LogoBar-Finish1 LogoBar-Finish3 LogoBar-Finish2

AZ-140 6 - Deploying Azure Virtual Desktop(s)

When working with Azure Virtual Desktops, we first need to create a host pool.  To do that, we need to navigate to Azure Virtual Desktops.  You can click on the link if it’s present on your home page, or you can search for it in the resources box up top.

1.png

So you’re probably asking yourself, “What’s a host pool, and why do I need it?”.  A host pool is a collection of identical virtual machines within an Azure virtual desktop environment.  Host pools have application groups that users may leverage just like they would do on a client PC.  More details on Azure host pool’s can be found on the following link:  https://docs.microsoft.com/en-us/azure/virtual-desktop/virtual-desktop-fall-2019/create-host-pools-azure-marketplace-2019

To proceed, we are going to click on “Create a host pool.” 

2.png

As always, we are going to select the subscription we are using and the resource group.  You’ll also give the host pool a name; for purposes of this lab, I’m going to call it AzureVirtualHosts.  Select your geographic location.  The setup requires you to choose a host pool type.  Host pool type is pooled or personal.  The labs I sat through really didn’t discuss the differences, so I had to go on a bit of a hunt here.  As Macaalay (2020) notes, pooled desktops are when you have multiple users sharing the same virtual machine, where personal desktops have users connecting in a one-to-one fashion with one user per desktop VM. 

For purposes of this lab, we are going to choose pooled for a shared desktop experience.  Now you need to select a load balancing algorithm that includes breadth-first or depth-first.  Breadth-first distributes user sessions across available session hosts, while depth-first balances user sessions to available hosts with the highest number of connections that have not reached their maximum session limit.  Just like it sounds, depth-first saturates a host with client sessions.  There are some reasons that Microsoft calls out for wanting a depth-first load balancing method.  As expected, it’s primarily for cost savings to limit the number of allocated virtual machines.  More details may be found here:  https://docs.microsoft.com/en-us/azure/virtual-desktop/host-pool-load-balancing

For purposes of this lab, I’m going to set the max to 5 users (we don’t have 5 users set up).  I’m going to set it up as depth-first, so we are only using a single VM.

3.png

Clicking Next will allow us to specify details for the virtual machines.  We want to click yes to add virtual machines to the pool. 

You’ll need to assign a name prefix.  Please note, based on my reading, this can’t be changed after it’s assigned.  I’m going to call it AZ-140VD for the virtual desktop.  As we’ll see in a minute, I’ve set availability options to “No Infrastructure Redundancy Required.”  You can create availability zones to create redundancy.  This would require creating two or more VM’s but, for this lab, not necessary. 

I will change the virtual machine size for this lab to save on the credit Microsoft has so graciously issued.  When you click on change, you’ll be presented with VM choices along with their monthly forecasted costs.  For purposes of this lab, I’m going to select B2s, which include 2 vCPU’s, 4 GB of RAM, and 8GB of temporary storage.   Long story short, availability zones allow you to maintain the availability of the VM’s in different physical regions (up to 3), and availability sets will enable you to group VM’s to create a logical grouping of VM’s. More details on available options can be found here: https://docs.microsoft.com/en-us/azure/virtual-machines/availability

4.png

I’m only going to deploy a single VM for this lab but, you could increase to whatever you would need.  I’m going to select the latest patched version of Windows 10 Enterprise, 20H2.  If you can get Microsoft 365 licensing, you can choose an image with Microsoft 365 apps.  I’m still fighting to get my domain replicated to M365 for sign-in with support.

5.png

Next, we’ll select our disk types; you can choose from Standard SSD, Premium SSD, and Standard HDD.  For purposes of the lab, I’m going to choose Standard HDD for low-cost dev/test performance.  Again, Microsoft has all details on price vs. performance on the following link: https://azure.microsoft.com/en-us/pricing/details/managed-disks/

The next section up is Network and Security.  Like our cloud diagram in earlier sections, we are going to deploy to vnet-virtualdesktops. 

6.png

Now, we will want to make sure that this virtual workstation is a member of the domain to select Active Directory as the directory service we would like to join.  Specify your domain admin account and password to join the system to the domain.  In this case, it will be our domain admin This email address is being protected from spambots. You need JavaScript enabled to view it..  You’ll also need to create a local virtual machine admin account.

7.png

On the next tab, we are given the option to register desktop app groups with a workspace.  So far, we don’t have a workspace.  The workspace is an area where you can publish organizations' apps.  I’m going to call this workspace AZ-140Workspace.

8.png

Now it’s time to review and create the host pool!  If everything checks out, you should get a “validation passed” message.

9.png

This takes some time to create, I started mine today on 8/17/21 at 11:50AM, and it wrapped up around 12:01.

10.png

Next up, deploying the application group to the test users that we created earlier!  If we were successful in deployment (and AD join) we should see the system we created earlier in Active Directory Users and Computers on our management server (notice the prefix name auto-prepended with 0)!

11.png

To provide our users with the windows virtual desktop that we created, we need to assign them to the application group.  To do this, we reenter Azure Virtual Desktop and click Application Groups on the left-hand side.

12.png

Clicking on the application group name will bring up another screen where we can continue access control and assign roles!

13.png

There are two ways to add access for our users, we can either click + Add at the top or Add Role Assignment on the right!

14.png

I’m going to do the + Add, Role Assignment.  There is no lack of roles that can be assigned here but, we are going to select desktop virtualization user for our two test users.  A list of roles and permissions can be found here:  https://docs.microsoft.com/en-us/azure/virtual-desktop/rbac and https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles

The role Desktop Virtualization User, according to Microsoft (2021) “Allows user to use the applications in an application group.”

15.png

At this point, we should be able to verify that our test users (Sam Tron & Flynn Tron) can access their Azure Virtual Desktop.  https://rdweb.wvd.microsoft.com/arm/webclient/index.html   The user would sign in using their credentials; however, given this is a lab, you can sign in with a private browsing tab.  If you’re successful, a desktop session should be available for the user!

16.png

17.png

18.png

References

Macaalay, R. (2020). Easily set up host pools for Windows virtual desktop on Azure. http://www.macaalay.com/2020/06/09/easily-set-up-host-pools-for-windows-virtual-desktop-on-azure/

Microsoft. (2021). Azure built-in roles. https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles