sales@cambaysolutions.com
Cambay Group :
Cambay Consulting Logo
Cambay Engineering Logo
Guide to setup Microsoft Virtual Desktop Infrastructure (VDI)

Business Case:

Azure Virtual Desktop Infrastructure, known as (VDI) is a desktop and app virtualization service that runs on the fully managed Azure cloud. If you are running the on-premises or RDS environment for virtualization, setting up Microsoft RDS and environments is complex.

  • Predicting the RDS workload is not easy. So, choose fully cloud VDI solutions.
  • Need for high availability and scalability.
  • Higher maintenance cost compared to legacy RDS environments.
  • Geo Availability and profile data storage.
  • Identity and Access Management
  • Low cost compared to on-premises or legacy RDS solutions.

Challenges:

Maintaining the RDS CAL license cost and infrastructure is challenging when running the legacy environment.

  • Security is the biggest issue when you have legacy RDS.
  • RDS CAL licensing procurement and distribution is complex.
  • Keep the environment running and healthy by maintaining the certificate users’ group.
  • The RDS environment must maintain the Licensing, connections broker, and application host servers.
  • Cost-effectiveness is always high if creating the RDS environment and maintaining it.

Pre-Requisites:

You will need the below information to setup the VDI on Azure

  • Azure account with an active subscription
  • Identity provider for Azure Active Directory
  • Supported operating system like Client Windows 10, 11 Server 2016.
  • Licenses Remote Desktop Services (RDS-CAL) Client license
  • Microsoft O365 Licenses 365 E3, E5, A3, A5, F3,
  • Microsoft Windows Enterprise licenses E3, E5, Windows VDA E3, E5, Windows Education A3, A5
  • Configure Network, port 443 for outbound-only traffic; port 3389 should not configure for outbound.
  • Session host management, Domain name, AD DSS Or Azure ADDS
  • Network connectivity from On-prem to Azure Cloud
  • Remote Desktop client, Windows, Mac
  • UNC path or FSLogix for user profile containers to save the user’s profile data.
WVD Admin
VDI on Azure

Solution:

Virtual desktop infrastructure, or Microsoft Azure VDI, is IT infrastructure that lets you access ERP/Application O365 products from almost any device, such as your personal computer, smartphone, or tablet, or can be accessed via a web browser eliminating the need for your organization to provide you with and manage, repair, and replace.

  • Azure account with an active subscription (Pays As a go, EA, Reserved)
  • Identity Azure Active Directory (User Should have an account in AAD or Hybrid On-prem)
  • Can allow the Windows Virtual Desktop service to access Azure AD.
  • Can assign the “TenantCreator” role to a user account.
    • Login into the Microsoft Azure Portal.
    • Please navigate to Azure Active Directory from the left menu.
    • Under Manage, Double click on Enterprise applications.
    • Search for and select Windows Virtual Desktop.
    • Under Manage, select Users and Groups, or create a new user.
    • Please feel free to add a new User or select existing Users and Groups, and search for the user to whom you want to grant permissions to perform the Windows Virtual Desktop tenant creation.
    • Select the user and double click, followed by Assign.
  • Create a Windows Virtual Desktop tenant.
  • Deploy your first Windows Virtual Desktop host pool.
    • Create a new Windows Virtual Desktop (VDI) – Provision a host pool and click to create and Enter details as follows:
    • Create Host Pool name – Choose something descriptive for the pool of hosts, e.g., “Window11 or server2022.”
    • While creating the host pool, create desktop type: Click new Pooled or Personal – Choose Pooled unless you are deploying a virtual desktop infrastructure (VDI) configuration wherein every user is dedicated to Virtual Machines.
    • Default desktop users can create new users and add a comma-separated list. (Group support will follow later.) You can also use PowerShell to add users to this hosted pool later.
    • Subscription – Select Microsoft Azure and your subscription.
    • Resource group – Use the existing resource group, create a new Resource Group, or enter a name to create a new one.
    • Location – Enter the location data center location where the resources, such as the VMs, will be created. Per your requirements, this can be any existing Azure region (Like West US 2, East US, or North Central US).
  • Create the Virtual Machine
    • Create a Virtual machine (VDI). Select a Usage Profile that matche your environment: Light (Small set of users), Medium, Heavy (Large number of users), or Custom as per requirements.
    • Define the number of Total users who will use VDI on this hosted pool.
    • If it is required, please feel free to change the Virtual machine size. Feel free to use small-size SKU for your test environment.
    • Add a prefix naming convention (Name for Host) for the VMs. Please use the unique name for the host pool.
  • Configure VM settings.
    • While creating the VM for the host, please select a custom image from Blob storage, a Managed image in Azure, or one from the Gallery. We recommend testing “Windows 11 Enterprise multi-session with Office 365 ProPlus” from the Azure Gallery. Office 365 ProPlus has been preconfigured for the ideal state of Windows 11 multi-session.
    • Select the Image OS (Market Place Image or Bring your image)
    • Select the Disk Type. Solid State Drive SSD is recommended (Due to RDS multi-user scenario
    • Use the AAD admin credential that has permission to join a VM to Active Directory
    • Important: check out the username requirements; some usernames are not allowed (like administrator/admin and more)
    • It is good to specify the OU level (Optional). Specify the domain and OU.
    • (Optional) Use managed disks.
    • It is good to have your vet for security. Configure the virtual network and subnet as per requirement.
    • Closely monitor this step as this wizard will spin up virtual machines and join them to AD. This means the virtual machine must be able to locate the Domain Controller. We recommend opening a separate tab in your browser and validating that once VMs joined to the domain. Please remember to validate.
    • The Domain Name Server IP address (Azure DNS, or any On-prem or Azure VMs) assigned to the VM points to the domain controller or Active Directory domain services; this can be used for locations including on your own on-prem or virtual network.
    • The domain controller VM should be in the same network resources in the same Azure region where the VDI host machine is configured (Otherwise, your deployment will likely fail.)
  • Good luck with your new deployment, now time to validate if a user can access a full desktop session on the VDI or application.

