29,99 €
Mehr erfahren.
- Herausgeber: Packt Publishing
- Kategorie: Fachliteratur
- Sprache: Englisch
Azure Virtual Desktop is a cloud desktop virtualization platform that securely delivers virtual desktops and remote apps. Mastering Azure Virtual Desktop will guide you through designing, implementing, configuring, and maintaining an Azure Virtual Desktop environment effectively. This book can also be used as an exam preparation guide to help you sit the Microsoft AZ-140 exam.
You’ll start with an introduction to the essentials of Azure Virtual Desktop. Next, you’ll get to grips with planning an Azure Virtual Desktop architecture before learning how to implement an Azure Virtual Desktop environment. Moving ahead, you’ll learn how to manage and control access as well as configure security controls on your Azure Virtual Desktop environment. As you progress, you’ll understand how to manage user environments and configure MSIX app attach and other Azure Virtual Desktop features to enhance the user experience. You’ll also learn about the Azure Active Directory (AD) join and getting started feature. Finally, you’ll discover how to monitor and maintain an Azure Virtual Desktop environment to help you support your users and diagnose issues when they occur.
By the end of this Microsoft Azure book, you’ll have covered all the essential topics you need to know to design and manage Azure Virtual Desktop and prepare for the AZ-140 exam.
Das E-Book können Sie in Legimi-Apps oder einer beliebigen App lesen, die das folgende Format unterstützen:
Seitenzahl: 484
Veröffentlichungsjahr: 2022
Ähnliche
Mastering Azure Virtual Desktop
The ultimate guide to the implementation and management of Azure Virtual Desktop
Ryan Mangan
BIRMINGHAM—MUMBAI
Mastering Azure Virtual Desktop
Copyright © 2022 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
Group Product Manager: Rahul Nair
Publishing Product Manager: Preet Ahuja
Senior Editor: Athikho Sapuni Rishana
Content Development Editor: Nihar Kapadia
Technical Editor: Shruthi Shetty
Copy Editor: Safis Editing
Project Coordinator: Shagun Saini
Proofreader: Safis Editing
Indexer: Tejal Daruwale Soni
Production Designer: Prashant Ghare
Marketing Coordinator: Nimisha Dua
First published: March 2022
Production reference: 3290722
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham
B3 2PB, UK.
ISBN 978-1-80107-502-2
www.packt.com
Technology made large populations possible; large populations now make technology indispensable.
― Joseph Wood Krutch
Just because something doesn't do what you planned it to do doesn't mean it's useless.
― Thomas Edison
Be passionate and bold. Always keep learning. You stop doing useful things if you don't learn.
― Satya Nadella
Foreword
I've long admired Ryan Mangan: over the years, I've read his enlightening books, attended his entertaining presentations, and occasionally had a beer with him. During all these activities I've come away with an impression of a highly technical individual who has that rarest of talents; the ability to make the complex simple. Whether it's his deep focus on the underlying platform or application delivery methods, Ryan is my go-to for many desktop virtualization topics. He has given a huge amount of time to the community, sharing knowledge on his blog and in person. Ryan has again and again given his time generously and in doing so has benefitted all of us in the industry.
Desktop virtualization has been around for a while, a long while. From its early on-premises inception to the current cloud-focused architectures, it's been an area of technology that's had times of stagnation and times of rapid changes. We are currently in the middle of one of those phases of accelerated evolution. I can think of no-one better than Ryan Mangan to be your guide through this time of transformation.
With this book you'll learn how to deploy, manage, monitor, and operate Azure Virtual Desktop. It will guide you from the high-level concepts right down to the detail of automating the environment, with clear steps for you to follow. You'll understand not just Azure Virtual Desktop, but the necessary surrounding technologies and how to implement them together.
In this Azure Virtual Desktop book, Ryan brings to bear a depth of knowledge gained through years of field experience working with some of the largest and most complex deployments. Whether this is your first exposure to desktop virtualization, or you are an old hand, you'll find something here to enhance your skills and become a technical thought leader in your organization. You will love the step-by-step instructions, screenshots, source-code snippets, examples, and links to additional sources of information provided in these pages.
Jim Moyle
Senior Program Manager, Azure Virtual Desktop, Microsoft
Contributors
About the author
Ryan Mangan is an end user computing specialist. He is a speaker, presenter, and author who has helped customers and technical communities with end user computing solutions, ranging from small to global, 30,000-user enterprise deployments in various fields. Ryan is the owner and author of ryanmangansitblog, and has over 3 million visitors and over 200+ articles. Some of Ryan's community and technical awards include Microsoft Most Valuable Professional (MVP), VMware vExpert 2014, 2015, 2016, 2017, 2018, 2019, 2020, & 2021, VMware vExpert EUC 2021, VMware vExpert Desktop Hypervisor 2021, Very Important Parallels professional program (VIPP) 2019, 20, & 21, and LoginVSI Technology Advocate 19, and 20.
Writing a book does require lots of time, energy, and dedication, especially in the midst of a pandemic where the customer demand for technology and services increased significantly. I'd like to thank my wife, Alexandra, for supporting me and providing continued motivation as well as the private time to get the book finished. Also, my daughter, Sienna, who continues to this day to ask "what are you doing on the computer, Daddy?"
About the reviewers
Marcel Meurer is responsible for the professional IT services business unit at sepago GmbH in Cologne and is the founder of the development company ITProCloud GmbH. In this role, he leads a team of consultants who provide their expertise in Microsoft and Citrix technologies for customers and partners. His technical focuses are Microsoft Azure platform services, and he has been a Microsoft Azure MVP since 2016.
He loves working in the community. Besides his blog, he publishes tools that simplify working with the Azure cloud – especially in the context of Azure Virtual Desktop. His well-known tools include WVDAdmin and Hydra for Azure Virtual Desktop.
Marcel Meurer graduated as an engineer in electrical engineering from the University of Applied Science, Aachen.
Marco Moioli is a cloud solution architect working for Microsoft's Italian subsidiary.
His goal is to enable Microsoft partners in understanding and to propose solutions based on the Azure cloud and Microsoft 365.
He spent the first part of his career as a consultant/presales engineer at Microsoft specializing in Windows deployment and security.
In 2019, he joined the Microsoft Partner division in West Europe with the role of cloud solution architect, dedicated to Azure Virtual Desktop.
In 2021, he took care of the infrastructure, identity, security, and compliance streams for the Microsoft Partner division in Italy.
He's also the author of the free ebook Azure Virtual Desktop (Succinctly), which will be published in 2022 by Synchfusion.
I'd like to thank Michel Roth and Christiaan Brinkhoff for helping me to become an Azure Virtual Desktop expert.
