Azure in Education

Day 3

Windows Virtual Desktop

12/11/2020

Houssem Hamdoun
Rania Ben Ticha
Agenda

Introduction to WVD

Deployment and optimisation of WVD environments

WVD vs Azure Lab Services

Virtualization scenarios

Security Elastic Specific Specialized

and regulation workforce employees workloads
Financial Services Mergers and acquisition BYOD and mobile Design and engineering
Healthcare Short term employees Call centers Legacy apps
Government Contractor Branch workers Software dev test
and partner access
Virtualization hosts today

Windows Server Windows 10

Desktop Experience Enterprise

Scalable multi – session legacy Native single – session modern

Windows environment Windows experience

Windows Server Windows 10

Multiple sessions Single session
Win32 Win32, UWP
Office Perpetual Office 365 ProPlus
Long-Term Servicing Channel Semi-Annual Channel
Virtualization hosts of the future

Windows Server Windows 10 Enterprise Windows 10

RD Session Host multi-session Enterprise

Scalable multi-session modern

Scalable multi-session legacy Native single-session modern
Windows user experience with
Windows environment Windows experience
Windows 10 Enterprise security

Windows Server Windows 10 Windows 10

Multiple sessions Multiple sessions Single session
Win32 Win32, UWP Win32, UWP
Office 2019 Perpetual Office 365 ProPlus Office 365 ProPlus
Long-Term Servicing Channel Semi-Annual Channel Semi-Annual Channel
Windows Virtual Desktop Benefits

Enables a multi-session Windows 10

experience, optimized for Office 365 ProPlus

Supports Windows Server (2012R2 +)

Most flexible service allowing you to virtualize

both desktops and apps

Windows 7 virtual desktop with free Extended

Security Updates

Integrated with the security and management

of Microsoft 365
Supported OS

Windows 10 Enterprise Multi-session

Windows 10 Enterprise Single-Session

Windows 7 Single-Session

Windows Server 2019

Windows Server 2016

Windows Server 2012 R2

VMs in customer’s Azure subscription

Blending the security of the convergence of the Microsoft ecosystem

Microsoft 365 Azure

>90 compliance offerings
Conditional Access
>3,500 global cybersecurity experts
Multi-Factor Authentication
6.5 trillion global signals daily
Role-based Access Control (RBAC)
$1b annual cybersecurity investment

Windows Virtual Desktop

Reverse Connect
Azure AD authentication
AD-joined virtual machines
Deployment Overview
Native Windows Virtual Desktop
Managed by Microsoft

High Level Architecture Web access Diagnostics Gateway

Use Azure Active Directory identity management Management Broker Load balancing
service
Your subscription – Your control
Provide virtualization infrastructure as a managed
service
Windows 10 Windows Server
Deploy and manage virtual machines in Azure Enterprise 2012 R2 and up

subscription Windows 7
Enterprise

Windows 10 Enterprise RemoteApp

Manage using existing tools like Configuration multi-session

Manager or Microsoft Intune Managed by Microsoft

Connect easily to on-premises resources

Compute Storage Compute
Host pools and Application groups
Prerequisites to
deploy Windows STEP

Virtual Desktop 1
Get started at aka.ms/startwvd
STEP

2 • Azure NetApp Files

STEP

3
Credentials required
Network requirements and considerations

Requirements Considerations

Network must route to a Windows Server Active Connectivity Type Special Considerations
Directory (AD)
Dedicated network
ExpressRoute Hybrid
through service provider
This AD must be in sync with Azure AD so users can be
associated between the two Limited bandwidth
Site-to-Site
Hybrid compared to
VPN
ExpressRoute
VMs must domain-join this AD
Azure AD Must synchronize
Domain Isolated password hashes to
Services Azure AD
 Identity Strategies

Option Pros Cons

Can sync with on-premises DCs if VPN or

ExpressRoute is configured. Adds additional management of a VM and
Spin up a DC in your Azure subscription. All familiar AD Group Policies can be used. Active Directory in Azure.
Virtual machines can be paused or stopped when
needed to reduce costs.

Great for test or isolated environments that do

For cloud-based organizations, use Azure
AD DS.
For hybrid organizations, use VPN or
ExpressRoute and make sure your on-
premises DCs can be found in Azure.
not need connectivity to on-premises resources.
Azure AD will be your leading source for
identities.
Adds additional management of a VM and Active
Directory in Azure.
No AD DS or Domain Controller required
in Azure.
AD DS will always be running resulting in a
fixed charge per month.
Latency could be increased adding delays during
user authentication to VMs.
This assumes you have an on-premises
environment, not suitable for cloud only tests.
Recommended identity setup for cloud-based organizations

Azure AD

Azure AD Domain Services

• Windows Server AD run as a service
by Azure​
• Allows VMs to be domain-joined​
• Users recognized both in Azure AD
and Windows Server AD
Recommended identity setup for hybrid organizations

