RDS and VDI migration to Azure Virtual Desktop: Why Consider?

We will try to explore here, when is it the time to think of moving to Azure Virtual Desktop (AVD) which comes as hosted desktop as a service (DaaS) and its advantages; in case you are using Remote Desktop or Virtual Desktop service. We will also understand how Azure Migrate service with all its features helps to make the migration process smooth.

Remote Desktop Services or RDS denotes the collective features of Microsoft Windows Server, with which the users can access Windows desktops and applications remotely.

Whereas, Virtual desktop infrastructure or VDI is a technology of desktop virtualization that helps Microsoft Windows desktop operating system (OS) to manage and run in a situation like on-premise environment or cloud data center. Here, the desktop image is delivered to an endpoint device (could be a traditional PC, mobile or thin client), along with the OS and apps as though they are running locally.

You can think Azure Virtual Desktop (AVD) as the successor of RDS or VDI.

Even some time back VDI was taken as a magic cloud revolution that helps in reducing costs, saves deployment time, standardizes application experience and takes away all the expense and management issues of user devices completely. Because everything would be available in the datacenter on secure servers.

Yet, companies still had to worry about the endpoints to ensure that proper security is maintained. The savings got used up in keeping infrastructure and expertise to give support.

Windows Virtual Desktop on Azure, on the other hand, comes with new features, capabilities that help you to migrate your existing virtual desktop workloads to Azure; irrespective of whether you are building a new environment ground up or trying to transform your RDS/single session Windows 10 virtual machines.

Advantages of Azure Virtual Desktop over RDS/VDI  

• AVD comes as a Platform-as-a-Service (PaaS) meaning, it is Microsoft which runs the show completely without the need of end-user involvement.
• Windows 10 / 11 Enterprise multiple session capabilities come as the unique feature of AVD.
• Free Windows 7 Extended Security Updates for the next three years till 2023.
• FSLogix Profile Container integration helps in flawless user profile management, which was so challenging earlier, and also the optimized support for Office365 ProPlus.

Azure Migrate

The Azure Migrate helps you in planning your cloud migration like moving personal desktops, on-premise infrastructure, applications and data to Azure cloud. It will help you to assess how your on-premise workloads will perform along with the costs.   

Features of Azure Migrate

Unified migration platform enabling you to commence, run and finally track you Azure migration.

Azure Migration Tool Hub along with Azure Migrate: Server Assessment and Azure Migrate: Server Migration. It also helps to integrate with other Azure services.

Azure Migrate: Server Assessment helps to assess any on-premise server (e.g. Hyper-V) and physical servers whether they are ready for Azure migration.

Azure Migrate: Server Migration onthe other hand helps in actual migration of on-premise, physical server, other virtual machines or public cloud virtual machines to Azure.

Azure Databases Migration Assistant (DMA) for assessing your on-premise SQL Server databases to Azure SQL DB, Azure SQL Managed Instance or Azure VMs running SQL Server.

Azure Databases Migration Service (DMS) helps in the migration of your on-premise databases.

Web application Assistant for assessment and migration of the on-premise web apps to Azure App Service with the help of Azure App Service Assistant.

Virtual desktops for moving your on-premise VDI to Azure Windows Virtual Desktop.

Azure Data Box provides fast and cost-effective solution to migrate all your data on Azure.

Movere, the Microsoft acquired SaaS platform helps you to gain visibility and control over the environments irrespective of geo-location, application or platform used.

Azure Migrate also integrates with a number of independent software vendor (ISV) offerings (for example, Lakeside, Rackware and others).

Migration Scenarios

The following could be the migration scenarios which you can consider moving your workload from on-premise to Azure…

1. If your lease of data center is expiring, then you may consider it to be a good time for migration.
2. Software reaching the end of support then it is the time to use cloud.
3. Hardware refreshing cases.
4. Application innovation.
5. Security, compliance requirements.

Migration Journey- understanding the phases

Assessment

In assessment stage get the audit of all things on your on-premise environment that are ready to go to the cloud. You may need to fix few things before you migrate. Because not all workloads are readyto migrate to the cloud. Therefore, you need to find out the issues if they can be tweaked and fixed.

Migration

Here is where the actual migration starts with the help of migration tools that you choose and the steps that you follow for migration.

Optimize

For the cost management in Azure.

Management

Involves user and application management.

Azure Migrate:  Key Tools for the key migration Scenarios  

Azure Migrate helps you in all the process of Assessment and Migration stages. You can use the ISV tools from Microsoft partners as well.

Azure migrate also gives you end-to-end progress tracking which you can use to track your migration journey across different workloads and steps of your migration. Azure Migrate also brings a center Data Depository for your migration.

