Commonly referred to as hosted/virtual desktop service, Desktop as a Service (DaaS) enables remote work by connecting end user devices with virtualized desktops that host cloud-based workspaces. In a world still dealing with the realities of the COVID-19 pandemic, the work-from-home ethos remains a prominent feature of the business landscape, meaning desktop as a service is here to stay. How is this model offered by Azure?
In this article, we discuss how Azure leverages its Virtualized Desktop Infrastructure (VDI) platform to implement a DaaS model, discuss the benefits of Azure’s VDI, and the best practices to ensure an optimized virtual desktop environment.
Use the links below to jump down to the sections on:
Desktop as a service is widely available throughout the cloud. The Azure DaaS model enables enterprise users to access cloud-hosted virtualized applications and desktops from any device, irrespective of their location. Azure DaaS is a high-performance, secure platform that simplifies the scaling of virtual desktops, applications, and data, while offering a predictable, subscription-based payment model.
Microsoft implements its Azure DaaS model using its Virtual Desktop Infrastructure (VDI) platform that enables enterprises to run traditional desktop workloads on centralized virtual machines. These virtual machines are grouped in host pools and can be remotely connected by assigned users through a device of their choice.
Unlike traditional VDI/RDS (Remote Desktop Services), the Azure DaaS offering provides comprehensive managed services on various aspects of desktop virtualization, including:
For comparison, read about how AWS handles DaaS in AWS DaaS: WorkSpaces Architecture & Security Considerations.
Microsoft Azure's virtual desktop infrastructure (VDI) services offer DaaS capabilities to deliver Windows-based desktops and applications securely over the internet, eliminating the need for onsite servers or physical computing devices. This allows organizations to reduce their IT costs by consolidating all of their endpoints into one secure environment.
With Microsoft Azure, you can deploy your own customized desktop images with preconfigured settings or choose from a range of ready-to-use templates. These include standard configurations, such as Windows Server 2016 Standard, Windows Server 2012 R2 Datacenter, and Windows Server 2008 R2 Standard, as well as specific editions of those services.
Azure VDI also allows you to create your own customized desktop image based on Windows 10 (Pro, Enterprise, or Education). In addition, Azure's VDI platform also supports the following features:
Azure VDI services operate on a number of core components that define how end users remain seamlessly connected to desktops and applications. These components include:
There are two Azure virtual desktop infrastructure (VDI) offerings: Azure Virtual Desktop or Remote Desktop Services.
Azure Virtual Desktop (formerly Windows Virtual Desktop)
Earlier known as Windows Virtual Desktop, Azure Virtual Desktop (AVD) is a VDI service that lets enterprise users access multi-session Windows 10 and 11 desktops from anywhere.
Multi-session user groups help save costs by leveraging existing Microsoft licenses, paying only for the services and applications they use, and allowing multiple users to connect to a virtual machine without paying separate license fees. The Azure Virtual Desktop service also integrates with desktop virtualization environments such as VMWare Horizon Cloud or Citrix DaaS for seamless, centralized management of hybrid DaaS deployments.
Since the VDI infrastructure is an Azure managed service, administrators are only required to manage virtual machines and desktop images. AVD can be managed from the centralized Azure Portal, where administrators can configure network settings, scale application services, and manage user policies. Azure also offers Compute Gallery, which can be used as a repository for sharing and managing desktop images to support different environments.
Remote Desktop Services (RDS)
Azure RDS is a desktop virtualization service that allows remote access of Windows Server OS. As a legacy VDI solution, RDS is based on a Remote Desktop Connection (RDC) client-server architecture that is available for Windows Server 2008 R2 and later versions. RDS supports desktop virtualization using two options:
Adopting Azure VDI for a DaaS model include these benefits:
Some recommended practices for using Azure Virtual Desktop service include:
While the VDI allows users to access desktop services irrespective of their location, preventing security breaches over public or insecure networks is a critical consideration. As a recommended practice, security administrators should leverage Azure AD’s MFA to enforce an additional authentication factor beside user credentials. Administrators can set policies that typically requires users to present at least two evidence of the following:
Azure AD also allows the use of Conditional Access to help enforce security policies based on a number of signals including, resources requested, user location, device identity, and assumed real-time risk. These signals help detect active threats before granting entities access to the VDI. Apart from granting or blocking access, signals also act as essential factors that help make decisions including restricted access of specific resources and enforcing risk remediation to prevent malicious attempts.
As with hosting sessions on any virtual infrastructure, different workload types require different machine configurations. It is important to periodically review capacity utilization of workloads and shut down unutilized instances, while resizing those whose capacity do not match workload use cases.
The practice not only helps save cost by minimizing underutilized VMs, but also ensures optimum user experience by allocating the right amount of resources based on computational requirements. When starting up, it is also a recommended practice to deploy a large number of small instances instead of a few large ones. The practice is particularly useful where operational uncertainties may require quick refactoring and decommissioning of services due to underutilization.
Operating cost of an Azure Desktop Infrastructure is significantly influenced by the resources consumed by its underlying virtual machines. Enterprise teams can reduce compute costs by purchasing reserved instances with multi-year fixed terms. Azure offers reserved VM instances as flexible-long-term-commitment options that require user organizations to pay upfront on virtual desktop machines, and save up to 80% less compared to pay-as-you-go instances.
Containers are lightweight and operate on fewer system resources than traditional, monolithic frameworks or VMs. Adopting containers helps reduce operational overheads to manage workloads on Azure Desktop infrastructure. Not only do containers minimize operating cost, but they can also be deployed quickly across distributed environments, enabling seamless collaboration between remote teams working on a centralized Azure infrastructure.
Organizations should consider using cloud-based storage to host VDI infrastructure data and file shares for enterprise-grade storage benefits, including enhanced agility, reduced cost, and robust data protection.
Platforms such as NetApp BlueXP Cloud Volumes ONTAP complement Azure VDI solutions by eliminating the need for refactoring existing infrastructure while benefiting from features that can enhance VDI deployment, such as SnapMirror® data replication technology for rapid data replication and migration. The platform also reduces VDI environment footprint with automated tiering, rightsizing VDI instances, data compression, deduplication, and thin provisioning for improved desktop app performance and optimized costs.
While there is no doubt a DaaS model offers the best ROI when compared to a legacy workplace setup, the benefits of scalability, agility, and security are some other core benefits of the model that cannot be ignored. However, a distributed hybrid cloud VDI environment can often introduce operational complexities and sub-optimal performance. NetApp offers a solution to avoid those challenges: BlueXP.
Whether you are operating an on-prem VDI environment or are looking to adopt a hybrid model, BlueXP provides numerous services to enhance, protect, and govern your VDI workloads. With Cloud Volumes ONTAP, BlueXP can help you quickly replicate VDI data to multiple global cloud instances without reformatting and service disruptions.
Learn more about integrating NetApp Cloud Volumes ONTAP with Azure VDI, and how Cloud Volumes ONTAP helped this customer handle increased WFH demands with VDI.