Introductions - Microsoft

?right-914400Windows Virtual Desktop (WVD) Native - Design and Architecture reference guide00Windows Virtual Desktop (WVD) Native - Design and Architecture reference guideMICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, our provision of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. The descriptions of other companies’ products in this document, if any, are provided only as a convenience to you. Any such references should not be considered an endorsement or support by Microsoft. Microsoft cannot guarantee their accuracy, and the products may change over time. Also, the descriptions are intended as brief highlights to aid understanding, rather than as thorough coverage. For authoritative descriptions of these products, please consult their respective manufacturers. ? 2019 Microsoft Corporation. All rights reserved. Any use or distribution of these materials without express authorization of Microsoft Corp. is strictly prohibited. Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.Table of Contents TOC \o "1-3" \h \z \u 1.Introductions PAGEREF _Toc19799074 \h 42.Target Audience PAGEREF _Toc19799075 \h 43.What This Document is Not PAGEREF _Toc19799076 \h 44.Pre-requisites/Requirements PAGEREF _Toc19799077 \h 45.WVD Native Deployments PAGEREF _Toc19799078 \h 45.1.Greenfield (New) Deployments PAGEREF _Toc19799079 \h 45.2.Migrate On-Premise VDI to WVD PAGEREF _Toc19799080 \h 66.WVD Native Implementation Steps PAGEREF _Toc19799081 \h 86.1.Azure Environment Assessment PAGEREF _Toc19799082 \h 86.2.Licensing and Entitlements PAGEREF _Toc19799083 \h 96.3.Desktop Application Assessment PAGEREF _Toc19799084 \h 96.working PAGEREF _Toc19799085 \h 106.5.Identity and Access Management PAGEREF _Toc19799086 \h 116.6.Security and Compliance PAGEREF _Toc19799087 \h 116.7.Image Management PAGEREF _Toc19799088 \h 126.8.Deploy and Configure Storage infrastructure for User Profile(s) PAGEREF _Toc19799089 \h 126.9.Windows Virtual Desktop Service Deployment PAGEREF _Toc19799090 \h 136.10.Migrate Existing RDS/VDI Infrastructure PAGEREF _Toc19799091 \h 146.11.Convert and Migrate User Profiles PAGEREF _Toc19799092 \h 156.12.FSLogix Setup and Configuration for WVD User Profiles PAGEREF _Toc19799093 \h 156.13.Application and Desktop Management and Delivery PAGEREF _Toc19799094 \h 156.14.WVD Management PAGEREF _Toc19799095 \h 166.15.Patch Management PAGEREF _Toc19799096 \h 166.16.Business Continuity and Disaster Recovery (Azure to Azure) PAGEREF _Toc19799097 \h 166.17.Validate End User Experience PAGEREF _Toc19799098 \h 176.18.Validate FSLogix Profile container creation PAGEREF _Toc19799099 \h 176.19.WVD Service Monitoring PAGEREF _Toc19799100 \h 17IntroductionsThe primary goal of this document is to provide partners (and customers) a design reference document they can leverage to build and deploy WVD service. Target AudienceThe document is primarily intended for technical audience to design a WVD native solution. Partners can use this doc to help build their sow.What This Document is NotThis document is not a Detailed WVD deployment guideDetailed FSLogix deployment guideCitrix + WVD design guide VMWare + WVD design guidePre-requisites/RequirementsAgreement with Customer to implement WVD WVD Native DeploymentsA successful WVD engagement should carefully consider the several key implementation details like Networking, WVD Setup/Configuration, Application Assessment, User Profile Management, Migration Scenarios (in case of migrating existing RDS implementations), Licensing Options, Management & Monitoring Capabilities, Identity and Security. This is by no means a complete list of all the implementation steps, as each deployment is unique to the customer’s environment and needs. The document is only intended as a checklist and a starting point for the partner (or customer) team to customize the specific engagement as needed. Below is the outline of the key tasks typically required/recommended to successfully implement and execute the WVD engagement. Greenfield (New) DeploymentsFor Customers deploying WVD Service as a new (or greenfield) deployment, please follow the list of steps (and associated links) below to complete the implementation and execution. Azure Environment Assessment – Evaluate the current Azure footprint to drive efficiency and reuse services. For Customers with existing Azure deployments, the assessment phase can help identify resources that can be repurposed or utilized and reduce the number of new Azure services required for deploying WVD. Licensing and Entitlements – Ensure there is a licensing plan in place to run the appropriate apps or desktops in Azure WVD. Access Windows 10 Enterprise and Windows 7 Enterprise desktops and apps at no additional cost if you have an eligible Windows or Microsoft 365 license. For accessing Windows Server based