Windows Virtual Desktop (WVD) Native -

Design and Architecture reference guide

WVD Design and Architecture reference guide 1 Microsoft Corporation

MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT.

Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights
under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval
system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or
otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property
rights covering subject matter in this document. Except as expressly provided in any written license
agreement from Microsoft, our provision of this document does not give you any license to these
patents, trademarks, copyrights, or other intellectual property. The descriptions of other companies’
products in this document, if any, are provided only as a convenience to you. Any such references
should not be considered an endorsement or support by Microsoft. Microsoft cannot guarantee their
accuracy, and the products may change over time. Also, the descriptions are intended as brief highlights
to aid understanding, rather than as thorough coverage. For authoritative descriptions of these
products, please consult their respective manufacturers. © 2019 Microsoft Corporation. All rights
reserved. Any use or distribution of these materials without express authorization of Microsoft Corp. is
strictly prohibited. Microsoft and Windows are either registered trademarks or trademarks of Microsoft
Corporation in the United States and/or other countries. The names of actual companies and products
mentioned herein may be the trademarks of their respective owners.

WVD Design and Architecture reference guide 2 Microsoft Corporation

Table of Contents
1. Introductions.......................................................................................................................................4
2. Target Audience...................................................................................................................................4
3. What This Document is Not.................................................................................................................4
4. Pre-requisites/Requirements..............................................................................................................4
5. WVD Native Deployments...................................................................................................................4
5.1. Greenfield (New) Deployments...................................................................................................4
5.2. Migrate On-Premise VDI to WVD.................................................................................................6
6. WVD Native Implementation Steps.....................................................................................................8
6.1. Azure Environment Assessment..................................................................................................8
6.2. Licensing and Entitlements..........................................................................................................9
6.3. Desktop Application Assessment.................................................................................................9
6.4. Networking................................................................................................................................10
6.5. Identity and Access Management..............................................................................................11
6.6. Security and Compliance...........................................................................................................11
6.7. Image Management...................................................................................................................12
6.8. Deploy and Configure Storage infrastructure for User Profile(s)...............................................12
6.9. Windows Virtual Desktop Service Deployment.........................................................................13
6.10. Migrate Existing RDS/VDI Infrastructure................................................................................14
6.11. Convert and Migrate User Profiles.........................................................................................15
6.12. FSLogix Setup and Configuration for WVD User Profiles........................................................15
6.13. Application and Desktop Management and Delivery.............................................................15
6.14. WVD Management................................................................................................................16
6.15. Patch Management................................................................................................................16
6.16. Business Continuity and Disaster Recovery (Azure to Azure).................................................16
6.17. Validate End User Experience................................................................................................17
6.18. Validate FSLogix Profile container creation...........................................................................17
6.19. WVD Service Monitoring........................................................................................................17

WVD Design and Architecture reference guide 3 Microsoft Corporation

1.Introductions
The primary goal of this document is to provide partners (and customers) a design reference document
they can leverage to build and deploy WVD service.

2.Target Audience
The document is primarily intended for technical audience to design a WVD native solution. Partners can
use this doc to help build their sow.

3.What This Document is Not

This document is not a

 Detailed WVD deployment guide

 Detailed FSLogix deployment guide
 Citrix + WVD design guide
 VMWare + WVD design guide

4.Pre-requisites/Requirements
 Agreement with Customer to implement WVD

5.WVD Native Deployments

A successful WVD engagement should carefully consider the several key implementation details like
Networking, WVD Setup/Configuration, Application Assessment, User Profile Management, Migration
Scenarios (in case of migrating existing RDS implementations), Licensing Options, Management &
Monitoring Capabilities, Identity and Security. This is by no means a complete list of all the
implementation steps, as each deployment is unique to the customer’s environment and needs. The
document is only intended as a checklist and a starting point for the partner (or customer) team to
customize the specific engagement as needed. Below is the outline of the key tasks typically
required/recommended to successfully implement and execute the WVD engagement.

