Before getting started, please complete a thorough review of the NFA QuickStart Guide as those items will apply to Windows Virtual Desktop in Nerdio for Azure (NFA).
This quick start helps you understand basic terminologies and concepts for setting up and using Windows Virtual Desktop accounts in Nerdio for Azure (NFA):
- Overview of WVD
- Printing from WVD
- Definition of terms
- WVD architecture
- Comparisons with RDS
- Additional resources
With WVD, there’s a new version of Windows 10 that allows multiple users to use the same desktop virtual machine at the same time. This saves money because it requires less Azure infrastructure and provides the user with the same desktop experience as they’re used to on their physical devices.
Printing in Windows Virtual Desktop has changed from how a traditional RDS deployment prints with redirection. Please read our latest KB on Printing in WVD to understand the printing differences between connecting to WVD via HTML browser or direct with the Windows client.
While Azure AD is a container of user objects, the actual WVD session hosts – the virtual machines running Windows 10 Enterprise multi-session – must join an Active Directory forest.
- Server Active Directory – “Active Directory”
- Plain, vanilla Active Directory role on a traditional Windows Server machine that is managed with tools like Active Directory Users and Computer, Sites and Services, Domains, and Trusts.
- Contains user, group, contact, and computer objects
- Traditional Windows desktops and servers join this AD
- Users and Groups can be synchronized with Azure AD using ADConnect
- Azure Active Directory (AAD) – Microsoft Cloud Directory services
- Despite its similar name to traditional Active Directory, this is a different service that is hosted by Microsoft and is the top-level object in Microsoft Cloud (O365, D365 and Azure)
- Contains user, group, and contact objects
- Windows 10 computers can join AAD while older operating system machines cannot
- Can be synchronized with an AD (#1 above) via ADConnect tool so the same username and password can be used for both
- By itself, Azure AD (AAD) is NOT sufficient for WVD deployment. Both AAD and traditional AD (or AAD DS - see below) is needed.
- Azure Active Directory Domain Services (AAD DS)
- An Azure hosted, Microsoft managed AD DS
- Most of the same capabilities as traditional, on-premises AD DS with some limitations due to lack of administrative access to the actual domain controller (Microsoft manages that)
- Synchronizes with AAD (which is synchronized with on an on-premises AD DS) and allows VMs running in Azure to join it regardless of the type of Windows OS (e.g. Windows 10/8/7 or Server 2008/2012/2016/2019)
- Nerdio for Azure does NOT support Azure AD DS at this time due to the various limitations it imposes for most deployment scenarios
WVD requires that the session host VMs (desktop VMs) be joined to either Server Active Directory (#1) or AAD DS (#3). In a WVD Nerdio account DC01 is accessible to the WVD session host VMs. It is not possible to use only AAD (#2) for a WVD deployment. With WVD you need both AAD (contains user objects) and Server AD (contains computer objects). Server AD is automatically configured to be synchronized with AAD via ADConnect on DC01 for an optimal user experience.
Additional reading: Microsoft Azure Active Directory
FSLogix for user profiles - This is a user profile container technology that allows the user to switch desktop virtual machines without losing access to their own customizations. With FSLogix, it is now possible to use OneDrive and indexed search functionality in virtual desktops, something that wasn’t possible with RDS User Profile Disks (UPDs).
WVD desktop users’ Windows profiles are encapsulated in VHD files and stored on a file server independent of the Windows 10 session host VMs. This way, if a user is assigned to a pooled (i.e. non-persistent) desktop the profile (including Windows Search cache) can follow the user no matter what virtual desktop VM they log into. In a Nerdio WVD environment, FS01 is accessible to the session host VMs to store these profile disks.
Please review the WVD Diagram
With Remote Desktop Services (RDS), you needed a license for the Server operating system, RDS, and Office ProPlus. With WVD you need a subscription to Microsoft 365 or any Windows 10 Enterprise subscription.
The following licenses can be used for WVD:
- Microsoft 365 – E3/E5/A3/A5/Business
- Windows 10 Enterprise (via CSP) – E3/E5/A3/A5
Note that Windows 10 Professional, OEM, or any non-subscription version of Windows are not entitled to use WVD.
You can purchase a subscription to the above products through any channel: CSP, EA, MCA, etc. The same per-user subscription license entitles the user to whom it is assigned to connect to multiple WVD desktops whether they are Windows 10 Enterprise multi-session, single-session, or even Windows 7 (Windows 7 is not currently available in Nerdio as a template).
Please review the comparison between Office 365 and Microsoft 365 for more information.
Windows Operating System running the desktop
RDS: Legacy Nerdio implementations use a Server OS (e.g. Windows Server 2016) with desktop experience enabled. This is because the RDS feature is only available in the Server OS, which allows multiple users to share a single virtual machine (VM). This makes the deployment more economical and affordable. There are some virtual desktop infrastructure (VDI) implementations that assign a dedicated desktop VM to each user and those could be running Windows 10 today since it’s a single user OS.
WVD: Windows 10 Enterprise Multi-session for WVD was built specifically to enable hosted desktops that are identical to what the more than 800M Windows 10 users are already used to on their physical devices. The new OS also comes with enhancements that improve user experience.
- Windows Search index (which speeds up searching in Outlook and other apps) will be a per-user database that will be portable and can move with the user from one VM to another. In existing operating systems, the search index is a per-machine database so if a user logs into another VM the index must be rebuilt
- Designed and intended use of OneDrive and SharePoint. No modifications or exceptional methods need to be implemented to use those readily and feature rich applications
Control Plane (Infrastructure Services)
The control plane is a collection of services that determine which user gets connected to what desktop VM. It sounds simple, but there is a lot that goes into it.
RDS: RDS infrastructure roles handle this. These roles include: Web access, Gateway, Connection broker, License server and HTML client. These are server roles that are installed on domain-joined Windows Server VMs and are managed by the MSP or customer.
WVD: Microsoft is eliminating the need for any domain-joined RDS roles and instead creating an Azure service that a user will log into and it will then determine where the user’s desktop is and where to “land” the desktop session. This not only eliminates the complexity of having to manage RDS roles but also removes the need for costly VMs to run them.