beginning of the journey towards full integration with Azure Active Directory. We will continue adding new capabilities such as support for single sign-on, additional credential types like FIDO2, and Azure Files for cloud users. Manage Windows 10 Enterprise multi-session VMs with Microsoft Endpoint Manager (available now in public preview) - Microsoft Endpoint Manager allows you to manage policies and distribute applications across devices. You can now enroll Windows 10 Enterprise multi-session Azure Virtual Desktop virtual machines in Microsoft Endpoint Manager and manage them in the Microsoft Endpoint Manager admin center the same way you manage shared physical devices. This simplifies management and provides a centralized view across both physical devices and virtual desktops. Read the Windows 10 Enterprise multi-session documentation to learn more. Deploy in minutes with new Quickstart experience (coming soon in public preview): We are pleased to offer a streamlined onboarding experience for Azure Virtual Desktop in the Azure portal. This new experience will validate requirements, kick off an automated deployment, and will also implement best practices. With only a few clicks, you can set up a full Azure Virtual Desktop environment in your Azure subscription. You will find this new experience under “Quickstart” in the Azure Virtual Desktop blade in the Azure portal. New pricing option for remote app streaming Many organizations are using Azure Virtual Desktop to stream apps to their own employees who are covered by existing license entitlements. But many organizations also want to use Azure Virtual Desktop to deliver applications “as-a-service” to customers and business partners as well. Today we are pleased to announce a monthly per-user access pricing option for organizations to use Azure Virtual Desktop to deliver apps from the cloud to external (non-employee) users. For example, this would enable software vendors to deliver their app as a SaaS solution that can be accessed by their customers. In addition to the monthly user price for Azure Virtual Desktop, organizations also pay for Azure infrastructure services based on usage. Here's what one ISV had to say about the new pricing option: “Sage is trusted by millions of customers worldwide to deliver innovative business solutions to manage finances, operations and people. Streaming applications with Azure Virtual Desktop makes it easy to streamline user access to our solutions on the Azure cloud for a great online customer experience.” James Westlake, Director of Product Management, Sage Try it during our promotional period The new per-user access pricing option will be effective on January 1, 2022. To help organizations get started now, we are pleased to offer a special promotion with no charge to access Azure Virtual Desktop for streaming first-party or third-party applications to external users. This promotion is effective from July 14, 2021 to December 31, 2021. Pricing for monthly user access rights effective on January 1, 2022 will be: $5.50 per user per month (Apps) $10 per user per month (Apps + Desktops) This promotion only applies to external user access rights. Organizations would continue to pay for the underlying Azure infrastructure. Organizations should continue to use existing Windows license entitlements, such as Microsoft 365 E3 or Windows E3 and higher, for app streaming to their employees. Visit our web page for more details. Expanding partner ecosystem As a cloud VDI platform, we work closely with our partners and empower them to build solutions that meet your needs. For example, Citrix and VMware provide desktop and app virtualization solutions that leverage the Azure Virtual Desktop platform capabilities, such as Windows 10 Enterprise multi-session, and allow you to maximize your existing investments and use the tools and solutions with which you are already familiar. We are also proud of our ecosystem of hundreds of partners who build custom solutions and provide technical consulting to help you deploy with confidence. Visit Azure Marketplace for more information on partner solutions, and Advanced Specialization page for certified deployment partners. Getting started My team and I look forward to partnering with you to take full advantage of our flexible VDI platform in the cloud and unlock new end user computing possibilities. We appreciate your ongoing support and welcome your feedback. Join us on our Tech Community to connect with my team and other customers and partners to share your feedback and suggestions. To learn more about these announcements, please sign up for our upcoming webinar.6.4KViews6likes10CommentsAzure Monitor for Windows Virtual Desktop is generally available!
Today, we are thrilled to announce that Azure Monitor for Windows Virtual Desktop is now generally available! Building on top of Azure Monitor, Windows Virtual Desktop Insights provides IT administrators with a 360° view of their environment’s health. With Azure Monitor for Windows Virtual Desktop, you can find and troubleshoot problems in the deployment, view the status and health of host pools, diagnose user feedback and understand resource utilization. General availability comes with many improvements, including the following: Improved data collection and new guidance to help you optimize for cost Updated setup experience with easier UI, expanded support for VM set-up, automated Windows Event Log setup, and more Relocated Windows Virtual Desktop agent warnings and errors at the top of the Host Diagnostics page to help you prioritize issues with the highest impact Accessibility enhancements Workbook versioning: GA release is Version 1.0.0 For our existing users- if you used Azure Monitor for Windows Virtual Desktop in public preview, we have made some updates to our guidance and default configuration to help reduce your Azure Monitor Log Analytics cost in GA. If you haven’t already, you must take action to implement these revised recommendations. See our blog post for instructions. We are incredibly excited about this major milestone and are looking forward to continuing to provide updates and expand scenario support in our monitoring journey. As always, we welcome your comments and feedback below! Best, Logan Silliman Learn more about Azure Monitor for Windows Virtual Desktop: Get started with Using Azure Monitor for Windows Virtual Desktop Estimate and manage your Log Analytics storage costs with Estimate Azure Monitor costs Review terms and concepts in our glossary If you encounter a problem, check out our troubleshooting guide for help27KViews6likes0CommentsAnnouncements at Windows Virtual Desktop Master Class