deployments, you need to have an RDS CAL with SA.Desktop Application Assessment – Conduct an Application Landscape assessment. Application assessments provide the current performance and usage details like OS, Application Compatibility, CPU, memory etc., and aids in VM sizing recommendations by classifying users into Personas (task workers, power users, knowledge worker etc.) and related Azure costs. This is an optional step for greenfield deployments, but it is recommended that partners/customers perform this to get detailed insights into their applications needs.Azure Networking – As networking plays a crucial role in any cloud service deployment, designing a robust network architecture to satisfy all the KPI requirements is important. This should be part of your services in the design. Identity and Access Management - WVD Service in Azure requires Authentication and Session hosts to be domain joined using Windows Active Directory (AD). This can be done either from the on-premise environment or using Azure AD Domain Services (AAD-DS).Security and Compliance - Customers need to strengthen the security and access mechanisms of their WVD deployments as they are governed by corporate policies (compliance, regulations etc.). This is a crucial step in the WVD implementation. Image Management - Organizations use Custom Images to implement their desktops/apps including security controls and configurations, pre-install their IT applications for specific users. Ensure there is a good image management process is in place. Deploy and Configure Storage infrastructure for User Profile(s) - User profile management is a key step in designing a successful WVD environment. A user profile contains data elements about an individual user, including configuration information like desktop settings, persistent network connections, and application settings. By default, Windows creates a local user profile that is tightly integrated with the operating system. This section provides steps to create a storage infrastructure for User profiles.Windows Virtual Desktop Service Deployment - This is one of the key steps in the WVD deployment. Windows Virtual Desktop is a service that gives users easy and secure access to their virtualized Desktops and RemoteApps. This section describes the various components of a WVD Environment, and the steps required to deploy, setup and configure the WVD service.FSLogix Setup and Configuration for WVD User Profiles - FSLogix is a set of solutions that enhance, enable, and simplify non-persistent Windows computing environments. FSLogix solutions are appropriate for Virtual environments in both public and private clouds. As part of WVD, we will utilize the FSLogix Profile Containers to manage User profile data. Application and Desktop Management and Delivery - Once WVD elements are deployed, the applications and desktops need to be published and managed. Ensure this step is part of the implementation process. WVD Management - Management of WVD plays a crucial role in how the users interact with the service. You can grant/revoke access to published applications or desktops through Management, debug any issues that users come across when they access the service. Ensure that your WVD implementation has taken this into consideration. Patch Management - Patch Management is the process of updating and patching the Session host VMs to avoid any security vulnerabilities and applying any configuration controls as required. This must be planned as part of the WVD implementation. Business Continuity and Disaster Recovery (Azure to Azure) - Customers sometimes may require a highly available WVD deployment. BCDR can be implemented for Session hosts using ASR. This would protect the VMs and provide faster recovery from disasters.Validate End User Experience- Verify that the WVD Implementation is successful. This is a critical stage in the overall process. Validate FSLogix Profile container creation- Verify that the FSLogix implementation is successful. This ensures that the User Profile data is being managed correctly and enable additional capabilities that FSLogix brings to the environment. WVD Service Monitoring – Ongoing monitoring of your WVD environment is required to deliver best performance to your users. This will provide you with insights into any issues or errors. Ensure that your WVD implementation has taken this into consideration. Migrate On-Premise VDI to WVDFor Customers migrating from their existing RDS/VDI environment from on-premise to WVD Service in Azure, please follow the recommended/necessary steps below to complete a successful implementation and execution. You would be required to do everything in a greenfield implementation and these additional steps.Azure Environment Assessment – Evaluate the current Azure footprint to drive efficiency and reuse services. For Customers