Azure Windows Virtual Desktop (WVD) is fast-becoming the solution of choice for organisations looking for a reliable, secure and cost-efficient solution to remote working. Accessible and affordable for all businesses, it’s easier to set up and manage than a traditional virtual desktop solution.
If you’re the IT lead in your organisation, this latest blog post on Azure Virtual Desktop provides high-level guidance on the day-to-day management of Microsoft’s best-in-class solution. It follows on from our posts on How to implement Azure Virtual Desktop and How to optimise the cost and performance of Azure WVD.
Whether you’re looking for a virtual desktop or remote app solution or have already set up Azure Virtual Desktop (formerly Azure WVD), read on or contact us for a free discussion. We are Microsoft Azure Gold partners and one of our certified Azure consultants will be happy to advise you.AVD - Book your free consultation
Once you’ve set up AVD, we’ve identified a number of key management tasks to keep the environment performing at its best, including how to:
Settings for user and computer objects in Active Directory Domain Services (AD DS) are managed using Group Policy Objects (GPOs). If you are using a domain controller (whether that be an Azure virtual machine or an on-prem one accessed via a site-to-site VPN) to domain join the AVD session hosts to, then you can control them with Group Policy on the domain controller.
If you’re using Azure AD DS instead of a domain controller, you can manage Group Policy by installing Group Policy Management Tools on a domain-joined Windows server. These settings will synchronise with the Azure AD DS service so that you could then shut down your virtual machine until you next need to implement changes.
Azure AD DS includes built-in GPOs for the AADDC users and AADDC computer containers. You can customise these built-in GPOs to configure Group Policy as needed for your environment. Members of the Azure AD DC administrators group have Group Policy administration privileges in the Azure AD DS domain and can also create custom Group Policy Objects (GPOs) and Organisational Units (OUs). This useful article from Microsoft explains in more detail how to create and manage Group Policy in Azure AD Domain Services.
Creating the image that you use to deploy your AVD session hosts from is the most time-consuming element of managing WVD. Read our blog post about how to implement Azure Virtual Desktop (AVD) for more details on creating images. Once you have the image, deploying session hosts from it is straightforward. Having put the effort into creating the images, you need to put some care into managing them.
Provided that you have a fairly simple set up, you can manage images manually with your own naming system while deleting older ones that you no longer need. However, if you have a larger, more complex set up, with host pools in multiple geographies or host pools with large numbers of session hosts, then you can use the Shared Image Gallery. This is a good way to organise images and offers a number of benefits:
By default users don’t have the ability to re-start the virtual desktop to apply any Windows 10 updates – and you wouldn’t want this as it would re-start the session host and thus kick off any other users on it. By default users do, however, have the ability to check for Windows 10 updates and download and install them. You can of course use Group Policy to control this as you wish, and it is wise to only allow IT admin staff to manage updates.
You can patch or update your Windows 10 virtual desktop sessions by signing into each session host with an admin account. Alternatively, you can create a new image with all the updates and re-deploy to the host pool.
We advise updating session hosts with Windows patches and potentially updating applications on a monthly basis. Occasionally, you may also need to add a new application and we recommend the following approach:
You can update the image by creating a new Azure virtual machine from it, make the updates to this virtual machine, then create the updated image from this virtual machine. See below for how to add and remove session hosts.
Before rolling out updated images to all your users, you can test them in the host pool by signing into it. To have control of which session host you sign into, you’ll need to temporarily change the drain mode settings on the other session hosts to “On”. If they’re running, this prevents them from accepting any new user sessions. Alternatively, if they’re not needed by other users, you can shut them down.
The other option is to set up an additional host pool as a validation environment. You can use this for two purposes:
a. The Azure Virtual Desktop service itself is updated at least every month and targets validation environments first. It means that you can use the validation environment to test and spot problems with AVD service updates before they are applied to your production environment.
b. When you update your image you can test it in the validation environment first.
Ideally, your validation environment should be identical to that used for production and you’ll need users to regularly access it. It can simply be a regular host pool marked as a validation environment and one that is used all the time by a subset of your users such as your IT staff.
It’s worth noting that there’s a cost attached to the validation environment as you pay for the session hosts in the same way as the main pool.
For further guidance on any aspect of managing your Azure environment, contact us for a free consultation. Our Azure WVD specialists will be happy to help.AVD - Book your free consultation
If, for instance, you currently have 30 users spread over five session hosts in your host pool, and now need to add capacity for another 12 users, then you’d need to add another two session hosts to the host pool.
In the Azure portal, adding or removing session hosts couldn’t be simpler. To add a session host, in the session hosts blade:
NB This must be the same image that you used to create the existing session hosts.
Similarly, if the number of users who need a virtual desktop has decreased and you now have more session hosts than you permanently need, you can remove them. For example, if you simply want to decrease the number of session hosts by one:
There are a number of reasons for creating a new host pool in addition to those you already have:
One of the advantages of the Azure portal is that you can create as many host pools as you like, and once a host pool is set up, creating another one is quick and simple. Go to the host pool blade, click to add another one, then go through the wizard.
If you’re deploying a new host pool in a different Azure region but using the same image, the image needs to be available in the target region so that you can deploy session hosts from it. Simply go to the Shared Image Gallery and replicate the image to your target region.
If you’re creating a new host pool to provide a group of users with a new application, then you’ll need to update your image accordingly and deploy the new host pool using that image.
If you have a large or complex Azure WVD environment, you’ll benefit from setting up monitoring and alerts. This can be done using Microsoft’s Azure Monitor for Azure Virtual Desktop, an out-of-the box solution that’s currently in public preview.
Relatively straightforward to set up, it will help you optimise cost and performance and assist with trouble-shooting. Further, the only cost associated with Azure Monitor is the Log Analytics Workspace and once set up it gives you dashboards covering:
Watch this Azure Monitor Insights video from Microsoft’s Azure Academy for guidance on how to set it up.
The main elements of your AVD set-up that need to be backed up are the images, session hosts and the FSLogix user profiles. You should also back up domain controllers, file servers and any other systems and data that your virtual desktop sessions are accessing.
Session hosts are disposable, so there’s no need to back them up. However, the images you’ve created are vital for creating new session hosts and we recommend that you protect them. By default, Azure keeps at least three copies of your images, however this won’t prevent accidental deletion, which also deletes the replicas. To protect against this, set up a Deletion Lock in the Azure portal:
Azure doesn’t offer a way to back up the image itself, therefore the best work around for this is to take a snapshot of the OS disk of the virtual machine being used to create the image just before it is sysprepped and the image captured. If you need to re-create this image, you can use the snapshot to create a managed disk from it. You can then create a virtual machine from the OS disk, then sysprep and capture the image. The advantage of doing this is that if something goes wrong during sysprep, you can roll back to the snapshot and try again.
To back up the FSLogix user profiles you can use Azure Backup which can back up Azure Files, where we usually recommend you save the profiles.
If you’d like to know more about managing Azure Virtual Desktop or you would like further details regarding AVD pricing, please contact us for a free discussion with one of our certified Azure consultants. As an Azure Gold partner, we are trusted Microsoft partners and can advise you on all aspects of Azure from set-up to performance, management and security.
Read other recent articles from our Compete366’s Azure consultants in the AVD series: