This article is the first of a series of blogs which I will discuss the benefits of using Azure Virtual Desktop (AVD) and what it can do to help safely secure your remote workforce. I will first describe the key features that AVD offers and then branch out to specific examples of how you could implement them in your environment. Microsoft is always listening to feedback and rolling out new features for AVD, and I plan to discuss them in further detail in future blogs.
The remote workforce is growing rapidly daily, which poses several challenges for organizations regarding secure remote working. Azure Virtual Desktop does just that but gives you a suite of tools and features to roll out an effective remote working solution for your business needs. In addition, employees can access desktops and applications from any device, regardless of location. Here are some of the benefits of using Azure Virtual Desktop.
- Simplified Management
- Multi-session for Windows 10 and Windows 11
- Cost-effective and easy to scale
- Optimizations for Microsoft 365 applications
- FSLogix for user profiles
- RemoteApp and MSIX app attach offerings
As more employees are moving to remote settings, businesses need an easy solution that will provide a safe and secure environment for the employees to access critical business applications and desktops. Employees also need to ensure that their personalized settings and applications are always available, which is where FSLogix comes into the spotlight. FSLogix enables user profiles in Windows remote computing environments.
Below, I have highlighted some of the features FSLogix allows you to do from the FSLogix document below.
FSLogix Implementation with AVD
Credit: FSLogix Overview – FSLogix | Microsoft Docs
FSLogix allows you to:
- Roam user data between remote computing session hosts
- Minimize sign in times for virtual desktop environments
- Optimize file IO between host/client and remote profile store
- Provide a local profile experience, eliminating the need for roaming profiles.
- Simplify the management of applications and ‘Gold Images’
- Specify the version of Java to be utilized by specific URL and applications
- Redirect user profiles to a network location. Mounting and using the profile over the network eliminates delays often associated with solutions that copy profiles to and from the network location.
- Redirect only the portion of the profile that contains Office data by using Office Container. Office Container allows an organization already using an alternate profile solution to enable Office in pooled desktop environment.
- Applications use the profile as if it were on the local drive. Because the FSLogix solutions use a filter driver to redirect the profile, applications don’t recognize that the profile is on the network. Obscuring the redirection is important because many applications won’t work properly with a profile stored on remote storage.
- Profile Container is used with Cloud Cache to create resilient and highly available environments. Cloud Cache places a portion of the profile VHD on the local hard drive. Cloud Cache also allows an administrator to specify multiple remote profile locations. The Local Cache, with multiple remote profile containers, insulates users from network and storage failures.
- Application Masking manages access to an application, font, printer, or other items. Access can be controlled by user, IP Address range, and other criteria. Application Masking significantly decreases the complexity of managing large numbers of gold images.
In later articles, I will detail specific examples of how you can use FSLogix in your environment. One of the examples I will go over is how to implement Azure files with FSLogix, so you have a cloud-native solution where the profile data is always stored. FSLogix is one of the key benefits of being able to roam user data between remote computing session hosts.
The importance of simple security management:
Many companies will hire contractors or part-time staff that need access to the information within the organization’s environment, which can cause security concerns. Azure Virtual Desktop allows you to provide a secure and controlled environment for your data and applications. Even other users, such as your full-time employees, can use their home devices to connect to their work virtual desktop that you configure through AVD. In your AVD host pool, you can configure RDP properties to control session behavior, device redirection, display settings, and other advanced settings. I have provided a screenshot below of Azure’s RDP property configuration settings category. This will allow you to decide how you want to control RDP properties in your AVD configuration.
Whether you have an occasional need for a specific type of PC or need occasional PC’s for employees to use, AVD will allow you to not have to use internal resources by setting up several physical machines dedicated to each employee. AVD enables you to set up personal or pooled host pools depending on your business needs for employees to use. A personal host pool allows you to assign a single session host to a user, while a pooled host will allow multiple sessions of a single session host. For example, if you set up a pooled host pool with, say, one session host, your users will all use the same session host you configured.
If you configure a host pool as Pooled, it will use a load-balancing algorithm to allocate sessions. The two algorithms are below.
- Breadth-first – This algorithm will allocate sessions across all available session hosts to provide the best experience for the user.
- Depth-first – This algorithm will allocate sessions that saturate a session host to the maximum allowed before moving to a new one.
Both algorithms provide benefits, but it is up to you how you want to allocate resources to your session hosts. If you are looking for a more cost-effective approach, using depth-first would be the best option because it will maximize the utilization of each session host you configure.
“Golden Images” require quite a bit of administrative effort and moving parts into creating and distributing these images. It takes a ton of administrative effort to track all the changes made, and the shared image gallery Azure helps overcome these obstacles. The shared image gallery is a high-availability solution for your images. It allows replication to different Azure regions so that the same version of the global image can be deployed in all regions. It removes the administrative burden and allows for grouping images for different environments such as development, test, and production. Once your “golden image” is created, you can deploy new session hosts based on your customizations.
In summary, these are some key benefits that Azure Virtual Desktop can provide your organization. As mentioned in this article, I plan to roll out a series of specific deployments with AVD to help you decide on the best approach to implementing AVD in your environment. If you ever have questions or concerns about AVD, please reach out, and we will be more than happy to assist.