Azure Cloud Desktop is a game-changer for businesses and individuals alike, offering a flexible and scalable way to access applications and data from anywhere.
With Azure Cloud Desktop, users can access their applications and data from any device, at any time, as long as they have an internet connection.
This means you can work from home, in the office, or even on the go, without worrying about the limitations of traditional desktop computing.
Azure Cloud Desktop is built on top of Microsoft Azure, a robust and secure cloud platform that ensures your data is protected and accessible only to authorized users.
Why Azure Cloud Desktop
Azure Cloud Desktop offers the security and reliability of Azure, allowing you to access virtualized Windows 11 and Windows 10 desktops and apps with ease.
With Azure Cloud Desktop, you can meet employee needs while maintaining control over configuration and management, which is a big plus. This means you can customize the desktop experience to suit your team's requirements without compromising security.
Optimizing costs is a significant advantage of Azure Cloud Desktop. By using multi-session capabilities, you only pay for what you use, which is a cost-effective solution for businesses.
Deploying a cloud desktop platform is simpler from a configuration and deployment perspective compared to traditional VDI. This makes it easier to set up and manage your cloud desktops.
You can quickly deploy desktops with the same scalability potential as enterprise web-based applications. This is especially useful if you've already migrated your applications and data to the cloud.
Here are some key benefits of Azure Cloud Desktop:
- Access virtualized Windows 11 and Windows 10 desktops and apps with the security and reliability of Azure.
- Meet employee needs while maintaining control over configuration and management.
- Optimize costs with multi-session capabilities and pay for only what you use.
Modernization and Deployment
You can modernize your Citrix or VMware deployment on Azure by deploying Windows 11 and Windows 10 Enterprise multi-session on Azure Virtual Machines.
Citrix customers can deploy Windows 11 and Windows 10 Enterprise multi-session on Azure Virtual Machines, making it easy to upgrade to a cloud-based solution.
To get started, Citrix customers can simply get the Citrix app, which provides a seamless experience for deploying and managing cloud desktops on Azure.
VMware customers can also deploy Windows 11 and Windows 10 Enterprise multi-session on Azure Virtual Machines, offering a flexible and scalable solution for their remote work needs.
Here are some options for modernizing your deployment:
- Citrix customers: Get the Citrix app to deploy Windows 11 and Windows 10 Enterprise multi-session on Azure Virtual Machines.
- VMware customers: Get the VMware app to deploy Windows 11 and Windows 10 Enterprise multi-session on Azure Virtual Machines.
Modernize Citrix or VMware Deployment
If you're looking to modernize your Citrix or VMware deployment, you can deploy Windows 11 and Windows 10 Enterprise multi-session on Azure Virtual Machines.
Citrix customers can take advantage of this by getting the Citrix app, which allows for seamless integration with Azure Virtual Machines.
VMware customers, on the other hand, can deploy Windows 11 and Windows 10 Enterprise multi-session on Azure Virtual Machines by getting the VMware app.
Here are the options available to you:
- Citrix customers: Deploy Windows 11 and Windows 10 Enterprise multi-session on Azure Virtual Machines using the Citrix app.
- VMware customers: Deploy Windows 11 and Windows 10 Enterprise multi-session on Azure Virtual Machines using the VMware app.
Think Again: VDI
VDI is a powerful way of ensuring you can deliver a normal Windows image to your BYOD users.
To deliver a seamless user experience, you need to implement VDI carefully to avoid any issues.
It requires careful implementation to ensure that the user experience is optimal, efficient and secure.
Adding PolicyPak to your toolbox grants you increased control over both the VDI image and the applications within it.
PolicyPak helps you manage the VDI image and applications, making it easier to deliver a consistent user experience.
Remote Application Group
To create a Remote Application Group, you'll need to run a command in an elevated PowerShell session. This will list all the applications available to be published.
If all goes well, you should receive a list of applications similar to the one mentioned in the article. This will give you a clear view of what apps can be published.
You'll need to run the following command to see which apps are available and common to all machines in the Remote Application Group. This is a crucial step before you can publish any apps.
The command will return a list of applications that can be published, which you can then use to create your Remote Application Group. This is a key part of the Modernization and Deployment process.