with existing Azure deployments, the assessment phase can help identify resources that can be repurposed or utilized and reduce the number of new Azure services required for deploying WVD. Licensing and Entitlements – Ensure there is a licensing plan in place to run the appropriate apps or desktops in Azure WVD. Access Windows 10 Enterprise and Windows 7 Enterprise desktops and apps at no additional cost if you have an eligible Windows or Microsoft 365 license. For accessing Windows Server based deployments, you need to have an RDS CAL with SA.Desktop Application Assessment – Conduct an Application Landscape assessment. Application assessments provide the current performance and usage details like OS, Application Compatibility, CPU, memory etc., and aids in VM sizing recommendations by classifying users into Personas (task workers, power users, knowledge worker etc.) and related Azure costs. This is an optional step for greenfield deployments, but it is recommended that partners/customers perform this to get detailed insights into their applications needs.Azure Networking – As networking plays a crucial role in any cloud service deployment, designing a robust network architecture to satisfy all the KPI requirements is important. This should be part of your services in the design. Identity and Access Management - WVD Service in Azure requires Authentication and Session hosts to be domain joined using Windows Active Directory (AD). This can be done either from the on-premise environment or using Azure AD Domain Services (AAD-DS).Security and Compliance - Customers need to strengthen the security and access mechanisms of their WVD deployments as they are governed by corporate policies (compliance, regulations etc.). This is a crucial step in the WVD implementation. Image Management - Organizations use Custom Images to implement their desktops/apps including security controls and configurations, pre-install their IT applications for specific users. Ensure there is a good image management process is in place. Deploy and Configure Storage infrastructure for User Profile(s) - User profile management is a key step in designing a successful WVD environment. A user profile contains data elements about an individual user, including configuration information like desktop settings, persistent network connections, and application settings. By default, Windows creates a local user profile that is tightly integrated with the operating system. This section provides steps to create a storage infrastructure for User profiles.Windows Virtual Desktop Service Deployment - This is one of the key steps in the WVD deployment. Windows Virtual Desktop is a service that gives users easy and secure access to their virtualized Desktops and RemoteApps. This section describes the various components of a WVD Environment, and the steps required to deploy, setup and configure the WVD service.Migrate Existing RDS/VDI Infrastructure – Customers running an existing RDS/VDI infrastructure running on-premises, WVD makes it easier to migrate the Session Hosts/VDIs and run them in Azure. ASR/Azure Migrate is the tool of choice for migrations and can migrate BOTH Windows Server and Client OS based machines.Convert and Migrate User Profiles – Customers running an existing RDS/VDI Infrastructure and migrating to WVD are encouraged to migrate their user profiles to WVD.FSLogix Setup and Configuration for WVD User Profiles - FSLogix is a set of solutions that enhance, enable, and simplify non-persistent Windows computing environments. FSLogix solutions are appropriate for Virtual environments in both public and private clouds. As part of WVD, we will utilize the FSLogix Profile Containers to manage User profile data. Application and Desktop Management and Delivery - Once WVD elements are deployed, the applications and desktops need to be published and managed. Ensure this step is part of the implementation process. WVD Management - Management of WVD plays a crucial role in how the users interact with the service. You can grant/revoke access to published applications or desktops through Management, debug any issues that users come across when they access the service. Ensure that your WVD implementation has taken this into consideration. Patch Management - Patch Management is the process of updating and patching the Session host VMs to avoid any security vulnerabilities and applying any configuration controls as required. This must be planned as part of the WVD implementation. Business Continuity and Disaster Recovery (Azure to Azure) - Customers sometimes may require a highly available WVD deployment. BCDR can be implemented for Session hosts using ASR. This would protect the VMs and provide faster recovery from disasters.Validate End User Experience- Verify that the WVD Implementation is successful. This is a critical