Azure AD

Windows Server AD on-prem

connected to Azure
• ExpressRoute or site-to-site VPN
to Azure
• Azure AD Connect to synchronize
identities
Create Windows Virtual Desktop tenant

Grant Azure AD consent Assign a Tenant Creator Create your tenant

Documentation: aka.ms/wvdpreview
Getting Started Guide: aka.ms/startwvd
Deployment Models

15% 80%

5% Rare

Single Session Multi-Session

Automation

• Create or update VMs for a host pool

– Create and provision host pool
– Update VMs in existing host pool
• Scale your host pool
– Scaling script

“Optimize” Demo bench video

FSLogix profiles

• Profile is stored in VHD/VHD(X)

• Same approach used by UPD
• Mounted at Login – faster login and no target storage
requirement
• Size of Profile doesn’t impact logon time
• VHD(X) = Block Transfer decreases network utilization
• Caching from Windows Cache Manager
• Profile Container redirects everything from the user
profile.
• Filter driver causes profile to appear local – broader
application support
Storage in WVD
Classic VDI VM VM with FSLogix profile
VM OS Disk
VM

Page Blob

File Share*

VM OS Disk

Page Blob
Temporary Disk Data Disks
Azure Storage

VM with FSLogix profile and

Azure Files
Temporary Disk Data Disks
VM OS Disk Azure Files*

Page Blob

Dependencies
• On prem AD integration (Coming soon)
✓ Premium Files rollout (overlap in hero regions)
Temporary Disk Data Disks
✓ AADS integration
Azure Storage
Azure AD Domain Services
Create storage account
Configure FSLogix
Windows Virtual Desktop with FSLogix

Admin assign users to session hosts

End user's login

Gets profile assigned

Outlook

• Virtual environment friendly defaults settings

• Syncing of Inbox prior to Calendar for faster startup
experience
• Admin option to reduce calendar sync window
• Reduce the number of folders that are synced by
default
• Windows Desktop Search is now per-user

Requirements:
• FSLogix
• SCA activated for Office
OneDrive

• Co-auth and collab capabilities in WXP, powered by

OneDrive
• OneDrive sync will run in non-persistent environments
• Files on Demand capabilities
• Auto populate user profile folders

Per-machine install steps:

• Download OneDriveSetup.exe
• Run “OneDriveSetup.exe /allusers” or by using SCCM
• Once setup is complete, OneDrive will start. Any
accounts added on the computer will be migrated
automatically
Implementation
Guidance – infrastructure
management
Master Image Management
Master image can be managed
by any already existing process
and technologies including
• Azure Update Management
• System Center
Configuration Manager
• 3rd party
Best practices Application masking
document will be technology to
provided to assist in minimize the number
configuration of a of golden images and
golden image simplify app image
for WVD management
Patch Management

Use one host pool as a Update VMs with existing Updates can be
pilot group before Azure management staged in a
updating all host pools solutions and all VMs in maintenance window
a host pool to keep systems
available after logon

All VMs must be at the Use SCCM to manage

same update-level after your images
maintenance window is
completed
Profile Management

Profile Container Cloud Cache

• User profile is placed into a
VHD container that is
stored in a central location
on the network or in the
cloud
Benefits
• This VHD is dynamically
attached at user logon
• Content appear to be in its
native location
• Extremely fast logon • Cloud Cache will absorb reads and optimize writes into cost
times effective payloads
• Adding a local cache component
• Virtually eliminates
profile corruption • Applications talk to the local cache, and the cache talks to the
remote container
• Uses native
Windows VHD • If the connection to the remote container is interrupted, the
capabilities–no apps still work because they’re talking to the cache
hypervisor
• If the interruption is short, or no data that isn’t in the cache is
requested during the outage, everything behaves normally
• Very easy to deploy
and manage • When connection comes back online, we reconnect and re-sync
if necessary
• Completely seamless
end user experience
Video and graphics improvements

Average Encoding Time (ms) Video playback always uses hardware

1500

1000
acceleration
500

0
Session (60 seconds)

4kDownSampled 4kNative
Smooth playback when moving the
video window
Output Frames / Second (fps)
15

10

0
Session (60 seconds) 4K downsampling
4kDownSampled 4kNative
Device redirection
High-level redirection of built-in or
attached video camera
Less network bandwidth compared to USB
camera redirection
Increased video framerate, up to 30 fps
Redirect multiple cameras

Improved printing messages

Built-in Windows client first to adopt
Demo
Windows Virtual Desktop
Multi-session
Virtualizing Windows Server