Cost and Licensing
Azure Virtual Desktop and Windows 365 cloud PCs have different cost structures. With Azure Virtual Desktop, you only pay for what you need with usage-based pricing, which includes costs like compute, storage, and networking.
Azure Virtual Desktop requires a Windows 10 Enterprise subscription license for each user, which can be purchased as a standalone subscription or included as part of a Windows 365 suite subscription.
Costs for Azure Virtual Desktop infrastructure are based on actual usage, so if a VM is powered off, there's no compute charge. In contrast, Windows 365 cloud PCs are purchased as licenses through Windows 365, providing a certain amount of compute, RAM, and storage capacity.
Azure Virtual Desktop networking costs are incurred at the Azure subscription level, including egress bandwidth, NAT gateway, VPNs, and Firewalls. Enterprise cloud PCs require a customer-managed Azure subscription, resulting in the same network costs as Azure Virtual Desktop.
Business cloud PCs, on the other hand, do not leverage a customer-managed Azure network, and all network-related costs are incurred by Microsoft and included in the monthly cloud PC license.
To summarize the licensing requirements:
- Azure Virtual Desktop requires a Windows 10 Enterprise subscription license for each user.
- Windows 365 cloud PCs require a Windows 10 Enterprise subscription just like AVD desktops.
- Enterprise cloud PCs require an Intune license, which can be purchased standalone or as part of a Windows 365 package.
- Business cloud PCs do not require an Intune license.
Technical Overview
Azure Cloud Desktop offers two versions of cloud PCs: Enterprise and Business. The Enterprise version is designed for organizations that have invested in Microsoft Endpoint Manager and use it to manage their existing Windows 10 desktops.
To set up an Enterprise Cloud PC, you'll need an Azure subscription with a properly configured network and access to Active Directory with Azure AD Hybrid Join enabled. This requires an Azure AD Connect configured and running within Active Directory, as well as Intune enabled on the Azure AD tenant.
Here are the Enterprise Cloud PC pre-requisites:
- Azure subscription with vNet
- Azure vNet can access Active Directory domain controller
- Azure AD Connect configured and running within Active Directory with AAD Hybrid Join enabled
- Intune enabled on Azure AD tenant
- Admin setting up the initial deployment must be an Owner of this Azure subscription
- Azure AD DS is NOT supported
Technical Architecture
Windows 365 is built on top of existing AVD components, but has a different transactional model, with fixed price vs. consumption-based pricing.
There are two versions of cloud PCs: Enterprise and Business. Enterprise cloud PCs require an Intune license for each user who is assigned a cloud PC M365 SKU, and are designed for organizations that have invested in Microsoft Endpoint Manager.
Business cloud PCs, on the other hand, do not require an Intune license and are managed entirely by the user, similar to a standalone physical PC.
Enterprise Cloud PCs are Azure and Active Directory dependent, and require an Azure subscription with a properly configured network and access to Active Directory that has Azure AD Hybrid Join enabled.
The VM itself runs in a Microsoft-managed Azure subscription, which means admins don't have direct access to it and are not incurring the cost of this VM in their own Azure subscription.
Here are the Enterprise Cloud PC pre-requisites:
- Azure subscription with vNet
- Azure vNet can access Active Directory domain controller (i.e. a PC can be joined to the domain). Custom DNS servers, necessary routing, and firewall access to AD.
- Azure AD Connect configured and running within Active Directory with AAD Hybrid Join enabled
- Intune enabled on Azure AD tenant (each cloud PC user needs and Intune license assigned)
- Admin setting up the initial deployment must be an Owner of this Azure subscription
- Azure AD DS is NOT supported
To set up an Enterprise Cloud PC, you'll need to create an "on-premises network connection" pointing at the vNet and provide AD credentials to join new VMs, which will be validated automatically.
Networking
To secure your environment, you'll need to create a Point to Site VPN. This is a process that will be done later in this guide.
You're now connected to Azure, which is a significant milestone in your setup process.
DNS Server
The DNS Server is a crucial component for your environment. Select the "DNS servers" option and choose the "Custom" radio button.
