In this blog post, I will be creating a new Windows Virtual Desktop (WVD) platform in a lab environment.
What is Windows Virtual Desktop?
Windows Virtual Desktop is a desktop and app virtualization service that runs on the cloud.
Here’s what you can do when you run Windows Virtual Desktop on Azure:
- Set up a multi-session Windows 10 deployment that delivers a full Windows 10 with scalability
- Virtualise Microsoft 365 Apps for enterprise and optimize it to run in multi-user virtual scenarios
- Provide Windows 7 virtual desktops with free Extended Security Updates
- Bring your existing Remote Desktop Services (RDS) and Windows Server desktops and apps to any computer
- Virtualise both desktops and apps
- Manage Windows 10, Windows Server, and Windows 7 desktops and apps with a unified management experience
If you have set up a new Azure subscription, here are a few links that may be useful to you before you get started with deploying Window Virtual Desktop (WVD)
- Add and verify custom domain in Azure AD
- Create a virtual network
- Configure Azure Bastion (If you require secure access to your VM’s from within the Azure Portal). For this demo, I have enabled RDP access but I recommend to give Bastion a go at a later time. It’s a great feature
- Build a server in Azure (Low spec server for a domain controller is sufficient for this lab)
- Configure Active Directory
- Configure Azure AD Connect Sync
- Assign your domain controller a static IP address in Azure
Before you get started, create a Security Group on your Active Directory domain controller along with a couple of user accounts.
For this demo, i have created:
Group: WVD Users
Domain user: Cloudbuilduser1 and CloudBuilduser2 (Add both users to the WVD Users group)
By default, Azure AD Connect syncs every 30 minutes so your new group and accounts will have sync’d to Azure AD by the time we get to testing the WVD platform. You could also force a sync by running the following command on your ADConnect server Start-ADSyncSyncCycle.
Let’s get started
Create a Workspace (Windows Virtual Desktop)
A workspace is a logical grouping of application groups in Windows Virtual Desktop. Each Windows Virtual Desktop application group must be associated with a workspace for users to see the remote apps and desktops published to them. You could also create the workspace as you move on in this lab as you will get the option to create a workspace as we move on. For this demo, I will be creating a workspace first.
(1) Log in to the Azure Portal portal.azure.com
Power on your domain controller if you have not already done so and don’t forget to enable auto shutdown of your domain controller (Lab Only) to save on costs. You don’t want to be doing this in a production environment!
(2) Search for Windows Virtual Desktop and click
(3) Click on Workspaces located in the left pane
(4) Click + Add
(5) Complete the details, see the example below. I have created a new resource group. Click Next
(6) I don’t currently have any Application Groups, so for now I’ll click next, create tags as required and click review and create.
(7) Validation passed, click create
Deploy Windows Virtual Desktop
We’re now ready to deploy Windows Virtual Desktop
(8) Click Windows Virtual Desktop
(9) Click Create a Host Pool
(10) Input details, see the example below. I have created a new Resource Group. Note that the location needs to be the same as the location of your Workspace Resource Group. For this demo I have selected the options below:
Location: At the moment the only locations available for Meta Data are US regions. Don’t worry, nothing important is stored there apart from MetaData.
Azure will deploy WVD updates to the Validation Environment to ensure there are no issues as a result of updates.
Host pool types:
Pooled desktops: Multiple users on the same virtual machine.
Personal desktops: One user per desktop VM
Max session limit
The maximum number of users that have concurrent sessions on a session host. For this demo, I’m leaving this empty.
Load balancing algorithm – Breadth-First and Depth-First
Breath-First load balancing will distribute new user sessions across all available session hosts in the host pool
Depth-first load balancing distributes new user sessions to an available session host with the highest number of connections but has not reached its maximum session limit threshold.
More info can be located at WVD Pooled vs Personal Desktops
As mentioned above, the only locations for Meta Data storage at the time of writing this blog post were US based.
(11) Click next to move on to Virtual Machines
(12) Click Yes to Add Virtual Machines. These will become the session hosts that users will connect to.
(13) Input details
– Leave the resource group as it is
– Set the location. This is the location of the VM. I’m setting UK South. The location will need to be the same as where your VNETS are located. The location does not need to be the same as the MetaData location. In this demo, I only have the one VNET.
- For this demo, I am selecting a B2s with 2 vcpu’s and 4gb RAM (Update: note that if you’re using an Azure free trial account, select a machine with 1vcpu. There are limits when setting up a WvD platform using the Azure Trial account).
- I’m using standard HDD disks for this demo
- Network Security Group, I am leaving as basic
- AD Join – Use a dedicated account for this task. It’s an important task that would cause major issues with VM deployment in the event the account was disabled or deleted.
Note: you could also load your own gold image. For the purpose of this demo, i’m using a windows 10 image provided in Microsoft Azure’s gallery.
(14) Click next to move onto Workspace
(15) Click Yes to register the desktop app group and select the workspace created as part of the earlier step. If you decided not to create a workspace in the beginning of this blog post, you can create one now using the ‘Create New’ link
(16) Click next and add tags as required
(17) Click review
(18) Click create after validation passes. This process may take a few minutes.
– Incorrect domain credentials
– Is the account you’re using to add session hosts to the domain sync’d to Azure AD
– Is the domain controller up and running
– Is the VNET DNS set to the IP of the domain controller
If you decided to select a virtual machine size including 2 vCpu’s, you may come across an error similar to the one below:
Errors The template deployment ‘0000000000000000′ is not valid according to the validation procedure. The tracking id is ‘123456789-1234-1cc9-b42d-1a1b11f01fcf’. See inner errors for details.
As mentioned earlier, there are limits on what you can configure when using an Azure Trial account. One to keep in mind. When changing the virtual machine size to DS1 v2 (1vcpu), the validation process should succeed.
(19) ok, so validation succeeded
(20) Click Create. The process can take up to 10 minutes. My deployment took 9 minutes
(21) Deployment succeeded
Set App Group Permissions
(22) Click Windows Virtual Desktop
(23) Let’s add some user permissions – click Windows Virtual Desktop
(24) Click application groups
(25) Click on the application group name
(26) Click Assignments
(27) Click Add, and then select the WVD Users Group you created on your Active Directory domain controller and sync’d to Azure AD. If you recall, we added two test user accounts to the group. Clouduserbuild1 and clouduserbuild2
(28) Add and click select
And we’re done. Let’s move on to testing
(29) From a browser, visit:
(30) Sign in with a user account which is a member of the WVD user group
I’ll be logging in with cloudbuilduser2 for this demo
(31) Skip MFA or setup. For this demo, I will skip MFA.
(32) and we’re in
(33) Launch the Default Desktop and click allow
(34) Login again
(35) Our newly built desktop launches successfully.
(36) Here are the two virtual machines
That’s your basic WVD solution deployed
– There are limits when using an Azure Free trial account. I successfully deployed 2 sessions hosts with 1 VCPU and 3.5gb of Ram
– A host pool includes session hosts (Session hosts the VM’s)
– A host pool can only include one desktop application group. As seen in the lab, the desktop application is created by default when I deployed a host pool
– A host pool can host multiple Remoteapp application groups (This is a collection of remote applications).
– A user can be assigned to one or more application groups in a host pool.
– An application group has to be added to a workspace. Users communicate with the workspace when connecting to WVD
– Applications groups can only be added to one workspace within a host pool
– If a user requires access to both a published desktop and a published application, users can not launch both published desktop and published app at the same time (At the time of writing this blog post). It’s understandable that there may be requirements to publish the app separately due to compatibility issues. To get around this, you will need to create a separate host pool.