5.1. Greenfield (New) Deployments

For Customers deploying WVD Service as a new (or greenfield) deployment, please follow the list
of steps (and associated links) below to complete the implementation and execution.

 Azure Environment Assessment – Evaluate the current Azure footprint to drive efficiency
and reuse services. For Customers with existing Azure deployments, the assessment phase
can help identify resources that can be repurposed or utilized and reduce the number of
new Azure services required for deploying WVD.
 Licensing and Entitlements – Ensure there is a licensing plan in place to run the appropriate
apps or desktops in Azure WVD. Access Windows 10 Enterprise and Windows 7 Enterprise
desktops and apps at no additional cost if you have an eligible Windows or Microsoft 365
license. For accessing Windows Server based deployments, you need to have an RDS CAL
with SA.

WVD Design and Architecture reference guide 4 Microsoft Corporation

  Desktop Application Assessment – Conduct an Application Landscape assessment.
Application assessments provide the current performance and usage details like OS,
Application Compatibility, CPU, memory etc., and aids in VM sizing recommendations by
classifying users into Personas (task workers, power users, knowledge worker etc.) and
related Azure costs. This is an optional step for greenfield deployments, but it is
recommended that partners/customers perform this to get detailed insights into their
applications needs.
 Azure Networking – As networking plays a crucial role in any cloud service deployment,
designing a robust network architecture to satisfy all the KPI requirements is important. This
should be part of your services in the design.
 Identity and Access Management - WVD Service in Azure requires Authentication and
Session hosts to be domain joined using Windows Active Directory (AD). This can be done
either from the on-premise environment or using Azure AD Domain Services (AAD-DS).
 Security and Compliance - Customers need to strengthen the security and access
mechanisms of their WVD deployments as they are governed by corporate policies
(compliance, regulations etc.). This is a crucial step in the WVD implementation.
 Image Management - Organizations use Custom Images to implement their desktops/apps
including security controls and configurations, pre-install their IT applications for specific
users. Ensure there is a good image management process is in place.
 Deploy and Configure Storage infrastructure for User Profile(s) - User profile management is
a key step in designing a successful WVD environment. A user profile contains data elements
about an individual user, including configuration information like desktop settings,
persistent network connections, and application settings. By default, Windows creates a
local user profile that is tightly integrated with the operating system. This section provides
steps to create a storage infrastructure for User profiles.
 Windows Virtual Desktop Service Deployment - This is one of the key steps in the WVD
deployment. Windows Virtual Desktop is a service that gives users easy and secure access to
their virtualized Desktops and RemoteApps. This section describes the various components
of a WVD Environment, and the steps required to deploy, setup and configure the WVD
service.
 FSLogix Setup and Configuration for WVD User Profiles - FSLogix is a set of solutions that
enhance, enable, and simplify non-persistent Windows computing environments. FSLogix
solutions are appropriate for Virtual environments in both public and private clouds. As part
of WVD, we will utilize the FSLogix Profile Containers to manage User profile data.
 Application and Desktop Management and Delivery - Once WVD elements are deployed, the
applications and desktops need to be published and managed. Ensure this step is part of the
implementation process.
 WVD Management - Management of WVD plays a crucial role in how the users interact with
the service. You can grant/revoke access to published applications or desktops through
Management, debug any issues that users come across when they access the service. Ensure
that your WVD implementation has taken this into consideration.
 Patch Management - Patch Management is the process of updating and patching the
Session host VMs to avoid any security vulnerabilities and applying any configuration
controls as required. This must be planned as part of the WVD implementation.

