In this post and video we are discussing Azure Virtual Desktop (AVD) and showing how to setup, configure and implement from scratch a fully working AVD solution using FSLogix profiles with Azure premium storage private endpoint with Active Directory integration. This will help you build a virtualized desktop infrastructure VDI solution at enterprise scale.
The diagram below shows hub and spoke architecture in Azure Virtual Desktop
We have active directory domain controllers in our hub network, synced to Entra ID using AD Connect sync for our cloud identity. Then we have AVD in the cloud where the Gateway, Web access, Broker are fully managed by Microsoft.
The Azure Virtual Desktop service architecture may look familiar to Windows Server Remote Desktop Services. Its similar components but with a difference as Microsoft manages the infrastructure and brokering components, like web access, gateway and broker. Where with the traditional Remote Desktop Services you would have had to install and configure these components, it’s much easier and this is all done at a click of a button.
The only part we manage is our own session host virtual machines (VMs) which are Windows 10 multi session in the spoke network as shown, containing all our company apps installed within that VM.
Then we can connect using TLS 1.2 and port 443 from our end user devices with remote desktop client installed, Azure Virtual Desktop works across devices including Windows, Mac, iOS, and Android.
Port 443 is used for all connections initiated from the clients and session hosts to the Azure Virtual Desktop infrastructure components.
This document shows what AVD outbound ports you need to open from the session hosts to connect to Azure Virtual Desktop, we must have access to the FQDNs and endpoints within that document. Allowing these FQDNs and endpoints is essential for a reliable client experience.
We will first create the storage private endpoint in Azure using AD integration and then assign Azure and NTFS permissions on the AVD FSLogix share. We will give some guidelines and calculations on storage performance and Steady State and Sign-in Burst IOPS, depending how many users you have in your AVD environment and if the users are light, medium and heavy users and what our profile sizing will be on average.
AVD gold image will be created with all our company apps and FSLogix installed and then that image will be captured and stored in the image gallery for future use so we can version that image.
Then we will roll this image out in our AVD environment to our session hosts in the spoke network. We then test this all out and demo AVD using FSLogix profiles in action!
Please take a look at the Azure Virtual Desktop step by step in the video below for a complete guide and demo. Don’t forget to like, subscribe and comment and lets get started!
Step by Step Guide using MSIX app attach to package applications in AVD