stage in the overall process. Validate FSLogix Profile container creation- Verify that the FSLogix implementation is successful. This ensures that the User Profile data is being managed correctly and enable additional capabilities that FSLogix brings to the environment. WVD Service Monitoring – Ongoing monitoring of your WVD environment is required to deliver best performance to your users. This will provide you with insights into any issues or errors. Ensure that your WVD implementation has taken this into consideration. WVD Native Implementation StepsAzure Environment AssessmentAs part of the Azure environment assessment phase, check for the following services to see if it exists and can be utilized (reused) to deploy WVD. NetworkVerify if the CIDR block for the VNET/subnet has enough IP addresses for deploying new session hostsIf utilizing a hybrid architecture, verify if a S2S VPN tunnel or Express Route exists between your On-prem network to Azure VNET. Identity and Access ManagementVerify Active Directory Domain Services are availableIf the Customer is using Hybrid Architecture, verify that you haveConnectivity to a Domain Controller from on-prem/AzureAD Connect configured to sync objects between Domain Controllers and Azure Active DirectoryIf the Customer is cloud native, verify thatAzure Active Directory Domain Services is deployed to an Azure VNETthe VNET is peered with the AAD DS VNET if the Session hosts are deployed in a different VNETStorageVerify if there is a storage solution (Azure Files/ NetApp Files/ SOFS Cluster/ Standalone File server) already in place for re-using it for user profile dataNOTE: If you choose Azure NetApp Files as the storage option, remember it has regional limitations. Check to ensure the service is available in a region closer to you for better performance.Licensing/EntitlementsVerify if the Customer has the required licenses/entitlements.For accessing Windows Server deployments verify if the customer has required number of CALs/SALsImage and Patch ManagementVerify if the Customer has any existing management solutions such as SCCM that they would like to utilize for Image and Patch management OR azure native solutions like update-management and image-builder-overview can be leveraged. NOTE: Based on your environment assessment, re-use any existing resources/services and create other services (if not already present) as detailed in later sections of this document. FOR EXAMPLE: if you already have a S2S VPN Tunnel or ExpressRoute in place then skip this part under networking AND if you don’t have a storage solution, follow the guidance in the storage infrastructure section to deploy one.Licensing and EntitlementsEnsure all users have any one of the following Licenses/Entitlements per user or procure as required.OSRequired licenseWindows 10 Enterprise multi-session or Windows 10 EnterpriseMicrosoft 365 E3, E5, A3, A5, F1, BusinessWindows E3, E5, A3, A5Windows 7 EnterpriseMicrosoft 365 E3, E5, A3, A5, F1, BusinessWindows E3, E5, A3, A5Windows Server 2012 R2, 2016, 2019RDS Client Access License (CAL) with Software AssuranceDesktop Application AssessmentThis section describes the steps taken by a Partner (or Customer) to assess their Applications for the WVD environment. Several tools are available for such assessments and below are the recommended tools and their featuresLakesideOne of the preferred/recommended tools to do an assessment is from ISV partner Lakeside. Use Lakeside for a deep application level assessment where it generates User Personas, Performance reports, VM SKU recommendations for the VDI Infrastructure that can be used to build out the WVD environmentRegister with Lakeside here and follow their instructions to download and setup Assessment agents in your current infrastructureLakeside generates reports after running the assessment for a minimum of 2 weeksAzure MigrateUse Azure Migrate for quick TCO and Infrastructure level assessmentsAzure Migrate helps with Azure SizingAzure CostAzure Readiness for migrating On-prem VMs into AzureLakeside FeaturesAz MigrateAgent basedAgent based/Agent lessWVD Right sizing assessmentVM SKU RecommendationUser Persona ClassificationNo User Persona classificationApplication Landscape/CompatibilityCan migrate VMsResource consumption Azure TCONetworkingYour design should contain details on how the partner (or customer) will design and build out the networking topology for the WVD deployment. The recommendation is to design your Azure Networking using a Hub-Spoke topology. Consider the HUB like a DMZ deployed with your Virtual Network Gateways and other security/edge appliances like Firewalls, AAD-DS Etc. while the Spoke will act as the backend zone where your Session hosts servers are deployed and is peered with the HUB. If required use the reference architecture diagrams attached. Gather networking