• Supports 2012 R2, 2016, and 2019 Windows Server

– If an older version, suggest upgrade to newer version or RD Session Host
refactor app for Windows 10 multi-session
Scalable multi-user legacy
• Office 365 ProPlus support only in Windows Windows environment.
Windows Server
Server 2016
– 2012 R2 and 2019 only support Office perpetual
Multiple users
– Use Windows 10 Enterprise multi-session for best
Win32
experience
Office 2019 Perpetual
• Requires the use of Windows Server VMs on Azure but
Long-Term Servicing
can leverage Azure Hybrid Benefit for cost savings Channel
Virtualizing Windows 7

• 3 years ESU Windows 7

• Requires full Windows 7 desktop Scalable multi-user legacy
Windows environment.
• Use App Assure or something else first
• Last Resort Windows 7
Single user
Legacy Win32
Office 2019 Perpetual
Full Desktop only
Full desktop vs. RemoteApp

Based on what your users need to do.

Full desktop Use RemoteApp

Power Users / Developers that need to install Clients vary widely and application
their own apps or admin privileges consistency is impacted
Clients lack computing power / outdated Different version of the same app from
different OS
WVD Deployment and management options

Deployment Management Hosting

Onboarding will be Azure Portal will enable native integration post GA partners
through Azure for deployment and management alongside other Leverage
Marketplace or Azure services multitenancy
through GitHub support to scale
Use REST API’s to set and manage WVD directly,
using ARM the number of
build complex workflows – sample UI and outlines
templates to deploy customers
for customers will be provided
new or update
existing host pool PowerShell is the best option for repeatable
deployment, Azure integration, and DSC
Other options include Terraform or partner
management solutions
Performance guidance

VM should be deployed to Active Directory Recommend a mix

Azure regions with WVD datacenters should be in of breadth and
clusters each region where session depth scaling to
host pools are located accommodate peak
and nonpeak timing

Leverage multisession VM configurations should

user density for the most match use case and host
cost-effective option pool needs
FSLogix With the acquisition of FSLogix, eligible customers will get access to
Technologies three core pieces of technology

Profile Container
Replacement for roaming profiles and folder redirection. Dramatically speeds up
logon and application launch times.
• Includes Office 365 Container, which roams Office cache data (Outlook OST, OneDrive
cache, Skype for Business GAL, etc.) and Windows Search DB with user in virtual desktop
environments.

App Masking
Minimize number of gold images by creating a single image with all applications.
Excellent app compatibility with no packaging, sequencing, backend
infrastructure, or virtualization.

Java Redirection
Helps protect the enterprise from vulnerabilities of multiple installed versions of
Java by mapping specific versions to individual apps or websites.
Benefits Uses native Windows
VHD capabilities–no hypervisor.

Container Very easy to deploy and manage.

Completely seamless end-user

experience.
Profile Container
Works with other application
management platforms.
Office 365 Container SMB Storage

Easy to test, implement,

and manage.
App Masking
Reduces network and
filesystem load.
Java Redirection
Benefits
Places entire user profile in
Container network-based container.

Extremely fast logon times.

Profile Container
Virtually eliminates profile
corruption.
Office 365 Container SMB Storage
Works alongside existing User
Environment Management
App Masking platforms.

Java Redirection
Benefits
Places Office 365 cache data in
Container network-based container.

Enables roaming of Outlook OST,

OneDrive cache, Windows Search,
Profile Container
and more…

Office apps have native

Office 365 Container SMB Storage
performance and behavior.

Works alongside other profile

App Masking management platforms.

Java Redirection
Benefits Application Management without
sequencing, snapshotting,
packaging, or virtualization.

All apps installed in base image.

Container
• Only apps a user is entitled to
are revealed.

Profile Container • App entitlements can be

changed in real time.

Office 365 Container • Works with fonts, plugins, and

more…

• Excellent app compatibility

App Masking
Massively reduce the number of
gold images that must be
Java Redirection maintained
Benefits

Container Securely collocate multiple version

of Java on same base image

Run each app or website with

Profile Container
specific version of Java required for
full functionality
Office 365 Container Uses FSLogix App Masking to hide
unused versions of Java when not
needed
App Masking

Java Redirection
 Access to FSLogix technology*
FSLogix technology, which improves the performance of Office 365
ProPlus in multi-user virtual environments, is now available at no
additional cost for Microsoft 365 customers

Microsoft 365 E3/E5/F1/Business

FSLogix Microsoft 365 A3/A5/Student Use Benefits

entitlements Windows 10 Enterprise E3/E5

Windows 10 Education A3/A5

Windows 10 VDA per user

Remote Desktop Services (RDS) CAL

Remote Desktop Services (RDS) SAL

*Including Office 365 Container, Profile Container, App Masking and Java Redirection
Migration
Remote Desktop Services and Windows Virtual Desktop
Remote Desktop Service is ideal
if you want…
Full end-to-end control of the desktop
virtualization environment
In-place upgrade of existing Windows Server RDS
environment to extend current deployments
Supports, pure cloud, pure on-prem and hybrid
Supports Lift-shift, burst to cloud migrations
Windows Virtual Desktop is ideal
if you want…
Microsoft manages the brokering platform as
a service
Windows 10 Enterprise multi-session
capabilities, free Windows 7 ESU
Optimized Office365 ProPlus support
Supports workloads only on the cloud
(supporting services can be on-prem)
Supports Lift-shift for personal desktops
 Azure Migration Program
Available to all Azure customers, scaled through specialized migration partners

