Storage
Mobility
Protection
Analysis and control
TOPICShare
Commonly referred to as hosted/virtual desktop service, Desktop as a Service (DaaS) enables remote work by connecting end user devices with virtualized desktops that host cloud-based workspaces. In a world still dealing with the realities of the COVID-19 pandemic, the work-from-home ethos remains a prominent feature of the business landscape, meaning desktop as a service is here to stay. How is this model offered by Azure?
In this article, we discuss how Azure leverages its Virtualized Desktop Infrastructure (VDI) platform to implement a DaaS model, discuss the benefits of Azure’s VDI, and the best practices to ensure an optimized virtual desktop environment.
Use the links below to jump down to the sections on:
What Is DaaS in Azure?
Desktop as a service is widely available throughout the cloud. The Azure DaaS model enables enterprise users to access cloud-hosted virtualized applications and desktops from any device, irrespective of their location. Azure DaaS is a high-performance, secure platform that simplifies the scaling of virtual desktops, applications, and data, while offering a predictable, subscription-based payment model.
Microsoft implements its Azure DaaS model using its Virtual Desktop Infrastructure (VDI) platform that enables enterprises to run traditional desktop workloads on centralized virtual machines. These virtual machines are grouped in host pools and can be remotely connected by assigned users through a device of their choice.
Unlike traditional VDI/RDS (Remote Desktop Services), the Azure DaaS offering provides comprehensive managed services on various aspects of desktop virtualization, including:
- Brokering
- Maintenance
- Network
- Storage
- Licensing
- Hosting
For comparison, read about how AWS handles DaaS in AWS DaaS: WorkSpaces Architecture & Security Considerations.
Is Azure Virtual Desktop DaaS?
Microsoft Azure's virtual desktop infrastructure (VDI) services offer DaaS capabilities to deliver Windows-based desktops and applications securely over the internet, eliminating the need for onsite servers or physical computing devices. This allows organizations to reduce their IT costs by consolidating all of their endpoints into one secure environment.
With Microsoft Azure, you can deploy your own customized desktop images with preconfigured settings or choose from a range of ready-to-use templates. These include standard configurations, such as Windows Server 2016 Standard, Windows Server 2012 R2 Datacenter, and Windows Server 2008 R2 Standard, as well as specific editions of those services.
Azure VDI also allows you to create your own customized desktop image based on Windows 10 (Pro, Enterprise, or Education). In addition, Azure's VDI platform also supports the following features:
- RemoteFX
- BitLocker Drive Encryption
- Virtual Networking
- Hyper-V
- VM Scale Sets
Azure VDI services operate on a number of core components that define how end users remain seamlessly connected to desktops and applications. These components include:
- Host pools: For access of virtualized personal and pooled desktops
- Application groups: Provide access of core desktop services and applications remotely
- Tenant Tenant groups: These assign users to host pools and app groups
Azure DaaS VDI Offerings
There are two Azure virtual desktop infrastructure (VDI) offerings: Azure Virtual Desktop or Remote Desktop Services.
Azure Virtual Desktop (formerly Windows Virtual Desktop)
Earlier known as Windows Virtual Desktop, Azure Virtual Desktop (AVD) is a VDI service that lets enterprise users access multi-session Windows 10 and 11 desktops from anywhere.
Multi-session user groups help save costs by leveraging existing Microsoft licenses, paying only for the services and applications they use, and allowing multiple users to connect to a virtual machine without paying separate license fees. The Azure Virtual Desktop service also integrates with desktop virtualization environments such as VMWare Horizon Cloud or Citrix DaaS for seamless, centralized management of hybrid DaaS deployments.
Since the VDI infrastructure is an Azure managed service, administrators are only required to manage virtual machines and desktop images. AVD can be managed from the centralized Azure Portal, where administrators can configure network settings, scale application services, and manage user policies. Azure also offers Compute Gallery, which can be used as a repository for sharing and managing desktop images to support different environments.
Remote Desktop Services (RDS)
Azure RDS is a desktop virtualization service that allows remote access of Windows Server OS. As a legacy VDI solution, RDS is based on a Remote Desktop Connection (RDC) client-server architecture that is available for Windows Server 2008 R2 and later versions. RDS supports desktop virtualization using two options:
- Session-based virtualization creates a network around a Windows Server, allowing multiple users to share a single server.
- Virtual Desktop Access enforces one-to-one access for Windows clients, providing users with familiar Windows 7, 10, or 11 desktop environments.
The Benefits of Using an Azure VDI Solution for Azure DaaS
Adopting Azure VDI for a DaaS model include these benefits:
- Enables remote work: Regardless of the user's physical location, Azure VDI allows users to move data between multiple deployment platforms while supporting a bring-your-own-device (BYOD) working model to allow data access from any device.