To add a DNS server reference, you'll need to enter a static IP address for your VM. In this case, the static IP is 10.0.8.4.
You'll also want to add a second DNS Server entry for a public DNS server on the internet. Google's public DNS server, 8.8.8.8, is a popular choice for this purpose.
Having a public DNS server like 8.8.8.8 allows your VM to access the internet while installing updates and promotes it to a domain controller. It also sets the DNS server in advance for any VM you create later.
Click "Save" to save your changes after setting up the DNS server.
Infrastructure and Setup
Azure Virtual Desktop requires a subscription to Windows 10 Enterprise, which can be purchased as a standalone subscription or included as part of a Windows 365 suite subscription.
To set up Azure Virtual Desktop, you first need to grant consent on behalf of your organization, followed by a rinse and repeat process to configure the client app.
You can select any Azure region for your virtual machines, but note that data gets stored in East US 2 by default.
To ensure the best performance, choose the region with the fastest response time for your area, and conduct speed tests if necessary.
If you're adding a DC to an existing environment, be aware that Server 2019 no longer supports the File Replication Service (FRS), which may require an FRS to DFS migration of your AD.
Here's a quick rundown of the initial configurations you'll need to complete:
- Grant consent on behalf of your organization.
- Configure the client app.
- Select an Azure region for your virtual machines.
- Conduct speed tests for optimal performance.
- Migrate from FRS to DFS if necessary.
Infrastructure
Infrastructure costs for Windows Virtual Desktop (WVD) can be a significant factor in your overall budget. Azure Virtual Desktop infrastructure costs are based on Azure consumption, which includes compute costs of running AVD session host VMs, the cost of OS disks, and the usage of Azure Files for FSLogix storage. All costs are based on actual usage, so if a VM is powered off, there is no compute charge.
You'll need to consider the compute costs of running AVD session host VMs, which can vary depending on the size and type of VM you choose. If you're using Azure Virtual Desktop, you'll need to purchase a Windows 10 Enterprise subscription license for each user connecting to an AVD session.
To give you a better idea of the costs involved, here's a breakdown of the compute costs for Azure Virtual Desktop:
Keep in mind that these costs are subject to change, so be sure to check the Azure pricing page for the most up-to-date information.
Our Methodology
Our Methodology is a crucial part of setting up your infrastructure.
Like many first product releases, the deployment process isn't as easy as it could be.
You'll have to complete several initial configurations, which isn't a ten-minute process.
We've gone through the entire process and have outlined everything you need to know in an easy-to-follow guide.
Setup and Registration
First, you'll need to grant consent on behalf of your organization to start the Windows Virtual Desktop (WVD) deployment process. This is a crucial step that sets everything in motion.
The initial steps are quick and easy, but you'll need to repeat a series of steps, choosing the Client App instead of the initial setup. This rinse and repeat process might seem tedious, but it's necessary for a smooth deployment.
To create a Windows Virtual Desktop tenant, you'll need to run a command using the Active Directory tenant ID, Subscription ID, RDSTenant name, AadTenantId string, and AzureSubscriptionId string. Make sure to replace the example values with your own.
You'll also need to create a new resource group for your virtual machines, giving it a descriptive name that you'll use later. If you already have an existing Resource Group, you can use that one instead.
Fill out the Instance Details section with the name of your VM, choosing the correct region, image, and size. In my experience, using the East US 2 region and Windows Server 2019 Datacenter image has worked well.
Create Machines
To create machines for your Windows Virtual Desktop tenant, you'll need to create host pools and virtual machines. You can create multiple host pools, each containing one or more virtual machines that are identical.
First, create your host pools by running the following cmdlets after changing "CompanyWVDtenant" to your organization's tenant name. Note that any VMs you create must be domain-joined, so you'll need an Active Directory domain controller in place.
Here's a brief overview of the steps to create host pools:
- Create two host pools, one for the "Desktop Application Group" and a second one for the "Remote Application Group".
- Host pool1 will contain full desktops, and host pool2 will contain published applications.
To create virtual machines, start by creating a new resource group. You can either use an existing resource group or create a new one. If you're creating a new one, give it a descriptive name and take note of the name as you'll use it for your VMs.