Windows Virtual Desktop Master Class is a virtual event where Windows Virtual Desktop experts from Microsoft as well as members of our community come together to share tips and best practices for deploying and scaling virtual desktops and remote applications on Azure. We are making several exciting announcements at the event: Promotion for new customers through March 31, 2021 - New customers save 30% on Windows Virtual Desktop computing costs for D-series and Bs-series virtual machines for up to 90 days. You can learn more about the offer here. Skilling - We are announcing a new Windows Virtual Desktop Specialty certification for professionals planning, delivering, and managing virtual desktop experiences and remote apps on Azure. The related Exam AZ-140: Configuring and operating Windows Virtual Desktop on Microsoft Azure will be available soon in beta version. If you are looking for a certified partner to help with you deployment, you can continue to leverage the advanced specialization program which complements the Azure MSP program. Product announcements – The features that we had pre-announced at Microsoft Ignite in September are now in public preview: Azure Monitor for Windows Virtual Desktop -Provides a centralized view with all the monitoring telemetry and visualizations you need to debug and troubleshoot issues. Learn More MSIX app attach in the Azure portal - MSIX app attach is an application delivery solution that allows you to dynamically attach an application in MSIX format to a user session. Previously, you had to use PowerShell scripts, but now the MSIX app attach capability is available in public preview in the Azure portal and is integrated with Azure Resource Manager. Learn More. Screen capture protection – Disables screen capture for your remote apps and desktop on all the supported Windows Virtual Desktop clients RDP short path – Establishes a direct peer-to-peer UDP connection to the session host rather than over the internal Windows Virtual Desktop gateways taking into account the type of network from which you are connecting. This provides a secure experience with less connection latency and better performance. Learn More Microsoft Defender for Endpoint integration (Generally Available) – With this integration, you get the full investigation experience you have with Windows 10 machines, now for Windows Virtual Desktop VMs. If you are using Windows 10 Enterprise multi-session, Microsoft Defender for Endpoint will support up to 50 concurrent user connections – so you get the cost savings of Windows 10 Enterprise multi-session and the confidence of Microsoft Defender for Endpoint. Learn More For a deep dive into these announcements and to learn more about security, cost optimization, and other topics, tune into the Windows Virtual Desktop Master Class!5.5KViews6likes4CommentsWindows Virtual Desktop technical walkthrough, including other (un)known secrets you did not know
Windows Virtual Desktop technical walkthrough, including other (un)known secrets you did not know about the new Microsoft-Managed Azure Service A lot of you know that Windows Virtual Desktop is now public preview. Lots of people wrote articles about it, and so did I. Most articles are covering information that is available everywhere, or just a subset of the service… “If You Never Try, You'll Never Know” - Ben Francia With this article, I’d like to cover the things you might not have caught. Some are deep(er) technical points, while some are just not part of the public message but still way too important not to share. It’ll hopefully help you as consultant or architect to bring the technical (and functional) message around Windows Virtual Desktop to your customers 😊! Continue reading… Cloud learning If you are learning on Azure right now and want to quickly increase your brains with awesome cloud-related knowledge, as part of Project Byte-Sized we are releasing a new community book – covering Cloud principles and best practices in June. After a period of 3 months, we received a total number of 145 submissions from all over the globe (19 countries). Altogether 140 people contributed resulting in 300+ pages, which we think is truly awesome. Catch a sneak preview here, so you know what names you can expect. It can help you gain knowledge from the best people in the community! The Desktop-As-a-Service market is growing Garner and IDC expect a potential growth of 50% in the year 2019 of new DaaS customer choosing it over traditional VDI, pushing DaaS over 3 billion in revenue by the end of this year. The EUC/VDI community acknowledged this number. During our relatively small Byte-Sized Community survey, we asked almost 200 independent people if they already use Desktop-As-a-Service solutions and if they expect that Windows Virtual Desktop will have a major impact on DaaS going forward. “Q1 - Are you considering Desktop-As-a-Service (DaaS) anytime soon?” “Q2 - Once released, the Microsoft Windows Virtual Desktop #WVD will have a major impact on DaaS going forward“ What are the differences between traditional VDI and DaaS? To help you understand how Desktop-As-a-Service (DaaS) and traditional VDI are different from each other, I’ve had made this comparison matrix: Once more - What is Windows Virtual Desktop? People that follow my blogs know that I explained the services and benefits earlier in this article. However, for the people who didn’t catch that yet, here is a short run-over. “Windows Virtual Desktop, or WVD in short - is a born in the cloud Desktop-As-a-Service platform service offering on top of the Microsoft Azure Cloud. All the infrastructure services, such as brokering, web access, load-balancing, management and monitoring is all setup for you as part of the control plane offering. It also gives you access to the new Windows 10 Multi-User (EVD) Operating System – which is completely optimized for the sake of Office 365 ProPlus services, such as Outlook, OneDrive Files on Demand (per-machine), Teams etc.