Neil McLoughlin is based in Manchester in the UK. He has worked in the IT industry for over 20 years, working across many different sectors and roles. He spent around 10 years providing Citrix consultancy for large enterprise customers. Around 5 years ago, Neil discovered the cloud and DaaS and since then has specialized in cloud-based desktop solutions, mainly Azure Virtual Desktop and M365.
Neil is very passionate about community work and runs the UK Azure Virtual Desktop User Group and the Virtual Desktops Community, which is a worldwide community of people interested in Azure Virtual Desktop.
He is currently employed as the UK Field CTO for Nerdio but has previously worked for New Signature, Computacenter, and Cap Gemini as a senior consultant and architect specializing in end user computing.
You can find Neil on Twitter @virtualmanc.
Toby Skerritt is an experienced end user architect and engineer. He currently works as technology director for Foundation IT. He has been with Foundation IT for over 10 years, working mainly in the professional service and presales functions. Toby helped the organization to achieve multiple Microsoft accreditations and competencies, including Microsoft Gold Competency status for Cloud Platforms. Toby has been working in the technology space for the past 20 years, working predominantly with Windows OS deployment and virtual desktop technologies. He holds both Azure Administrator Associate and Azure Virtual Desktop Specialty accreditations and has written a number of blogs and opinion pieces on the cloud, Windows Desktop, and cloud desktop solutions.
Table of Contents
Preface
Section 1: Introduction
Chapter 1: Introduction to Azure Virtual Desktop
Desktop virtualization
Azure Virtual Desktop – what is it?
Providing the best user experience
Enhanced security
Simplify management
Managing Azure Virtual Desktop performance
Multi-session Windows 10/11
What licenses do I need?
How does Azure Virtual Desktop work?
What's managed by Microsoft and what you manage
What Microsoft manages
What does the customer manage?
Summary
Section 2: Planning an Azure Virtual Desktop Architecture
Chapter 2: Designing the Azure Virtual Desktop Architecture
Assessing existing physical and Virtual Desktop environments
Assessing Azure Virtual Desktop deployments
User personas
Application groups
Assessing the network capacity and speed requirements for Azure Virtual Desktop
Applications
Display resolutions
Azure Virtual Desktop experience estimator
Remote Desktop Protocol bandwidth requirements
Estimating bandwidth utilization
Estimating the bandwidth that's used by remote graphics
Dynamic bandwidth allocation
Limit network bandwidth use with throttle rate limiting
Reverse connect transport
Session host communication channel
Client connection sequence
Connection security
Identifying an operating system for an Azure Virtual Desktop implementation
Supported Azure OS images
What is Windows 10 multi-session?
Customizing the Windows 10 multi-session image for your organization
Planning and configuring name resolution for Active Directory and Azure Active Directory Domain Services
Planning a host pools architecture
App groups
End users
Registering the DesktopVirtualization resource provider
Registering the provider using Azure PowerShell (optional)
Resource groups, subscriptions, and management groups limits
Configuring the location for the Azure Virtual Desktop metadata
Calculating and recommending a configuration for capacity and performance requirements
Multi-session recommendations
Recommendations on sizing VMs
General recommendations for VMs
Testing workloads
Summary
Questions
Answers
Further reading
Chapter 3: Designing for User Identities and Profiles
Selecting a licensing model for your Azure Virtual Desktop deployment
Applying the Azure Virtual Desktop licensing to VMs
Azure Files tiers
Planning for user profiles
User profiles
Challenges with previous user profile technologies
An introduction to FSLogix Profile Containers
Azure Files integration with Active Directory Domain Services
Planning for user identities
Planning for Azure Virtual Desktop client deployment
Installing the Windows Desktop client
Subscribing to a workspace
Access client logs
Connecting to Azure Virtual Desktop using the Web Client
Setting up email discovery to subscribe to the Azure Virtual Desktop feed
Summarizing the prerequisites for Azure Virtual Desktop
Summary
Questions
Answers
Chapter 4: Implementing and Managing Networking for Azure Virtual Desktop
Implementing Azure Virtual Network connectivity
Azure Virtual Network
Azure VNets
Communication between Azure resources
Communication with on-premises networks
Filtering and routing Azure network traffic
Understanding what virtual network integration is for Azure services
Managing connectivity to the internet and on-premises networks
Types of VPN available to you
Implementing and managing network security
Azure network security overview
Understanding AVD network connectivity
Managing AVD session hosts by using Azure Bastion
What is Azure Bastion?
Setting up Azure Bastion
Connecting to a VM using Azure Bastion
Monitoring and troubleshooting network connectivity
Using Azure Monitor to diagnose network issues
Confirming all required URLs are not blocked
Summary
Questions
Answers
Chapter 5: Implementing and Managing Storage for Azure Virtual Desktop
Configuring storage for FSLogix components
FSLogix Profile container storage options
The different Azure Files tiers
Best practices for Azure Files with AVD
Configure storage accounts
Step 1 – create a new storage account
Step 2 – configure the basics
Step 3 – configure advanced settings
Step 4 – configure networking
Step 5 – configure data protection
Configuring file shares
Configuring disks
Ephemeral OS disks
Creating a VHD image
Creating a VM
Creating a local image
Dynamic disks versus fixed disks
Summary
Questions
Answers
Further reading
Section 3: Implementing an Azure Virtual Desktop Infrastructure
Chapter 6: Creating Host Pools and Session Hosts
Creating a host pool by using the Azure portal
Host pool creation
Workspace information
Automating the creation of AVD hosts and host pools
Setting up PowerShell for AVD
Creating an AVD host pool with PowerShell
Summary
Questions
Answers
Chapter 7: Configure Azure Virtual Desktop Host Pools
Windows Server session host licensing
Configuring host pool settings
Customizing RDP properties
Using PowerShell to customize RDP properties
Methods for configuring Azure Virtual Desktop load balancing
Using PowerShell to configure load balancing methods
Assigning users to host pools
Assigning users to host pools via PowerShell
Configuring automatic assignment
Configuring direct assignment using PowerShell
Applying OS and application updates on an Azure Virtual Desktop host
Configuring a validation pool
Applying security and compliance settings to session hosts
Summary
Questions
Answers
Chapter 8: Azure AD Join for Azure Virtual Desktop
Prerequisites
Deploying an Azure AD-joined host pool
Enabling user access
Connect to Azure AD-joined session hosts using the Remote Desktop client
Configuring local admin access
Summary
Questions
Answers
Chapter 9: Creating and Managing Session Host Images
Creating a gold image
Creating a VM
Connecting to the VM
Modifying a Session Host image
Disabling automatic updates
Installing language packs in Azure Virtual Desktop
Optimizing an image
Capturing an image template
Creating and using an Azure Compute Gallery (ACG)
Creating your first Azure Compute Gallery
Capturing an image in an Azure Compute Gallery
Creating an image definition from the Shared Image Gallery
Creating an image version
Troubleshooting OS issues related to Azure Virtual Desktop
VMs are not joined to the domain
Azure Desktop Agent and Virtual Desktop Bootloader are not installed
Azure Virtual Desktop Agent is not registering with the Azure Virtual Desktop service
Basic performance troubleshooting in Azure Virtual Desktop
Networking troubleshooting
Summary
Questions
Answers
Section 4: Managing Access and Security
Chapter 10: Managing Access
Introduction to Azure RBAC
Planning and implementing Azure roles and RBAC for AVD
The delegated access model
Assigning RBAC roles to IT admins
The PowerShell way to assign role assignments
Creating a custom role using the Azure portal
Managing local roles, groups, and rights assignments on AVD session hosts
Configuring user restrictions by using Azure Active Directory Domain Service group policies
Summary
Questions
Answers
Chapter 11: Managing Security
Introduction to MFA
How does Azure MFA work?
Security defaults
Conditional Access
Planning and implementing MFA
Creating a conditional access policy for MFA
Managing security by using Microsoft Defender for Cloud
Securing AVD using Microsoft Defender for Cloud
Using Microsoft Defender for Cloud and AVD
Enabling enhanced security for AVD
Configuring Microsoft Defender Antivirus for session hosts
What is the difference between Microsoft Defender Antivirus and Microsoft Defender for Endpoint?
Getting the latest updates
Setting the scheduled task to run the PowerShell script
Manually downloading and unpacking
Configuring quick scans
Suppressing notifications
Enabling headless UI mode
Summary
Questions
Answers
Section 5: Managing User Environments and Apps
Chapter 12: Implementing and Managing FSLogix
Installing and configuring FSLogix
License requirements for FSLogix profile containers
FSLogix key capabilities
FSLogix installation and configuration
Configuring antivirus exclusions
Configuring exclusions using PowerShell
Configuring profile containers
Configuring Cloud Cache
Configuring Cloud Cache
Microsoft Teams exclusions
FSLogix profile container best practices
Summary
Questions
Answers
Chapter 13: Configuring User Experience Settings
Configuring Universal Print
Prerequisites for Universal Print
Universal Print administrator roles
Setting up Universal Print
Registering printers using the Universal Print connector
Assigning permissions and sharing printers
Adding a Universal Print printer to a Windows device
Configuring user settings using Microsoft Endpoint Manager
Start Virtual Machine on Connect
Configuring with the Azure portal
Enabling screen capture protection for Azure Virtual Desktop
Troubleshooting FSLogix profiles
Troubleshooting Azure Virtual Desktop clients
Testing connectivity
Resetting the Remote Desktop Client
Remote Desktop Client is showing no resources
Summary
Further reading
Questions
Answers
Chapter 14: MSIX App Attach
Configuring dynamic application delivery by using MSIX app attach
What is MSIX?
What does it look like inside MSIX?
What is MSIX app attach?
MSIX app attach terminology
An overview on how MSIX app attach works
Prerequisites
Creating an MSIX package
Packaging a simple application in an MSIX container
Creating an MSIX image
Configuring Azure Files for MSIX app attach
Importing the code-signed certificate
Uploading MSIX images to Azure Files
Configuring MSIX app attach
Publishing an MSIX app to a RemoteApp
Troubleshooting
Published MSIX app attach applications not showing in the Start menu
Summary
Further reading
Questions
Answers
Chapter 15: Configuring Apps on a Session Host
Application Masking
Rule types available
Deploying an application as a RemoteApp
Implementing and managing OneDrive for Business for a multi-session environment
Implementing and managing Microsoft Teams AV redirection
Implementing and managing multimedia redirection
Managing internet access for Azure Virtual Desktop sessions
Summary
Questions
Answers
Section 6: Monitoring and Maintaining an Azure Virtual Desktop Infrastructure
Chapter 16: Planning and Implementing Business Continuity and Disaster Recovery
Designing a backup strategy for Azure Virtual Desktop
Planning and implementing a disaster recovery plan for Azure Virtual Desktop
Virtual network
Virtual machines
Managing user identities
Configuring user and app data
Disaster recovery considerations for MSIX app attach
Application dependencies
Configuring backup and restore for FSLogix user profiles, personal virtual desktop infrastructures (VDIs), and golden images
Virtual machine backup and restore
Zone-redundant storage
Azure file backup and restore
Replicating virtual machine images between regions
Summary
Questions
Answers
Chapter 17: Automate Azure Virtual Desktop Management Tasks
Creating an automation account for Azure Virtual Desktop
Automating the management of host pools, session hosts, and user sessions using PowerShell
Implementing autoscaling for host pools
Autoscale – scaling plans
Summary
Questions
Answers
Chapter 18: Monitoring and Managing Performance and Health
Configuring Azure Monitor for AVD
Creating a Log Analytics workspace
Configuring the monitoring of AVD
Configuring performance counters
Configuring events
Using AVD Insights
Setting up alerts using alert rules
Introduction to Kusto
Connecting Log Analytics to Kusto Explorer
Creating queries for AVD using Kusto Explorer
Using Azure Advisor for AVD
Summary
Questions
Answers
Chapter 19: Azure Virtual Desktop's Getting Started Feature
How the Getting started feature works
Prerequisites
Using the Getting started feature with Azure AD DS and AD DS
Using the Getting started feature without an identity provider
Post-deployment cleanup
Troubleshooting the Getting started feature
Summary
Questions
Answers
Appendix: Microsoft Resources and Microsoft Learn
Azure Virtual Desktop Community shout-outs!
Cool vendors
Other resources written by Ryan Mangan
Summary
Final Assessment
Questions
Answers
Other Books You May Enjoy
Preface
Mastering Azure Virtual Desktop offers complete coverage of Azure Virtual Desktop as well as up-to-date coverage of the AZ-140 exam so that you can take it with confidence. With this book, you will learn the steps for planning, implementing, and managing an Azure Virtual Desktop environment. You will also find hints, tips, and advice on common issues you may face with configuration and day-to-day management.
Who this book is for
This book is for IT professionals who wish to attain the Microsoft Certified: Windows Virtual Desktop Specialty certification and those who work in the end user computing field, whether as an administrator, consultant, or architect. Readers should already be familiar and comfortable with cloud computing and Microsoft Azure principles. You should also have experience administering core features and services within a Microsoft 365 tenant.
What this book covers
Chapter 1, Introduction to Azure Virtual Desktop, provides an introduction to Azure Virtual Desktop providing a high-level overview of the service offering and the associated benefits.
