When Windows Virtual Desktop was released as a public preview the world went wild. Rumors were soon flying concerning what it could do and how it would work. The unwashed masses of IT professionals felt the excitement of anticipation in their bones.
Well, perhaps not. But the fact is, Windows Virtual Desktop is something completely new and innovative where Microsoft is concerned, so organizations that are Windows-centric shops rightly began to take notice and begin exploring the new capabilities that could come from deploying Windows desktops and apps in the Microsoft Azure cloud.
Microsoft recently updated its introductory info about Windows Virtual Desktop and it’s worth taking a look at if you aren’t yet familiar with Microsoft’s new Windows-as-a-service offering. As for myself, however, I prefer to learn about things like this from experts working in the field instead of from Microsoft’s marvelous marketing engine. That’s why I recently asked fellow IT professional Gerry Hampson to fill us in on how we can get started working with Windows Virtual Desktop. Gerry is a senior consultant for Ergo Group based in Dublin, Ireland, and is a specialist in Microsoft consultancy and implementations, particularly in the area of enterprise client management. He has co-authored several books on System Center Configuration Manager, most recently the latest in the ConfigMgr Unleashed series. Gerry was first awarded Microsoft MVP in 2015 and is a regular speaker at Microsoft Management Summit (MMS). Gerry has a blog called Gerry Hampson Device Management, and you can also find him on Twitter @GerryHampson. Let’s pay attention now as Gerry fills us in on how to set up Windows Virtual Desktop and configure fxlogic containers for profile management.
What is Windows Virtual Desktop?
Microsoft announced general availability of Windows Virtual Desktop in September. I think it’s great. What’s not to like? We can now deploy a Remote Desktop solution in Azure without having to worry about the underlying infrastructure. Services like gateway, brokering, licensing, and diagnostics are provided as a service in Azure
Windows Virtual Desktop allows you to deploy and scale virtualized Windows desktops and apps on Azure. It can be deployed in minutes and offers simplified management, multisession Windows 10 and optimizations for Office 365 ProPlus. We can deploy VMs with Windows 10 or Windows Server 2016. We can also use our own custom Windows 7 images. As a bonus, this includes free extended support for Windows 7 (extended security updates for three years). That’s a no-brainer.
Windows 10 Enterprise multisession is a new Remote Desktop Session Host that allows multiple concurrent interactive sessions, which previously only Windows Server could do. This is only available with Windows Virtual Desktop.
Windows Virtual Desktop is domain-based but leverages Azure AD as an identity provider, so you can use additional security controls like multifactor authentication (MFA) or conditional access. With Active Directory Federation Services (ADFS) you can have single-sign on (SSO), so the user won’t be prompted for credentials when connecting to the VM.
Also, you can manage the pool VMs using tools like ConfigMgr or Intune. ConfigMgr 1910 includes multisession support in client settings.
What are the use cases? In my company, we have implemented the solution for contractors. It saves us having to provide laptops to access corporate resources. It can also be used for remote working, desktop DR, regulatory restricted environments and to assist with application compatibility when upgrading from Windows 7.
Windows Virtual Desktop prerequisites
There are some requirements before you can get started.
- Licenses: A minimum Windows 10 Enterprise E3. You should consult the official docs but I have Microsoft 365 E3 for testing.
- Obviously, you need an Azure subscription. This will cost you money (but not too much).
- User accounts: You’ll need an Azure global admin account to grant the WVD service permissions to your AD instance. You’ll also need to nominate a WVD Tenant Creator and some test host pool users.
- You need to decide which directory services you will use to support your infrastructure. You can use Azure AD, a domain controller hosted in Azure, or a DC hosted on-premises with a VPN to Azure. The Azure VMs that you create can be AD-joined or hybrid AD-joined (but not Azure AD-joined).
- Azure network: You need to have a virtual network in Azure. Remember, you don’t configure DHCP in Azure virtual networks. IP addressing is dynamic based on the assigned subnet.
- In my deployments to date, I’ve used a DC hosted in Azure, so I configured a static DNS record for the DC in the properties of the virtual network. That way the host pool VMs were able to find the DC and join the domain.
- Download and install the Windows Virtual Desktop PowerShell module.
Before you start, you can assess if the experience would be good in your region. Microsoft provides an Experience Estimator allowing you to estimate the connection round-trip time from your current location, through the WVD service, to each of the Azure regions in which you’ll deploy VMs.
Setting up Windows Virtual Desktop
When all the prerequisites are in place, you can deploy WVD.
The first thing you need to do is to allow Windows Virtual Desktop services to access the Azure AD tenant:
- Navigate to Windows Virtual Desktop services. Add your tenant ID and click Submit for the Server App.
- Repeat for the client app.