When creating a new virtual machine, fill out the "Instance Details" section with the name of your VM. Choose the region, image (either Windows Server 2016 Datacenter or Windows Server 2019 Datacenter), and size (such as "Standard DS1 v2") carefully, as they will affect the performance of your VM. Note that although VMs can live in any Azure region, their data gets stored in East US 2.
Here's a summary of the key considerations when choosing a region:
Remember to select the region that offers the fastest response time for your area, especially if this is for a production environment.
Disk Types
When selecting the disk type, keep in mind that the pricing for your virtual machines is calculated based on the resources you use.
Choosing the least expensive options can help save costs, as I did for this WVD demonstration.
The disk type options are available on the next screen, where you can select from various options and click "OK" at the bottom.
Be aware that higher performance or capacity options will increase the cost.
Selecting the right disk type is an important consideration in setting up your infrastructure.
Go to VM
To access your newly created VM, click on the “Go to resource” button after a successful deployment. This button is typically located on the deployment overview page.
The next step is to click on the "Go to VM" button, which will direct you to your newly created virtual machine. From here, you can manage and configure your VM as needed.
Once you've clicked the "Go to VM" button, you'll be taken to the VM's dashboard, where you can view its status, configure settings, and perform other tasks.
Setting Up a VPN
Setting up a VPN is crucial for secure connections, especially when replicating AD traffic between on-prem DC's and an Azure DC.
Security is especially important in these situations, as it ensures encrypted connections. You want to create a secure connection between your local network and Azure to protect your data.
Whether you're accessing your WVD machine from your on-prem network or a remote site, you need a VPN to ensure secure connections. This is particularly important for accessing your Azure environment securely.
In fact, creating and configuring a VPN connection is a critical step in securing your network transmission. This setup allows you to access your server securely and configure it as needed.
Set Up New Out
Before we dive into the setup process, let's create a new OU for our Windows Virtual Desktop users. This OU will contain the user accounts that we'll assign Windows Virtual Desktop resources to later.
To set up a new OU, create a new organizational unit in your Active Directory. This OU should have a clear and descriptive name, like "WVD" for Windows Virtual Desktop.
For demonstration purposes, I created an OU called "WVD" and a sub-OU called "WVD Users" and added a few users under this OU. This will help us keep our WVD users organized and separate from other users in the organization.
The email addresses of the users in this OU should match the UPN of your Azure AD Domain, as this will be used for synchronization later on.
Frequently Asked Questions
What is Azure Virtual Desktop used for?
Azure Virtual Desktop provides a secure, remote Windows desktop experience for organizations with VDI expertise, suitable for various use cases. It's ideal for businesses seeking a scalable and managed virtual desktop solution.
What is the difference between cloud PC and Azure Virtual Desktop?
Cloud PC is a fully managed, fixed-cost service, while Azure Virtual Desktop is a customer-managed, consumption-based option. This difference affects how you'll pay and manage your cloud desktops
Is Azure Virtual Desktop like Citrix?
While Azure Virtual Desktop and Citrix share some similarities, they have key differences in terms of deployment flexibility and cloud support. Azure Virtual Desktop is specifically designed for Microsoft Azure, whereas Citrix offers more versatile deployment options across multiple cloud and on-premises environments.
What is a cloud desktop?
A cloud desktop is a virtual workspace where users' desktop environments are stored on a server, accessible from any device with an internet connection. This allows seamless access to work environments from anywhere, at any time.
What is an Azure workstation?
Azure Virtual Desktop (AVD) is a cloud-based system that provides virtualized desktops and applications securely over the Internet. It's not specifically referred to as an "Azure workstation", but rather a service that enables virtualized work environments.
Sources
- https://azure.microsoft.com/en-us/products/virtual-desktop
- https://getnerdio.com/resources/windows-365-vs-azure-virtual-desktop-avd-comparing-two-daas-products/
- https://learn.microsoft.com/en-us/azure/virtual-desktop/overview
- https://learn.microsoft.com/en-us/azure/virtual-desktop/users/connect-remote-desktop-client
- https://www.policypak.com/resources/pp-blog/windows-virtual-desktop/
Featured Images: pexels.com