Azure Windows Virtual Desktop (WVD) is fast-becoming the solution of choice for organisations looking for a reliable, secure and cost-efficient solution to remote working. Accessible and affordable for all businesses, it’s easier to set up and manage than a traditional virtual desktop solution.
If you’re the IT lead in your organisation, this latest blog post on Azure Virtual Desktop provides high-level guidance on the day-to-day management of Microsoft’s best-in-class solution. It follows on from our posts on How to implement Azure Virtual Desktop and How to optimise the cost and performance of Azure WVD.
Whether you’re looking for a virtual desktop or remote app solution or have already set up Azure Virtual Desktop (formerly Azure WVD), read on or contact us for a free discussion. We are Microsoft Azure Gold partners and one of our certified Azure consultants will be happy to advise you.AVD - Book your free consultation
Azure Virtual Desktop key management tasks
Once you’ve set up AVD, we’ve identified a number of key management tasks to keep the environment performing at its best, including how to:
- Administer Group Policy
- Manage images
- Update your desktops and applications or deploy new applications
- Validate updates before users access them
- Add or remove session hosts from the host pool
- Create new host pools
- Monitor and receive alerts for the environment
- Backup the environment
1. Administer Group Policy
Settings for user and computer objects in Active Directory Domain Services (AD DS) are managed using Group Policy Objects (GPOs). If you are using a domain controller (whether that be an Azure virtual machine or an on-prem one accessed via a site-to-site VPN) to domain join the AVD session hosts to, then you can control them with Group Policy on the domain controller.
If you’re using Azure AD DS instead of a domain controller, you can manage Group Policy by installing Group Policy Management Tools on a domain-joined Windows server. These settings will synchronise with the Azure AD DS service so that you could then shut down your virtual machine until you next need to implement changes.
Azure AD DS includes built-in GPOs for the AADDC users and AADDC computer containers. You can customise these built-in GPOs to configure Group Policy as needed for your environment. Members of the Azure AD DC administrators group have Group Policy administration privileges in the Azure AD DS domain and can also create custom Group Policy Objects (GPOs) and Organisational Units (OUs). This useful article from Microsoft explains in more detail how to create and manage Group Policy in Azure AD Domain Services.
2. Manage images
Creating the image that you use to deploy your AVD session hosts from is the most time-consuming element of managing WVD. Read our blog post about how to implement Azure Virtual Desktop (AVD) for more details on creating images. Once you have the image, deploying session hosts from it is straightforward. Having put the effort into creating the images, you need to put some care into managing them.
Provided that you have a fairly simple set up, you can manage images manually with your own naming system while deleting older ones that you no longer need. However, if you have a larger, more complex set up, with host pools in multiple geographies or host pools with large numbers of session hosts, then you can use the Shared Image Gallery. This is a good way to organise images and offers a number of benefits:
- Replication to other regions: If you’ve deployed host pools on different continents, you can replicate images to those regions and keep them up to date, so that your session hosts all use the same one.
- Deploy at scale: If your host pool has 20 or more session hosts, then it is recommended to have multiple copies of the image. One managed image supports up to 20 simultaneous deployments. Attempting to create more than 20 virtual machines concurrently, from the same managed image, may result in provisioning timeouts due to the storage performance limitations of a single virtual hard disk (VHD). To create more than 20 virtual machines concurrently, use a Shared Image Galleries image configured with one replica for every 20 concurrent virtual machine deployments. Take a look at Microsoft’s article on Shared Image Galleries for a good overview of this service.
3. Update the desktop and applications or deploy new applications
By default users don’t have the ability to re-start the virtual desktop to apply any Windows 10 updates – and you wouldn’t want this as it would re-start the session host and thus kick off any other users on it. By default users do, however, have the ability to check for Windows 10 updates and download and install them. You can of course use Group Policy to control this as you wish, and it is wise to only allow IT admin staff to manage updates.
You can patch or update your Windows 10 virtual desktop sessions by signing into each session host with an admin account. Alternatively, you can create a new image with all the updates and re-deploy to the host pool.
We advise updating session hosts with Windows patches and potentially updating applications on a monthly basis. Occasionally, you may also need to add a new application and we recommend the following approach:
- update the image including Windows and application patches and any new applications.
- add new session hosts created from the updated image to the host pool.
- remove the session hosts with the “old” image from the host pool.
You can update the image by creating a new Azure virtual machine from it, make the updates to this virtual machine, then create the updated image from this virtual machine. See below for how to add and remove session hosts.
4. Validate updates before users access them
Before rolling out updated images to all your users, you can test them in the host pool by signing into it. To have control of which session host you sign into, you’ll need to temporarily change the drain mode settings on the other session hosts to “On”. If they’re running, this prevents them from accepting any new user sessions. Alternatively, if they’re not needed by other users, you can shut them down.
The other option is to set up an additional host pool as a validation environment. You can use this for two purposes:
a. The Azure Virtual Desktop service itself is updated at least every month and targets validation environments first. It means that you can use the validation environment to test and spot problems with AVD service updates before they are applied to your production environment.
b. When you update your image you can test it in the validation environment first.
