Call us: (407) 567-0096
Open a ticket
Chat with us
USA flag German flag Spanish flag
BLOG Published on 2020/06/06 by Asitha De Silva in Tech-Tips

Windows Virtual Desktop | 2020 ARM Version | Deployment with Domain Services

Witnessing the rapid development of the Windows Virtual Desktop solution, Microsoft has released the public preview of Windows Virtual Desktop 2020 which is based on the Azure Resource Manager model. In simple words, you can deploy and manage the WVD from the Azure Portal.

2019 fall release of WVD, which is in GA, most of the configurations are performed through PowerShell. There is a series of cmdlets for management tasks after deploying. Also, you need to configure a Web app if you really want the GUI, which comes in many limitations. ARM release of WVD, you can enable from Azure portal from few clicks and most of the configurations can perform through the Azure portal. However, it is still in public preview. If you are deploying the V1 which is in general release, refer to the following posts.

01 – Working remotely and efficiently with Microsoft technologies

02 - Windows Virtual Desktop | Configuring Prerequisites and WVD Tenant Creation

03 - Windows Virtual Desktop | Create Host Pool and Access through Web, Client App and Mobile Devices

04 - Windows Virtual Desktop | Configure FSLogix User Profiles using Azure Files and AD Authentication.

05 - Windows Virtual Desktop | Manage App groups and Publish Applications


What is New


Integrated into Azure portal dashboard

Azure portal integration helps to easily deploy WVD from simple few steps. VM image creation, Create host pools are effortless. In V1 this has to be performed through cmdlets

Management tasks through the Azure portal

Management tasks such as Application or desktop group creation, Application publishing, Assigning users can be performed through the portal. Also, custom RDP settings such as disk, audio, clipboard redirection can be enabled or disabled from the console.

User Session management

You can view the active user sessions, connected hosts from the Azure console. You can directly manage these sessions. Send messages, forcefully disconnect and logoff can be performed.

Use of Azure AD Groups

Azure groups are not supported in the previous release, with the ARM release, Azure groups, and AD synced groups are supported. You can add groups in application assignments, desktop assignments.

Role-based access control

Native Azure role-based control can be used with the Windows virtual desktop solution.

Advanced monitoring with Log analytics

WVD can now leverage Azure monitoring capabilities. Azure Log Analytics can be used to actively gather monitoring data on each WVD object. You can use the Log Analytics workspace and integrated power bi dashboards to monitor the solution.

Integrated to AZ PowerShell module

WVD management and configurations now integrated into the AZ module. To install just run: Install-Module Az.desktop virtualization, and then run Get-Command-Module Az.DesktopVirtualization to get a list of available commands.

Geographical support for Service Metadata

In the previous version, service metadata location only supported in the US, but now you can select the other regions, however, as of today it's still supported only the US regions but other regions will be added to the list shortly.


Deployment Prerequisites


Azure Active Directory
WVD uses Azure Active Directory authentication. AAD Free version is supported with Multi-factor authentication, however, if you want more granular control with Conditional Access you need to have Azure AD Premium.

Azure AD Connect
Your on-premise active directory users should be synced to Azure Active directory through AAD Connect.

Azure Subscription with Global Admin rights

Azure Site to Site VPN with your on-premise environment – This is Only required if you want to connect to the on-premise environment to access the applications

Azure AD Domain Services or Windows Active Directory
Active directory domain join is required for the host pool VM’s, my previous blog I used to connect an on-premises AD, so this post, I’m using Azure AD Domain Services

Network requirements (here)


High Level Architecture 


Above Windows Virtual Desktop architecture is designed to work with Azure AD Domain services hybrid environment. With domain services, you do not need to open your on-premises active directory to Azure. However, you need to have an IPsec VPN tunnel to access on-premises applications by WVD Pool. This architecture, we can categorize as more secure because it has less connectivity to the on-premises datacenter, but you may lose the Single Sign-on capabilities to the on-premises applications.