Then you create the WVD tenant. This is done with a few simple PowerShell cmdlets:
- Sign into WVD using the TenantCreator user account
- Create a new Windows Virtual Desktop tenant associated with the Azure Active Directory tenant. The name you choose for your new Windows Virtual Desktop tenant should be unique. You’ll need the Tenant ID and Subscription ID for this cmdlet:
Add-RdsAccount -DeploymentUrl https://rdbroker.wvd.microsoft.com New-RdsTenant -Name <TenantName> -AadTenantId <DirectoryID> -AzureSubscriptionId <SubscriptionID>
Then you can create a host pool:
- Sign in to the Azure Portal and select Create a Resource.
- Search for Windows Virtual Desktop and select Windows Virtual Desktop — Provision a host pool.
- There are four pages of details to configure. The first page has some basics like subscription, resource group, Azure region, name of host pool, and desktop type. You also configure the users that will log into these VMs (comma-separated list).
- The next page is for expected usage. This determines how many VMs will be deployed. Click “Change Size” if you want to change any VM details. I’m conscious of cost in my lab so I’ve done that. Also, enter a prefix for the names of the VMs.
- The third page allows you to configure the VMs. Choose the following:
- Image Operating System: I’ve chosen Windows 10 Enterprise multisession with Office 365 ProPlus.
- Disk type: I’ve chosen Premium SSDs for performance.
- Domain join account and password: The account must already be configured on the domain. This requires password complexity so be careful here.
- Domain and domain OU: Remember, the VMs must be able to find the DC.
- Virtual network and subnet: Make sure your DNS configuration is in place.
- The final page asks for the WVD tenant details. Enter the tenant name and the owner account details.
- The host pool is published automatically to the users you configure.
Then you can configure the fslogix container, which will get into in the next section.
Remember roaming profiles? I’ve always hated them. They grow in size and get out of control. When a user logs in the entire profile is copied from a central location to the desktop. This can take ages and provides a very poor user experience.
fslogix containers are designed to provide “similar” functionality in remote computing environments, such as WVD. The profile is stored in an fslogix container. When a user logs into a VM in the host pool, the container is dynamically attached as a VHD or VHDX file — essentially a hard disk. The user profile is immediately available and appears exactly like a native user profile. No data is copied so the performance and user experience are first class (which is why fslogix has been the industry leader in this space for quite some time).
Microsoft has purchased fslogix so this technology is now available in WVD, for free. fslogix is not licensed independently (and doesn’t actually require a license key to install). It is included with many Microsoft licensing bundles (for example, Microsoft 365 E3/E5).
The next decision that has to be made is where to host the fslogix containers. You have some choices:
- On a file share: This is the one I’ve implemented in my lab and it’s the easiest. I created a new VM and configured a share \\WVDShare\fslogix.
- You can use Azure Files in conjunction with Azure AD Domain Services.
- Azure NetApp Files: This is an enterprise-class, high-performance, metered file storage service. You have to register by submitting a waitlist request.
Download this ZIP file and install the fslogix software on all the VMs in the host pool. I only had three VMs so I did this manually. However, you could use a management tool like SCCM to automate the installation.
You configure fslogix in the registry. This configuration tells fslogix where to save the user profile and can be exported to the other VMs.
- Navigate to HKLM\Software\FSLogix.
- Create a key named Profiles.
- Create the following values for the Profiles key:
Type: Multi-String Value
Working with Windows Virtual Desktop
So now that you’ve created the host pools, how can the users access the virtual desktops? You have some options:
- There is a Windows Remote Desktop full client: There are x86 and x64 versions and it supports Windows 7 and Windows 10. Once you launch the app, you select Subscribe and when you sign in, you’ll be able to see the host pool. The Remote desktop app is also supported on W10 IoT devices.
- You can use an HTML 5 browser.
- There are also Remote Desktop apps for Android, iOS, and macOS.
MSIX app attach
MSIX is a Windows app package format. It provides a modern packaging experience for all kinds of Windows applications. Existing applications can also be converted into MSIX packages using the MSIX packaging tool.
MSIX app attach (as the name suggests) is where the application (stored in MSIX format on a central location) is attached to the operating system. After attaching, applications look and feel as locally installed to the user as well as the operating system. When combining fslogix profile containers and MSIX app attach, the operating system stays completely clean. Data, profiles, and applications are fully separated.
The primary focus for this blog post has been on the desktop experience but it is worth mentioning the RemoteApp capabilities as well. RemoteApp allows us to deliver a streaming application experience to a remote client while providing users the experience of a locally installed application.
Some of the benefits include:
- RemoteApps are launched from a user’s start menu like a normal application.
- Updates to the RemoteApps can be published to a user without any impact on the end-user.
- RemoteApps relying on backend data can be co-hosted in the same Azure region allowing for fast access even for users on slower Internet links.
- Users with limited compute performance or without dedicated graphics cards can still run high-demand applications using the power of the host.
I hope this walkthrough has been helpful for you to learn about and get started with Windows Virtual Desktop.
Until next time!
Featured image: Shutterstock