“ The only responsibility in terms of management effort is the golden images on top of Azure Infrastructure-As-a-Service (IaaS). The rest is all managed for you through the Azure service SLAs. Sounds pretty cool, right? Let’s first start with the things you might not know about it For the people who lived offline the past 2 months, here are some things you must know before you start reading this article! Windows Virtual Desktop gives you the only multi-user Windows 10 experience, including compatibility with Microsoft Store and existing Windows line-of-business apps, while delivering cost advantages. Allows you to virtualize both Full desktops and RemoteApps. You can also use to for persistent Windows 10 – single user virtual desktops. WVD will support Windows 7 virtual desktops and is the only way you can safely run Windows 7 after its End of Life on 14 January 2020. Windows 7 desktops on WVD will be the ONLY systems that receive free extended security updates. Customers with the following license SKUs are entitled to use WVD with no additional charge apart from Azure compute, storage, and network usage billing: To run Windows 10 multi-session, Windows 10, or Windows 7 Microsoft 365 F1, E3, E5, A3, A5, Business Windows 10 Enterprise E3, E5 Windows 10 Education A3, A5 Windows 10 VDA per user To run Windows Server 2012 R2, 2016, 2019 Remote Desktop Services (RDS) Client Access License (CAL) with active Software Assurance (SA) Windows Virtual Desktop session host VMs are not exposed to the internet directly. They can run using a private IP address and run isolated from other workloads or even the internet. The reverse connect technology allows the VMs to be accessed When a user connects to the WVD service, the use of Azure Active Directory (AAD) as the identity provider allows you to leverage additional security controls like multifactor authentication (MFA) or conditional access; Deeply integrated with the security and management of Microsoft 365, such as Intune Modern Management From a best practices point of view; Make sure all Azure resources are in the same region All the Nvidia vGPU graphical enhanced n-series virtual machines on Azure are supported with Windows Virtual Desktop as well! Citrix is adding their own Citrix Cloud stack as well to Windows Virtual Desktop, think about the Workspace experience and other services. Expect updates around this during Synergy later this month! RemoteApp (On Azure) is back Azure RemoteApp was a great technology, but due to some problems it never took off and Microsoft decided to deprecate the service. Citrix Essentials was the replacement for certain use-cases in Azure IaaS as part of the Microsoft + Citrix increased partnership to emphasize the digital transformation to the Cloud. Now, RemoteApp will be back in terms of functionality. The code is rewritten, and lessons learned from the past are used to improve the product. In case you were wondering about Windows 10 Multi-User, the answer is yes - you can use it with a RemoteApp solution. One of the most interesting use-cases is consolidating your Win32 apps in Azure and place icons on the endpoint’s desktop - start menu and/or tiles in the start screen! The user doesn't see/know whether the app is locally installed or is running a RemoteApp in Azure. I personally think that this use-case will be very important for future Windows Virtual Desktop customers! See below how fast and easy it works in conjunction with FSLogix/Microsoft Profile Containers as Profile Management solution! The architecture behind it all The first step that you must do is the create the master image, or golden image in Citrix terms. Most often, this will be based on the new Windows 10 Enterprise for Virtual Desktops (Multi-User) Operating System, which is now available from the Azure Marketplace. After enrolling the server, you can start installing the application on the machine. When you’re done, you must capture the machine as an image to use as a base for your Windows Virtual Desktop deployment. The Microsoft-managed control-plane is a completely redesigned infrastructure which leverages native Azure platform services to scale automatically. Think about Azure traffic manager for managing the RDP connection, Azure App Services in Azure for hosting the infrastructure services, and Azure SQL DB for hosting the RDS Brokering databases. Leveraging these services is the main reasons why this service is so cost-effective, which is the purpose of the Cloud and what it’s built for! WVD User connection Traffic Flow To give you a better understanding of how Windows Virtual Desktop connections work, I’m sharing the traffic flow. This is also useful for troubleshooting purposes. Connecting from your endpoint to your Host Pool (session hosts in Azure Infrastructure-As-a-Service) works differently with Windows Virtual Desktop. It uses Reverse Connect, which means that no inbound ports need to be opened on the VM to setup the RDP connection. Once the connection flow proceeds, bidirectional communication between your session hosts/host pool will go over port https (443). This port is almost always open from the inside to the outside, so it’s perfect for a remote connection to Windows Virtual Desktop! See below in more depth how the traffic flow works. User launches RD client which connects to Azure AD, user signs in, and Azure AD returns token RD client presents token to Web Access, Broker queries DB to determine resources authorized for user User selects resource, RD client connects to Gateway Broker orchestrates connection from host agent to Gateway RDP traffic now flows between RD client and session host VM over connections 3 and 4 Note: Windows Virtual Desktop can be used as worldwide service depending on your location and the location of the VMs. The control-plane persists currently in the US – east US 2 to be specific, however, your host pool can exist everywhere. Just remember your performance using a host pool outside of the US might vary