WVD Design and Architecture reference guide 5 Microsoft Corporation

  Business Continuity and Disaster Recovery (Azure to Azure) - Customers sometimes may
require a highly available WVD deployment. BCDR can be implemented for Session hosts
using ASR. This would protect the VMs and provide faster recovery from disasters.
 Validate End User Experience - Verify that the WVD Implementation is successful. This is a
critical stage in the overall process.
 Validate FSLogix Profile container creation - Verify that the FSLogix implementation is
successful. This ensures that the User Profile data is being managed correctly and enable
additional capabilities that FSLogix brings to the environment.
 WVD Service Monitoring – Ongoing monitoring of your WVD environment is required to
deliver best performance to your users. This will provide you with insights into any issues or
errors. Ensure that your WVD implementation has taken this into consideration.

5.2. Migrate On-Premise VDI to WVD

For Customers migrating from their existing RDS/VDI environment from on-premise to WVD
Service in Azure, please follow the recommended/necessary steps below to complete a
successful implementation and execution. You would be required to do everything in a greenfield
implementation and these additional steps.
 Azure Environment Assessment – Evaluate the current Azure footprint to drive efficiency
and reuse services. For Customers with existing Azure deployments, the assessment phase
can help identify resources that can be repurposed or utilized and reduce the number of
new Azure services required for deploying WVD.
 Licensing and Entitlements – Ensure there is a licensing plan in place to run the appropriate
apps or desktops in Azure WVD. Access Windows 10 Enterprise and Windows 7 Enterprise
desktops and apps at no additional cost if you have an eligible Windows or Microsoft 365
license. For accessing Windows Server based deployments, you need to have an RDS CAL
with SA.
 Desktop Application Assessment – Conduct an Application Landscape assessment.
Application assessments provide the current performance and usage details like OS,
Application Compatibility, CPU, memory etc., and aids in VM sizing recommendations by
classifying users into Personas (task workers, power users, knowledge worker etc.) and
related Azure costs. This is an optional step for greenfield deployments, but it is
recommended that partners/customers perform this to get detailed insights into their
applications needs.
 Azure Networking – As networking plays a crucial role in any cloud service deployment,
designing a robust network architecture to satisfy all the KPI requirements is important. This
should be part of your services in the design.
 Identity and Access Management - WVD Service in Azure requires Authentication and
Session hosts to be domain joined using Windows Active Directory (AD). This can be done
either from the on-premise environment or using Azure AD Domain Services (AAD-DS).
 Security and Compliance - Customers need to strengthen the security and access
mechanisms of their WVD deployments as they are governed by corporate policies
(compliance, regulations etc.). This is a crucial step in the WVD implementation.

WVD Design and Architecture reference guide 6 Microsoft Corporation

  Image Management - Organizations use Custom Images to implement their desktops/apps
including security controls and configurations, pre-install their IT applications for specific
users. Ensure there is a good image management process is in place.
 Deploy and Configure Storage infrastructure for User Profile(s) - User profile management is
a key step in designing a successful WVD environment. A user profile contains data elements
about an individual user, including configuration information like desktop settings,
persistent network connections, and application settings. By default, Windows creates a
local user profile that is tightly integrated with the operating system. This section provides
steps to create a storage infrastructure for User profiles.
 Windows Virtual Desktop Service Deployment - This is one of the key steps in the WVD
deployment. Windows Virtual Desktop is a service that gives users easy and secure access to
their virtualized Desktops and RemoteApps. This section describes the various components
of a WVD Environment, and the steps required to deploy, setup and configure the WVD
service.
 Migrate Existing RDS/VDI Infrastructure – Customers running an existing RDS/VDI
infrastructure running on-premises, WVD makes it easier to migrate the Session Hosts/VDIs
and run them in Azure. ASR/Azure Migrate is the tool of choice for migrations and can
migrate BOTH Windows Server and Client OS based machines.
 Convert and Migrate User Profiles – Customers running an existing RDS/VDI Infrastructure
and migrating to WVD are encouraged to migrate their user profiles to WVD.
 FSLogix Setup and Configuration for WVD User Profiles - FSLogix is a set of solutions that
enhance, enable, and simplify non-persistent Windows computing environments. FSLogix
solutions are appropriate for Virtual environments in both public and private clouds. As part
of WVD, we will utilize the FSLogix Profile Containers to manage User profile data.
 Application and Desktop Management and Delivery - Once WVD elements are deployed, the
applications and desktops need to be published and managed. Ensure this step is part of the
implementation process.
 WVD Management - Management of WVD plays a crucial role in how the users interact with
the service. You can grant/revoke access to published applications or desktops through
Management, debug any issues that users come across when they access the service. Ensure
that your WVD implementation has taken this into consideration.
 Patch Management - Patch Management is the process of updating and patching the
Session host VMs to avoid any security vulnerabilities and applying any configuration
controls as required. This must be planned as part of the WVD implementation.
 Business Continuity and Disaster Recovery (Azure to Azure) - Customers sometimes may
require a highly available WVD deployment. BCDR can be implemented for Session hosts
using ASR. This would protect the VMs and provide faster recovery from disasters.
 Validate End User Experience - Verify that the WVD Implementation is successful. This is a
critical stage in the overall process.
 Validate FSLogix Profile container creation - Verify that the FSLogix implementation is
successful. This ensures that the User Profile data is being managed correctly and enable
additional capabilities that FSLogix brings to the environment.

