Requirements for a Windows Virtual Desktop environment
What parts do I need for my Windows Virtual Desktop? Which Azure resources do I need and what licenses do I need to use this? In this guide, we will walk you through the requirements for a Windows Virtual Desktop environment and what you need to deploy it. The recommendations for each resource will be focused on pure cloud environments.
Of course, you need an Azure tenant and subscription, without that, you can’t do anything. This also includes an Azure Active Directory tenant because that’s where your users are going to be. Of course, you can also use your on-premise AD, but this depends on where your Domain services are going to be and it would still need to be synced with the Azure AD.
Azure AD is a service from Microsoft that does identity and access management for applications running in Azure as well as for applications that run in an on-premise environment. Windows Virtual Desktop uses Azure AD to manage the users here.
On of the most important requirements that you need is your identity strategy. To register the virtual machines in the environment with the users, a Domain Controller must be used. There are a few options you have for your domain controller. You can use:
- A DC that works on-premise, but you’ll need to sync this with the Azure environment.
- A VM in Azure that acts as the domain controller.
- Use the Azure Active Directory Domain Services.
For my test environments, I always used Azure ADDS because it’s a simple install and you’re ready to go.
Azure virtual network
In Azure, you will need to create your virtual network and subnets. To be exact you will at least need one subnet for your virtual machines, one for VPN or Bastion and one for your domain controller.
The virtual network in Azure is a representation of your own network in the cloud. It is a logical isolation of the Azure cloud and use can be made of setting up and managing VNets virtual private networks (VPNs) in Azure.
It also gives the possibility to link VNets to other VNets in Azure or with on-premise environments. For example, if you are using an on-premise domain controller.
Storage for user profiles
To make use of the FSLogix profiles, they need to be stored somewhere so they can be reached by the virtual machines when they are needed. To do this, there are a few options:
- Make an Azure VM with a File server.
- Use Azure File share.
- Use Azure NetApp files (still in preview).
I recommend using the Azure file share since the NetApp files is still in preview and using an extra Azure VM will just add more costs and management.
The most important resource you will need in Azure, are the virtual machines. There are a lot of different sort of virtual machines to chose from. To determine how many machines you will need, you will need to look on how many users and how their workloads are going to be. You don’t need to create them yourself. The wizard of the hosting pools will create them for you once you know which machines you want and how many.
You can also consider setting up a gold image upfront, so you don’t have to install or manage additional things in each virtual machine.
To manage the virtual machines when they are deployed, you need some way to reach these machines when you want to make changes or install programs. There are a few options you can consider using. You can either use:
With a VPN gateway, you can connect your client or existing on-premise network, with your Azure network. That way you can access your virtual machines via a remote desktop connection.
Bastion is a new service of Azure that let’s you access your virtual machines via the Azure portal in a secure way. Find out more about Azure here: https://azure.microsoft.com/en-us/services/azure-bastion/
Both are good ways to access your virtual machines, so I don’t really have a recommendation for which one you should use. If it comes to pricing though, a VPN gateway will be the cheapest option.
When I first investigated licensing for some products from Microsoft, my head began to hurt already. Especially when you must consider server, user and CAL licenses in RDS environments.
In a Windows Virtual Desktop environment, there is no need for server, user and device CAL licenses if no use is made of a Windows Server. When using the single or multi-session Windows OS, only licenses are required per user.
The following licenses are required to be eligible to use the Windows Virtual Desktop service:
- Microsoft 365 E3/E5
- Microsoft 365 A3/A5/Student Use Benefits
- Microsoft 365 F1
- Microsoft 365 Business
- Windows 10 Enterprise E3/E5
- Windows 10 Education A3/A5
- Windows 10 VDA per user
- RDS CAL license met Software Assurance (SA)
These are a lot of options but if a company is going to use office365 products and wants to make use of MFA and conditional access, I would recommend using a Microsoft 365 Business/E3/E5 license.
Some examples to consider for licensing:
- If the users are going to use Office365 services, Office365 desktop applications and Windows service, it’s recommended to use Microsoft 365 E3/E5/A3/A5/Business.
- If the users will only use Office365 service and Windows service, then Microsoft 365 F1 could be interesting.
- If they only need the Windows service, then an E3/E5/A3/A5 could be used.
Of course, to manage the host pools, users and applications, you need to have something to manage it with. Currently, there are just a few ways to manage this.
You can use Powershell to connect to the environment and use the new module to manage everything. You can find all the commands of this module here: https://docs.microsoft.com/en-us/powershell/windows-virtual-desktop/overview
There are also a few 3rd party management tools out already and Microsoft also recommends using one. This link will bring you on how to install this management tool: https://docs.microsoft.com/en-us/azure/virtual-desktop/manage-resources-using-ui.
So the best way to go would still be Powershell but Microsoft is working on an interface in the Azure portal for the administrators to manage everything. That’s one thing to look forward to.
This covers the most important things needed for the Windows Virtual Desktop environment. Once these requirements are done, you can continue to learn how to deploy your first hosting pool. Keep in mind that you can consider other resources as well like back-ups and automation of your virtual machines.
Be sure to check out our other blogs on Windows Virtual Desktop!