Overview
As Azure Virtual Desktop on Azure Stack HCI can be largely managed through the Microsoft Azure portal, the portal and its functions are covered in this section. The software section also describes the operating systems in use at both the cluster and VDI level, and any software cluster volume layout and any other software that is used in the solution such as FSLogix and Windows Admin Center.
Microsoft Azure
Azure PortalThe Azure portal is a web-based console through which a user manages their Azure subscriptions and resources. To use Azure, a user must create an account subscription and provide appropriate billing information to pay for the services they require.
To create the on-premises Azure Virtual Desktop pool and link the Azure Stack HCI cluster and nodes of this architecture to Azure, the following actions using Azure services and resources were carried out:
- Registered the Azure Stack HCI cluster with Azure.
- Created and configured an Azure Virtual Desktop desktop pool and its associated Workspace, Application Group and Applications.
- The on-premises Azure Stack HCI cluster, the cluster nodes and the VMs were all Azure Arc-enabled.
- Azure Monitor with Azure Monitor Logs was enabled.
- Created an Azure Active Directory tenant which was synched with an on-premises active directory.
- Downloaded virtual hard disk images from the Azure Marketplace . These images can then be customized to suit an organization’s requirements.
- Other items such as creating an Azure Service Principal (an identity to join VMs to Azure) and Resource Groups to group and manage the Azure resources were used.
To enable Azure Virtual Desktop to operate in an on-premises Azure Stack HCI cluster, some Azure services must be enabled and configured. An empty Azure Virtual Desktop pool is created in Azure, and the VDI desktop VMs are created locally on the on-premises Azure Stack HCI cluster.
The VMs can be created using Windows Admin Center, Hyper-V, Powershell, and so on, and have agents that are installed to connect them to Azure Arc and the Azure Virtual Desktop pool.
The host pool setup process also creates a desktop Application Group by default. For the host pool to function correctly, the Application Group must be published to users or user groups, and the Application Group registered to a Workspace. A Workspace is a logical grouping of Application Groups in Azure Virtual Desktop.
Each Azure Virtual Desktop Application Group must be associated with a Workspace for users to see the remote apps and desktops that are published to them.
Azure ArcAzure Arc integrates non-Azure resources with Azure. It is a set of technologies that is used to simplify the administration of complex hybrid environments. It provides centralized, scalable, consistent multi-cloud and on-premises platform management.
The on-premises Azure Stack HCI cluster and its physical nodes are all registered with Azure Arc. Azure Stack HCI nodes come with the Azure Arc agent preinstalled.
The Azure Virtual Desktop VMs running on the Azure Stack HCI cluster are also Azure Arc-registered and require the Azure Arc agent to be installed in the Azure Virtual Desktop VM operating system and a PowerShell script to be run to register the VM with the correct Azure subscription.
The agent establishes a logical connection between the local resource and Azure. By establishing this connection, a non-Azure resource automatically becomes a hybrid Azure resource. Azure Arc Registration can be done through Windows Admin Center or PowerShell and this automatically enables Azure monitoring, support, and billing.
For more information about Azure Arc, see the following documents:
Azure Monitors and LogsAfter the Azure Stack HCI cluster is registered with Azure, Azure Monitor and Azure Monitor Logs can be enabled to allow monitoring of the performance and state of the cluster, hosts, and virtual machines.
Azure Monitor uses agents that are installed on monitored servers to collect and upload metrics and logs to an Azure-based storage and analytics service referred to as a Log Analytics workspace. A workspace allows you to define the scope of data collection and analysis and to control data access.
Azure Monitor Logs collects and organizes log and performance data from monitored resources. Data from Azure services, VMs, and applications can be consolidated into a single location for analysis and storage. The data collected can then be analyzed interactively using a query language, used for alerts, and visualized in workbooks or dashboards.
Operating systems
Azure Stack HCI operating systemThe Azure Stack HCI operating system is based on core components from Windows Server and is a streamlined operating system.
It does not include features such as Windows Desktop Experience and is designed for remote management. It is built on the latest Azure hypervisor incorporating Storage Spaces direct, software-defined networking and optimized for virtualization.
Windows 10 MultisessionWindows 10 Enterprise Multisession is a Remote Desktop Session Host available on Azure Virtual Desktop. Azure Virtual Desktop on Azure Stack HCI is the only way to run Windows 10 Multisession in an on-premises environment.
The on-premises VMs we created for hosting Windows 10 Multisession used a vCPU and memory configuration equivalent to Azure VM D8s-v3 or D8s-v4 standard configurations (8 vCPUs, 32 GB of RAM, all reserved).
Windows 11 Enterprise multisession is also available to run on Azure Virtual Desktop on Azure Stack HCI and provides the following benefits:
- A scalable multisession, modern Windows user experience with Windows 10 Enterprise security.
- Windows 10, Multiple sessions, Microsoft 365 Apps for enterprise, Semi-Annual Channel.
- Gives users a familiar Windows 10 or Windows 11 experience.
