Before getting started, please complete a thorough review of the NFA QuickStart Guide as those items will apply to Azure Virtual Desktop in Nerdio for Azure (NFA).
This quick start helps you understand basic terminologies and concepts for setting up and using Azure Virtual Desktop accounts in Nerdio for Azure (NFA):
- Overview of AVD
- Printing from AVD
- Definition of terms
- AVD architecture
- Comparisons with RDS
- Data disk sizing
- Additional resources
With AVD, there’s a new version of Windows 10 that allows multiple users to use the same desktop virtual machine at the same time. This saves money because it requires less Azure infrastructure and provides the user with the same desktop experience as they’re used to on their physical devices.
Printing in Azure Virtual Desktop has changed from how a traditional RDS deployment prints with redirection. Please read our latest KB on Printing in AVD to understand the printing differences between connecting to AVD via HTML browser or direct with the Windows client.
While Azure AD is a container of user objects, the actual AVD session hosts – the virtual machines running Windows 10 Enterprise multi-session – must join an Active Directory forest.
- Server Active Directory – “Active Directory”
- Plain, vanilla Active Directory role on a traditional Windows Server machine that is managed with tools like Active Directory Users and Computer, Sites and Services, Domains, and Trusts.
- Contains user, group, contact, and computer objects
- Traditional Windows desktops and servers join this AD
- Users and Groups can be synchronized with Azure AD using ADConnect
- Azure Active Directory (AAD) – Microsoft Cloud Directory services
- Despite its similar name to traditional Active Directory, this is a different service that is hosted by Microsoft and is the top-level object in Microsoft Cloud (O365, D365 and Azure)
- Contains user, group, and contact objects
- Windows 10 computers can join AAD while older operating system machines cannot
- Can be synchronized with an AD (#1 above) via ADConnect tool so the same username and password can be used for both
- By itself, Azure AD (AAD) is NOT sufficient for AVD deployment. Both AAD and traditional AD (or AAD DS - see below) is needed.
- Azure Active Directory Domain Services (AAD DS)
- An Azure hosted, Microsoft managed AD DS
- Most of the same capabilities as traditional, on-premises AD DS with some limitations due to lack of administrative access to the actual domain controller (Microsoft manages that)
- Synchronizes with AAD (which is synchronized with on an on-premises AD DS) and allows VMs running in Azure to join it regardless of the type of Windows OS (e.g. Windows 10/8/7 or Server 2008/2012/2016/2019)
- Nerdio for Azure does NOT support Azure AD DS at this time due to the various limitations it imposes for most deployment scenarios
AVD requires that the session host VMs (desktop VMs) be joined to either Server Active Directory (#1) or AAD DS (#3). In a AVD Nerdio account DC01 is accessible to the AVD session host VMs. It is not possible to use only AAD (#2) for a AVD deployment. With AVD you need both AAD (contains user objects) and Server AD (contains computer objects). Server AD is automatically configured to be synchronized with AAD via ADConnect on DC01 for an optimal user experience.
Additional reading: Microsoft Azure Active Directory
FSLogix for user profiles - This is a user profile container technology that allows the user to switch desktop virtual machines without losing access to their own customizations. With FSLogix, it is now possible to use OneDrive and indexed search functionality in virtual desktops, something that wasn’t possible with RDS User Profile Disks (UPDs).
FXLogix with AVD also provides a seamless files on-demand solution by default. The value is that OneDrive for Business and SharePoint will function the same in AVD as they would on a persistent desktop such as a physical PC or laptop. FXLogix supports active cache syncing in the AVD environment so users have their updated files no matter which host they connect to. In addition, FXLogix will retain user credentials, preventing them from having to sign in to OneDrive every time they log in.
AVD desktop users’ Windows profiles are encapsulated in VHD files and stored on a file server independent of the Windows 10 session host VMs. This way, if a user is assigned to a pooled (i.e. non-persistent) desktop the profile (including Windows Search cache) can follow the user no matter what virtual desktop VM they log into. In a Nerdio AVD environment, FS01 is accessible to the session host VMs to store these profile disks.
