Microsoft Azure Virtual Desktop (AVD) – An Overview
Microsoft released its desktop-as-a-service (DaaS) offering, Azure Virtual Desktop AVD (previously Windows Virtual Desktop), to the general public in September 2019. The service runs on Azure and provides a multi-user version of Windows 10 and Windows 11, a feature unavailable for on-premises deployments of Hyper-V.
Azure Virtual Desktop (AVD) technology is growing in popularity as a means of delivering virtual desktops in the cloud to users. A recent eG Innovations and AVD TechFest study found that 26% of organizations already have AVD deployed and within 2 years, almost 84% of all organizations will be using AVD technology in production in one form or the other.
Figure 1 highlights some of the main reasons for AVD adoption and growth in popularity. In part this was driven by the COVID pandemic demand for DaaS (Desktop-as-a-Service) products to service a growth in working remotely and from home.
However, AVD has gained users from competing alternatives who are attracted by the ease of deployment, PAYG model and unique feature offerings for Windows 10/11. Those unique features include multi-session desktops and tight integration with other Microsoft offerings such as Microsoft 365 (Office 365).
What is Azure Virtual Desktop?
Azure Virtual Desktop is a free service for Microsoft customers with most types of Windows 10/11 Enterprise license. However, the subscription or pay as you go (PAYG) Azure costs are additional, as are many components you may wish to add including those associated with monitoring such as Log Analytics and Azure Monitor.
When Microsoft introduced AVD it added:
- A new version of multi-user Windows 10 that reduces infrastructure costs, as a natural successor to RDS “desktop” delivery via a Server OS
- Integrated FSLogix profile containers to enable personalized user experiences
- AVD licensing at no additional charge with products that most enterprises already use
- Flexible consumption-based pricing
- Platform-as-a-Service (PaaS) for AVD Management Service, which reduces the complexity of managing the associated infrastructure of virtual desktop environments, such as networking and storage
- Windows 10 and Windows 11 personalized and multi-session desktops and remote app streaming
- Full control over management and deployment, plus options for Citrix and VMware integration
Theoretically, AVD certainly has the potential to replace traditional VDI deployments, however, it is still a very new product with a limited feature set relative to that offered by traditional VDI vendors, such as Citrix or VMware.
Virtual Desktops on Azure: Different Provisioning Models
Virtual desktops have historically been provisioned on Microsoft Azure cloud in two ways.
- The most popular method providing virtual desktops has been by deploying Windows servers on Azure and brokering user sessions to these servers using a Citrix or VMware Horizon control plane.
- Another option is to deploy Windows 10/11 workstations on the cloud and have them brokered by Citrix or VMware Horizon or natively by Microsoft Azure.
While both the above options have been available for several years, the most recent addition has been the ability to provision multiple user sessions on a Windows 10/11 host. Previously, this could only be achieved on Windows server operating systems.
This capability gives users a familiar Windows 10 experience while IT can benefit from the cost advantages of multi-session and use existing per-user Windows licensing instead of RDS Client Access Licenses (CALs).
For more information about licenses and pricing, see Azure Virtual Desktop pricing. You can learn more about multi-session Windows hosts here: https://docs.microsoft.com/en-us/azure/virtual-desktop/windows-10-multisession-faq/.
As you can see from Figure 2, currently, just over 50% of organizations are using the native Microsoft stack. This number is expected to increase as multi-session AVD adoption grows.
The Architecture of AVD
To understand what is needed to monitor AVD technology, it is important to understand the AVD architecture (see Figure 3):
- The endpoints are in the customer’s on-premises network. ExpressRoute extends the on-premises network into the Azure cloud, and Azure AD Connect integrates the customer’s Active Directory Domain Services (AD DS) with Azure Active Directory (Azure AD).
- The AVD control plane handles Web Access, Gateway, Connection Brokering, Diagnostics, and extensibility components such as REST APIs.
- The session hosts used to host user sessions are provisioned as VMs in an Azure subscription. Host pools are a collection of one or session hosts. Each host pool can contain an app group that users can interact with as they would on a physical desktop.
- Storage is provided using Azure Files or Azure NetApp Files.
- The customer manages AD DS and Azure AD, Azure subscriptions, virtual networks, Azure Files or Azure NetApp Files, and the WVD host pools and workspaces.
AVD Components: Microsoft-Managed vs. Enterprise-Managed
In the above architecture, Microsoft manages the following components:
- The Web Access service allows users to access virtual desktops and remote apps through an HTML5-compatible web browser. You can secure Web Access using multifactor authentication in Azure Active Directory.
- The Remote Connection Gateway service connects remote users to AVD apps and desktops from any Internet-connected device that can run an AVD client. The client connects to a gateway, which then orchestrates a connection from a VM back to the same gateway.
- The Connection Broker service manages user connections to virtual desktops and remote apps. The Connection Broker provides load balancing and reconnection to existing sessions.
- Remote Desktop Diagnostics tracks user or administrator action and administrators can query it to identify failing components.
In the above architecture, customers manage:
- The Azure Virtual Network, which enables Azure resources like VMs to communicate privately with one another and with the Internet.
- Azure AD, which supports security features like conditional access, multi-factor authentication, etc.
- Windows Host pools, which are collections of virtual desktop session hosts running Windows desktops supporting multi-session capabilities.
