What’s new in Windows Virtual Desktop

Based on the Microsoft 365 roadmap, at the end of July, the update called Spring Update 2020 for the Windows Virtual Desktop (WVD) solution was released in General Availability. With the introduction of this update, Microsoft has drastically improved the experience of managing the WVD environment by integrating it within the Azure portal.

In this article, we will see what are the differences between the previous solution (Fall 2019) and the current solution; some new features recently introduced in Windows Virtual Desktop will also be mentioned.

Infrastructure

In the Fall 2019 version, Windows Virtual Desktop is not an Azure Resource Manager (ARM) service, therefore all the objects present in the infrastructure are attested within a separate database. Azure Resource Manager is the dividing line between the user and the Fabric subsystem and is also responsible for provisioning and managing all Azure services.

With the latest update, all Windows Virtual Desktop objects are ARM resources as a result fully integrated within the Azure portal.

Figure 1 – Windows Virtual Desktop in Azure Portal

Some components related to the structure on which the Windows Virtual Desktop service is based have also been revised; we report below the fundamental components:

Host Pool

Collection of virtual machines on Azure that register in the environment as Session Host when the Windows Virtual Desktop agent is running.

As reported in the previous article, all Session Hosts are generated from the same image (from Marketplace or custom) in order to provide the same User Experience to the end user.

App Groups

It is a logical group that allows you to make applications and/or the desktop available to users. One of the most important features introduced in this update is the ability to assign (assignments) an app group to Azure AD groups (previously it was only possible to associate Azure AD users).

Workspace

It is a logical group of Application Groups present on Windows Virtual Desktop; each App Groups must be associated with a workspace to allow users to view published apps or desktops.

Figure 2 – Infrastructure difference between Fall 2019 and Spring 2020
Figure 3 – Spring 2020 Infrastructure

Management

As previously mentioned, the Spring 2020 version of Windows Virtual Desktop is fully integrated within the Azure portal; all the User Interface for the management of the solution is replaced by the new section on the administration portal. It is therefore possible to authorize access to WVD resources, perform maintenance activities (eg: logoff, logoff, send messages) and modify the RDP settings directly from the Azure portal.

Figure 4 – RDP settings from Azure portal

It is also possible to perform all these activities through the specific Powershell commands integrated in the AZ module; for example, to view the Session Hosts present within a Host Pool, you need to use the new Get-AzWvdSessionHost command.

In terms of security and authorization on accesses for the administrative part, it is possible to use Azure RBAC to provide granular rights on resources/objects based on the following model:

Figure 5 – RBAC

To fulfill the legal obligations on data compliance, Microsoft has added the possibility of placing metadata on various regions; in the previous version, metadata can only be saved in the United States.

In the image below, we summarize the substantial differences between the two versions:

Figure 6 – Difference between Fall 2019 and Spring 2020

Image management

Within the Spring 2020 update, further improvements have been introduced regarding the management of custom images for the creation of the Windows Virtual Desktop environment. As previously reported, each Session Host is generated based on a Master Image in order to provide the same User Experience to the various users.

One of the most important features is the full integration of Azure Shared Image Gallery during the process of a new Host Pool creation.

Azure Shared Image Gallery is a service that allows you to manage and simplify the sharing of custom images within the organization; this service provides:

  • Global replication of images;
  • Versioning and grouping of images ;
  • Highly available images with Zone Redundant Storage (ZRS) accounts in regions that support Availability Zones;
  • Premium storage support (Premium_LRS);
  • Sharing across subscriptions, and even between Active Directory (AD) tenants, using RBAC;
  • Scaling your deployments with image replicas in each region;
Figure 7 – Image replica in Azure Shared Image Gallery

Also regarding image management, Microsoft has released a new service called Azure Image Builder in Public Preview. Through this service, you can create and update your custom image in an automated way; it is also possible to define where to save the images: whether on Azure Share Image Gallery or as Azure Managed Image.

This process is very useful for automating the process of creating new master images after installing the security fixes released monthly by Microsoft.

Figure 8 – Azure Image Builder workflow

Now these are the areas of support of the service:

Region

  • East US
  • East US 2
  • West Central US
  • West US
  • West US 2
  • North Europe
  • West Europe

Operating systems

  • Ubuntu 18.04
  • Ubuntu 16.04
  • RHEL 7.6, 7.7
  • CentOS 7.6, 7.7
  • SLES 12 SP4
  • SLES 15, SLES 15 SP1
  • Windows 10 RS5 Enterprise/Enterprise multi-session/Professional
  • Windows 2016
  • Windows 2019

New features

Given the high demand, Microsoft is continuously introducing new features to make the Windows Virtual Desktop solution as optimal as possible and ensure that it is similar to a real workstation.

In fact, a new version of Microsoft Teams was released that allows the audio/video channel optimization; starting with this version of Microsoft Teams, it will therefore be possible to have high performance when streaming peer-to-peer through the WebRTC standard.

This version requires Windows Desktop client 1.2.1026.0 or later build.

With the 2004 build of Windows 10 Enterprise (single or multi-session), the MSIX-related APIs have been integrated into the operating system.

The MSIX App Attach feature is based on some technologies that combined together allow you to connect an MSIX application present in a centralized repository. Through this mechanism, applications are not installed directly on the operating system and can be made available or removed as needed.

Once the application is connected, the “look and feel” is the same as if the application were installed locally.

Figure 9 – MSIX App Attach

For storing profiles and applications in the Windows Virtual Desktop environment, you can use Azure Files as repository. Azure Files is a service that allows you to expose SMB shares present on the cloud.

In addition, Active Directory Domain Services can be used as an authentication method; this allows you to access the exposed shares using the AD credentials with the same resource access experience present in the on-premises environment. AD domain-joined systems are able to mount Azure File shares using their own credentials.

References

Here are some useful references to the official Microsoft documentation:

Conclusions

This article reported the major innovations introduced on Windows Virtual Desktop. The continuing need on the part of companies to facilitate smart-working and allow users to work as if they were in the company makes Windows Virtual Desktop one of the most important and constantly evolving Microsoft services of this last period.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: