Written by: Daniel Haurey on 08/28/20

There’re several skills that you need to deploy your first Windows Virtual Desktop (WVD) environment.This article will focus on small Windows Virtual Desktop deployments of less than 250 seats. First and foremost, you certainly need Microsoft Azure skills in the IaaS domain, including, network, storage, compute, identity, and security, as well as their on-premises counterparts.

You will need Azure Networking skills to layout and use the existing network in terms of Azure Virtual Networks (VNets) and subnets. Mixing in Identity skills, you’ll need to consider whether you’re going to use Azure Active Directory (AD) Domain Services (AAD DS) or your local AD and access that over VPN, and if you do not have VPN or AAD DS you will need to deploy them. To operate WVD requires access to the public Internet from host pool VMs and you’d definitely want to control that to prevent data exfiltration. You could do that with built-in firewalls (Network Security Groups), but they aren’t as comprehensive or flexible as Azure Firewall. Understanding how to route your subnet traffic to Azure Firewall, create the application and network rules, and monitor traffic with Log Analytics will be some of the initial steps to creating a secure WVD perimeter.

Also on the topic of AD, your skillset will need to cover the management of AD group policies to address some scenarios not covered by RDP settings through WVD.

Virtual Desktop Picture

The other key consideration is user profile hosting.  Choosing the right option here will require a mix of skills where the key is Azure Storage management. The recommended approach is to store Windows user profiles on the network.  There are 3 approaches that you could take.  Use Azure Files, Azure NetApp, or a Storage Spaces cluster deployed in the cloud or on-prem VMs. With all these solutions, you will need to have varying degrees of Azure Storage and on-prem storage skills. You will also need to be familiar with FSLogix, a Microsoft technology to manage remote profiles stored in VHDs. While building out storage, you will also leverage the Azure networking toolbox with Private Endpoints to minimize exposure of storage to the Internet.

Next, you will need to choose the family and type of VMs that are to be used as session hosts.  Your Azure Compute skills will definitely come in handy here. For most of the generic profiles, Microsoft provides recommendations that include corresponding VM families, however, they may need to be tuned to your specific situation and use case. To conserve money on running the WVD session hosts, you will want to implement a scaling script which is based on Azure Automation and Azure Logic App. The first uses PowerShell, while the last uses a Low Code development editor built into Azure Portal. In tandem, they can scale your Compute resources and your combined Compute and PowerShell skillset will help you to understand how they will affect your production environment.

You’ll need Azure Security skills to secure and monitor the environment. To a greater extent, you will get assistance from Azure Security Center and Azure Sentinel, but you will need to deploy and configure them. In addition to these tools to monitor WVD from the security perspective, you will need to be familiar with Azure Log analytics and be able to write queries in Kusto Query Language (KQL).

As you can see, a well-rounded and deep knowledge of Azure and other technologies is needed to effectively deploy and operate WVD – even for a smaller WVD environment.  To talk to one of our Windows Virtual Desktop experts, contact us today.