There are different Azure tools for different migration scenarios like…

a) Server scenario– helps you to move Windows/Linux servers to Azure

b) Database scenario– you can move your SQL/non-SQL databases to Azure

c) Offline Database movement scenario

d) Virtual desktop migration scenario – the available tools help to migrate your virtual desktop environment to Azure Windows Virtual Desktop. (you can also use the Microsoft partner tools for the purpose).

e) Web Application migration scenario– there are tools in Azure Migrate that help you to migrate your on-premise applications.

Let us consider the migration scenarios of Virtual Desktop.

Migration: The Considerations

When you want to migrate your virtual desktop to AVD, there are a few things to consider.

i) Suitability of migration analysis: there could be OS constraints to Azure and hence you need to understand whether the on-premise Operating Systems are compatible with Azure.

ii)Sizing of CPU, Memory: to understand the sizes of vCPU and Memory you would require for shifting your on-premise CPU, Memory size to Azure. Because often we over-allocate our on-premises resources and they remain unutilized. This assessment will help you to optimize your resources on the cloud.

iii)Licenses & Dependencies: to understand the license requirements and dependencies to ensure you are not leaving anything behind.

iv)Collection of Users: there would be users for pooled desktops and others needing stand-alone desktops. Accordingly, you can understand the VMs you would be needing in AVD.

v) Application Rationalization: there would be applications that are rarely used and those which are critical that must move to the cloud. The rarely used applications you can leave off from migrating to cloud.

vi)User Density & Segmentation: for the users using pooled desktops, the set of users that would be sharing a desktop and also those using the same kind of applications.

vii)Cost Estimation: to help you know the cost of moving your desktop resources to Azure and running them.

Migration Assessment

You can access Azure Migrate from Azure Portal. There you will get a dashboard showing all the different migration scenarios as discussed above. You choose the one applicable to you.

To get started with your assessment you need to start the Assess Virtual Desktop Infrastructure. There you will be able to create a Migration Project for you. It is associated with your subscription, resource group, geo-location to store your data (in case you do not wish your data to move out of your geographic location) and project name.

Next, you will be allowed to select an Assessment Tool (e.g. Server migration). And once you add a tool, it will create a project for you and the required tools will be added to your project and start assessing your project.

First, it will assess your entire on-premise environment as we have discussed in the virtual desktop migration scenario above. The data will then be pushed to Azure Migrate.

There you will get an exhaustive report on the entire assessment journey including the tools you have used for the purpose.

The Migration process to Windows Virtual Desktop

a) The Paths

There are 2 paths that can be taken.

1. Migration Path1 focused at operational efficiency which helps you to lift and shift your desktop environment to Azure and modernize them later. The trigger here is infrastructure oriented e.g. data center lease, expiry etc.

2. Migration Path2 focused on innovation and efficiency. (The triggers are mostly app oriented like legacy apps and if you wish to modernize them). If you are in greenfield category (building everything ground up) you can use this path.

b) The Journey

It happens in the following steps…

1. Setup your virtual network-connect to on-prem

2. Setup Active Directory

3. Synch Azure AD and Active Directory

(Steps 2 & 3 can be done interchangeably)

You will need a local domain controller set up in your virtual network and need to synchronize your user details to Azure Active Directory. You can first do the syn and later set up your domain controller or vice versa.

4. Create objects in AVD and generate registration token. First, get into your windows virtual desktop environment and create objects like a) AVD tenant that connects your AVD to your Azure Active Directory Tenant and b) setting up of host pool or the VM sets that you have decided to add to your AVD. Next, you will get a registration token.

5. Once you have your AVD you can move your virtual machines (either migrate or create new VMs) and connect them to AVD.

6. Migrate the user data to Azure. Keep in mind that AVD does not support User Profile Disks (UPDs-if you are using them) but supports FSLogix Profile Containers. So, you have to convert your UPDs to Profile Containers. If you are using Personal Desktops you need to assign the users directly to the virtual machines.

Your journey doesn’t end after moving things to Azure. You continue to optimize your virtual desktop workloads in Azure, for cost, latency issues and continue managing them.

You can consider for any consulting help as we are a Microsoft Gold partner offering managed Azure solutions. For over 15 years have remained as the most reliable, cost-effective hosted software service provider helping 10,000+ clients across 90 countries. Please feel comfortable in reaching us any time via chat or call.

Implementing Azure Virtual Desktop (AVD)

Implementing Azure Virtual Desktop (AVD)

Microsoft announced the Spring 2020 update for their Windows Virtual Desktop (WVD) right in the middle of the COVID-19 pandemic which brings some interesting new capabilities to this Virtual Desktop Infrastructure (VDI) service. In the early Fall 2019 release last year, one of the key issues was that the objects you create could not be easily administered and/or automatically managed within the Azure portal!

Microsoft recently branded Windows Virtual Desktop to Azure Virtual Desktop (AVD), which brings in new security and management capabilities under preview.