requirements and setup a Virtual Network (VNET) using Hub-Spoke Topology in Azure for deploying resourcesDeploy a Hub VNETDeploy and configure Network Gateways, Firewalls or any Network Virtual Appliances in the Hub VNETDeploy a Spoke VNET and establish peering with the Hub VNETConfigure User Defined Routes (if required) to route all traffic from the Spoke VNET via the Hub VNET to avoid any traffic directly traversing from the Spoke VNETConfigure Network Security Groups (NSG) to allow/deny access to your Session hosts.All Session hosts and any other infrastructure will be deployed into the Spoke VNETIf utilizing a hybrid architecture (dependencies with On-prem services or LOB apps), setup one of the following Site to Site VPNImplement S2S VPN for encrypted traffic over the internetSetup S2S VPN with the Hub VNETIf you’re using multiple regions for deploying host pools, setup a S2S tunnel with each regionExpress RouteImplement Express Route if the Customers want a Private Peering directly into Azure instead of traversing the InternetRefer to ExpressRoute location for locations close to youAdditionally, for Migrations to WVD, create an isolated VNET to perform Test Failovers (this VNET should not have any connectivity/dependencies to Production resources such as Domain Controllers etc.)Identity and Access ManagementThis section articulates the steps each partner (or customer) will take to setup the identity and access management aspects for the WVD deployment. Please ensure that the Active Directory requirements documented in WVD requirements are completed before the following (additional) steps listed below are performed. Deploy/utilize one of the following for AD Domain Services presence in the VNET where Session Hosts are deployedUtilize a hybrid architecture with S2S VPN or Express RouteHave an on-prem AD server sync with Azure AD using AD Connect orHave an on-prem AD server sync with an IaaS AD VM in Azure and install AD Connect on the IaaS VM to sync with Azure ADDeploy Azure AD Domain Services for Cloud Native deploymentsCreate AD Organization Unit (OU) structure for WVD host poolsCreate GPOs to manage access and security on the WVD Session HostsCreate Users and AD Security Groups as requiredSecurity and ComplianceDesign and implement the following security and compliance services to ensure a secure WVD solution.Implement Single Sign-On with Active Directory Federation ServicesImplement Multi Factor Authentication using Conditional Access for WVDImplement Azure Firewall or a Network Appliance to restrict access only to WVD ResourcesImplement Firewall, NSGs, RBAC, security policies on dependent resources like File servers, NetApp files, Azure FilesUtilize Azure Security Center to strengthen the security and compliance posture of your infrastructureIntegrate Security Center with Azure Sentinel for proactive monitoring and threat mitigationImage ManagementFollow the steps here to build a custom image for your Session hosts by uploading a VHD and creating a managed image or by using Azure Image Builder. Customers/partners can also utilize any existing image management solutions.If you don’t have any existing images, use Azure Image Builder (preview) or Build image with Packer to manage images in AzureRegister the featureSet Variables and PermissionsCreate an image definition and galleryCustomize imageCreate image and build If you already have existing images that you would like to use with WVD follow any of the below approaches to create images in AzureIf you have an image On-prem, create an Image by following the steps belowCreate a virtual machine using your imageInstall and configure all required applications and settings including Installing FSLogix bitsIf you're installing Office 365 ProPlus and OneDrive on your VM, see?Install Office on a master VHD imagePrepare a Windows VHD or VHDX to upload to AzureUpload the Image to Azure Storage Account and create an Image If you have an image in Azure, create an Image by following the steps belowProvision a VM in AzureInstall and configure all required applications and settings including Installing FSLogix bitsIf you're installing Office 365 ProPlus and OneDrive on your VM, see?Install Office on a master VHD imageGeneralize the Windows VM using SysprepCreate a Managed Image in the portalSecure/harden Windows 10 Multi-session imageDeploy and Configure Storage infrastructure for User Profile(s)The Windows Virtual Desktop service recommends FSLogix profile containers as the default User Profile management solution. Refer to the comparison below and choose a storage solution that suits your requirements.Gather requirements on User Profile Sizes and deploy one of the following to store the User ProfilesScale out File Server with Storage Spaces Direct (SOFS with S2D)Azure NetApp FilesAzure Files with SMB authentication using Azure AD