The Azure Virtual Desktop service
This section will look at the Virtual Desktop service, a compute service that you must understand for the Describe Core Azure Services exam.
Microsoft’s Virtual Desktop service is a desktop and application virtualization service that provides access to your desktop and applications from virtually anywhere and on any device.
It is provided as a PaaS service that allows remote users to connect from their devices to their hosted desktops and remote applications in Azure. This access is provided securely and reliably from any location with an internet connection or over a private managed network such as Microsoft’s ExpressRoute service; many device types and virtual desktop clients are available to provide the broadest range of connectivity and access methods.
The following are some of the benefits of virtual desktops:
- A full Windows 10 and Office 365 experience.
- Delivers the only multi-session Windows 10 experience.
- A migration path for Remote Desktop Services (RDS).
- Manages Windows 7 End of Support.
- Deploys and scales in minutes.
- Accesses the cloud service anywhere from a web client, or even a desktop client such as Windows, Mac, iOS, Android, and Linux devices.
- Provides centralized identity management and security using Azure AD for role-based access control with Conditional Access and Microsoft Endpoint Manager (MEM) and Microsoft Defender support.
- Improved remote access security using the reverse connect technology; this means no inbound ports to the session host’s VMs, thus reducing the attack surface area.
- Provides the best cost-effective service using pooled desktops through the traditional RDS session host model approach, where many users share one session host VM. Alternatively, they can provide the best performing and secure solution through the traditional VDI approach, where power users or security requirements mandate a level of isolation between user sessions, with one user per VM (where a desktop cannot be shared between users). This is the personal desktops approach.
- If you do not wish to provide users with access to a full desktop, you can publish the applications that have been installed on the VMs.
The following diagram visualizes the Virtual Desktop approach and its components:
Figure 4.11 – Virtual Desktop
As shown in the preceding diagram, the Virtual Desktop solution is made up of the following elements:
- Microsoft-provided and managed platform services: These are PaaS functions where Microsoft provides the managed services of the web access, gateway, and broker roles; these provide the secure connectivity service layer of connecting users with their desktops and published apps.
- Host pools: These are collections of VMs. They are the user-assignable entities that will run your users’ desktops and publish the remote applications. For example, you may have multiple host pools to meet your needs, and each pool is a collection of VMs that share the same image and configuration that may be assigned to a different set of users; different images and configurations could be made available to different users and teams, based on Azure AD group assignment to different pools.
In addition, there are two load balancing methods: depth mode and breadth mode. Depth mode saves costs by fully utilizing a single VM to host users’ sessions before placing a session on the next VM. This is known as vertical load balancing. On the other hand, breadth mode is the best load balancing method for performance since each user session is created on the next available VM and never on the same VM as the last session that it was connected to (where two or more VMs are available in the host pool). This is known as horizontal load balancing.
- Customer-created desktops: These are the infrastructure resources that will provide the user’s desktops and apps. Host pools form the user’s desktop computer layer for the virtual desktop session hosts, which provide the user’s desktop and published apps and file shares; file shares will be required to host the user’s profile containers.
- Customer-created remote applications: Apps no longer need to be installed on the VM OS itself or included as part of the image; through the MSIX app attach functionality, the apps are decoupled from the OS and are then dynamically attached to the VM that a user is connected to for their remote session.
- User profiles: Here, the FSLogix profile container technology is used, which allows a user profile to be stored on a virtual hard disk (VHD) in the file share location, which is then dynamically attached to the VM that a user is connected to for their remote session, whether it be the full desktop or just the application that has been published.
- Third party-provided and managed virtual desktop platform services: Vendors such as Citrix and VMware are part of the ecosystem that provides additional functionalities. You can utilize their presentation and management layers to connect to your virtual desktops and apps.
- Cost savings: Cost savings can be made by running the VMs only when users connect to them. Here, you can also consider the use of ephemeral disks to negate the need to persist disks in storage.
In contrast to shutting VMs down to save costs, if the VMs must be running 24/7, then you can save on the pay-as-you-go metered pricing by committing to a 1- or 3-year commitment to reserve the compute capacity, which is called Reserved Instances (RI) or VM reservations. Note that this only discounts the compute costs of the VM; you will still have to pay the OS costs and for storage, networking, and so on.
Finally, through the Azure Hybrid Use Benefit (AHUB), you can also negate the OS costs for the VMs if you have eligible software licensing; you should contact Microsoft Support or a licensing specialist partner for guidance in this area.
This section looked at the Virtual Desktop service. In the next section, we will look at the network services available in Azure.