In this blog post, i will create a WVD application group within the Azure Portal. Application groups are a collection of remote applications that you can present to a user or group of users. Please note that this applies to a pooled host pool.
Configure Azure Bastion (If you require secure access to your VM’s from within the Azure Portal). For this demo, I have enabled RDP access but I recommend to give Bastion a go at a later time. It’s a great feature
Before you get started, create a Security Group on your Active Directory domain controller along with a couple of user accounts.
For this demo, i have created:
Group: WVD Users Domain user: Cloudbuilduser1 and CloudBuilduser2 (Add both users to the WVD Users group)
By default, Azure AD Connect syncs every 30 minutes so your new group and accounts will have sync’d to Azure AD by the time we get to testing the WVD platform. You could also force a sync by running the following command on your ADConnect server Start-ADSyncSyncCycle.
Let’s get started
Create a Workspace (Windows Virtual Desktop)
A workspace is a logical grouping of application groups in Windows Virtual Desktop. Each Windows Virtual Desktop application group must be associated with a workspace for users to see the remote apps and desktops published to them. You could also create the workspace as you move on in this lab as you will get the option to create a workspace as we move on. For this demo, I will be creating a workspace first.
(1) Log in to the Azure Portal portal.azure.com
Power on your domain controller if you have not already done so and don’t forget to enable auto shutdown of your domain controller (Lab Only) to save on costs. You don’t want to be doing this in a production environment!
(2) Search for Windows Virtual Desktop and click
(3) Click on Workspaces located in the left pane
(4) Click + Add
(5) Complete the details, see the example below. I have created a new resource group. Click Next
(6) I don’t currently have any Application Groups, so for now I’ll click next, create tags as required and click review and create.
(7) Validation passed, click create
Deploy Windows Virtual Desktop
We’re now ready to deploy Windows Virtual Desktop
(8) Click Windows Virtual Desktop (9) Click Create a Host Pool
(10) Input details, see the example below. I have created a new Resource Group. Note that the location needs to be the same as the location of your Workspace Resource Group. For this demo I have selected the options below:
Location: At the moment the only locations available for Meta Data are US regions. Don’t worry, nothing important is stored there apart from MetaData.
Validation Environment Azure will deploy WVD updates to the Validation Environment to ensure there are no issues as a result of updates.
Host pool types: Pooled desktops: Multiple users on the same virtual machine. Personal desktops: One user per desktop VM
Max session limit The maximum number of users that have concurrent sessions on a session host. For this demo, I’m leaving this empty.
Load balancing algorithm – Breadth-First and Depth-First Breath-First load balancing will distribute new user sessions across all available session hosts in the host pool Depth-first load balancing distributes new user sessions to an available session host with the highest number of connections but has not reached its maximum session limit threshold.
As mentioned above, the only locations for Meta Data storage at the time of writing this blog post were US based.
(11) Click next to move on to Virtual Machines
(12) Click Yes to Add Virtual Machines. These will become the session hosts that users will connect to.
(13) Input details
– Leave the resource group as it is – Set the location. This is the location of the VM. I’m setting UK South. The location will need to be the same as where your VNETS are located. The location does not need to be the same as the MetaData location. In this demo, I only have the one VNET.
For this demo, I am selecting a B2s with 2 vcpu’s and 4gb RAM (Update: note that if you’re using an Azure free trial account, select a machine with 1vcpu. There are limits when setting up a WvD platform using the Azure Trial account).
I’m using standard HDD disks for this demo
Network Security Group, I am leaving as basic
AD Join – Use a dedicated account for this task. It’s an important task that would cause major issues with VM deployment in the event the account was disabled or deleted.
Note: you could also load your own gold image. For the purpose of this demo, i’m using a windows 10 image provided in Microsoft Azure’s gallery.
(14) Click next to move onto Workspace
(15) Click Yes to register the desktop app group and select the workspace created as part of the earlier step. If you decided not to create a workspace in the beginning of this blog post, you can create one now using the ‘Create New’ link
(16) Click next and add tags as required (17) Click review
(18) Click create after validation passes. This process may take a few minutes.