- Simplified desktop management: VDI reduces administrative overhead by outsourcing the deployment, configuration, and management of desktop applications. The flexible scalability of Azure VDI deployments also simplifies IT administration functions.
- Enhanced security: As data and applications reside on Azure data centers, security threats associated with running desktop workloads on personal devices are managed and mitigated by Microsoft. In instances where an employee’s device is compromised, the platform allows those devices to be locked out quickly to prevent deeper exploits, while allowing easy data recovery for faster resumption of services.
- IT cost optimization: Azure VDI services eliminate the cost of procuring physical hardware, subsequently helping save expenses on resource upskilling towards management of desktop infrastructure. The pay-as-you-go model also allows enterprises to pay for virtual machines or application suites as needed, eliminating recurring costs incurred towards unused services.
- Lengthens life of legacy infrastructure: Azure VDI allows enterprises to leverage the upgraded features of new software without having to replace their on-premises machines at once. This is particularly useful for organizations that cannot immediately upgrade their existing on-premises hardware due to prohibitive costs, but are looking to leverage modern operating systems and applications on user machines to support evolving use cases.
Best Practices for Using Azure Virtual Desktop Service
Some recommended practices for using Azure Virtual Desktop service include:
- Enforce multi-factor authentication (MFA)
While the VDI allows users to access desktop services irrespective of their location, preventing security breaches over public or insecure networks is a critical consideration. As a recommended practice, security administrators should leverage Azure AD’s MFA to enforce an additional authentication factor beside user credentials. Administrators can set policies that typically requires users to present at least two evidence of the following:
- Knowledge: Password, PIN, token, etc.
- Inherence: Fingerprint or facial recognition, voice recognition, etc.
- Possession: Handheld devices for OTP, USB token, etc.
- Enable conditional access
Azure AD also allows the use of Conditional Access to help enforce security policies based on a number of signals including, resources requested, user location, device identity, and assumed real-time risk. These signals help detect active threats before granting entities access to the VDI. Apart from granting or blocking access, signals also act as essential factors that help make decisions including restricted access of specific resources and enforcing risk remediation to prevent malicious attempts.
- Rightsizing workload instances
As with hosting sessions on any virtual infrastructure, different workload types require different machine configurations. It is important to periodically review capacity utilization of workloads and shut down unutilized instances, while resizing those whose capacity do not match workload use cases.
The practice not only helps save cost by minimizing underutilized VMs, but also ensures optimum user experience by allocating the right amount of resources based on computational requirements. When starting up, it is also a recommended practice to deploy a large number of small instances instead of a few large ones. The practice is particularly useful where operational uncertainties may require quick refactoring and decommissioning of services due to underutilization.
- Commit to reserve instances for cost discounts
Operating cost of an Azure Desktop Infrastructure is significantly influenced by the resources consumed by its underlying virtual machines. Enterprise teams can reduce compute costs by purchasing reserved instances with multi-year fixed terms. Azure offers reserved VM instances as flexible-long-term-commitment options that require user organizations to pay upfront on virtual desktop machines, and save up to 80% less compared to pay-as-you-go instances.
- Consider containerizing workloads
Containers are lightweight and operate on fewer system resources than traditional, monolithic frameworks or VMs. Adopting containers helps reduce operational overheads to manage workloads on Azure Desktop infrastructure. Not only do containers minimize operating cost, but they can also be deployed quickly across distributed environments, enabling seamless collaboration between remote teams working on a centralized Azure infrastructure.
- Use a cloud-based data management platform
Organizations should consider using cloud-based storage to host VDI infrastructure data and file shares for enterprise-grade storage benefits, including enhanced agility, reduced cost, and robust data protection.
Platforms such as NetApp BlueXP Cloud Volumes ONTAP complement Azure VDI solutions by eliminating the need for refactoring existing infrastructure while benefiting from features that can enhance VDI deployment, such as SnapMirror® data replication technology for rapid data replication and migration. The platform also reduces VDI environment footprint with automated tiering, rightsizing VDI instances, data compression, deduplication, and thin provisioning for improved desktop app performance and optimized costs.
Conclusion
While there is no doubt a DaaS model offers the best ROI when compared to a legacy workplace setup, the benefits of scalability, agility, and security are some other core benefits of the model that cannot be ignored. However, a distributed hybrid cloud VDI environment can often introduce operational complexities and sub-optimal performance. NetApp offers a solution to avoid those challenges: BlueXP.
Whether you are operating an on-prem VDI environment or are looking to adopt a hybrid model, BlueXP provides numerous services to enhance, protect, and govern your VDI workloads. With Cloud Volumes ONTAP, BlueXP can help you quickly replicate VDI data to multiple global cloud instances without reformatting and service disruptions.
Learn more about integrating NetApp Cloud Volumes ONTAP with Azure VDI, and how Cloud Volumes ONTAP helped this customer handle increased WFH demands with VDI.