- Supports use of existing per-user Microsoft 365 licensing.
The Azure Arc agent is installed for registration with Azure Arc, and two Azure Virtual Desktop agents are installed for registration with the Azure Virtual Desktop pool. The VM is also on-premises Active Directory joined.
Windows 10 Single SessionWindows 10 Enterprise and Windows 11 Enterprise single session is also available to run on-premises as part of an Azure Virtual Desktop on Azure Stack HCI deployment.
The on-premises VMs we created for hosting Windows 10 single session used a vCPU and memory configuration equivalent to Azure virtual machine B2s or A2 v2 standard configurations (2 vCPUs, 4 GB of RAM, 2 GB reserved).
Windows 11 Enterprise single session is also available to run on Azure Virtual Desktop on Azure Stack HCI and provides the following benefits:
- Native single-session operating system, Windows experience, Microsoft 365 Apps for enterprise, Semi-Annual Channel.
- Gives users a familiar Windows 10 or Windows 11 experience.
- Supports use of existing per-user Microsoft 365 licensing.
The Azure Arc agent is installed for registration with Azure Arc, and two Azure Virtual Desktop agents are installed for registration with the Azure Virtual Desktop pool. The VM is also on-premises Active Directory joined.
Windows Admin Center
Windows Admin Center is a locally deployed, browser-based application that can be used for managing Azure Stack HCI and to carry out local operations on the Azure Virtual Desktop. Windows Admin Center is installed on a management computer/VM and the management computer must be joined to the same Active Directory domain in which you create the cluster, or a fully trusted domain.
When using Windows Admin Center to register the Azure Stack HCI cluster, you must first register Windows Admin Center with Azure and sign into Windows Admin Center with your Azure account.
For more information, see Connect Azure Stack HCI to Azure.
Dell OpenManage Integration with Microsoft Windows Admin (OMIMSWAC) is an extension of Windows Admin Center. It enables remote management and streamlined life cycle management at the server level for Azure Stack HCI clusters and AX nodes.
The OMIMSWAC solution brings the following benefits:
- Streamlines operational efficiency and offers great flexibility by directly monitoring and managing servers and cluster environments.
- Enables organizations to make informed and rapid decisions impacting the availability of virtualized, software-defined, and cloud infrastructure.
- Saves IT attended time by bringing automation to Cluster Creation workflow, which uses a consistent, repeatable, and guided process. Dell HCI Configuration Profile (HCP) embedded as part of cluster creation workflow ensures error-free, hardware compatibility and symmetry checks for nodes in the cluster.
- Simplifies life cycle management operations with 1-Click Full Stack Cluster-Aware Updating, which updates the operating system, firmware, drivers, and BIOS of the AX nodes in a single workflow with zero impact on workloads running on clusters.
- Eliminates time-consuming guesswork during a cluster expansion process by allowing you to select only compatible AX nodes with HCI configuration profile checks.
- Reduces Azure subscription cost by allowing IT administrators to size and modify the CPU cores based on workload performance in a cluster-aware fashion.
- Proactively secures HCI infrastructure from malicious threats and inadvertent changes using Secure-Core and Infrastructure Lockdown features.
- Integrates with Azure Monitor,which helps in analyzing and optimizing the performance of the infrastructure.
Client Connection
Remote DesktopA remote desktop can be accessed using a web browser, through the online Azure remote desktop gateway at the RDWeb link. As the on-premises active directory is synced with the Azure Active Directory (Azure AD) tenant, users can use their on-premises Azure AD user login name with the 'on-prem-domain.onmicrosoft.com’ extension and on-premises user password. This allows users to view Azure Virtual Desktop workspaces and the desktop and applications they have been granted access to using an Azure application group. At this point, an RDP file may be downloaded and opened (requires Microsoft Remote Desktop) or the desktop opened directly in the browser.
Remote Desktop Web Client can be found here: https://client.wvd.microsoft.com/arm/webclient/index.html
The Microsoft Remote Desktop application may also be used to access desktops and applications. This application is downloaded and installed on the user's local computer. A user can subscribe to a workspace using their on-premises Azure AD user login name with the 'on-prem-domain.onmicrosoft.com' extension and on-premises user password.
Once subscribed, and if the user has been granted access to the Azure Virtual Desktop workspace and Azure application group, their desktops and applications are available for use.
For more information, see Connect with the Windows Desktop client.
Active DirectoryAn on-premises Active Directory domain with DNS is required for Azure Virtual Desktop on Azure Stack HCI to function. The on-premises active directory is synced with an Azure active directory tenant using the Azure AD Connect application which is installed on the domain controller.
Azure AD is a cloud-based, multi-tenant directory and identity service. The Azure AD Connect sync service ensures that identity information that is stored in the cloud is consistent with the information held on-premises.
Password hash synchronization is enabled and this allows on-premises users to access user desktops with their on-premises user account password with the 'username@on-prem-domain.onmicrosoft.com' user login. User groups synced from the on-premises domain are assigned to Azure Virtual Desktop application groups to grant user access to the Azure Virtual Desktop desktops. An Azure AD Free tenant license was sufficient for this solution.