Best practice guidance Offers and incentives Technical skill building

Infrastructure and Migration planning

data foundations and execution

Digital Migration Azure FastTrack for Specialized

resources Tools trainers Azure engineers partners

Reduce cost and risk | Accelerate migration velocity | Deliver customer success

Learn more Azure.com/AMP

 Important artifacts for successful migration to pooled resources on
Windows Virtual Desktop

Windows
Virtual Desktop
Migration |
Pooled
resources
 Important artifacts for successful migration to personal desktops in

Windows Windows Virtual Desktop

Virtual Desktop
Migration |
Personal
Desktop

Learn more
Windows Virtual Desktop
or

Azure Labs?
 WVD or AzLabs - Which Do I Use?
Azure Labs WVD

AzLabs is best suited to: WVD is best suited to:

• Enable both IT and educators to quickly set up • Give access to individual Windows line-of business
and manage VMs without technical expertise. or Office 365 apps.
• Provide VM learning environments that can be • Provide users with continuous, 24-hour access to
deleted and easily recreated as needed. apps or desktop environments.
• Control and minimize the costs by managing • Minimize costs by sharing and scaling pooled VMs
students’ usage hours on the VMs. across users.
• Estimate costs using a simplified pricing model.
• Provide students with admin access to their own
individually assigned VM environment.
• Use multiple applications and tools in
conjunction with each other.
• Create both Windows and Linux VMs.
 • Access - RDP vs Web/RDP
• Cost - Single vs Multi-session
• Cost – Metered Use & Scheduled vs Azure Consumption
• Complexity – Simple to setup/Labs as a Service vs IT Deployment
Azure Labs w/Infrastructure Req.
• Management – Decentralized/Delegated vs. IT/Centralized

vs. WVD • Authentication – Labs Local Accounts to access labs vs AD Joined

• Apps – Lab Template Managed vs Managed Apps & FXLogix
• Length of Use – Short Term vs Multi Semester/Year
• Do you need Linux – Labs only
• Do you need "bare metal-ish" - Nested Virtualization in Labs​
 WVD | AZL Comparison Chart
Azure Lab Services Windows Virtual Desktop
1. Setup and management Educators are provided a simplified experience (that requiresno IT is solely responsible for setting up and managing the pool ofVMs
technical expertise) to easily set up and manage labs within the and related resources since technical expertise and access to the
policies set by their IT department. institution’s Azure subscription is required.
2. Windows\Linux support VMs are provisioned with the flexibility of choosing from a variety VMs can be provisioned specifically with Windows 10, Windows
of base images, including Linux, various versions of Windows,and Server 2016\2019, or Windows 7 based images (no Linux). Custom
custom images. images are supported for the previously mentioned Windows
versions.
3. Student account\ Students connect using an Office 365 account, AzureActive Users connect using an Office 365 account that is synchronizedwith
domain access Directory email account or personal Microsoftaccounts. an on-premise Active Directory.
4. Persistent studentworkspace Students’ work and data on the VM is persistentacross sessions With FSLogix profile containers, users have persistent access to their
until a lab’s template VM is republished or the lab is deleted. user settings and their user profile folder which includes subfolders
such as Desktop, Documents, Music, Pictures, etc. User profiles are
maintained across VMs and when VMs are reimaged.
Like Lab Services, users may also be assigned their own dedicated
VM so that their work and data is persistent across sessions for the
lifetime of the VM.

5. Device connection Students may connect from any device that has a nativeremote
desktop client installed; this includes Windows, Android, MacOSor
iOS device.
Also, supports connecting from a modernbrowser.
6. Cost control IT and educators can limit exactly how many hours that students
can use a lab’s VMs by setting user schedules and quotas – this
ensures the budget is never exceeded.
7. Pricing model The pricing model is simplified to bundle the cost ofstorage,
networking, and VMs into a single price point.
Same as AzLabs.
In addition, supports IGEL (linux-based) thin clients, with morethin
clients coming soon.
Provides cost savings by sharing VMs across users and scaling VMs
to automatically start\stop during specified hours – scaling drops
costs by 30% on top of the savings from sharingVMs.
There is no ability to set user quotas.
The pricing model is based on the cost of storage, the type ofVM
used, and networking; institutions are responsible for factoring in
these costs.
Thank you

© Copyright Microsoft Corporation. All rights reserved.