Ideally, your validation environment should be identical to that used for production and you’ll need users to regularly access it. It can simply be a regular host pool marked as a validation environment and one that is used all the time by a subset of your users such as your IT staff.
It’s worth noting that there’s a cost attached to the validation environment as you pay for the session hosts in the same way as the main pool.
For further guidance on any aspect of managing your Azure environment, contact us for a free consultation. Our Azure WVD specialists will be happy to help.AVD - Book your free consultation
5. Add or remove session hosts from the host pool
If, for instance, you currently have 30 users spread over five session hosts in your host pool, and now need to add capacity for another 12 users, then you’d need to add another two session hosts to the host pool.
In the Azure portal, adding or removing session hosts couldn’t be simpler. To add a session host, in the session hosts blade:
- Click to add new ones.
- Enter the quantity.
- Select the image from which you wish to create these.
NB This must be the same image that you used to create the existing session hosts.
Similarly, if the number of users who need a virtual desktop has decreased and you now have more session hosts than you permanently need, you can remove them. For example, if you simply want to decrease the number of session hosts by one:
- Switch on drain mode for the session host that you want to remove to stop any new connections to it.
- Force a log-off or wait for users to do so.
- Click the Remove button on the session host blade.
- Shut down and delete the virtual machine, its OS disk and network interface.
6. Create new host pools
There are a number of reasons for creating a new host pool in addition to those you already have:
- Your organisation may have a new set of users in a different geographical location and you need a host pool that’s local to them either for performance or data residency reasons.
- You may want to provide a set of users with a more or less powerful PC or a different set of applications, while other users continue with their existing PCs in the first host pool.
- You may have a set of users for which you want to apply a different auto-scaling schedule – read our blog post on How to optimise the cost and performance of AVD for more about auto-scaling.
One of the advantages of the Azure portal is that you can create as many host pools as you like, and once a host pool is set up, creating another one is quick and simple. Go to the host pool blade, click to add another one, then go through the wizard.
If you’re deploying a new host pool in a different Azure region but using the same image, the image needs to be available in the target region so that you can deploy session hosts from it. Simply go to the Shared Image Gallery and replicate the image to your target region.
If you’re creating a new host pool to provide a group of users with a new application, then you’ll need to update your image accordingly and deploy the new host pool using that image.
7. Monitor and receive alerts
If you have a large or complex Azure WVD environment, you’ll benefit from setting up monitoring and alerts. This can be done using Microsoft’s Azure Monitor for Azure Virtual Desktop, an out-of-the box solution that’s currently in public preview.
Relatively straightforward to set up, it will help you optimise cost and performance and assist with trouble-shooting. Further, the only cost associated with Azure Monitor is the Log Analytics Workspace and once set up it gives you dashboards covering:
- connection diagnostics
- connection performance
- host diagnostics
- host performance
- user report
- utilisation report
- client report
Watch this Azure Monitor Insights video from Microsoft’s Azure Academy for guidance on how to set it up.
8. Back-up the environment
The main elements of your AVD set-up that need to be backed up are the images, session hosts and the FSLogix user profiles. You should also back up domain controllers, file servers and any other systems and data that your virtual desktop sessions are accessing.
Session hosts are disposable, so there’s no need to back them up. However, the images you’ve created are vital for creating new session hosts and we recommend that you protect them. By default, Azure keeps at least three copies of your images, however this won’t prevent accidental deletion, which also deletes the replicas. To protect against this, set up a Deletion Lock in the Azure portal:
- Go to the image blade.
- Click on Locks to set it up.
- Remove the Lock first if you do want to delete the image.
Azure doesn’t offer a way to back up the image itself, therefore the best work around for this is to take a snapshot of the OS disk of the virtual machine being used to create the image just before it is sysprepped and the image captured. If you need to re-create this image, you can use the snapshot to create a managed disk from it. You can then create a virtual machine from the OS disk, then sysprep and capture the image. The advantage of doing this is that if something goes wrong during sysprep, you can roll back to the snapshot and try again.
To back up the FSLogix user profiles you can use Azure Backup which can back up Azure Files, where we usually recommend you save the profiles.
If you’d like to know more about managing Azure Virtual Desktop or you would like further details regarding AVD pricing, please contact us for a free discussion with one of our certified Azure consultants. As an Azure Gold partner, we are trusted Microsoft partners and can advise you on all aspects of Azure from set-up to performance, management and security.
Read the Compete366 Azure Virtual Desktop series
Read other recent articles from our Compete366’s Azure consultants in the AVD series:
Want to keep in touch?
If you’ve enjoyed reading this blog, then sign up to receive our monthly newsletter where we share new blogs, technical updates, product news, case studies, company updates, Microsoft and Cloud news.
We promise that we won’t share your email address with other business or parties, and will keep your details safe. You can choose to unsubscribe at any time.Newsletter Sign Up