Skip to content

WVD Walk-through 101 – Spring 2020

Published by basseldamra on June 19, 2020

During the COVID-19 pandemic, many companies realized the importance of remote working and digital transformation, perhaps it was a late realization but it’s better late than never. Microsoft on the other hand, has been empowering organizations to do more remotely by providing many solutions to enhance remote working and make it easier. One of these solutions is Windows Virtual Desktop (WVD) that you can use through Microsoft Azure.

WVD is the cloud solution of the famous Remote Desktop Service (RDS), empowered by Azure. WVD requires less management and provides more security and scalability than traditional RDS.

In this walk-through we’re going to create and configure a WVD solution using the Spring 2020 Release.

The previous release was Fall 2019. The 2020 release made it easier to deploy your WVD solution using Azure Portal and made it just a few clicks away.

Requirements:

  • Azure Active Directory
  • A Windows Server Active Directory in sync with Azure Active Directory:
    • Azure AD Connect (for hybrid organizations)
    • Azure AD Domain Services (for hybrid or cloud organizations)
  • Azure subscription

Make sure you have the appropriate licenses for your users based on the desktop and apps you plan to deploy:

OSRequired license
Windows 10 Enterprise multi-session or Windows 10 EnterpriseMicrosoft 365 E3, E5, A3, A5, F3, Business Premium
Windows E3, E5, A3, A5
Windows 7 EnterpriseMicrosoft 365 E3, E5, A3, A5, F3, Business Premium
Windows E3, E5, A3, A5
Windows Server 2012 R2, 2016, 2019RDS Client Access License (CAL) with Software Assurance

https://docs.microsoft.com/en-us/azure/virtual-desktop/overview#requirements

Authentications:

The WVD authentication is a combination of two layers, the first is Azure Active Directory, at this layer the AAD will check the eligibility of users to access the WVD environment, meaning when the user tries to access the WVD portal to view the host pool they should be assigned a permission to access the pool.

The second layer, is against Active Directory Domain Services, the user will be asked to provide username/password to access the VM within the host pool, since the VM is domain joined (as we’ll see later in this guide),  the authentication process is going to check with the Domain Controller to check if the user is eligible to access the VM. That’s why we recommend deploying an additional Domain Controller on Azure + a VPN to improve performance.

Create a host pool:

  • On Azure portal, navigate to the search bar and type “Windows Virtual Desktop”

  • After you’ve been redirected to WVD page, click on Create a host pool

Enter the needed information, such as subscription, resource group and the host pool name.

The location in this page is regarding the meta data of your host pool not the location of the VMs inside the pool.

On the host pool type there’ll be two options:

Personal and Pooled

Personal consists of two load balancing algorithms:

Automatic: WVD selects an available VM and connect the user to it

Direct: The Admin selects a specific VM (Host) to connect the user to it.

Pooled on the other hand consist of two load balancing algorithms:

Breadth-first will distribute the users evenly across the host pool, for example if you have 2 hosts and 4 users, the first user will connect to VM1, the second will connect to VM2, the third will connect to VM1 and the fourth will connect to VM2. Bearing in mind that VM1 and VM2 are healthy and ready to be connected.

Depth-first will route all connections into one host until the max number of users is reached, when reached it will route all new connections to the next available host until it reaches the limit and so on.

In this guide we’ll choose Pooled/Breadth-first which in my opinion has the bigger value for most organizations.

Next, on the virtual machines tab, click Yes to add a new virtual machine to this pool then enter the resource group name, location of the VMs, how many VMs and the Name prefix. Pretty standard information.

You can choose an Azure Built-in image or your own customized images, visit the below link to learn more about custom images and how to create them.

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/capture-image-resource

https://docs.microsoft.com/en-us/azure/virtual-desktop/windows-10-multisession-faq#how-do-i-customize-the-windows-10-enterprise-multi-session-image-for-my-organization

On the same tab, choose your virtual network and VNET where the WVD resources will be deployed.