until the control plane is added to other regions. If you set up a host pool in a non-US location with the US control plane, you will automatically switch to the local control plane when it’s rolled out for your region. Migrate existing machines to Windows Virtual Desktop Migrating from your current Remote Desktop Solution – RDS environment to Windows Virtual Desktop is relatively easy. You could use Azure Site recovery to migrate your server infrastructure to Azure. Follow the next 5 steps after that and sessions can be launched via Windows Virtual Desktop. Note: There are also ARM Templates available to automate the creation of the RDS Infrastructure components. Register / create host pool within Windows Virtual Desktop Install RD Agent on session host Agent registers with Windows Virtual Desktop Decommission your old environment Ready to launch your session! As part of this article, I'm showing al the manual steps of deploying a custom Windows 10 Multi-User (EVD) image in Azure and connect them to the Broker. This is the same procedure that you've to follow when you are using an existing image prior to preparation for the usage as part of Windows Virtual Desktop. The steps are starting here. Windows 10 Multi User - Sizing templates Having the best end-user experience for your users is probably one of the most important goals when using Desktop-As-a-Service. Though the cloud takes over a lot of management tasks after a migration, you’ll still need to handle image management. The following matrix gives a good baseline on how your Windows 10 Enterprise for Virtual Desktops (CVAD) must be sized for 4 types of users. The amount of data in your profile is depending on your settings, think about Outlook retention slider settings for example. Due to the support of OneDrive Files On-Demand, the storage allocation for files sync should be minimal. The Windows Virtual Desktop Host Pool enrollment of the Azure Marketplace also advises your which Virtual Machine SKU in Azure fits best for the number of users you need / going to use. Microsoft Teams (and OneDrive) per-Machine is available for VDI! Microsoft just released a new Per-Machine (Machine-Wide) version of Teams, and will place the Teams application back to the Program Files directory. Currently, this per-machine version is only available for RDS, Citrix or VMware VDI machines. The Windows Virtual Desktop - Windows 10 Multi-User OS will follow soon as well as the video and audio offloading agent. Though it's too important not to share, so that's why I included the release in this article. Follow up here. OneDrive Per-Machine is currently working as of today on Windows 10 Multi-User - the steps for doing this are listed here. Note: Teams can be used in a VDI environment for chat and collaboration, but audio / video features are currently not supported. For admins who would like to deploy Teams for chat / collab only. Please follow up with this official Microsoft Docs article to disable Audio and Video from the Teams program with policies. New Per-Machine installation locations are: Teams installation folder location – %ProgramFiles(x86)%\Microsoft\Teams\ OneDrive installation folder location – %ProgramFiles(x86)%\Microsoft OneDrive\ OneDrive per-Machine is (also) available By default, the OneDrive sync client installs per user on Windows, meaning OneDrive.exe needs to be installed for each user account on the PC under the %localappdata% folder. With the new per-machine installation option, you can install OneDrive under the “Program Files (x86)” directory, meaning all profiles on the computer will use the same OneDrive.exe binary. New Azure Portal - Management Console Windows Virtual Desktop (WVD) is just released in Public Preview. What it also means is that the product will be improved before the GA release later this year. Currently, there are some manual PowerShell tasks needed to assign Desktops and RemoteApps to your end-users or groups when you enroll in a WVD environment. Another thing that is missing in the public preview is a management console in the Azure Portal. Both tasks will be simplified, and to give you a sneak preview – the following Azure Portal integration console will be part of the native solutions soon. It gives you the ability to manage and maintain desktop and RemoteApp assignments, check and change virtual machine status more. Note: The new WVD management Portal below will be released after the GA date of Windows Virtual Desktop. Walkthrough Guidance: How to enroll Windows Virtual Desktop on Azure In the next steps, I'll explain how you enroll Windows Virtual Desktop from scratch with a customer created Windows 10 Enterprise for Virtual Desktop (Multi-User) image among tips and tricks. Pre-requisites for Windows Virtual Desktop The following requirements are needed for the use of Windows Virtual Desktop on Azure. Entitled for licensing Azure Subscription Azure Active Directory setup Global Administrator rights Granting consent to the WVD service / Azure AD Enterprise Applications Azure AD Connect ADFS (optional for the best SSO end-user experience) Domain controller This AD must be in sync with Azure AD so users can be associated between the two VMs must domain-join this AD Optional: Azure AD Domain Services (in replacement for domain controller) Profile Containers network share (S2D cluster recommended) Network must route to a Windows Server Active...Directory (AD) Optional: Networking/on-prem connectivity – express route, VPN, etc. Read the rest of the Windows Virtual Desktop walkthrough here: https://www.christiaanbrinkhoff.com/2019/05/03/windows-virtual-desktop-technical-walkthrough-including-other-unknown-secrets-you-did-not-know-about-the-new-microsoft-managed-azure-service/ Hope to see you back soon – and feel free to leave a comment if you’ve any questions. Thank you, Christiaan Brinkhoff8.3KViews5likes2CommentsAzure Monitor for Windows Virtual Desktop public preview
Today, we are excited to announce public preview of Azure Monitor for Windows Virtual Desktop! Full observability is key to ensure your employees do not have any interruptions or performance issues with their virtual desktops. Azure Monitor for Windows Virtual Desktop provides a centralized view for with the monitoring telemetry and visualizations IT professionals need to debug and troubleshoot issues. With Azure Monitor for Windows Virtual Desktop, you can: View a summary of host pool status and health Find and troubleshoot problems in the deployment including top errors, connectivity issues, host diagnostics, performance issues, client information, and more Diagnose user feedback by looking at data per user Understand utilization of resources to make decisions on scaling and cost management To get started with setup instructions, relevant terminology and concepts, and troubleshooting see our How-to guide. While the feature today surfaces many top customer-requested data points, we are looking forward to continuing to improve our tools to meet your monitoring needs – please let us know your feedback by replying to this post!11KViews5likes4CommentsAnnouncing public preview of RDP Shortpath transport for Windows Virtual Desktop
As we promised during the Microsoft Ignite conference, we are introducing a new capability that can take into account the type of network you are connecting from, and when possible, establish a direct peer-to-peer UDP transport rather than using the Windows Virtual Desktop gateways. For a starter, I would like to remind you that Windows Virtual Desktop uses Remote Desktop Protocol (RDP) to provide remote display and input capabilities over network connections. RDP has initially released 22 years ago with Windows NT 4.0 Terminal Server Edition and was continuously evolving with every Microsoft Windows and Windows Server release. From the beginning, RDP developed to be independent of its underlying transport stack, and today it supports multiple types of transport. It could be a Hyper-V bus transport for managing VMs using the Enhanced Session Mode or TCP-based transport in Quick Assist, or combined TCP/UDP transport for on-premises deployments. When we designed Windows Virtual Desktop, we built an entirely new transport called Reverse Connect. Reverse connect transport is used both for establishing the remote session and for carrying RDP traffic. Unlike the on-premises RDS deployments, reverse connect transport doesn't use an inbound TCP listener to receive incoming RDP connections. Instead, it is using outbound connectivity to the Windows Virtual Desktop infrastructure over the HTTPS connection. This gives a secure and simple way to implement connectivity for your remote desktops. For the details about reverse connect, see a brand new topic in Windows Virtual Desktop documentation. While reverse connect gives a secure and reliable way of communicating with desktop, it is based on TCP protocol, and its performance is heavily dependent on the network latency. It also inherits other drawbacks from TCP, such as slow start, congestion control, and others. Introducing RDP Shortpath RDP Shortpath is a family of UDP-based transports that extend Windows Virtual Desktop connectivity options. Key benefits of Shortpath are: RDP Shortpath transport is based on top of a highly efficient Universal Rate Control Protocol (URCP). URCP enhances UDP with active monitoring of the network conditions and provides fair and full link utilization. URCP operates at low delay and loss levels as needed by Remote Desktop. URCP achieves the best performance by dynamically learning network parameters and providing protocol with a rate control mechanism. RDP Shortpath establishes the direct connectivity between Remote Desktop client and Session Host. Direct connectivity reduces the dependency on the Windows Virtual Desktop gateways, improves the connection's reliability, and increases the bandwidth available for each user session. The removal of additional relay reduces the round-trip time, which improves user experience with latency-sensitive applications and input methods. RDP Shortpath brings support for configuring Quality of Service (QoS) priority for RDP connections through a Differentiated Services Code Point (DSCP) marks RDP Shortpath transport allows limiting outbound network traffic by specifying a throttle rate for each session. Sounds good? Then try it yourself by following the detailed documentation. Feedback We'd like to hear from you about your experiences with this public preview! For questions, requests, comments, and other feedback about RDP Shortpath, please use this feedback form. Don't hesitate to post feature suggestions on: https://aka.ms/wvdfbk Next steps Learn more in the brand-new networking section of Windows Virtual Desktop documentation : Understanding Windows Virtual Desktop network connectivity Windows Virtual Desktop RDP Shortpath Implement Quality of Service (QoS) for Windows Virtual Desktop Remote Desktop Protocol bandwidth requirements18KViews4likes14CommentsBuilding a Windows 10 Enterprise Multi Session Master Image with the Azure Image Builder DevOps Task
G'day WVD Community, Organization are evaluating how to build Master Images for WVD. One of the options available is through the AIB DevOps Task which provides a high level of automation, repeatability and integration with Azure, which is where the WVD Service lives! This post is to provide an introduction on how to get started with Building a Windows 10 Enterprise Multi Session Master Image with the Azure Image Builder DevOps Task. Note: As this guidance was in a Word document I have left the numbering intact. What will we do in this post? Introduction Pre-requisites Setup Azure Image Builder with PowerShell Create and Configure the Azure VM Image Builder DevOps Task Release Pipeline Use the newly build Image in WVD Spring Release! Troubleshooting AIB DevOps Release Pipeline Call out! A big thank you to all the people helping me with this document, Marvin, Stefan, Jason, Jim and last but not least Scott for helping me getting started! 