WVD Design and Architecture reference guide 7 Microsoft Corporation

  WVD Service Monitoring – Ongoing monitoring of your WVD environment is required to
deliver best performance to your users. This will provide you with insights into any issues or
errors. Ensure that your WVD implementation has taken this into consideration.

6.WVD Native Implementation Steps

6.1. Azure Environment Assessment
As part of the Azure environment assessment phase, check for the following services to see if it
exists and can be utilized (reused) to deploy WVD.

o Network
 Verify if the CIDR block for the VNET/subnet has enough IP addresses for
deploying new session hosts
 If utilizing a hybrid architecture, verify if a S2S VPN tunnel or Express Route
exists between your On-prem network to Azure VNET.
o Identity and Access Management
 Verify Active Directory Domain Services are available
 If the Customer is using Hybrid Architecture, verify that you have
 Connectivity to a Domain Controller from on-prem/Azure
 AD Connect configured to sync objects between Domain Controllers
and Azure Active Directory
 If the Customer is cloud native, verify that
 Azure Active Directory Domain Services is deployed to an Azure
VNET
 the VNET is peered with the AAD DS VNET if the Session hosts are
deployed in a different VNET
o Storage
 Verify if there is a storage solution (Azure Files/ NetApp Files/ SOFS Cluster/
Standalone File server) already in place for re-using it for user profile data

NOTE: If you choose Azure NetApp Files as the storage option, remember it has
regional limitations. Check to ensure the service is available in a region closer to you
for better performance.

o Licensing/Entitlements
 Verify if the Customer has the required licenses/entitlements.
 For accessing Windows Server deployments verify if the customer has required
number of CALs/SALs
o Image and Patch Management
 Verify if the Customer has any existing management solutions such as SCCM
that they would like to utilize for Image and Patch management OR azure native
solutions like update-management and image-builder-overview can be
leveraged.

WVD Design and Architecture reference guide 8 Microsoft Corporation

 NOTE: Based on your environment assessment, re-use any existing resources/services and
create other services (if not already present) as detailed in later sections of this document.

FOR EXAMPLE: if you already have a S2S VPN Tunnel or ExpressRoute in place then skip this
part under networking AND if you don’t have a storage solution, follow the guidance in the
storage infrastructure section to deploy one.

6.2. Licensing and Entitlements

Ensure all users have any one of the following Licenses/Entitlements per user or procure as
required.