Chapter 2, Designing the Azure Virtual Desktop Architecture, provides guidance and the requirements to plan and design an Azure Virtual Desktop environment. You will also learn about sizing, network guidelines, and understanding Azure Virtual Desktop connectivity.
Chapter 3, Designing for User Identities and Profiles, covers everything you need to know for designing user identities and profiles.
Chapter 4, Implementing and Managing Networking for Azure Virtual Desktop, looks at the considerations and techniques for implementing and managing networking for Azure Virtual Desktop.
Chapter 5, Implementing and Managing Storage for Azure Virtual Desktop, details the requirements and storage options required for FSLogix components as well as teaching you how to create storage accounts and configure disks and Azure file shares.
Chapter 6, Creating and Configuring Host Pools and Session Hosts, teaches you how to create and configure Azure Virtual Desktop host pools and session hosts.
Chapter 7, Configure Azure Virtual Desktop Host Pools, guides you through the configuration of host pools, the use of a Remote Desktop (RD) license server for those using server-based session hosts, custom Remote Desktop Protocol (RDP) properties, and applying security and compliance settings to a session host.
Chapter 8, Azure AD Join for Azure Virtual Desktop, teaches you how to join session hosts to Azure Active Directory and how to carry out basic troubleshooting.
Chapter 9, Creating and Managing Session Host Images, looks at the configuration of host pools including the configuration of a gold image, Azure Compute Gallery optimization, and basic performance troubleshooting.
Chapter 10, Managing Access, discusses how to plan and implement Azure roles and role-based access control (RBAC) and how to manage local roles, groups, and rights assignments for Azure Virtual Desktop session hosts.
Chapter 11, Managing Security, provides a clear understanding of Azure multi-factor authentication and its benefits, how to configure conditional access policies, the use of Azure Defender for Cloud, and the configuration of Microsoft Defender Antivirus for Azure Virtual Desktop.
Chapter 12, Implementing and Managing FSLogix, shows how to install, configure, and manage FSLogix profile containers and Cloud Cache.
Chapter 13, Configuring User Experience Settings, looks at some of the features and functions you can configure with Azure Virtual Desktop, including Universal Print, Start Virtual Machine connect, Screen Capture Protection, FSLogix troubleshooting, and Remote Desktop client troubleshooting.
Chapter 14, MSIX App Attach, teaches you how to implement and manage MSIX app attach for Azure Virtual Desktop.
Chapter 15, Configuring Apps on a Session Host, teaches you how to configure app masking, deploy RemoteApp applications, configure Microsoft Teams AV Redirect, Multimedia redirect, and manage internet access for Azure Virtual Desktop.
Chapter 16, Planning and Implementing Business Continuity and Disaster Recovery, discusses the options available to you when planning and designing business continuity and disaster recovery for Azure Virtual Desktop.
Chapter 17, Automate Azure Virtual Desktop Management Tasks, teaches you how to automate repeated maintenance tasks, implement custom autoscaling scripts, and configure and deploy scaling plans.
Chapter 18, Monitoring and Managing Performance and Health, teaches you how to configure Azure Virtual Desktop insights to monitor user experience and overall environment performance. This chapter also discusses setting up alerts and an introduction to Kusto.
Chapter 19, Azure Virtual Desktop's Getting Started Feature, teaches you how to use the getting started feature to deploy an Azure Virtual Desktop environment.
Appendix, Microsoft Resources and Microsoft Learn, contains useful information and other interesting content from Microsoft, communities, and MVPs on Azure Virtual Desktop.
To get the most out of this book
If you are an IT professional, an end user computing administrator, architect, or consultant looking to learn about implementing and managing Azure Virtual Desktop, this book is for you.
Download the color images
We also provide a PDF file that has color images of the screenshots and diagrams used in this book. You can download it here: https://static.packt-cdn.com/downloads/9781801075022_ColorImages.pdf.
Conventions used
There are a number of text conventions used throughout this book.
Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "The client stores the connection configuration for each available resource in a set of .rdp files."
A block of code is set as follows:
{ "joeclbldhdmoijbaagobkhlpfjglcihd": { "installation_mode": "force_installed", "runtime_allowed_hosts": [ "*://*.youtube.com" ], "runtime_blocked_hosts": [ "*://*" ], "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx" } }
Any command-line input or output is written as follows:
Install-Module -Name Az.DesktopVirtualization
Bold: Indicates a new term, an important word, or words that you see onscreen. For instance, words in menus or dialog boxes appear in bold. Here is an example: "You will then see the Sign in to your account popup."
Tips or important notes
Appear like this.
Get in touch
Feedback from our readers is always welcome.
General feedback: If you have questions about any aspect of this book, email us at [email protected] and mention the book title in the subject of your message.
Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/support/errata and fill in the form.
Piracy: If you come across any illegal copies of our works in any form on the internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.
If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.
Share Your Thoughts
Once you've read Mastering Azure Virtual Desktop, we'd love to hear your thoughts! Please click here to go straight to the Amazon review page for this book and share your feedback.
Your review is important to us and the tech community and will help us make sure we're delivering excellent quality content.
Section 1: Introduction
This section offers an introduction to Azure Virtual Desktop with a view to providing a high-level overview of the subject before we start to delve into the details of the core functions and features of the product.
This part of the book comprises the following chapter:
Chapter 1, Introduction to Azure Virtual DesktopChapter 1: Introduction to Azure Virtual Desktop
In today's post-COVID 19 world, it has become crucial for businesses to enable remote work strategies for their teams while enhancing security, reducing infrastructure costs, and simplifying overall IT management. Azure Virtual Desktop allows users to continue to work in any location using Microsoft's latest desktop and application virtualization cloud technology, enabling companies to provide a secure, productive experience in this ever-changing world.
This book provides a complete guide to Azure Virtual Desktop. We will start with the essentials for understanding desktop virtualization, as well as planning, designing, implementing, and supporting an Azure Virtual Desktop environment.
Desktop virtualization
Virtual Desktop Infrastructure (VDI), also known as Desktop Virtualization, refers to virtualization and virtual machines that provide and manage virtual desktops. Users access these virtual machines remotely from any supported device, including remote locations, and the compute processing is completed on the host server. Users connect to their virtual desktop sessions through a connection broker. This broker is essentially a software layer that acts as the intermediary between the user and server, enabling the orchestration of user sessions to virtual desktops or published applications.
VDI is usually deployed in an organization's data center and managed by its IT department. Typical on-premises providers include Citrix, VMware, and Remote Desktop Services. VDI can be hosted on-premises or in the cloud. Some organizations use the cloud to scale virtual desktop environments, enabling a hybrid capability that allows IT admins to meet changing organizational demands quickly.
Azure Virtual Desktop – what is it?
