Monday, June 5, 2023

Implementing Azure Virtual Desktop (AVD)

Implementing Azure Virtual Desktop (AVD)

Microsoft announced the Spring 2020 update for their Windows Virtual Desktop (WVD) right in the middle of the COVID-19 pandemic which brings some interesting new capabilities to this Virtual Desktop Infrastructure (VDI) service. In the early Fall 2019 release last year, one of the key issues was that the objects you create could not be easily administered and/or automatically managed within the Azure portal!

Microsoft recently branded Windows Virtual Desktop to Azure Virtual Desktop (AVD), which brings in new security and management capabilities under preview.

The Spring 2020 update marks a shift in the virtual desktop service towards full Azure integration that now allows you to leverage Azure portal's built-in capabilities onto AVD as if it was just any other ARM-based workload. The new AVD management portal integration is fully built on Azure Resource Manager (ARM), which means that permissions can be managed via role-based access control (RBAC). All the AVD deployment items like host pools, workspaces, etc., are objects within your Azure subscription. This makes it easier to manage and automate your VDI environment. In the below table you will see the key differences of classic AVD (non-ARM) and AVD ARM-based via the Azure Portal:

Source: Microsoft

The 'spring refresh' of virtual desktop provides a best-in-class virtual desktop and app user experience on Azure. Microsoft’s AVD service provides desktop virtualization with multi-session capabilities, simplified management of hosts, applications, data, and enhanced security. It allows users to virtualize Windows 7 and 10, Microsoft 365 applications for the enterprise, and other third-party applications by running them remotely in Azure.

Microsoft made this announcement a few months back, but some customers had already reacted early due to COVID-19 related challenges to their work environment causing them to possibly pilot, test and deploy the Fall 2019 update. If you are such a customer, please follow the Migration from Fall 2019 to Spring 2020 update guideline from Microsoft. This can drastically shorten IT’s timeline to scale the solution by not spending too many administrative cycles and in managing a PowerShell-based environment than an Azure-integrated one.



How is the market reacting?

Gartner expects that by 2023, 30% of all the on-premises VDI users will access a workspace in the cloud using a Desktop-as-a-Service (DaaS) solution of some sort, and based on the yearly VDI Like A Pro survey, Microsoft’s Azure Virtual Desktop is leading the pack with 26.76% of the market share as a sought after DaaS.

Source: Gartner

With remote working becoming more popular than ever before due to the current circumstances, it is unclear what the market will look like a few months from now, but existing climate conditions dictate that this trend will continue to grow.



What is the value proposition?

The value proposition for desktop virtualization is that it provides a mechanism to move from your existing CAPEX-based environment to an OPEX-based cost-optimized infrastructure. The economic benefit is that you get to avoid large upfront financial commitments on deployments and can match capacity to operational needs with the end goal to be able to align hardware, software and services with changing business needs.



Azure Virtual Desktop helps achieve superior economics from significant cost savings across infrastructure, licensing as well as effort. In terms of infrastructure, it provides Windows 10 experience via multi-session which provides a more cost-effective compute and storage structure besides flexible network provisioning. Also, much of the AVD management service cost may be already included in the licensing agreement you already own such as Remote Desktop Services (RDS), CALs with multi-session deployment, extending to Windows 7 desktops granting an additional three-year Extended Security Updates (ESU) if hosted in the cloud.





Azure Virtual Desktop Architecture – why its appealing!

The AVD architecture has three major components however, the primary appeal is the paradigm shift that Microsoft has adopted by taking over management of access, gateway, broker, database and diagnostic components which contributed to much of the administrative and deployment overhead associated with traditional Remote Desktop Services (RDS). The key benefit is that the Microsoft-managed control-plane is a fully redesigned infrastructure that leverages native Azure platform services to scale automatically which enables customers like yourselves to focus on what matters - user endpoints on the client-side (on-prem or mobile) besides, hosts and applications on the server-side (in the Azure cloud).

Source: Microsoft

A simplistic use case of interaction from a remote desktop client to an Azure hosted server session is defined below:

  1. A user launches RD client which connects to Azure AD, Azure MFA, user signs in, and Azure AD returns token.
  2. RD client presents token to Web Access, Broker queries DB to determine resources authorized for the user.
  3. A user selects resource, RD client connects to Gateway.
  4. Broker orchestrates connection from host agent to Gateway.
  5. RDP traffic now flows between RD client and session host VM over connections 3 and 4.

Some key takeaways that are worth looking at again as you evaluate Microsoft AVD as your next plausible VDI solution that resonate with the cost savings associated with infrastructure, licensing and labor stated earlier are listed as follows:

  • ONLY Windows 10 enterprise multi-session user experience.
  • MOST of your existing Windows licensing can likely carry-over.
  • NO VPN client/connection needed OR firewalls ports to open.
  • BYOD clients like desktop, HTML5 browsers, iOS, Android, etc.
  • SINGLE pane of glass to manage your hosts, apps, and users.


Azure Virtual Desktop Migration – "Accelerate your RDS and VDI migration to Windows Virtual Desktop"

Cambay is a Microsoft Managed Services Partner (MSP) and early adopter of VDI solutions and has developed a proven and tested process to help you migrate your workloads to AVD. The below diagram showcases our process at high level:




  • Discovery and Scope Definition: Identify, evaluate, and document workloads in your organization to be migrated. You can use Microsoft Azure templates and/or PowerShell scripts and we help you with that.
  • Change Control and Communication: Create a Change Management Plan – Highlight release dates, users impacted, training plan - we will help you define these. Create a Communication Plan – Share information repeatedly through lunch and learns and other office activities. Leveraging our predefined templates and industry experience, we will help you develop a robust communication plan.
  • Migration Planning: Create and document a prioritized inventory: compute servers, user profiles, storage sizing, network connections, identity requirements besides other resources that you may need for migration. We shall use our in-depth knowledge and prior project experience to help your migration planning.
  • Develop and Test: Leveraging best practice models, we can develop and scale the solutions using Microsoft AVD.
  • Execute and Decommission: Deploy to production, leverage your change management plan to communicate to business stakeholders, convert legacy infrastructure and workloads to read-only, and retire after postproduction support, that our experienced engineers can help you manage.
  • Optimize and Govern: Create and document a governance plan that will maximize your ROI as it is critical to successfully sustaining the new platform. We have implemented such projects and can customize per your needs.

As a trusted advisor to numerous customers out there and want to share some of the strategies to implement a truly innovative solution using Azure Virtual Desktop. 

No comments:

Post a Comment