OS Required license

Windows 10 Microsoft 365 E3, E5, A3, A5, F1, Business

Enterprise multi- Windows E3, E5, A3, A5
session or Windows
10 Enterprise

Windows 7 Enterprise Microsoft 365 E3, E5, A3, A5, F1, Business
Windows E3, E5, A3, A5

Windows Server 2012 RDS Client Access License (CAL) with

R2, 2016, 2019 Software Assurance

6.3. Desktop Application Assessment

This section describes the steps taken by a Partner (or Customer) to assess their Applications for
the WVD environment. Several tools are available for such assessments and below are the
recommended tools and their features

o Lakeside
 One of the preferred/recommended tools to do an assessment is from ISV
partner Lakeside. Use Lakeside for a deep application level assessment where it
generates User Personas, Performance reports, VM SKU recommendations for
the VDI Infrastructure that can be used to build out the WVD environment
 Register with Lakeside here and follow their instructions to download and setup
Assessment agents in your current infrastructure
 Lakeside generates reports after running the assessment for a minimum of 2
weeks
o Azure Migrate
 Use Azure Migrate for quick TCO and Infrastructure level assessments

WVD Design and Architecture reference guide 9 Microsoft Corporation

  Azure Migrate helps with
 Azure Sizing
 Azure Cost
 Azure Readiness for migrating On-prem VMs into Azure

Lakeside Features Az Migrate

Agent based Agent based/Agent less
WVD Right sizing assessment VM SKU Recommendation
User Persona Classification No User Persona classification
Application Landscape/Compatibility Can migrate VMs
Resource consumption Azure TCO

6.4. Networking
Your design should contain details on how the partner (or customer) will design and build out
the networking topology for the WVD deployment. The recommendation is to design your Azure
Networking using a Hub-Spoke topology. Consider the HUB like a DMZ deployed with your
Virtual Network Gateways and other security/edge appliances like Firewalls, AAD-DS Etc. while
the Spoke will act as the backend zone where your Session hosts servers are deployed and is
peered with the HUB.

sample architecture
diagrams.pptx
If required use the reference architecture diagrams attached.

o Gather networking requirements and setup a Virtual Network (VNET) using Hub-Spoke
Topology in Azure for deploying resources
 Deploy a Hub VNET
 Deploy and configure Network Gateways, Firewalls or any Network Virtual
Appliances in the Hub VNET
 Deploy a Spoke VNET and establish peering with the Hub VNET
 Configure User Defined Routes (if required) to route all traffic from the Spoke
VNET via the Hub VNET to avoid any traffic directly traversing from the Spoke
VNET
 Configure Network Security Groups (NSG) to allow/deny access to your Session
hosts.
 All Session hosts and any other infrastructure will be deployed into the Spoke
VNET
o If utilizing a hybrid architecture (dependencies with On-prem services or LOB apps),
setup one of the following
 Site to Site VPN
 Implement S2S VPN for encrypted traffic over the internet
 Setup S2S VPN with the Hub VNET

WVD Design and Architecture reference guide 10 Microsoft Corporation

  If you’re using multiple regions for deploying host pools, setup a S2S
tunnel with each region
 Express Route
 Implement Express Route if the Customers want a Private Peering
directly into Azure instead of traversing the Internet
 Refer to ExpressRoute location for locations close to you
o Additionally, for Migrations to WVD, create an isolated VNET to perform Test Failovers
(this VNET should not have any connectivity/dependencies to Production resources such
as Domain Controllers etc.)

6.5. Identity and Access Management

This section articulates the steps each partner (or customer) will take to setup the identity and
access management aspects for the WVD deployment. Please ensure that the Active Directory
requirements documented in WVD requirements are completed before the following
(additional) steps listed below are performed.

o Deploy/utilize one of the following for AD Domain Services presence in the VNET where
Session Hosts are deployed
 Utilize a hybrid architecture with S2S VPN or Express Route
 Have an on-prem AD server sync with Azure AD using AD Connect or
 Have an on-prem AD server sync with an IaaS AD VM in Azure and install
AD Connect on the IaaS VM to sync with Azure AD
 Deploy Azure AD Domain Services for Cloud Native deployments
o Create AD Organization Unit (OU) structure for WVD host pools
o Create GPOs to manage access and security on the WVD Session Hosts
o Create Users and AD Security Groups as required