Azure Virtual Desktop is a desktop and app virtualization service that runs on Microsoft Azure. Azure Virtual Desktop works across devices, including Windows, Mac, iOS, Android, and Linux, with apps that you can use to access remote desktops and apps. You can also use modern browsers to access Azure Virtual Desktop.
Providing the best user experience
Users have the freedom to connect to Azure Virtual Desktop from any capable device over the internet. You can use an Azure Virtual Desktop client to connect to published Windows desktops and applications. There are three flavors of client that you can use to connect: a native application on the device, a mobile app, or the Azure Virtual Desktop HTML5 web client.
You can improve application performance on session host virtual machines (VMs) by running apps near services by connecting to your data center or the cloud. This will reduce the risk of long loading times and keep your users productive.
User sign-in to Azure Virtual Desktop is much faster because user profiles are containerized using FSLogix profile containers. The user profile container is dynamically attached to the session host or VM in question at user sign-in. The user profile is made available and appears in the system exactly as a local user profile would.
You can provide individual ownership to session desktops using personal (persistent) desktops for those specific use cases. For example, you may want to offer personal remote desktops for members of a web development team. They would be able to add or remove programs without impacting other users on that virtual desktop.
Enhanced security
Azure Virtual Desktop provides centralized security for users' desktops with Azure Active Directory (Azure AD). You can further enhance security by enabling multi-factor authentication (MFA) to provide secure user access. You can also secure access to data by using Azure's granular role-based access control (RBAC) for users.
Azure Virtual Desktop separates the data and apps from the local hardware and runs both resource types on a remote server. The risk of confidential data being left on a personal device is significantly reduced when using Azure Virtual Desktop.
User sessions can be isolated in both single and multi-session virtual desktop deployments.
Azure Virtual Desktop improves security by using reverse connect technology, a more secure connection type than the Remote Desktop Protocol (RDP). However, the session hosts do open inbound ports to the session host VMs.
Simplify management
Azure Virtual Desktop is a Microsoft Azure service that's familiar to Azure admins. You use Azure Active Directory and RBAC to manage access to resources. With Microsoft Azure, you are provided with the tools to automate VM deployments, manage VM updates, and provide disaster recovery.
As with other Microsoft Azure services, Azure Virtual Desktop uses Azure Monitor for monitoring and alerts. This allows IT admins to identify issues through a single interface.
Managing Azure Virtual Desktop performance
Azure Virtual Desktop provides you with options to load balance users on your VM host pools. Host pools are collections of VMs with the same configuration assigned to multiple users.
You can configure session load balancing to occur as users sign in to session hosts, also known as breadth mode. Breadth mode essentially means that users are sequentially allocated across the host pool for your workload. You also have the option to configure your VMs for depth mode load balancing to save costs, where users are fully allocated on one VM before moving to the next. In addition, Azure Virtual Desktop provides the tools and the capability to automatically provision additional VMs when incoming demand exceeds a specified threshold.
Multi-session Windows 10/11
Azure Virtual Desktop enables and headlines Windows 11 and 10 Enterprise multi-session since they are the only Windows operating systems (client-based) that enable multiple concurrent users on a single Windows 11/10 VM.
Azure Virtual Desktop also provides a familiar experience with broader application support than the traditional Windows Server-based remote desktop solutions.
What licenses do I need?
Azure Virtual Desktop is available at no additional cost if you have an eligible Microsoft 365 license. However, it is important to note that you pay for the Microsoft Azure resources that are consumed by Azure Virtual Desktop:
You must have a Windows or Microsoft 365 license to be able to use Windows 11 Enterprise and Windows 10 Enterprise desktops and apps (eligible).You must have a Microsoft Remote Desktop Services (RDS) Client Access License (CAL) for Windows Server Remote Desktop Services desktops and apps (eligible).How does Azure Virtual Desktop work?
Azure Virtual Desktop is easier to deploy and manage than traditional RDS or VDI environments. You don't have to provision and manage servers and server roles such as the gateway, connection broker, diagnostics, load balancing, and licensing.
What's managed by Microsoft and what you manage
The following diagram shows what services Microsoft manages and what you manage:
Figure 1.1 – Services managed by Microsoft and you
What Microsoft manages
Azure Virtual Desktop provides a virtualization infrastructure as a managed service. Azure Virtual Desktop's core components are as follows:
Web client: The Web Access service within Azure Virtual Desktop management enables users to access virtual desktops and remote apps through the HTML5-compatible web browser, as they would with a local PC – from anywhere and on any device. In addition, you can secure Web Access by using MFA in Azure AD.Diagnostics: Remote Desktop Diagnostics is an event-based aggregator service that's provided through Azure Virtual Desktop management that marks each user or administrator's action on the deployment as a success or failure. Administrators can query the aggregation of events to identify failing components.Management: With this option, you can manage Azure Virtual Desktop configurations in the Azure portal, as well as manage and publish host pool resources. Azure Virtual Desktop also includes several extensibility components. You can manage Azure Virtual Desktop by using Windows PowerShell or with the provided REST APIs, enabling support from third-party tools.Broker: The Connection Broker service manages user connections to virtual desktops and remote apps. This also handles load balancing and reconnecting to existing sessions.Load balancing: This option provides session host load balancing by depth-first or breadth-first. The broker controls how new incoming sessions are distributed across the VMs in a host pool.Gateway: The Remote Connection Gateway service connects remote users to Azure Virtual Desktop remote apps and desktops from any internet-connected device that can run an Azure Virtual Desktop client. The client connects to a gateway that then orchestrates a connection from the VM back to the same gateway.Windows Virtual Desktop uses Azure infrastructure services for compute, storage, and networking.
What does the customer manage?
Now, let's look at what you, as the customer, manage. First, we'll look at the desktop and remote apps part of Azure Virtual Desktop.