1 - Introduction Windows 10 Enterprise multi-session (Win10ms), formerly known as Windows 10 Enterprise for Virtual Desktops (EVD), is a new Remote Desktop Session Host that allows multiple concurrent interactive sessions. Win10ms is available in the Azure Marketplace, used to build pooled Sessions Hosts in a Hostpool for Windows Virtual Desktops (WVD). These WVD pooled Session hosts are Virtual Machines in Azure and need to be created from a Win10ms Image. Within the Marketplace standard Win10ms images are available but most organizations require customized images including configuration settings and software such as FSLogix for profile management and Microsoft Teams optimized for WVD. Keeping these Session Hosts up to date can be a challenge as feature updates are not supported for Win10ms in Azure. Also considering multiple users potentially are connected to the same VM, installing updates could be disruptive as well. Depending on the capacity required organizations could potentially use a large amount of Session Hosts. Ensuring all these VM’s have an identical configuration and have a consistent end-user experience, updating these VM’s can be labor intensive and often is error prone activity. Automating the update of the Session Hosts in a controlled and repeatable process is a trivial requirement for a successful WVD deployment. This also prevents “configuration drift” between VM’s which can occur over time. Although System Center Endpoint Manager and Microsoft Deployment Toolkit (MDT) today are used in many organizations, these technologies are not fully optimized and integrated with Azure. In the case of SCCM, Win10ms Market Place Images would need to be copied locally and back to Azure resulting in additional and often manual activities. Additionally, the Win10ms Image for most organizations should require relatively less configuration and optimization as the Marketplace Win10ms image is already optimized for WVD from the Marketplace. From an application perspective, with the capability to support MSIX, App-Attach soon, these images should also not require having many applications installed. 1.1 Azure Image Builder To overcome these challenges Azure Image Builder (AIB) can be used. AIB is developed for Azure to assist with the automated creation of Managed Images in Azure. As WVD is a PaaS in Azure these services have full integration. Azure Image Builder can be used in different ways to build a Win10ms Master Image. AIB Portal (future release) AIB PowerShell (or Cli) AIB DevOps Task This post will provide guidance on using the AIB DevOps Task. 1.2 AIB DevOps Task For large organizations and enterprises, key criteria for an Image Build process includes version control, reporting, requirements management, project management, automated builds, lab management, testing and release management capabilities. Azure DevOps can be used to address these requirements by creating a WVD Win10ms Build Release Pipeline in Azure DevOps. This document provides guidance on how to setup and use WVD Win10ms Build Release Pipeline to achieve a repeatable and controlled process (DevOps) for automating Win10ms builds (AIB) and versioning and replicating those Images to the locations/Azure Regions where they are needed (Shared Image Gallery). Note: this post is using the guidance as provided by Daniel Sol on his GitHub location: https://github.com/danielsollondon/azvmimagebuilder/blob/master/solutions/1_Azure_DevOps/DocsReadme.md but uses it for a WVD scenario to create a Windows 10 ms Image. 2 - Pre-requisites These instructions assume the following pre-requisites are in place: You have Owner access to an Azure Subscription so you can create Resource Groups, VMs, Key Vaults, Images etc. In a real production environment these rights can be restricted to smaller scopes. AAD has been setup for the subscription above where you have Global Admin access, so you can create Service Principals and Managed Identities. In a real production environment these rights can be restricted by RBAC. Assumption: This post will provide guidance on how to setup a DevOps Pipeline for a Win10ms build. Note that this document is not intended to explain all the aspects of Azure, PowerShell, and DevOps. Some basic knowledge on these topics is assumed to be successful. 3 - Setup Azure Image Builder with PowerShell These are some of the basic Azure components that need to be in place before we can start building. The details of these tasks can be found in the links below. Create a Resource Group (RG) – this will be used to store AIB and SIG components. Enable and register Azure Image Builder Via PowerShell – commands here Via Azure CLI – commands here Note: It takes a couple of minutes to register the service. Create an Azure user-assigned Managed Identity Via PowerShell – commands here Via Azure CLI – commands here Note: Use the resource group created earlier. Grant permissions to the Azure user-assigned Managed Identity to the resource group Via PowerShell – commands here Via Azure CLI – commands here Note 1: For the PS commands, update the variable $aibRoleImageCreationPath if you need to download in a different path Note 2: For the PS commands, make sure you create a variable $subscriptionID that is your Azure Subscription ID. Create an Azure Shared Image Gallery (SIG) and an Image definition in the resource group created earlier. Azure CLI commands here. Create a storage account in the resource group created earlier that will be used to transfer the artifacts from ADO tasks to the image. Azure CLI commands here. 4 - Create and Configure the Azure VM Image Builder DevOps Task Release Pipeline 4.1 Create a DevOps Organization Go to https://dev.azure.com and follow the steps as described in Create an organization 4.2 Create a DevOps Project Go to https://dev.azure.com/<your organization name> and create a new project as described in Create a project in Azure DevOps Name your project in the “Project name” field (1) and click “Create” (2). 4.3 Create a DevOps Git Repository The WVD Image requires to be customized through a customization script and potentially additional software is required. A repository needs to be created to store the customization script and potentially other content. Additionally, the customization script requires to be maintained with version control etc. In Azure DevOps, Repos are used to manage your code and, in our example, the AIB Customization Powershell Script. You can connect your favorite development environment to Azure Repos to access your repos and manage the code. The code can be shared using: Command-line Visual Studio Code Visual Studio Xcode Eclipse IntelliJ Consideration 1: Type of Repository The Repository can be in any Azure DevOps supported repository. In our case we will use a standard Azure DevOps repository to host our PowerShell customization script used in the AID DevOps task but alternatively you could also use your GitHub repository. If a GitHub repository will be used the steps in this paragraph can be skipped. Consideration 1: Size of Repository needed. A Git Repo is not intended to store for example application Packages or other packages with large size (Artifacts in Azure DevOps are free up till 2Gb). An alternative solution to store large packages is in Azure File Share storage which should be made accessible during the build. AIB supports the usage of existing VNETs that can be used. Select “Repos” (1) and select “Initialize” (2). Create a Folder in the Repo by selecting the 3 dots in the right top corner (1). Select “+ New” (2) and click on “Folder” (3). Provide the name of the folder in the “New folder name” and use “WVD” (or any other name you prefer). Provide the name of the “New file name” field (make sure it has the .ps1 extension) and click on “Create”. In our example we use “Customization.ps1” for the New file name. Note: Sample script for WVD Windows 10 Enterprise multi session customization. Sample customization scripts can be found in my GitHub repository: https://github.com/RoelDU/WVDImaging. These customization script include the by Microsoft recommended customizations as documented here: Prepare and customize a master VHD image Azure How to prepare, customize and upload a Windows Virtual Desktop master image to Azure.docs.microsoft.com https://docs.microsoft.com/en-us/azure/virtual-desktop/set-up-customize-master-image and here Install Office on a master VHD image How to install and customize Office on a Windows Virtual Desktop master image to Azure.docs.microsoft.com and https://docs.microsoft.com/en-us/azure/virtual-desktop/install-office-on-wvd-master-image Add the customization content (PowerShell script) to customize the Windows 10 build. Once finished with the customization content (1) click on “Commit” (2). In the next screen leave the default values and click on “Commit” (1) again. 4.4 Create a DevOps Release Pipeline In Azure DevOps-specific terms, a pipeline is a sequence of steps on your code, in our example we can look at the code as the Custimization Powershell. A build is a pipeline that has no side-effects, it only takes in code and puts out compiled "artifacts". A release is a pipeline that has side-effects, it takes in artifacts and publishes or deploys them to environments. The latter is more aligned with an Image build workflow, where we are building a Managed Image to be released as a Managed Image, potentially in a Shared Image Gallery, to be deployed in Azure and used in our different environments (dev, test, prod). In your project, navigate to the “Pipelines” page. Then choose the action to create a new Release Pipeline by Selecting Releases (1) and click on “New Pipeline” (2). Under “Select a template” click on “Empty Job”. Provide a Name for the Stage name field, in our case we use “Win10ms Image Build”. There is no need to click a button to confirm. Click on the Add an artefact. The Artifact In the Add an artefact window, select Azure Repos Git (1). Select your Project name (2). Select the source (repository) (3) and select master as Default branch (4). Click “Add”. Once the Artifact has been created we have linked the repository with our customization script to our release Pipeline, which can now be referred to and used during our Image build process. To ensure the Artifact is updated with the most recent Repo Commit (version) we need to configure a Pull request trigger. Click the Trigger icon on the Artifact (1) and enable the “Pull request trigger” (2). Each time a new Release is created, the Artifact will pull the latest committed Repo content to be included in the Release Pipeline. Click the task in the Win10ms Image Build stage. We will now see the Agent Job which has not yet assigned any tasks. Click “+” to add a task and search for “Image Builder” (2). If the “Azure VM Image Builder DevOps Task (Preview)” is not already installed, click the Install (1) button. In our example below the Task is already installed. If the “Azure VM Image Builder DevOps Task (Preview)” task is already installed, click “Add” (1). 4.5 Configure Azure VM Image Builder DevOps task in Pipeline The Image Builder Task needs to be configured to your requirements. The Pipeline with the AIB task provides a way to create a repeatable process to create updated images in an automated way from a managed and versioned repository. The below example values will use the following: Source: Market place image Windows 10 Enterprise Multi Session 20H1 with Office 365 installed Customizer: A PowerShell script stored in the Repository (created earlier for the project) used by the Pipeline including all the customization we want to include in the Image. Distribute: In our example we will distribute the Image Select the “Azure VM Image Builder DevOps Task” checkbox. 4.5.1 Azure Subscription Select (1) the Azure subscription to use (2). After selecting the Azure Subscription click the dropdown button next to Authorize (1) and select “Advanced Options”. In the “Add an Azure Resource Manager sercive connection” select the Resource group you created earlier where AIB and the SIG is located. This will authorize the Pipeline to use the selected Resource Group. Note: Alternatively you can decide not to select a resource group where you allow this service connection to have access to all Resource Groups within the subscription. This might be useful when you like to re-use this connection for other purposes. 4.5.2 Resource Group and Location Select the “Resource Group” (1) that Azure Image Builder is going to use to store the Image artifacts and select the location for resources to be created in the “Location” field (2). 4.5.3 Managed Identity Provide the “Identity Resource Id” of the Managed Identity created earlier. The “Identity Resource Id” can be found under the property blade of the Managed Identity. 