Remote Desktop client and subscribe to the feed using the following URL: https://rdweb.wvd.microsoft.com.

Benefits of Virtual Desktop Infrastructure (VDI)

It is supported by extensive collections of VMs running on top of hypervisor software once you set up VDI on Azure. The remote desktop environment is less complex than VDI environments and uses server hardware to run desktop operating systems (OS) like Windows, Linux, or other software programs on a VM. The desktop OS is hosted on a centralized server in a physical data center. As per usage, you can quickly scale up and down.

  • Minimize the Operating and managing Costs.
  • Azure VDI solution provides fully managed Infrastructure services like gateway, brokering, licensing, and resource activity logs is provided as a service. On-premises infrastructure deployment and maintenance are not required, like maintaining the Licenses, certificates, etc.
  • It is easy to maintain Security & compliance.
  • As per business need easy to scale up and down.
  • Encouraging remote work with the secure environment
  • Good fit for task or shift-based workloads like hospitals, Education Centers, and call center
  • Security and governance compliance as per company requirements
  • Secure access to application and ERP data
  • Secure network connection on port 443
  • Any security breach easily redeploys the application.
  • User profile saves on FSLogic up to petabyte.
  • Allow users to bring their own devices (BYOD)
  • User and application flow monitoring is easy.
  • Enable the WAF and Microsoft Defender on the application host.
  • It fits Finance, Healthcare, Government, Retail Services, and manufacturing well.
  • Data availability as per Microsoft Azure SLA 99.99 is available.
Amiruddin Khan

Amiruddin Khan

Microsoft Certified Solution Architect

Subscribe to our
blog

Follow Us

Recent Blogs

Explore How Dynamics 365 Can Streamline Business Processes, Improve Customer Relationships, And Drive Sales Growth?
Explore How Dynamics 365 Can Streamline Business... 10-23-2024
Navigating Accounting Challenges: Leveraging Microsoft Solutions for Efficiency and Accuracy
Navigating Accounting Challenges: Leveraging Microsoft Solutions for... 05-22-2024
Jeff Rogers, CEO: Steering Cambay Solutions Toward Innovation and Collaboration
Jeff Rogers, CEO: Steering Cambay Solutions Toward... 04-22-2024
Transforming the Banking and Finance Landscape: The RPA Revolution with Cambay
Transforming the Banking and Finance Landscape: The... 04-17-2024
Elevating Business Horizons: The Transformative Power of Banking and Financial Solutions
Elevating Business Horizons: The Transformative Power of... 02-26-2024