Desktop and remote apps
With this option, you can create application groups to group, publish, and assign access to remote apps or desktops:
Desktop: Remote Desktop application groups give users access to a full desktop. You can provide a desktop where the session host's VM resources are shared or pooled. You can give dedicated personal desktops to those users who need to add or remove programs without impacting other users.Apps: RemoteApp applications groups provide users access to the applications you individually publish to the application group. You can create multiple RemoteApp app groups to accommodate different user scenarios. For example, you can use RemoteApp to virtualize an app that runs on a legacy OS or needs secured access to corporate resources.Images: When you configure session hosts for application groups, you have a choice of images. You should use a recommended image such as Windows 10 Enterprise multi-session and Office 365. Alternatively, you can choose an image in your gallery or an image provided by Microsoft or other publishers.Management and policies
Now, let's look at the customer responsibilities for management and policies:
Profile management: Configure FSLogix profile containers with a storage solution such as Azure Files to containerize user profiles and provide users with a fast and stateful experience.Sizing and scaling: Here, you can specify session host VM sizes, including GPU-enabled VMs, as well as specify depth or breath load balancing when you create a host pool. Finally, you can configure automation policies for scaling.Networking policies: Define a network topology to access the virtual desktop and virtual apps from the intranet or internet based on the organizational policy. Connect your Azure Virtual Network to your on-premises network by using a virtual private network. Alternatively, you can use Azure ExpressRoute to extend your on-premises networks into the Microsoft cloud platform over a private connection.User management and identity: Use Azure AD and RBAC to manage user access to resources. Take advantage of Azure AD security features such as conditional access, MFA, and Intelligent Security Graph. Azure Virtual Desktop requires Active Directory Domain Services (AD DS). Domain-joined sessions host VMs on this service. You can also sync AD DS with Azure AD so that users are associated between the two. Once you've done this, you can use Azure AD Join to deliver virtual desktops to your users.Summary
This chapter provided an introduction to Azure Virtual Desktop, some of the key benefits of the service, and an overview of its components and capabilities. In the next chapter, we will look at designing an Azure Virtual Desktop architecture.
Section 2: Planning an Azure Virtual Desktop Architecture
This section takes a look at the planning and design of Azure Virtual Desktop's architecture, which covers both the core architecture and the design of user identities and profiles.
This part of the book comprises the following chapters:
Chapter 2, Designing the Azure Virtual Desktop ArchitectureChapter 3, Designing for User Identities and ProfilesChapter 4, Implementing and Managing Networking for Azure Virtual DesktopChapter 5, Implementing and Managing Storage for Windows Virtual DesktopChapter 2: Designing the Azure Virtual Desktop Architecture
We will start this book by looking at the design of Azure Virtual Desktop. Design is an integral part of any suitable technology solution, and in this chapter, we will look at the areas you should consider when designing Azure Virtual Desktop.
In this chapter, we'll cover the following topics:
Assessing existing physical and Virtual Desktop environmentsAssessing the network capacity and speed requirements for Azure Virtual DesktopIdentifying an operating system for an Azure Virtual Desktop implementationPlanning and configuring name resolution for Active Directory and Azure Active Directory Domain ServicesPlanning a host pools architectureRecommended resource groups, subscriptions, and management groupsConfiguring the location for the Azure Virtual Desktop metadataCalculating and recommending a configuration for capacity and performance requirementsAssessing existing physical and Virtual Desktop environments
Before we can look at the components of Azure Virtual Desktop, we need to understand the current environment, the requirements, and other information that would be useful.
Assessing Azure Virtual Desktop deployments
When tackling the design of Azure Virtual Desktop, the first thing we must do is look at the current desktop estate within the organization's environment. The desktop estate could be purely physical, virtual, or a mixture of both physical and virtual. Suppose your organization is deploying a virtual desktop environment for the first time (greenfield deployment). In this case, you should still assess your physical desktop estate to understand the applications, data, and profile usage within your organization.
The desktop assessment should evaluate areas including the user's persona, consistent host pool types of virtual machines, applications, and user profiles. The data that's gathered from this assessment can be used to scope the deployment of new infrastructure and Azure Virtual Desktop migration.
When preparing your planning methodology, you can use Microsoft's best practices on cloud adoption. They will help you document your technology strategy and current desktop state:
Inventory and rationalize your desktop estate based on assumptions that align with motivations and business outcomes with the digital estate guidance from Microsoft: https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/digital-estate/rationalize.Establish a plan for initial organizational alignment to support the proposed adoption plan using the organizational alignment plan: https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/plan/initial-org-alignment. Create a readiness plan for addressing any skills gaps that may be present. You can find this in the skills readiness plan: https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/plan/adapt-roles-skills-processes.Develop a cloud adoption plan to manage change across the digital estate, operational and technical skills, and overall organization using the cloud adoption plan: https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/plan/plan-intro.Another helpful tool that can be used to plan is a digital estate assessment, which enables you to measure your desktop estate changes based on the organization's desired outcomes:
Infrastructure: For organizations that are inward-facing and seek to optimize costs, operational processes, agility, or other aspects of their operations, the digital estate focuses on VMs, servers, and workloads.Applications: It is recommended that you focus on applications, APIs, and transactional data that supports the customers.Data: It is somewhat challenging to launch new products/services without some data. You should also focus on the silos of data across the organization.Operational: Businesses require stable technologies to operate efficiently and effectively. Where possible, businesses need to aim to be as close as possible to zero downtime. Service reliability is critical in today's competitive markets. When stability is a priority, the digital estate should be measured on the positive or negative impact on stable operations. The reliability of workloads, disaster recovery, and business continuity are good measures you can use for operational stability per asset.Using the data you have collected and analyzed will help you create the migration plan. You may need to carry out workload assessments to capture specific requirements. For an Azure Virtual Desktop migration deployment plan, you will require data about the desktops, users, and workloads used by each user.
Let's look at some tools available to you.
Movere
Movere is a product designed to help you migrate resources to Microsoft cloud services. It improves business intelligence by reporting on entire IT environments within a single day. As organizations grow, change, and digitally optimize, Movere helps IT admins to see and control their IT environment.
You can access Movere through Microsoft Solution Assessment and Microsoft Cloud Economics Program. You can use these tools when you're planning and deploying an Azure Virtual Desktop environment. You can find out more about Movere at https://www.movere.io/.
Azure Migrate
Azure Migrate is used to discover, assess, and migrate on-premises servers, apps, and data to Microsoft Azure:
Azure Migrate's appliance is used to discover installed applications (software inventory).Agentless VMware migration supports concurrent replication of 500 VMs per vCenter.Azure Migrate installs the Azure VM agent automatically on the VMware VMs while migrating them to Azure using the agentless VMware migration method.Lakeside is also integrated with Azure Migrate within the virtual desktop infrastructure migration goals section to assess your current state. This vendor can help you map out an Azure Virtual Desktop deployment plan, including personas, host pools, applications, and user profiles specific to a Virtual Desktop environment.
User personas
User personas are the specifications for a particular group of users within a physical or virtual desktop environment with common characteristics or working methods. You may have multiple user personas in an Azure Virtual Desktop environment.