The Spring 2020 update marks a shift in the virtual desktop service towards full Azure integration that now allows you to leverage Azure portal's built-in capabilities onto AVD as if it was just any other ARM-based workload. The new AVD management portal integration is fully built on Azure Resource Manager (ARM), which means that permissions can be managed via role-based access control (RBAC). All the AVD deployment items like host pools, workspaces, etc., are objects within your Azure subscription. This makes it easier to manage and automate your VDI environment. In the below table you will see the key differences of classic AVD (non-ARM) and AVD ARM-based via the Azure Portal:

Source: Microsoft

The 'spring refresh' of virtual desktop provides a best-in-class virtual desktop and app user experience on Azure. Microsoft’s AVD service provides desktop virtualization with multi-session capabilities, simplified management of hosts, applications, data, and enhanced security. It allows users to virtualize Windows 7 and 10, Microsoft 365 applications for the enterprise, and other third-party applications by running them remotely in Azure.

Microsoft made this announcement a few months back, but some customers had already reacted early due to COVID-19 related challenges to their work environment causing them to possibly pilot, test and deploy the Fall 2019 update. If you are such a customer, please follow the Migration from Fall 2019 to Spring 2020 update guideline from Microsoft. This can drastically shorten IT’s timeline to scale the solution by not spending too many administrative cycles and in managing a PowerShell-based environment than an Azure-integrated one.

How is the market reacting?

Gartner expects that by 2023, 30% of all the on-premises VDI users will access a workspace in the cloud using a Desktop-as-a-Service (DaaS) solution of some sort, and based on the yearly VDI Like A Pro survey, Microsoft’s Azure Virtual Desktop is leading the pack with 26.76% of the market share as a sought after DaaS.

Source: Gartner

With remote working becoming more popular than ever before due to the current circumstances, it is unclear what the market will look like a few months from now, but existing climate conditions dictate that this trend will continue to grow.

What is the value proposition?

The value proposition for desktop virtualization is that it provides a mechanism to move from your existing CAPEX-based environment to an OPEX-based cost-optimized infrastructure. The economic benefit is that you get to avoid large upfront financial commitments on deployments and can match capacity to operational needs with the end goal to be able to align hardware, software and services with changing business needs.

Azure Virtual Desktop helps achieve superior economics from significant cost savings across infrastructure, licensing as well as effort. In terms of infrastructure, it provides Windows 10 experience via multi-session which provides a more cost-effective compute and storage structure besides flexible network provisioning. Also, much of the AVD management service cost may be already included in the licensing agreement you already own such as Remote Desktop Services (RDS), CALs with multi-session deployment, extending to Windows 7 desktops granting an additional three-year Extended Security Updates (ESU) if hosted in the cloud.

Azure Virtual Desktop Architecture – why its appealing!

The AVD architecture has three major components however, the primary appeal is the paradigm shift that Microsoft has adopted by taking over management of access, gateway, broker, database and diagnostic components which contributed to much of the administrative and deployment overhead associated with traditional Remote Desktop Services (RDS). The key benefit is that the Microsoft-managed control-plane is a fully redesigned infrastructure that leverages native Azure platform services to scale automatically which enables customers like yourselves to focus on what matters - user endpoints on the client-side (on-prem or mobile) besides, hosts and applications on the server-side (in the Azure cloud).

Source: Microsoft

A simplistic use case of interaction from a remote desktop client to an Azure hosted server session is defined below:

1. A user launches RD client which connects to Azure AD, Azure MFA, user signs in, and Azure AD returns token.
2. RD client presents token to Web Access, Broker queries DB to determine resources authorized for the user.
3. A user selects resource, RD client connects to Gateway.
4. Broker orchestrates connection from host agent to Gateway.
5. RDP traffic now flows between RD client and session host VM over connections 3 and 4.

Some key takeaways that are worth looking at again as you evaluate Microsoft AVD as your next plausible VDI solution that resonate with the cost savings associated with infrastructure, licensing and labor stated earlier are listed as follows:

• ONLY Windows 10 enterprise multi-session user experience.
• MOST of your existing Windows licensing can likely carry-over.
• NO VPN client/connection needed OR firewalls ports to open.
• BYOD clients like desktop, HTML5 browsers, iOS, Android, etc.
• SINGLE pane of glass to manage your hosts, apps, and users.

Azure Virtual Desktop Migration – "Accelerate your RDS and VDI migration to Windows Virtual Desktop"

Cambay is a Microsoft Managed Services Partner (MSP) and early adopter of VDI solutions and has developed a proven and tested process to help you migrate your workloads to AVD. The below diagram showcases our process at high level:

• Discovery and Scope Definition: Identify, evaluate, and document workloads in your organization to be migrated. You can use Microsoft Azure templates and/or PowerShell scripts and we help you with that.
• Change Control and Communication: Create a Change Management Plan – Highlight release dates, users impacted, training plan - we will help you define these. Create a Communication Plan – Share information repeatedly through lunch and learns and other office activities. Leveraging our predefined templates and industry experience, we will help you develop a robust communication plan.
• Migration Planning: Create and document a prioritized inventory: compute servers, user profiles, storage sizing, network connections, identity requirements besides other resources that you may need for migration. We shall use our in-depth knowledge and prior project experience to help your migration planning.
• Develop and Test: Leveraging best practice models, we can develop and scale the solutions using Microsoft AVD.
• Execute and Decommission: Deploy to production, leverage your change management plan to communicate to business stakeholders, convert legacy infrastructure and workloads to read-only, and retire after postproduction support, that our experienced engineers can help you manage.
• Optimize and Govern: Create and document a governance plan that will maximize your ROI as it is critical to successfully sustaining the new platform. We have implemented such projects and can customize per your needs.

As a trusted advisor to numerous customers out there and want to share some of the strategies to implement a truly innovative solution using Azure Virtual Desktop. 

How to connect to an Azure account using PowerShell?

 

How to connect to an Azure account using PowerShell?

To connect to the Azure cloud from the portal (https://portal.azure.com) and to programmatically access there are several methods, we can log in to Azure like .Net, Python, PowerShell, Java, etc. Microsoft is so flexible that you can log in to Azure using almost all the programming languages.

Here, we are going to cover how to log in using PowerShell to the Azure cloud and how you can connect to an Azure subscription and leverage cloud resources.

Pre-Requisite:

PowerShell session should have the Az.Accounts module loaded because it needs for running commands related to the Azure connection. If not installed then install it from the PowerShell gallery.

https://www.powershellgallery.com/packages/Az.Accounts

However, you may need additional Azure modules when you start writing scripts. You can use the Az module for the whole package if you don’t need the individual module to install.

Microsoft Azure PowerShell - Accounts credential management cmdlets for Azure Resource Manager in Windows PowerShell and PowerShell Core.

To Install Module,  Copy and Paste the following command to install this package using PowerShellGet  More Info

PS> Install-Module -Name Az.Accounts

Connection methods:

• Portal redirection.
• Using the Device code.
• Service Principal Name (SPN)
• Certificate

1) Azure Portal Redirection

Once you have installed the Az.Accounts module, you can directly run Connect-AzAccount from the PowerShell console and it will redirect you to the browser for the Azure authentication.

Browser Authentication

This method people generally prefer when they have cached login in the browser so they don’t need to enter credentials again.

2) DeviceCode authentication

You can also log in with the device code, the 9-digit (mostly) code is generated to enter what you need to enter in the URL (https://microsoft.com/devicelogin).

To log in with the device code, you need to provide the –useDeviceAuthentication parameter with the Connect-AzAccount command, and you will get the code in the console as shown below.

Connect-AzAccount -useDeviceAuthentication

Using Device Code

Enter this code to https://microsoft.com/devicelogin website and you will see the form to enter the code.

Enter Code form

Once you enter the code and if your browser is already authenticated with the Azure portal then just entering the device code works otherwise you need to login to the Azure portal first.

3) Using Credentials

You can provide Azure Account credentials directly to the command line using the -Credential parameter in the Connect-AzAccount command but this method won’t work if you have the multi-factor authentication in place for your organization.

$creds = Get-Credential
Connect-AzAccount -Credential $creds -TenantId XXXX-XXXXXX-XXXXX-XXX

For multi-factor authentication, you might receive an error as shown below.

Multi-Factor authentication error.

This is a simple way of authentication that you can use the same credentials during the script whenever applied but only for the single-factor authentication.

4) Using Service Principal Name (SPN).

To authenticate the Azure account with SPN, you first need to create SPN. Two methods are shown below on how to create SPN using Azure Portal and Powershell.

• Azure Portal – https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal
• Azure PowerShell – https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-authenticate-service-principal-powershell

Once the SPN is created, get the Application ID and secret from the Azure Portal (Azure Active Directory -> App Registrations -> Your AppName) and you will find AppID and Client credentials (Secret) there.

App Registration Page

Enter the code below.

$creds = Get-Credential
Connect-AzAccount -TenantId "xxxx-xxxx-xxx-xxxx" -Credential $creds -ServicePrincipal

In the Get-Credential command, enter ApplicationId as the username and Secret as the Password.

or you can pass the credentials, as shown below.

$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $ApplicationId, $SecuredPassword

Output

There is another method to log in with a certificate, but it is a whole different topic. We will cover a separate topic for it.

Conclusion

The above methods mentioned are for login interactively and with SPN. The latter method can be used when there is no user interaction required to log in to the Azure account automatically and run the script. For example, runbook or Azure Pipelines.