Domain ServicesDeployments with < 50 users can also utilize a single VM with sufficient disk space to be used as a File Server and host User ProfilesWindows Virtual Desktop Service DeploymentOnce setup, the WVD service will provide Host pools which encapsulate all the Session hosts running under them and control access to the published applications and desktops to the user.Windows Virtual Desktop environment is comprised of the following hierarchy along with some recommendations for each sections to provide guidance.Tenant groupsTenantsWVD is a multi-tenant solution which means you can have multiple WVD-tenants deployed to the same AAD. Each customer scenario is different but below are a couple of guidelines to helpFor customers with multiple divisions and orgs (Enterprise) and where each division/org has different security requirements and more importantly different teams for managing the service, you can have a tenant for ‘each’ division/org. Example: For an enterprise called with multiple divisions like development, services, R&D you can have separate WVD tenants like belowContoso-WVD-DevContoso-WVD-ServicesContoso-WVD-R&DIf security and service management is not an issue (Ex: Small & Medium business (SMB) customers) you can just have one WVD tenant Contoso-WVDHost poolsHostPools represent a logical grouping of VM’s that can be configured for providing pooled or persistent connections to WVD and you can have multiple HostPools within each WVD tenant. Each customer scenario is different but below are a couple of guidelines to helpRecommend deploying Each HostPool to its own resource group The HostPool name must explain the purpose If possible, the HostPool and ResourceGroup names to be nearly identical (for easier identification when querying Azure resources in general)For example, if is deploying a HostPool to publish remote applications for employees in the HR dept, they can do the followingCreate a Resource Group called WVD-Services-HRApps-HP01 WVD suggests the resource type for the ResourceGroup NameDeploy a HostPool called Services-HRApps-HP01Services is the Division/Org nameHRApps denotes the HostPool purposeHP01 explains this is a Hostpool (01 because you can have multiple HostPools for HR)Session hostsThese are the actual VM’s where the remote applications and/or desktops are deployed. And are tied to the HostPool. Each customer scenario is different but below are a couple of guidelines to helpSince VM’s must be Domain Joined, always use a “unique VM prefix” during deployment. For example, if is deploying a 50 VM’s to the HostPool called Services-HRApps-HP01 they can use the VM prefix as HRApps-HP01-VMOnce deployment completes you will see VM’s from HRApps-HP01-VM01 through HRApps-HP01-VM50This way, each VM name will be ALWAYS UNIQUE since the name is tied to the HostPool they are mapped to.App groupsCustomizable per user requirementsRemote apps or desktopsCustomizable per user requirementsEnd usersPlease follow the steps below to perform the build out of the WVD service.Give AAD Admin Consent to the WVD serviceAssign Tenant Creator role in AAD to required users/service principalsInstall WVD PowerShell moduleCreate a new WVD TenantFor greenfield deployments follow the below steps and skip this for Migrations to WVD Use Azure Marketplace Deployment or GitHub ARM Template Deployment to create a Host pool and deploy Session hosts into it.Windows 10 Multi-Session DeploymentWindows 10 EnterpriseWindows 7 EnterpriseWindows Server 2012 R2 and aboveNote: Ensure the session host VMs are deployed into an availability set to avoid losing all VMs during a single patching/maintenance windowValidate HostPool DeploymentsMigrate Existing RDS/VDI InfrastructureCustomers/Partners who need to migrate their existing on-prem RDS deployments to Azure and host them as Session hosts in WVD need to review this section. Deploy and configure ASR Agents on the Physical hostsConfigure replication to Azure Storage accountPerform a test failover to validate the VMs are fully replicated without any issuesPerform final failover to Migrate the VMs to Azure and ensure the VMs that will be part of a particular hostpool are in availability sets to avoid VMs going down for maintenance at the same time.Verify that all security and governance policies are still intactInstall WVD Agents on the VMs to create a Host pool and attach these VMs to the Host poolConfigure FSLogix on the VMs if they are non-persistentCreate and publish Remote Apps/Desktops and grant access to UsersConvert and Migrate User Profiles As part of the migration process, the Customer can use software from Liquidware. Liquidware’s ProfileUnity is the recommended tool to move user profiles (UPDs, UPMs etc.) from on-premises storage to Azure. ProfileUnity automates the migration process and the Users can see their profile data in WVD with