Once you have completed the required data capture, you will see the resources and workloads being used within your environment. You can then use this data to group user personas based on the following criteria:
Personal pools: Some users may require dedicated desktops (personal pools). For example, security, compliance, high-performance, or noisy-neighbor requirements might lead to some users running on dedicated desktops that aren't part of a pooling desktop strategy. You can use one-to-one here, though one of the biggest benefits of using personal pools is the ability to give local administrator rights and solve the challenge of those apps that do not support pooled multi-session deployments. You would enter this information by specifying a personal host pool type during the Azure Virtual Desktop host pool deployment (https://docs.microsoft.com/en-us/azure/virtual-desktop/create-host-pools-azure-marketplace#begin-the-host-pool-setup-process).Density: Power users may benefit from fewer users per session host for the more intensive workloads. For example, heavier density (applications/users/load) may require two users per virtual central processing unit (vCPU) instead of the typical six users' light-user assumption per vCPU. You must enter the required density information in the pool settings of the Azure Virtual Desktop host pool deployment (https://docs.microsoft.com/en-us/azure/virtual-desktop/create-host-pools-azure-marketplace#begin-the-host-pool-setup-process). Performance: High-performance desktop requirements for workloads or specific user scenarios. Some users may need more memory per vCPU than the assumed 4 GB of RAM per vCPU. You must enter the VM sizing in the Azure Virtual Desktop host pool deployment in the virtual machine details section (https://docs.microsoft.com/en-us/azure/virtual-desktop/create-host-pools-azure-marketplace#virtual-machine-details).Graphical processing: Some users may require a graphic processing unit (GPU) for CAD or other graphical applications/workloads. Some users may require vGPU-based VMs in Azure, as demonstrated in this guide for configuring GPU VMs: https://docs.microsoft.com/en-us/azure/virtual-desktop/configure-vm-gpu.Azure region: Localized regional requirements to mitigate any latency and connectivity issues. Before configuring the host pool, it is recommended that a user from each region should test latency to Azure by using the Azure Experience estimation tool: https://azure.microsoft.com/services/virtual-desktop/assessment/#estimation-tool. The test user should provide details for the lowest-latency Azure region and the latency in milliseconds for the top three Azure regions. Additionally, if a local backend is needed for the applications that are served via AVD, the latency between the application and the backend can be more important than the latency between the user and the session.Business functions: Department grouping for billing or specific operational requirements. This type of grouping will help you align corporate costs in later stages of operations. You can use different subscriptions per department or use tagging to allocate costs to different business cost centers.User count: One question you should consider is, How many users will be in each distinct persona?Max session counts: Based on the geography and hours of operation, how many concurrent users are expected for each persona during maximum load? These are factors you should consider.The following table shows responses to populating a completed assessment or design document:
Each persona/grouping, or each group of users with distinct business functions and technical requirements, would require a specific host pool configuration.
The end user assessment helps you realize the required data: pool type, density, size, CPU/GPU, Landing Zone region, and so on.
Important Note
You can read more about Azure Landing Zones here: https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/.
The host pool configuration assessment maps that data to a deployment plan. Aligning the technical requirements, business requirements, and cost will help determine the host pools' proper number and configuration.
Pricing examples are available for Microsoft Azure in the East US (https://azure.com/e/448606254c9a44f88798892bb8e0ef3c), West Europe (https://azure.com/e/61a376d5f5a641e8ac31d1884ade9e55), and Southeast Asia (https://azure.com/e/7cf555068922461587d0aa99a476f926) regions.
Application groups
Both Movere and Lakeside assess the current on-premises environment and provide data about the applications that are run on end user desktops. Using the data you have collected, you should create a list of all the applications that are required for each persona. For each required application, the answers to the following questions will help shape deployment iterations:
Which applications need to be installed for the persona to use this desktop? (group/departmental applications)Unless the persona uses 100 percent web-based software as a service application, you will most likely need to create and configure a custom master VHD image (https://docs.microsoft.com/en-us/azure/virtual-desktop/set-up-customize-master-image) for each persona. You will then need to work out which applications are typical applications and group/departmental applications. Common applications should be installed on the master image.
Tip
You can create custom images within the Azure portal or use Hyper-V, as suggested in the preceding paragraph.
Is this application compatible with a Windows 10 Enterprise multi-session (W10EMU)?If an application isn't compatible, a personal pool (https://docs.microsoft.com/en-us/azure/virtual-desktop/configure-host-pool-personal-desktop-assignment-type) may be required to run the custom VHD image.
Will mission-critical applications suffer from latency between the Azure Virtual Desktop instance and any backend systems?If this is the case – and it is likely to be the case – you may want to consider migrating the backend systems that support the application to Azure.
These answers may require the plan to include remediation to the desktop images or support application components before desktop migration or deployment.
In this section, we looked at application groups and some of the tools available, as well as some questions to help you gather the requirements for your future Azure Virtual Desktop solution.
Now, let's look at the network capacity and speed requirements for Azure Virtual Desktop.
Assessing the network capacity and speed requirements for Azure Virtual Desktop
In this section, we will look at assessing the network requirements for Azure Virtual Desktop and some of the considerations you should factor into your design.
A remote desktop protocol (RDP) session relies on network bandwidth. Problems with bandwidth will impact your user experience within a Windows session. Depending on the applications and display resolutions, you may require different network configurations for specific groups within your organization. Incorrectly configuring your network to meet your remote desktop needs and requirements can lead to project failure and users not being able to carry out their required tasks within Azure Virtual Desktop.
Applications
Before we understand how applications affect bandwidth, let's look at what user-specific bandwidth recommendations are available:
The preceding table provides guidance on the minimum recommended bandwidths for an acceptable user experience. The listed recommendations are based on the guidelines in Microsoft's guide to Remote Desktop workloads (https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/remote-desktop-workloads).
Important Note
The recommendations in the table apply to networks with less than 0.1% loss. These recommendations apply regardless of how many user sessions you are hosting on your virtual machines.
Remember, application workload outputs, frame rate, or display resolutions will apply stress to your network. As framerates increase, your bandwidth requirement will change.
A good example is when you add Microsoft Teams video conferences without any audio/visual redirection to a typical light workload with a high-resolution display – your bandwidth requirement will increase. We will look at how to improve user experience and performance using Teams AV redirect in Chapter 13, Implementing and Managing Microsoft Teams AV Redirect.
Some of the other typical use cases that have changing bandwidth requirements are as follows:
VoiceReal-time communicationStreaming 4K videoLoad testing the applicable use cases and scenarios in your deployment using tools such as Login VSI and PC Mark, which simulate load, is recommended. When load testing or benchmarking, it's important to vary the load sizes and run specific stress tests to simulate your future environment. It is also recommended that you test typical user scenarios in remote sessions to understand your network's requirements and capabilities.
Display resolutions
Your required display resolution will determine the required bandwidth. The following table provides an example of the required bandwidths Microsoft recommends you have for a display resolution with a frame rate of 30 frames per second (FPS). Following these guidelines will help you provide a smooth user experience. The same recommendations apply to both single and multiple user scenarios. Remember, scenarios involving a frame rate under 30 FPS, such as reading static text, will require less available bandwidth than any graphically intensive applications:
We now move on to looking at the experience estimate for Azure Virtual Desktop.