6.6. Security and Compliance

Design and implement the following security and compliance services to ensure a secure WVD
solution.

o Implement Single Sign-On with Active Directory Federation Services

o Implement Multi Factor Authentication using Conditional Access for WVD
o Implement Azure Firewall or a Network Appliance to restrict access only to WVD
Resources
o Implement Firewall, NSGs, RBAC, security policies on dependent resources like File
servers, NetApp files, Azure Files
o Utilize Azure Security Center to strengthen the security and compliance posture of your
infrastructure
o Integrate Security Center with Azure Sentinel for proactive monitoring and threat
mitigation

WVD Design and Architecture reference guide 11 Microsoft Corporation

 6.7. Image Management
Follow the steps here to build a custom image for your Session hosts by uploading a VHD and
creating a managed image or by using Azure Image Builder. Customers/partners can also utilize
any existing image management solutions.

o If you don’t have any existing images, use Azure Image Builder (preview) or Build image
with Packer to manage images in Azure
 Register the feature
 Set Variables and Permissions
 Create an image definition and gallery
 Customize image
 Create image and build
o If you already have existing images that you would like to use with WVD follow any of
the below approaches to create images in Azure
 If you have an image On-prem, create an Image by following the steps below
 Create a virtual machine using your image
 Install and configure all required applications and settings including
Installing FSLogix bits
 If you're installing Office 365 ProPlus and OneDrive on your VM,
see Install Office on a master VHD image
 Prepare a Windows VHD or VHDX to upload to Azure
 Upload the Image to Azure Storage Account and c reate an Image
 If you have an image in Azure, create an Image by following the steps below
 Provision a VM in Azure
 Install and configure all required applications and settings including
Installing FSLogix bits
 If you're installing Office 365 ProPlus and OneDrive on your VM,
see Install Office on a master VHD image
 Generalize the Windows VM using Sysprep
 Create a Managed Image in the portal
o Secure/harden Windows 10 Multi-session image

6.8. Deploy and Configure Storage infrastructure for

User Profile(s)
The Windows Virtual Desktop service recommends FSLogix profile containers as the default User
Profile management solution. Refer to the comparison below and choose a storage solution that
suits your requirements.

WVD Design and Architecture reference guide 12 Microsoft Corporation

 o Gather requirements on User Profile Sizes and deploy one of the following to store the
User Profiles
 Scale out File Server with Storage Spaces Direct (SOFS with S2D)
 Azure NetApp Files
 Azure Files with SMB authentication using Azure AD Domain Services
 Deployments with < 50 users can also utilize a single VM with sufficient disk
space to be used as a File Server and host User Profiles

6.9. Windows Virtual Desktop Service Deployment

Once setup, the WVD service will provide Host pools which encapsulate all the Session hosts
running under them and control access to the published applications and desktops to the user.

Windows Virtual Desktop environment is comprised of the following hierarchy along with some
recommendations for each sections to provide guidance.

o Tenant groups
o Tenants

WVD Design and Architecture reference guide 13 Microsoft Corporation

 WVD is a multi-tenant solution which means you can have multiple WVD-tenants
deployed to the same AAD. Each customer scenario is different but below are a couple
of guidelines to help

 For customers with multiple divisions and orgs (Enterprise) and where each
division/org has different security requirements and more importantly different
teams for managing the service, you can have a tenant for ‘each’ division/org.
Example: For an enterprise called Contoso.com with multiple divisions like
development, services, R&D you can have separate WVD tenants like below

 Contoso-WVD-Dev
 Contoso-WVD-Services
 Contoso-WVD-R&D

 If security and service management is not an issue (Ex: Small & Medium business
(SMB) customers) you can just have one WVD tenant
 Contoso-WVD

o Host pools

HostPools represent a logical grouping of VM’s that can be configured for providing
pooled or persistent connections to WVD and you can have multiple HostPools within
each WVD tenant. Each customer scenario is different but below are a couple of
guidelines to help

 Recommend deploying Each HostPool to its own resource group

 The HostPool name must explain the purpose
 If possible, the HostPool and ResourceGroup names to be nearly identical (for easier
identification when querying Azure resources in general)
 For example, if contoso.com is deploying a HostPool to publish remote applications
for employees in the HR dept, they can do the following

o Create a Resource Group called WVD-Services-HRApps-HP01

 WVD suggests the resource type for the ResourceGroup Name
o Deploy a HostPool called Services-HRApps-HP01
 Services is the Division/Org name
 HRApps denotes the HostPool purpose
 HP01 explains this is a Hostpool (01 because you can have multiple
HostPools for HR)
o Session hosts

These are the actual VM’s where the remote applications and/or desktops are deployed.
And are tied to the HostPool. Each customer scenario is different but below are a couple
of guidelines to help

WVD Design and Architecture reference guide 14 Microsoft Corporation

  Since VM’s must be Domain Joined, always use a “unique VM prefix” during
deployment.
 For example, if contoso.com is deploying a 50 VM’s to the HostPool called Services-
HRApps-HP01 they can use the VM prefix as HRApps-HP01-VM

o Once deployment completes you will see VM’s from HRApps-HP01-VM01

through HRApps-HP01-VM50
o This way, each VM name will be ALWAYS UNIQUE since the name is tied to
the HostPool they are mapped to.

o App groups
o Customizable per user requirements
o Remote apps or desktops
o Customizable per user requirements
o End users

Please follow the steps below to perform the build out of the WVD service.
o Give AAD Admin Consent to the WVD service
o Assign Tenant Creator role in AAD to required users/service principals
o Install WVD PowerShell module
o Create a new WVD Tenant
o For greenfield deployments follow the below steps and skip this for Migrations to WVD
 Use Azure Marketplace Deployment or GitHub ARM Template Deployment to
create a Host pool and deploy Session hosts into it.
 Windows 10 Multi-Session Deployment
 Windows 10 Enterprise
 Windows 7 Enterprise
 Windows Server 2012 R2 and above

Note: Ensure the session host VMs are deployed into an availability set to
avoid losing all VMs during a single patching/maintenance window

o Validate HostPool Deployments

6.10. Migrate Existing RDS/VDI Infrastructure

Customers/Partners who need to migrate their existing on-prem RDS deployments to Azure and
host them as Session hosts in WVD need to review this section.

o Deploy and configure ASR Agents on the Physical hosts

o Configure replication to Azure Storage account
o Perform a test failover to validate the VMs are fully replicated without any issues

WVD Design and Architecture reference guide 15 Microsoft Corporation

 o Perform final failover to Migrate the VMs to Azure and ensure the VMs that will be part
of a particular hostpool are in availability sets to avoid VMs going down for maintenance
at the same time.
o Verify that all security and governance policies are still intact
o Install WVD Agents on the VMs to create a Host pool and attach these VMs to the Host
pool
o Configure FSLogix on the VMs if they are non-persistent
o Create and publish Remote Apps/Desktops and grant access to Users

6.11. Convert and Migrate User Profiles

As part of the migration process, the Customer can use software from Liquidware. Liquidware’s
ProfileUnity is the recommended tool to move user profiles (UPDs, UPMs etc.) from on-premises
storage to Azure. ProfileUnity automates the migration process and the Users can see their
profile data in WVD with near-zero downtime. If migrating to WVD, your design should articulate
how the User’s profile data is migrated and converted (if required) to be compatible with FSLogix.

6.12. FSLogix Setup and Configuration for WVD User

Profiles
The steps below describe how to install and configure FSLogix on Session hosts.

o Install FSLogix as part of preparing your Master Image. This can be done in multiple
ways. Please select an appropriate method from below
 Manual installation
 Download the bits from here
 Copy them onto the VM
 Install FSLogixAppsSetup.exe
 Deploy using GPO
 Utilize any existing application deployment strategy (SCCM).
o Configure FSLogix on the non-persistent (shared Desktops like Win 10 multi-user )
Session host VMs. You can also configure the same for personal desktops although, we
strongly recommend consulting your storage expert for this.
 Configure FSLogix settings using GPO to centrally manage all VMs from a single
policy
 Customers can also configure these settings by modifying local registry settings
although this is not recommended

6.13. Application and Desktop Management and

Delivery
Once the WVD tenant is setup and a Host pool(s) are deployed, Admins are required to publish
and deliver remote applications and desktops for the users to access.

o Publish Applications or Desktops in the Host pool

 Create a RemoteApp group and set type to RemoteApp or RemoteDesktop
 For RemoteApps

WVD Design and Architecture reference guide 16 Microsoft Corporation

  Browse and add applications to the RemoteApp group
 Assign users to the RemoteApp group in order to access the published
applications or desktops
o Implement Application Masking from FSLogix or any 3rd party service to block access to
certain applications to users or to grant access to only a certain apps.
 Create a Rule Set
 Test the Rule Set
 Assign users/groups to the Rule to either allow them or deny them from
accessing applications
 Deploy the Rule Set
o Implement Application Layering using any one of the below solutions. With application
layering, administrators can separate Windows applications from the underlying
infrastructure and send selected virtual apps to users, depending on given
circumstances, without the need for installation.
 Liquidware FlexApp
 Microsoft App-V

6.14. WVD Management

The steps below describe how to install and configure the required WVD management options.

o Manage the service configuration using PowerShell

 Customize Feed for Windows Virtual Desktop
 Customize RDP Properties
 Load Balancing strategies – Depth First vs Breadth First vs Persistent
 RBAC Roles and privileges available for WVD Access Control
o Deploy Scaling Script or Azure Automation Runbook for PowerShell to Auto On/Off
Session host VMs based on the current user load
o Deploy WVD Management UI in the subscription using GitHub ARM Template

6.15. Patch Management

Patch Management is the process of updating and patching the Session host VMs to avoid any
security vulnerabilities and applying any configuration controls as required. Below instructions
are for managing Windows updates using Azure Automation. Customers can also utilize their
existing management services such as SCCM or any 3 rd party services.

o Create an Azure Automation Account

o Enable Update Management
o View Update Assessment
o Schedule an update deployment

6.16. Business Continuity and Disaster Recovery

(Azure to Azure)
This could be an optional service Partners (or Customers) may choose to implement.

WVD Design and Architecture reference guide 17 Microsoft Corporation

 o Implement Disaster Recovery of Session host VMs to another geographic location using
Azure Site Recovery (ASR).
 Create a Recover Services Vault in a different region than where the Session
hosts are deployed
 Enable Replication
 Failover to the target region in the event of a Disaster
 Resynchronize the VMs once the source region is online
 Failback once the resynchronization is successful
NOTE: Be advised there is manual work needed to perform the cross-region failover.

6.17. Validate End User Experience

This section describes the success metrics for the WVD Implementation.

o Use a supported connection method to access WVD resources

 Windows 7 or Windows 10
 Web Client
o Launch published applications/desktops and verify functionality

6.18. Validate FSLogix Profile container creation

This section describes the success metrics for the FSLogix Implementation.
o Login to the Storage solution deployed
o Navigate to the share path
o Verify that a VHDX is created for the user

6.19. WVD Service Monitoring

The steps below describe how to install and configure the required WVD monitoring options.

o Investigate WVD activity log and errors using the PowerShell module
o Deploy and integrate a Log Analytics workspace to the WVD Tenant using PowerShell
 Run queries in the workspace to gather data on CPU Usage trends etc., for the
Session host VMs
o Check VM health and performance using Azure Monitor
 Can also use Azure Monitor for RDS and Windows Virtual Desktop by Sepago
o Deploy a WVD Diagnostics Portal in the subscription using GitHub ARM Template

WVD Design and Architecture reference guide 18 Microsoft Corporation