Azure Virtual Desktop Architecture: Review and Recommendations
Azure Virtual Desktop is a desktop and application virtualization service hosted on the Azure Cloud platform. The typical Azure Virtual Desktop architecture has endpoint devices using Azure Virtual Desktop clients to connect to Windows-based virtual desktops and applications hosted on Azure Cloud virtual machines (VMs). Microsoft and customers are jointly responsible for the components comprising the Azure Virtual Desktop infrastructure.
Azure Virtual Desktop Architecture
Since cloud platforms like Azure are highly scalable, they are ideal for large-scale virtual desktop infrastructure (VDI) and Desktop as a Service (DaaS) solutions. Even if your initial implementation is small, you can quickly scale your Azure Virtual Desktop solution by adding more VMs and licenses, subject to platform-specific limitations.
There are three major components in the typical Azure Virtual Desktop architecture:
- The customer’s on-premises network, from where endpoint devices connect to the Azure Virtual Desktops located on the cloud via either Azure ExpressRoute or a virtual private network (VPN). From here, the customer’s Active Directory Domain Services (AD DS) also integrates with Azure Active Directory (Azure AD) using Azure AD Connect.
- The Azure Virtual Desktop control plane, over which Microsoft is in charge.
- The customer’s IT team is in charge of the AD DS, Azure AD, Azure subscriptions, virtual networks, Azure Files or Azure NetApp Files, and host pools and workspaces.
You can add more capacity by getting an additional Azure subscription. You can then use virtual network peering to connect the machines in this new subscription with the other machines covered in your old subscription.
Azure Virtual Desktop supports the following operating systems:
- Windows 10 Enterprise, Windows 10 Enterprise Multi-session, and Windows 7 Enterprise.
- Windows Server 2012 R2 and above.
- Windows system images are customized according to your organizational requirements, e.g., a custom Windows image with preloaded applications.
Microsoft and Customer Managed Components
While customers may not need to know the full details of these components, you should at least be aware that Microsoft is in charge of infrastructure and brokering, including the following:
- Web Access Service: This allows access to desktops and applications using any HTML5-compatible web browser. Multifactor authentication can be paired with this component for added security.
- Remote Connection Gateway: Through this service, remote users can connect to virtual desktops and applications using the Azure Virtual Desktop client on their internet-connected devices.
- Connection Broker: This service manages connections to virtual desktops and applications, and provides load balancing and automatic reconnection features for smoother operation.
- Remote Desktop Diagnostics: This service provides event-based logging of successful or failed administrator-initiated and user-initiated actions in Azure Virtual Desktops.
- Extensibility components for managing your environment: This includes Windows PowerShell and REST APIs.
What you do in an Azure Virtual Desktop Architecture
As a customer, you are in charge of the following:
- Azure Virtual Network: This allows access to virtual desktops and applications from practically anywhere. With Azure ExpressRoute or a VPN, you can ensure secure communications between all devices on the network.
- Azure AD: Azure Virtual Desktop host pools must be connected to an Active Directory domain for identity and access management. With this, you can leverage Azure AD security features such as conditional access and multi-factor authentication.
- AD Domain Services (DS): Azure Virtual Desktop VMs are required to join an AD DS domain. You can use Azure AD Connect to synchronize AD DS with Azure AD and ensure that your users are defined on both services.
- Azure Virtual Desktop session hosts: Each host VM is required to have an Azure Virtual Desktop host agent that allows it to be registered with the Azure Virtual Desktop workspace. Host pools can be made part of application groups, collections of remote applications or desktop sessions accessible to your users.
- Azure Virtual Desktop workspace: All the resources in your organization’s host pools are managed and published from this workspace.
Azure Virtual Desktop Limitations
Limitations in using Azure Virtual Desktop are related to its scalability. The more important of these include:
- Microsoft recommends the number of VMs per Azure subscription per region to be kept under 5,000. To allow simultaneous access for multiple users, you can use Windows 10 Enterprise multi-session with your VMs, though this may require more resources.
- If more than 5,000 VMs are required, you can use a hub-spoke architecture and connect multiple Azure subscriptions in the same region using virtual network peering. You can also deploy VMs in a different region using the same subscription.
- If you are using automated session-host scaling tools, the limits go down to 2,500 VMs, since these tools consume more resources.
- Azure throttles API calls to help with overall performance. As a consequence, you cannot reboot more than 600 VMs per hour from the Azure portal. As a workaround, you can choose to reboot all your machines at once from the operating system.
- Microsoft recommends grouping your VMs in availability sets for redundancy. However, you can deploy only 200 VMs per availability set using an Azure Resource Manager template. If you choose to forego the benefit of using availability sets, the limit goes up to 399 VMs.
Guidelines for Virtual Machines in Azure Virtual Desktop
When setting up your Azure Virtual Desktop infrastructure, you should ensure that your VMs can handle your expected workloads. Otherwise, poor performance can result and lower the quality of your user experience.
It is not recommended to use just two cores or have 32 cores. If you utilize only two cores, the VMs become unstable. If you use 32 cores, higher synchronization overhead results, negating any advantage that a higher-core VM can give your users in terms of their ability to handle your workloads.
Instead, consider having VMs sized between four vCPUs and 24 vCPUs. Microsoft recommends four users per core for light and medium workloads. If your users typically perform heavier workloads, each core should have at most one or two users and a minimum of six vCPUs. The requirements may change as you add more users.
Microsoft also recommends a minimum of 16 GB of RAM and 32 GB of storage for light to heavy workloads, and 56 GB of RAM and 340 GB of storage for heavier, or power, workloads. Regardless of workload, the minimum profile container storage should be 30 GB.
Generally, a large number of smaller VMs is better than a few larger VMs. Smaller VMs have fewer users signed in—chances of them remaining unused are higher. They can be updated when needed, or you can shut them down to conserve resources. In contrast, large VMs may take a longer time to update since you’ll have to find a window when they are unused. The chances of them being shut down are also almost nil.
Use Cases for an Azure Virtual Desktop Architecture
Enterprise virtual desktop solutions are most in demand from:
- Applications for security and regulation in the government, healthcare, and financial sectors.
- Flexible workforce requirements, such as those associated with partner access, remote work, mergers and acquisitions, and temporary workers and contractors.
- Specific personnel, including contact center and branch staff, mobile users, and BYOD users.
- Tasks with a narrow focus, including design and engineering, legacy applications, and testing for software development.
Deploy on Microsoft Azure with Parallels RAS
Parallels® Remote Application Server (RAS) provides a viable alternative to deploying an Azure-based VDI or DaaS. That’s because it uses Azure as a hypervisor to scale VDI workloads on-demand, allowing for faster deployments and better management.
Parallels RAS extends the capabilities of your Azure Virtual Desktop-based solution through a central console for integrating workloads and resources. The comprehensive solution includes access to virtual applications and desktops hosted on Azure VMs and supports deployments on premises, or on hybrid and public clouds. It also supports Windows 10 Enterprise multi-session hosts and multi-cloud deployments.
Parallels RAS on Azure delivers an affordable, yet faster, more scalable, and access-from-anywhere solution to your virtual desktops and applications. It also offers a full-featured and easy-to-understand licensing model.
Download the trial and see how Parallels RAS can help streamline your application delivery on Azure.