Azure Virtual Desktop experience estimator
Latency can be defined as the delay before data transfer begins after following an instruction for its transfer. Latency does not have to be geographic – it can also be based on your company's network topology. The distance you are from a Microsoft Azure data center can have an impact on the user experience. You can check the round trip time (RTT) of each Azure region using Windows Virtual Desktop Experience Estimator (https://azure.microsoft.com/services/virtual-desktop/assessment/):
Figure 2.1 – Windows Virtual Desktop Experience Estimator
Windows Virtual Desktop Experience Estimator is a great tool to help you pick the appropriate Azure regions in terms of the closest region to deploy your Azure Virtual Desktop environment in. You can also use this tool to understand the best location for a possible Azure Virtual Desktop disaster recovery solution.
Assistive Technologies
The phrase assistive technology is used to describe products or systems that support and assist individuals with disabilities, restricted mobility, or other impairments.
It is important to note that, when using assistive technology workloads, you will need to ensure that the round trip time is less than 20 milliseconds (ms) to achieve a good user experience.
Remote Desktop Protocol bandwidth requirements
Azure Virtual Desktop uses RDP as the connection method to provide remote display and input capabilities over network connections. RDP was initially released with Windows NT 4.0 Terminal Server Edition and has continuously evolved with every future Microsoft Windows and Windows Server release.
From the very beginning, RDP was developed to be independent of its underlying transport stack, and today, it supports multiple types of transport.
RDP is a complex technology that uses different techniques to deliver the server's remote graphics to the client device. Depending on the use case, scenario, availability of the compute resources, and network bandwidth, RDP dynamically adjusts various parameters to deliver the best remote user experience.
RDP multiplexes (multiple messages) multiply Dynamic Virtual Channels (DVCs) into a single data channel sent over different network transports. Did you know that there are separate DVCs for remote graphics, input, device redirection, printing, and others? The total amount of data that's sent over RDP depends on the user's activity – for example, a typical user working with basic textual content for most of the user's session. The bandwidth is low until the user generates a printout of a 100-page document to a printer. The print job will use more network bandwidth compared to the typical textual content that's used within the session.
A network's available bandwidth impacts the remote session's quality of experience. It is important to note that each application and display resolution can require different network configurations. It is essential to ensure that your network configuration meets your needs. It is recommended that you profile your network requirements based on user activity.
Estimating bandwidth utilization
RDP uses various compression algorithms for different types of data. The following table details some estimates for the data transfers:
This table has been taken from Microsoft (https://docs.microsoft.com/azure/virtual-desktop/rdp-bandwidth#estimating-bandwidth-utilization).
As discussed in the previous section, Assessing the network capacity and speed requirements for Azure Virtual Desktop, you need to consider bandwidth changes when you're doing the following:
Streaming 4K videoVoice or video conferencingReal-time communicationNow, let's look at estimating bandwidth for users who require remote graphics.
Estimating the bandwidth that's used by remote graphics
It is difficult to predict remote desktop bandwidth usage. The bandwidth usage depends on the user's activities and those activities that generate the most remote desktop traffic. Every individual user is different, and differences in their work patterns may change network usage.
One of the recommended ways to assess network bandwidth requirements is to monitor real user session connections. You can monitor connections using the built-in performance counters, network equipment, or third-party tooling.
In most cases, you would estimate network utilization by understanding how RDP works by analyzing your organization's user work patterns.
The remote protocol delivers the remote server's graphics to be displayed on a local client monitor. This process's technical definition is the remote protocol provides the desktop bitmap entirely composed on the server. Sending a desktop bitmap may seem like a simple task. However, it does require a significant amount of resources to achieve. For example, a 1,080p desktop image in an uncompressed format is circa 8 MB in size. Displaying this image on a locally connected monitor with a screen refresh rate of 30 Hz requires approximately 240 MB/s of bandwidth.
RDP uses a combination of different techniques to reduce the amount of data that's transferred over a network, including, but not limited to, those mentioned in this table:
To understand remote graphics, you should consider the following:
The more complex/richer the graphics, the more bandwidth it will take:Text, window UI elements, and solid color consume less bandwidth than anything else.Natural images are the more significant contributors to bandwidth use. Client-side caching can help with reducing the natural image bandwidth.It is important to note that RDP only transmits changed parts of the screen. When there are no visible updates on the session screen, no updates are sent.Image slideshows are also known as video playbacks and other high-framerate content. RDP dynamically uses the required video codecs to deliver content close to the original frame rate. However, graphics are the most significant contributors to bandwidth utilization.An idle remote desktop uses minimal bandwidth during idle times.When the Remote Desktop Client window is minimized, no graphical updates are sent from the session host.Please note that the stress you apply to your network depends on both the application workload's output, framerate, and display resolution. If the framerate or display resolution increases, the bandwidth requirement increases. One example is a light workload with a high-resolution display requiring more available bandwidth than a light workload with regular or low resolution. When using high display resolutions, expect to see the bandwidth requirements increase.
The following table provides examples of the data that's used by different graphic scenarios. These figures apply to a single monitor configuration with a 1,920 x 1,080 resolution and with both default graphics and H.264/AVC 444 graphics modes:
This table has been taken from Microsoft (https://docs.microsoft.com/en-us/azure/virtual-desktop/rdp-bandwidth#estimating-bandwidth-used-by-remote-graphics).
Dynamic bandwidth allocation
RDP is designed to dynamically adapt to the changing network conditions. Instead of using the hard limits on bandwidth utilization, RDP uses a capability called continuous network detection, which actively monitors the available network bandwidth and packet round-trip time.
Based on what's been detected, RDP dynamically selects the graphic encoding options and allocates bandwidth for device redirection and other virtual channels.
This technology allows RDP to use the entire network pipe, when available, and can quickly back off when the network is required for other services. RDP can detect this and adjust the image quality, frame rate, or compression algorithms if other applications request the network bandwidth.
Limit network bandwidth use with throttle rate limiting
There's no need to limit bandwidth utilization as limiting may affect the overall user experience in most scenarios. However, in constrained networks, you may want to restrict or limit network utilization to prevent service degradation. Another good example is leased networks (mobile hotspots or pay as you consume connectivity), which charge for the amount of traffic/bandwidth used.
In these cases, the advice is to limit RDP outbound network traffic by specifying a throttle rate in a Quality of Service (QoS) policy.
Important Note
Throttle rate limiting is not supported for reverse connect transport with Azure Virtual Desktop. Microsoft details how to enable this here: https://docs.microsoft.com/en-us/azure/virtual-desktop/shortpath.
Reverse connect transport
Azure Virtual Desktop uses reverse connect transport