Uses of Microsoft AVD
In many ways, AVD is the perfect product for the pandemic and post-pandemic world, offering organizations the ability to scale their remote work-from-home infrastructure rapidly and temporarily without the need to invest in server or networking hardware all from a trusted and proven supplier in Microsoft with clear Service Level Agreements (SLAs) for high-availability and failover, alongside a proven and certified security model.
However, as a very young product there is a degree of complexity and feature or tooling gaps in Microsoft stacks. This means that many are retaining or introducing Citrix, VMware, or other third-party vendor offerings to deploy and manage AVD.
Reasons to use a third-party product include:
- Achieving bandwidth savings – Customers who want improved user-experience or user-density gains via a proprietary protocol e.g. HDX/EDT from Citrix or Blast Extreme/PCoIP from VMware.
- Lacking VDI infrastructure experience – This is especially true for customers, who’re new to DaaS and for smaller organizations. Turnkey DaaS solutions for AVD, such as Workspot or CloudJumper (now NetApp) often suit such organizations.
- Looking to expand existing Citrix/VMware on-premises deployments – Organizations have existing staff trained in those technologies and want to retain a single overall management stack. In our recent survey we found only 92% of those using AVD were using it alongside another digital workspace solution such as Citrix, VMware, or RDSH.
- Lack of maturity/features in native Microsoft AVD tools – Specialist AVD management products, such as Nerdio are proving to be popular, especially for organizations new to VDI and with no pre-disposition towards a specific traditional VDI vendor.
5 AVD Deployment and Management Options
- Native Azure and Microsoft tools
There is a learning curve associated with doing this, however AVD is evolving fast and for those who understand the nature of the task there is plenty of advice.The upcoming digital event: Microsoft meets Community: Windows Virtual Desktop | 4th edition on 9 April 2021 is a full-day event overviewing the technologies needed to manage your own AVD deployment.
- Citrix Managed Virtual Apps and Desktops
This option offers customers the option to deploy Citrix on Azure via their traditional VDI offering or via the Citrix Cloud control plane. They have some nice case studies available and a very useful resource libraries full of detailed reference architectures and whitepapers, including some focused around scalability, user-density, and cost expectations on specific Azure instances (should you choose a D-series vs an F-series).
- VMware Horizon Managed Virtual Apps and Desktops
Similar to Citrix, VMware offers options to deploy via the traditional Horizon product or via the Horizon Cloud hosted on various Azure regions to aid data geographic regulation. TechTarget has provided some great reviews of VMware WVD technologies.
This is for those of you who are new to VDI or Azure, with no predilections towards a specific VDI supplier. Some vendors are offering tooling and functionality around WVD. Nerdio is probably the leader and the most well-known provider established in 2005 as a supplier for MSPs (Managed Service Providers). Prominent in the EUC Community with field CTOs, including veterans, such as Bas van Kaam and Neil McLoughlin.
There are numerous MSPs, who will provide PaaS, IaaS, or DaaS for Azure for you, even extending into managed help desk support. At eG Innovations, we offer monitoring, management, and auto-ticketing to many large multi-tenant MSPs. As such it might be useful for someone looking for an MSP to read about what we offer to gain an idea of the level of functionalities we offer our MSP partners.
Cost Considerations for Microsoft AVD
You need an Azure account and subscription to get started with Microsoft AVD. These are the Azure components that you have to factor into the price of a AVD deployment.
- Virtual machines and operating system (OS) storage
- Data disk (personal desktop only)
- User profile storage
One-year or three-year Azure Reserved Virtual Machine Instances can offer significant cost savings as compared to pay-as-you-go pricing.
Access to Windows 10 Enterprise and Windows 7 Enterprise desktops and apps is available at no additional cost if you have an eligible Windows or Microsoft 365 license.
Windows Server Remote Desktop Services desktops and apps can be accessed at no additional cost if you are an eligible Microsoft Remote Desktop Services (RDS) Client Access License (CAL) customer.
What does eG Innovations offer for AVD Monitoring on Azure?
With so many choosing to have heterogenous vendor management stacks and mixing on-premises, DaaS and Cloud – there is a natural need for dedicated cross-vendor management and monitoring products that cover the end-to-end infrastructure and the key applications it supports. Unlike many EUC/Digital Workspace-only vendors, eG Innovations is a whole-of-Enterprise provider of monitoring solutions, covering:
- EUC and Digital workspaces, e.g., Citrix Virtual Apps and Desktops (CVAD), Citrix Cloud service, Microsoft Remote Desktop (RDS), VMware Horizon, VMware Horizon Cloud Service, Microsoft Azure Virtual Desktops (AVD), AWS WorkSpaces, etc.
- Enterprise Application monitoring, e.g., SAP, PeopleSoft, and SharePoint
- Cloud Monitoring, including specific Azure Monitoring options
- Enhanced Office 365/Microsoft 365 monitoring (there’s a nice video of our O365 functionality available here)
- Container alongside VM monitoring (e.g., Kubernetes and Docker)
- Specialist MSP multi-tenant monitoring
- Automated Help Desk and Service Ticketing integrations with all main suppliers including mobile apps, ZenDesk, Ivanti, Microsoft Teams, ServiceNow, JIRA, Slack, Autotask, Manage Engine’s ServiceDesk, PagerDuty, and Remedy Force amongst many others
So, if you are looking to deploy AVD, regardless of the overall stack you are looking at, do take a look as to whether your monitoring and management needs extend beyond VDI and EUC alone.