– Incorrect domain credentials – Is the account you’re using to add session hosts to the domain sync’d to Azure AD – Is the domain controller up and running – Is the VNET DNS set to the IP of the domain controller
If you decided to select a virtual machine size including 2 vCpu’s, you may come across an error similar to the one below:
Errors The template deployment ‘0000000000000000′ is not valid according to the validation procedure. The tracking id is ‘123456789-1234-1cc9-b42d-1a1b11f01fcf’. See inner errors for details.
As mentioned earlier, there are limits on what you can configure when using an Azure Trial account. One to keep in mind. When changing the virtual machine size to DS1 v2 (1vcpu), the validation process should succeed.
(19) ok, so validation succeeded
(20) Click Create. The process can take up to 10 minutes. My deployment took 9 minutes
(21) Deployment succeeded
Set App Group Permissions
(22) Click Windows Virtual Desktop
(23) Let’s add some user permissions – click Windows Virtual Desktop
(24) Click application groups
(25) Click on the application group name
(26) Click Assignments
(27) Click Add, and then select the WVD Users Group you created on your Active Directory domain controller and sync’d to Azure AD. If you recall, we added two test user accounts to the group. Clouduserbuild1 and clouduserbuild2
(30) Sign in with a user account which is a member of the WVD user group
I’ll be logging in with cloudbuilduser2 for this demo
(31) Skip MFA or setup. For this demo, I will skip MFA.
(32) and we’re in
(33) Launch the Default Desktop and click allow
(34) Login again
(35) Our newly built desktop launches successfully.
(36) Here are the two virtual machines
That’s your basic WVD solution deployed
– There are limits when using an Azure Free trial account. I successfully deployed 2 sessions hosts with 1 VCPU and 3.5gb of Ram
– A host pool includes session hosts (Session hosts the VM’s)
– A host pool can only include one desktop application group. As seen in the lab, the desktop application is created by default when I deployed a host pool
– A host pool can host multiple Remoteapp application groups (This is a collection of remote applications).
– A user can be assigned to one or more application groups in a host pool.
– An application group has to be added to a workspace. Users communicate with the workspace when connecting to WVD
– Applications groups can only be added to one workspace within a host pool
– If a user requires access to both a published desktop and a published application, users can not launch both published desktop and published app at the same time (At the time of writing this blog post). It’s understandable that there may be requirements to publish the app separately due to compatibility issues. To get around this, you will need to create a separate host pool.
What is the difference between a Pooled and Personal host pool in Windows Virtual Desktop?
Both options are visible when connecting to the Azure Portal, clicking Windows Virtual Desktop and clicking the option to create a new Host Pool. See screenshot below:
Personal: Personal desktops also known as persistent desktops are where each user is allocated a desktop. Users can modify their desktop to meet personal preferences and can save files in their own desktop environment.
When configuring personal desktops within the Azure Portal, there are two further options as shown below:
Automatic: The service will select an available host and assign to the user Direct: This allows admins to select a specific host to assign to users
Pooled: Pooled desktops, also known as non persistent desktops, assign users to whichever session host is available at the time. This depends on the configured load balancing algorithm which I have documented below. Because the users don’t always return to the same session host each time they connect to the Windows Virtual Desktop (WVD) solution, the users have limited ability to customise the desktop environment.
When selecting a pooled configuration within WVD located in the Microsoft Azure Portal, further options become visible as shown below:
BreathFirst load balancing will distribute new user sessions across all available session hosts in the host pool
Depth first load balancing distributes new user sessions to an available session host with the highest number of connections but has not reached its maximum session limit threshold.
What is Windows 10 Enterprise multi session?
I know this is off topic to what the post title describes, but I thought it would be a good idea to document some information about Windows 10 multi session.
Windows 10 Enterprise multi session, previously known as Windows 10 Enterprise for virtual desktops, allows multiple concurrent interactive sessions. This was previously only an option with Windows Server.
Windows 10 Enterprise multi session provides multi session functionality exclusively for Windows Virtual Desktop which is a Microsoft Azure Service. Windows 10 Enterprise multi session has been tested, optimised, and supported exclusively on Microsoft Azure only. Microsoft does not support Windows 10 Enterprise multi session on non Azure deployments.
When planning your deployment, it’s important to check your application compatibility and contact application vendors if required. You may find that some applications don’t support certain configurations such as multi session.