Deploying Azure AD Domain Services 

Azure AD Domain Services provide domain services to the workloads in Azure and other cloud infrastructures. You can use it for Domain joining, deploy group policies, LDAP, authentication using Kerberos or NTLM, and managing users and groups. It’s integrated into the Azure tenant and as a managed service, you don’t need to be worried about management duties such as patching or taking backups, and its always highly available. When deploying make sure to create a separate subnet for domain services. Please refer to the following posts for implementing and configuring domain services.

What is Azure AD Domain Services 

Azure AD Domain Services | Implementing and Configuring 

After configuring Domain Services and updating DNS, if you are using different VNET for WVDPool, update the DNS of that VNET to use the ADDS DNS records.


Implementing Windows Virtual Desktop ARM

  1. Before configuring WVD, you need to register the Microsoft.DesktopVirtualization resource provider with the subscription. Select the subscription and double click to open.


  2. Select resource providers, Type Desktop.Virtualization and click Register






  3. Next, Type Windows virtual desktop on all services to access the WVD blade




  4. To create a Host pool, click Create a host pool button and follow the wizard as follows. Select the, VM sizing, pool type, virtual network




  5. In the Administrator account, provide an Azure AD Domain services Administrator account with the UPN, at this point you should already add the AADS DNS to the VNET.


  6. In the workspace blade, create a new workspace and register the host pool to it.


  7. Click Review + Create to create the WVD workspace with Host pool


Connect to the Desktop Host Pool

After successfully completing the creation of the host pool. A default desktop application group will be created. This can be accessed from the Application Groups tab.

You can open the DAG and assign users to it by clicking assignments

After assigning users, they can access the WVD from We browser or Windows desktop client

Connecting through Web client (browser)

Open a web browser and browse the following URL, Microsoft Edge, IE, Chrome, Safari, and Firefox are supported browsers. This URL is different from no ARM model.

https://rdweb.wvd.microsoft.com/arm/webclient/index.html

you will be prompted with Azure AD Authentication

Connecting through Windows Desktop Client

WVD Desktop client supported on Windows 7, Windows 10, and Windows 10 IoT Enterprise, you can download it from

Windows 64-bit

Windows 32-bit

Windows ARM64

Install the client, click Subscribe, Provide the Azure AD credentials to the host pool The Windows client automatically defaults to the Windows Virtual Desktop Fall 2019 release. However, if the client detects that the user also has Azure Resource Manager resources, it automatically adds the resources or notifies the user that they are available.

If you found any trouble, use the option of Subscribe with URL and use the following URL

https://rdweb.wvd.microsoft.com/api/arm/feeddiscovery






Creating Application Groups and publishing Applications

Publishing applications are simplified with the ARM model. You can easily create the application group from the application groups tab.

To publish applications, Select the Application Group,

Click Applications, Click ADD, and Select the Application from the drop-down list.

Then assign the Application Group to the relevant user group

As I described earlier you can see, WVD 2020 ARM version is very simple to implement and configure. Also, management activities such as adding and publishing applications, creating host groups, create new workspaces, monitoring user sessions possible through a single console.  There is a migration roadmap for the existing customers resides in WVD 2019 release, however, it’s better to wait till the General availability of the ARM version to implement in a production environment.

Hope this post is useful

 Cheers

Asitha De Silva



Asitha De Silva

Consultant Cloud Solutions

Expert in architecting and implementing cloud-based infrastructure solutions.

Popular
Volume Activation Management Tool 3.1 – Implementing and Activating
By  Asitha De Silva  -   2015/12/13
Windows File Server 2016 | Map Network Drive for Users and Group Drive using GPO
By  Asitha De Silva  -   2017/12/28
Multiple Password Policies for Domain Users
By  Asitha De Silva  -   2019/11/16
Newsletter

To keep up with the news and updates related to our products, make sure to subscribe to our newsletter!

Copyright © 2024 Terminalworks. All Rights Reserved

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Cookie Policy. Privacy details