Azure

Windows Virtual Desktop

Design Document
v0.1

By Jack Rudlin
22/07/19

Confidential (Internal)
Windows Virtual Desktop (WVD)
What is it?
• Windows Virtual Desktop (WVD) is a cloud service hosted
by Microsoft in Azure which offers applications via a
Remote Desktop Services (similar to Citrix XenApp) type
technology.
• WVD is the only service to offer multi-user Windows 10
desktops running in the Azure cloud.
• WVD is a cloud service and therefore accessible via the
public internet.
• Usage of the service is included as part of the M365 Office
365 licensing suite – the only costs are Azure computer
resources.

Confidential (Internal)
WVD – Why do we need it?
• WVD is a cost-effective, scalable cloud hosted application delivery
mechanism for complex business applications which allows us to shift from a
legacy Citrix XenApp infrastructure to a modern cloud hosted service.
• Provides a secure, reliable and performant infrastructure hosted in close
proximity to existing backend servers/services – low latency.
• Isolates out-of-date, unsupported software in a centralized “locked-down”
environment.
• Avoids continuous Win10 “Evergreen” testing cycles.
• Forms part of the Business Continuity Plan.
• Removes need for VPN’s.
• In the future, as the service is internet/web based, we will be able to offer it
to users working on any device, personal or corporate!

Confidential (Internal)
WVD – What does it look like?
HTML5 Browser Based
Confidential (Internal)
WVD – What does it look like?
Windows 10 via Start Menu

Confidential (Internal)
 WVD – What does it look like?
Windows 10 via Remote Desktop Client

Confidential (Internal)
 WVD – Infrastructure Design Overview
Windows Virtual Desktop – Overview
(Win10 VMs running apps in Azure, aka Citrix replacement) 3.
When an app is launched, the WVD
By Jack Rudlin 15/07/2019 service load balances the
connection to the WVD VMs to
launch the app.

Gateway subnet IaaS WVD VMs

The application session is displayed
Azure to user over the internet.
4. ExpressRoute NSG

If an application running in on a Gateway

WVD VM needs access to on-
premises servers / infrastructure, it
connects to the server within the
3
Azure VNET, or over the http://aka.ms/wvdweb
ExpressRoute.

NSG
VDI Subnet 2.
The internet facing WVD
Microsoft service, managed by
ExpressRoute managed WVD
circuit components Microsoft, authenticates
1GB users using Azure AD.
Production Subnet
UK South - Prod VNET
WVD PaaS
A list of available
RemoteApps are displayed.

MPLS Internet
Gateway
1.
Windows 10 devices use
On-premises their internet connection to
servers initiate a channel to the
Windows Virtual Desktop
Windows 10
service.
devices

On-prem LAN

Confidential (Internal)
WVD – Infrastructure Components

WVD Service UK South V2

Storage
account

\\File-Server\packages$
Storage blob

Traditional
SMB file share

Group Policy

FSLogix VHDX
Win10 WVD VMs Roaming Profile
agent

Azure VM Image
generated by Packer in
Devops
WVD Gold image

Confidential (Internal)
WVD – VM Image Components
Free, enterprise grade ͞roaming Finance case
profile͟type solution by Microsoft management

Business
Public package systems
manager and ProClaim support tool
repo FS Logix

Toad for
Chocolatey Oracle
Minimum supported version of
Office suite
Office 2013
Other apps
Azure File
Share Vanilla Win10 1903
\\myappssa.file.core.windows.net\
packaged-app-installs optimised for WVD
OS image
Azure Marketplace Gallery

West Europe V2 Storage account

Storage blob

Packer by HashiCorp
from an Azure Devops
Build Pipeline
Packer

Output from Packer is a fully prepared

Azure VM Image
WVD Gold image

Confidential (Internal)
WVD – Application Release Flow
Request for
new application
package in
WVD

Package the app for a Successful install/

silent install Test test on a Win10 VM?
Yes

No

Update WVD gold

No image template in
Devops

Was WVD gold build

successful? Initiate Devops Build pipeline

Yes

Initiate Devops Was WVD release

Release pipeline deployment Yes
successful?

No

No Successful UAT? Begin UAT

Yes

Promote latest
WVD release

Confidential (Internal)
WVD – Devops CI/CD Lifecycle

The four stages of aintroducing a new application into a Windows

Virtual Desktop environment using a CI/CD devops approach.

Confidential (Internal)
WVD – Cost criteria
• The costs associated with WVD come mostly from Azure
Virtual Machines running Windows 10, so compute and
storage.
• Roaming user profiles are stored on blob storage.
• Outbound ExpressRoute data costs.
• Cost criteria:
– 100 concurrent users
– 600 users total
– 1 user per ~1Gb memory
– 1Gb profile size per user
• Microsoft sizing guide

Confidential (Internal)
WVD – Costs
– D8s_v3 = 8vCPU 32Gb £xx 12800iops / 388/user
– B2s = 2vCPU 4Gb £xx x 8 = 16vCPU / 32Gb 12800iops / 388/user
– B8ms = 8vCPU 32Gb £xx 4320iops / 130/user
– B2ms = 2vCPU 8Gb £xx x 4 = 8vCPU / 32Gb 9600iops / 290/user
– Note: Above costs are Per machine

Scenario Light 33 users Medium 25 users

p/server p/server

Compute
OS Storage
Profile Storage
(600GB)
- Data
Prices transfer
are per annum and based on a PayG model, where ¾ of machines
are shutdown out of business hours.
Total

Confidential (Internal)
WVD – Current Limitations
• Cannot assign applications by AD Group, only by direct user
assignment.

• The WVD service is still in public preview – it is due to go

Generally Available (GA) in 2020H1.

• The closest WVD broker is in the East Coast of USA – this will
change to UK South when it goes GA, but currently is presents a
small amount of latency.

Confidential (Internal)