1.1.1 Image Type For the Image Type field select “Marketplace”. The “Base Image” field can be ignored as we will provide the details in the “If base image is not in the list (Optional)” field. To get the values required for the “If base image is not in the list (Optional)” field, use the Get-AzVMImage command. See reference table below: Publisher Name Offer SKU Description MicrosoftWindowsDesktop windows-10 20h1-evd Win10 Ent MS 2004 windows-10 20h1-ent Win10 Ent 2004 – Gen1 windows-10 19h2-evd Win10 Ent MS 1909 windows-10 19h2-ent Win10 Ent 1909 – Gen1 windows-10 19h1-evd Win10 Ent MS 1903 office-365 20h1-evd-o365pp Win10 Ent MS 2004 with O365 office-365 19h2-evd-o365pp Win10 Ent MS 1909 with O365 office-365 1903-evd-o365pp Win10 Ent MS 1903 with O365 MicrosoftWindowsServer WindowsServer 2019-datacenter Win Server 2019 datacenter In our example we will choose the Marketplace image with Office included. The format “publisher:offer:sku” can be extracted from the table above which is MicrosoftWindowsDesktop:office-365:20h1-evd-o365pp In the “If base image is not in the list (Optional)” field type: MicrosoftWindowsDesktop:office-365:20h1-evd-o365pp We will leave the field “Base Image Version (optional)” set to “latest” as we want the latest version. 4.5.5 Provisioner Under “Customize” we will select “PowerShell” for the “Provisioner” field as we are creating a Windows Image. 4.5.6 Run Windows Update as last customization If preferred, you can select “Run Windows Update as last customization” to ensure the Image includes all the latest updates. Note: This is the Windows Update configuration that is executed: "type": "WindowsUpdate", "searchCriteria": "IsInstalled=0", "filters": [ "exclude:$_.Title -like '*Preview*'", "include:$true" It will install important and recommended Windows Updates, that are not preview. 4.5.7 Build path Click on the three dots next to “Build path” (1). A window will popup with our Repository from where we select the path. Click on the folder “WVD” (2) which we have created earlier and click “OK” (3). Make sure to click on the folder and not the customization.ps1 script. 4.5.8 Inline customization script For the “Inline customization script” field enter a PowerShell inline commands separated by commas, and if you want to run a script in your build directory, you can use: & 'c:\buildArtifacts\WVD\Customization.ps1' Note: If your base image restricts PowerShell scripts from executing unless signed an alternative inline script command should be used instead. '& set-executionpolicy remotesigned -scope Process -Force; c:\BuildArtifacts\WVD\Customization.ps1' 4.5.8 Storage Account Select the storage account you created in the prereqs, if you do not see it in the list, Image Builder does not have permissions to it. Note: When the build starts, Image Builder will create a container called 'imagebuilder-vststask', this is where the build artifacts from the repo are stored. You need to manually delete the storage account or container after each build!!! 4.5.10 Distribute There are 3 distribute types supported: 4.5.10.1 Managed Image The ResourceID of the Managed Image needs to be provided in this format: /subscriptions/<subscriptionID>/resourceGroups/<rgName>/providers/Microsoft.Compute/images/<imageName> Locations 4.5.10.2 Azure Shared Image Gallery The ResourceID of the Image Definition needs to be provided in the following format: /subscriptions/<subscriptionID>/resourceGroups/<rgName>/providers/Microsoft.Compute/galleries/<galleryName>/images/<imageDefName> Note: The Image Definition for the Shared Image Gallery MUST already exist! Regions: list of regions, comma separated, e.g. westus2, eastus, centralus 4.5.10.3 VHD You cannot pass any values to this, Image Builder will emit the VHD to the temporary Image Builder resource group, ‘'IT__', in the 'vhds' container. When you start the release build, image builder will emit logs, and when it has finished, it will emit the VHD URL. In our example below we distribute to a Shared Image Gallery in a single location (westus2) . 4.5.10.3 VM Size You can override the VM size, from the default of Standard_D1_v2. You may do this to reduce total customization time, or because you want to create the images that depend on certain VM sizes, such as GPU / HPC etc. 4.5.11 Run the Pipeline Click on “Save” (1) and Click “OK” (2) in the Save window. Now you can click “Create Release” In the “Create a new release” windows click on “Create”. You can view the Release by clicking on “Release-1”. 4.5.12 Navigate through Release Pipelines Each time when you create a new Release Pipeline they are preserved under Releases” (1). By clicking on the Release Number or button under Stages (2) you can look at the details of each previously run Release. 5 Use the newly build Image in WVD Spring Release! After a successful Release Pipeline build you can use the Image when creating a new Hostpool. Click on “Browse all images and disks” (1), select “My Items” (2), select “Shared Images” (3) and select the Image we just created (4). 6 Troubleshooting AIB DevOps Release Pipeline Packer Log files Select the Agent job 1. Notice the “Template name” A new Resource Group is created corresponding with the highlighted number in the template. Open the Resource Group and open the Storage Account in the Resource Group to get the Blob Storage for the Packer Log files. Note: This Resource Group including the storage account will be deleted after the Image has been created. If you want to read the logs you will need to do it during the build and distribution of the Image. Sample output of Packer Log. Known Issues The (free) Agent job for the Release Pipeline has a limitation to only run for 60 minutes. After 60 minutes it will timeout and report it hasn’t heard from the agent. This is as expected, and the build will likely finish successful. As The Agent hasn’t finish it will not clean up the Resource Group created for the Release Pipeline which also includes the storage account with the Packer logs (see previous paragraph on Packer Log files). Please make sure to clean up this Resource Group manually! The End! I hope this was useful to get you going. If anything is missing please feel free to reach out. Roel36KViews4likes7Comments