The Azure Active Directory Connect synchronization services (Azure AD Connect sync) is the main component of Azure AD Connect. It takes care of all the operations that are related to synchronizing identity data between the on-premises environment and Azure AD.
For more information, see Integrate on-premises AD domains with Azure AD.
Storage Spaces Direct and volume layout
Storage Spaces DirectStorage Spaces Direct is the software-defined storage technology behind Azure Stack HCI. It is a software-defined storage solution that allows sharing of storage resources in hyperconverged IT infrastructure. It enables the combination of internal storage drives on a cluster of physical servers into a software-defined storage pool. Volumes combine the drives in the storage pool to introduce the fault tolerance, scalability, and performance benefits of Storage Spaces Direct.
Volume layoutIn Azure Stack HCI, cluster-shared volumes (CSV) are the datastores for VHD or VHDX files for Hyper-V virtual machines. In a CSV setup, all volumes in the cluster are visible from all nodes in the cluster and all volumes are mounted at the C:\ClusterStorage\ path.
CSV provides a general-purpose, clustered file system that is layered above Resilient File System (ReFS). It enables cluster nodes to simultaneously read from and write to the same set of ReFS volumes.
Volumes provisioned as ReFS mean that the CSV will be in redirected mode, meaning write access is sent to the volumes coordinator (owner) node. ReFS is recommended for virtualized workloads.
For the tested three-node solution with AVD Windows 10 Multisession, three cluster shared volumes for Azure Virtual Desktop VM storage were created. The volumes used the ReFS file system with a three-way mirror and were thin provisioned.
Each node in the Azure Stack HCI cluster is a coordinator (owner) node to one of the CSV volumes. VMs running on a particular node should have their virtual hard disk file stored on the volume that the node is coordinator of.
For the tested solution the following volumes were created on the cluster:
- 3 x VDIDataStore: Volumes for storing Hyper-V VM files and their VHD/VHDx files.
- VDIDataStore: Volume for storing VM master VHD files, ISOs, and so on.
- ClusterPerformanceHistory: Volume for storing historical performance data for the cluster, GetClusterPerf PowerShell commands. Created automatically.
With a three-host Azure Stack HCI cluster, three-way mirroring for better fault tolerance and performance is used. Three-way mirroring keeps three copies of all data, with one copy on the drives in each server. Its storage efficiency is 33.3 percent - to write 1 TB of data, you need at least 3 TB of physical storage capacity in the storage pool.
Three-way mirroring can safely tolerate at least two hardware problems (drive or server) at a time. If two nodes become unavailable the storage pool loses quorum, since two-thirds of the disks are not available, and the virtual disks are inaccessible.
However, a node can be down and one or more disks on another node can fail and the virtual disks remain online. For example, if you are rebooting one server when another drive or server fails, all data remains safe and continuously accessible.
If your deployment has only two servers, Storage Spaces Direct automatically uses two-way mirroring for resiliency. If your deployment has only three servers, it will automatically use three-way mirroring. If you have four or more servers you can choose your resiliency type, either Mirror or Parity.
An alternative setup is with Azure Virtual Desktop Windows 10 single session VMs using differencing disks. This setup can have a single CSV volume for the cluster with one parent virtual hard disk file on that volume and each VM with its own differencing disk. Using differencing disks saves a lot of storage space compared to full-clone VMs.
One node is elected as the volume coordinator (owner) node in this case. It may be less efficient for metadata orchestration across nodes as one node would handle all of this, but VDI is not a write-heavy workload in general and there were no performance impacts experienced during the testing of this configuration.
Another alternative volume setup if choosing to use differencing disks is to create a single volume per node and to place a master disk on each volume. However, this solution may not scale as well with up to 16 nodes in a cluster.
For the tested solution the following volumes were created on the cluster:
- 1 x VDIDataStore: Volumes for storing Hyper-V VM files and their VHD/VHDx files.
- VDIDataStore: Volume for storing VM master VHD files, ISOs, and so on.
- ClusterPerformanceHistory: Volume for storing historical performance data for the cluster, GetClusterPerf PowerShell commands. Created automatically.
FSLogix
This solution uses FSLogix Profile Container for user profile persistence. Profile Container is a full remote profile solution for non-persistent environments. Profile Container redirects the entire user profile to a remote location in the form of a VHD file which is mounted when a user logs in to a VM.
For this architecture, a VM was created on a separate cluster and a standard SMB file share with appropriate permissions was created on the VM. The FSLogix software was installed on the Azure Virtual Desktop golden image and GPO settings were configured to direct the user profiles to the SMB fileshare.
FSLogix user data should be stored outside of the Azure Stack HCI cluster that hosts the virtual desktops. Dell provides a variety of on-premises storage solutions such as PowerStore and PowerScale, and Microsoft offers file storage in the Azure public cloud that can be used as external storage locations for user profile data.