Important note - a user set with domain admin privileges will not have a FSLogix managed profile and will not be persistent.
Please review the AVD Diagram
Interactive Login Messages: A GPO setting that applies an interactive logon message to all domain joined computers will interfere with the ability to Sysprep, capture images, and login to newly provisioned scale set hosts. Therefore this setting should be configured to exclude AVD session hosts.
With Remote Desktop Services (RDS), you needed a license for the Server operating system, RDS, and Office ProPlus. With AVD you need a subscription to Microsoft 365 or any Windows 10 Enterprise subscription.
The following licenses can be used for AVD:
- Microsoft 365 – E3/E5/A3/A5/Business
- Windows 10 Enterprise (via CSP) – E3/E5/A3/A5
Note that Windows 10 Professional, OEM, or any non-subscription version of Windows are not entitled to use AVD.
Using Microsoft 365 Business requires Office Business to be installed on the hosts being accessed by users. The default office installation in Nerdio for Azure is Office ProPlus. For instructions on uninstalling ProPlus and installing Business go here.
You can purchase a subscription to the above products through any channel: CSP, EA, MCA, etc. The same per-user subscription license entitles the user to whom it is assigned to connect to multiple AVD desktops whether they are Windows 10 Enterprise multi-session, single-session, or even Windows 7 (Windows 7 is not currently available in Nerdio as a template).
Please review the comparison between Office 365 and Microsoft 365 for more information.
Windows Operating System running the desktop
RDS: Legacy Nerdio implementations use a Server OS (e.g. Windows Server 2016) with desktop experience enabled. This is because the RDS feature is only available in the Server OS, which allows multiple users to share a single virtual machine (VM). This makes the deployment more economical and affordable. There are some virtual desktop infrastructure (VDI) implementations that assign a dedicated desktop VM to each user and those could be running Windows 10 today since it’s a single-user OS.
AVD: Windows 10 Enterprise Multi-session for AVD was built specifically to enable hosted desktops that are identical to what the more than 800M Windows 10 users are already used to on their physical devices. The new OS also comes with enhancements that improve user experience.
- Windows Search index (which speeds up searching in Outlook and other apps) will be a per-user database that will be portable and can move with the user from one VM to another. In existing operating systems, the search index is a per-machine database so if a user logs into another VM the index must be rebuilt
- Designed and intended use of OneDrive and SharePoint. No modifications or exceptional methods need to be implemented to use those readily and feature-rich applications
Control Plane (Infrastructure Services)
The control plane is a collection of services that determine which user gets connected to what desktop VM. It sounds simple, but there is a lot that goes into it.
RDS: RDS infrastructure roles handle this. These roles include: Web access, Gateway, Connection Broker, License server, and HTML client. These are server roles that are installed on domain-joined Windows Server VMs and are managed by the MSP or customer.
AVD: Microsoft is eliminating the need for any domain-joined RDS roles and instead of creating an Azure service that a user will log into and it will then determine where the user’s desktop is and where to “land” the desktop session. This not only eliminates the complexity of having to manage RDS roles but also removes the need for costly VMs to run them.
Considerations for Data Disk sizing and configuration
- For AVD we recommend sizing and configuration of the data disk using this rough guideline:
- 5 GB minimum, 10 GB highly recommended, per user.
- Ex. For a 200 user AVD Host's user data disk, 2 TB would be an acceptable starting point.
- Ensure the data disk has its caching set to None - instructions can be found here
- Note that average mailbox size should also be taken into consideration:
- a 10 GB per user guideline will need to be increased according to the current or expected size of their mailbox, in order to leave sufficient room for the Outlook cache.
- When upgrading from a NFA Professional, which uses Standard HDD disks on scale-sets by default, you will only be able to upgrade the data disk type in your Enterprise account by creating a new pool (copying your existing pool template) and setting the storage type as desired.