near-zero downtime. If migrating to WVD, your design should articulate how the User’s profile data is migrated and converted (if required) to be compatible with FSLogix.FSLogix Setup and Configuration for WVD User ProfilesThe steps below describe how to install and configure FSLogix on Session hosts. HYPERLINK "" Install FSLogix as part of preparing your Master Image. This can be done in multiple ways. Please select an appropriate method from belowManual installationDownload the bits from hereCopy them onto the VMInstall FSLogixAppsSetup.exe Deploy using GPOUtilize any existing application deployment strategy (SCCM).Configure FSLogix on the non-persistent (shared Desktops like Win 10 multi-user ) Session host VMs. You can also configure the same for personal desktops although, we strongly recommend consulting your storage expert for this.Configure FSLogix settings using GPO to centrally manage all VMs from a single policyCustomers can also configure these settings by modifying local registry settings although this is not recommendedApplication and Desktop Management and DeliveryOnce the WVD tenant is setup and a Host pool(s) are deployed, Admins are required to publish and deliver remote applications and desktops for the users to access. Publish Applications or Desktops in the Host poolCreate a RemoteApp group and set type to RemoteApp or RemoteDesktopFor RemoteAppsBrowse and add applications to the RemoteApp groupAssign users to the RemoteApp group in order to access the published applications or desktopsImplement Application Masking from FSLogix or any 3rd party service to block access to certain applications to users or to grant access to only a certain apps.Create a Rule SetTest the Rule SetAssign users/groups to the Rule to either allow them or deny them from accessing applicationsDeploy the Rule SetImplement Application Layering using any one of the below solutions. With application layering, administrators can separate Windows applications from the underlying infrastructure and send selected virtual apps to users, depending on given circumstances, without the need for installation.Liquidware FlexAppMicrosoft App-VWVD Management The steps below describe how to install and configure the required WVD management options.Manage the service configuration using PowerShellCustomize Feed for Windows Virtual DesktopCustomize RDP PropertiesLoad Balancing strategies – Depth First vs Breadth First vs PersistentRBAC Roles and privileges available for WVD Access ControlDeploy Scaling Script or Azure Automation Runbook for PowerShell to Auto On/Off Session host VMs based on the current user loadDeploy WVD Management UI in the subscription using GitHub ARM TemplatePatch ManagementPatch Management is the process of updating and patching the Session host VMs to avoid any security vulnerabilities and applying any configuration controls as required. Below instructions are for managing Windows updates using Azure Automation. Customers can also utilize their existing management services such as SCCM or any 3rd party services.Create an Azure Automation AccountEnable Update ManagementView Update AssessmentSchedule an update deploymentBusiness Continuity and Disaster Recovery (Azure to Azure)This could be an optional service Partners (or Customers) may choose to implement. Implement Disaster Recovery of Session host VMs to another geographic location using Azure Site Recovery (ASR).Create a Recover Services Vault in a different region than where the Session hosts are deployedEnable ReplicationFailover to the target region in the event of a DisasterResynchronize the VMs once the source region is onlineFailback once the resynchronization is successfulNOTE: Be advised there is manual work needed to perform the cross-region failover.Validate End User ExperienceThis section describes the success metrics for the WVD Implementation.Use a supported connection method to access WVD resourcesWindows 7 or Windows 10Web ClientLaunch published applications/desktops and verify functionalityValidate FSLogix Profile container creationThis section describes the success metrics for the FSLogix Implementation.Login to the Storage solution deployedNavigate to the share pathVerify that a VHDX is created for the userWVD Service MonitoringThe steps below describe how to install and configure the required WVD monitoring options.Investigate WVD activity log and errors using the PowerShell moduleDeploy and integrate a Log Analytics workspace to the WVD Tenant using PowerShellRun queries in the workspace to gather data on CPU Usage trends etc., for the Session host VMsCheck VM health and performance using Azure MonitorCan also use Azure Monitor for RDS and Windows Virtual Desktop by SepagoDeploy a WVD Diagnostics Portal in the subscription using GitHub ARM Template ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download