Ensure the VNET has access to your Domain Controller in Azure

Enter your domain and a domain user which will be used to join the VMs to your domain.

UPN of an Active Directory user that has permissions and will be used to join the virtual machines to your domain. For example, vmjoiner@contoso.com. A local user account with this name will be created on each virtual machine. You can delete the user or reset the password after initial VM provisioning.

On the next tab, create a new workspace that users will be assigned to. Same workspaces can be used with multiple host pools.

The creation will take some time. After completion, you should be able to see your host pool as below (I have already created these two pools)

Create and Configure a Storage for Roaming Profiles:

To configure roaming profiles, you have to choose one of the below methods:

  • VM-based file share
  • Azure NetApp Files
  • Azure Files and Azure AD DS
  • Azure Files and AD DS

We’re going to use Azure Files and AD DS in this guide, it’s basically using Azure File Share to host the user’s profiles alongside our lovely traditional Active Directory Domain Services.  

First, we need to create a storage account.

Enter the needed information, pretty standard stuff.

After successfully creating the storage account, navigate to File Share and create a new share.

After creating the File Share, we need to join the storage account into our domain, if you go to configuration you can see that this storage account has not been joined to a domain yet, follow the detailed instructions in the below link to successfully join this storage account.

https://docs.microsoft.com/en-us/azure/storage/files/storage-files-identity-ad-ds-enable

If you complete all the steps in the previous link, you should be able to see your domain name in the configuration of the storage account

Configure FSLogix on session host VMs:

WVD uses FSlogix for profile roaming, FSlogix will attach users’ profiles to their sessions seamlessly in real time.

We will download and install FSlogix on each VM. Download and install FSlogix using the below link:

https://docs.microsoft.com/en-us/fslogix/install-ht

After completing the installation, open the registry and navigate to FSlogix key HKEY_LOCAL_MACHINE > SOFTWARE > FSLogix  as below:

  • Create a Profiles key.
  • Create Enabled, DWORD with a value of 1.
  • Create VHDLocations, MULTI_SZ.
  • Set the value of VHDLocations to the UNC path of your azure files, should look like this : \\<Storage-account-name>.file.core.windows.net\<FileShare-Name>

Restart the VM.

Assign users to use WVD

Now we’re going to assign user permission to use WVD, there’re two places that we need to give users access to, first, the host pool.

Go to Windows Virtual Desktop page and select Application Group from the left blade

Add the users or groups you want to access the associated host pool with this application group.

The second place we should give users access to, is the file share we created earlier:

Navigate to the storage account we created and give users or groups Storage File Data SMB Share Contributor from Access control.

How to know if it’s working?

To connect to WVD host pool there’re many ways, you can use a desktop client for Windows, a MacOS client, Android or iOS. You can also use a web client (browser to access your resources)

https://docs.microsoft.com/en-us/azure/virtual-desktop/connect-windows-7-and-10

https://docs.microsoft.com/en-us/azure/virtual-desktop/connect-android

https://docs.microsoft.com/en-us/azure/virtual-desktop/connect-macos

https://docs.microsoft.com/en-us/azure/virtual-desktop/connect-ios

We’re going to use the web client to access User01 resources

Navigate to https://rdweb.wvd.microsoft.com/arm/webclient and sign in with your credentials, if you have been given access to the WVD host pool, you should be able to see your available host pools

Click on any of the available pools and the enter your domain credentials to access the VM itself.

We’ve explained this two-layer authentication method earlier in this guide

Notice the FSlogix service starting as you sign in to the VM

To confirm that roaming profiles are working as intended, go to the File Share we created in Azure, you should be able to see a new folder holding the name of the users that have logged into the pool

And that’s it, a few clicks to enable your scalable and secure windows virtual desktop. 

Let me know how your deployment is going and if you face any issue, feel free to contact me to discuss it. Also if you have any comment regarding the information provided above, do not hesitate to let me know.

Many Thanks to my colleague Ali Khorma for editing this guide.

Stay tuned for WVD Walk-through 102

Spread the love
Published inWVD

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *