(Azure) Virtual Desktop Optimization Tool now available
Optimizing images has always been an important component of preparing images as part of a traditional Remote Desktop Services (RDS) infrastructure or virtual desktop infrastructure (VDI). Optimizing session hosts, in particular, can increase user density and eventually lower costs. With the Virtual Desktop Optimization Tool, you can optimize your Windows 10, version 2004 multi- and single-session deployments in Windows Virtual Desktop. Note: The information in this post is community-driven; nothing has yet been officially launched by the Windows Virtual Desktop product team. Credit goes to Robert M. Smith and Tim Muessig from Microsoft, previously known as the VDIGuys, for creating this tool and make it available for free for the community. Windows 10 multi-session image name change As noted in recent announcements, Office 365 ProPlus is now Microsoft 365 apps for Enterprise. With this name change, we have updated the Windows Virtual Desktop image names in Azure Marketplace. As a result, when you are looking for an image in the Azure Marketplace image gallery, you should begin by selecting Windows 10 Enterprise multi-session, version 2004 + Microsoft 365 Apps – Gen1 as your baseline image. How the Virtual Desktop Optimization Tool works The (Windows) Virtual Desktop Optimization Tool disables services in the operating system that you most likely won’t need for your Windows Virtual Desktop session host. To make sure that your line-of-business (LOB) applications continue running as they should, there are some preliminary steps that should first performed. Note: There are settings default disabled when you run the scrip out of the box such as AppX Packages for the Windows Calculator. We strongly suggest analyzing the tool via the JSON files that include the default settings. This also gives you the opportunity to enable them before running the tool so they remain untouched. I'll explain more about this later on in the article. The full list of enhancements for native Windows services will be available soon. Bookmark Run and tune your Remote Desktop Services environment for the latest updates. Expected performance gains Windows Virtual Desktop value-added services provider and Microsoft partner LoginVSI performed early tests with the Virtual Desktop Optimization Too and gained over 100 users in their internal benchmarking lab environment with a Windows 10, version 2004 single session. We, therefore, assume that this gain will also be possible with Windows 10 Enterprise multi-session. VSImax asserts a maximum number of users that are able to log on to the virtual desktop hosts pool as part of the underlying infrastructure. That number is the "sweet spot" as going over that number will decrease performance for all users. (Thanks to LoginVSI for sharing these results with us.) Note: We recommend you use simulation tools to test your deployment using both stress tests and real-life usage simulations to ensure that your system is responsive and resilient enough to meet user needs Remember to vary the load size to avoid surprises. Desktops in the Cloud on Performance Optimizations for Windows Virtual Desktop with Robert and Tim (aka VDI Guys) We recently had the creators of the Virtual Desktop Optimization tool as guests on our Desktops in the Cloud video-podcast. Robert and Tim explained everything you should know, as well as best practices and lessons learned. A must watch in extension to this article. Watch it below. How to use the Virtual Desktop Optimization Tool The Virtual Desktop Optimization Tool makes it possible to disable uncommon services for virtual desktop environments, such as Windows Virtual Desktop. Note: We recommend that you run the script after the Sysprep (System Preparation) process, most likely as startup script w with a large set of virtual machines. This is due to the AppX Packages that conflict and most likely the sysprep will fail. Download all scripts from the Virtual-Desktop-Optimization-Tool GitHub repository. Select Clone or download, followed by Download ZIP. Unzip the folder to your Windows Virtual Desktop session host(s) to a specified folder (e.g. C:\Optimize or C:\Temp). Note: You could also run the scripts as part of your image management procedure e.g. Azure image Builder (AIB) or Azure DevOps. Important information before running the tool There are settings default disabled when you run the scrip out of the box such as AppX Packages for the Windows Calculator. We strongly suggest analyzing the tool via the JSON files that include the default settings. This also gives you the opportunity to enable them before running the tool so they remain untouched. You can find the JSON file in the Windows built number folder, under ConfigurationFiles - e.g. C:\Optimize\2004\ConfigurationFiles. You've to put the settings to Enabled - that you want to keep as default. Below is the example file for AppX Packages, there are JSON files for Services and scheduled tasks as well. Another option is to remove the while entry out of the JSON file. AppxPackages.json - Example Windows Calculator App { "AppxPackage": "Microsoft.WindowsCalculator", "VDIState": "Enabled", "URL": "https://www.microsoft.com/en-us/p/windows-calculator/9wzdncrfhvn5", "Description": "Microsoft Calculator app" }, Services.json - example Windows Update Service { "Name": "UsoSvc", "VDIState": "Enabled", "Description": "Update Orchestrator service, manages Windows Updates. If stopped, your devices will not be able to download and install the latest updates." }, Prepare to launch Windows PowerShell and select Run as Administrator. In PowerShell, change the directory to the folder to which you downloaded the scripts, e.g. C:\Optimize or your own specific folder. Run the following command: Set-ExecutionPolicy -ExecutionPolicy Bypass Run the Virtual Desktop Optimization Tool using the following command: .\Win10_VirtualDesktop_Optimize.ps1 -WindowsVersion 2004 -Verbose Note: When you use a different version of Windows 10, you must change the WindowsVersion parameter. Version 1803 and later are supported for Windows 10 Enterprise. Windows 10 multi-session support is only available with Windows 10, version 2004 and later. Select Yes when prompted to reboot the session hosts(s). Start your Windows Virtual Desktop session. As you can see in the Task Manager comparison below, the number of threads and handles has decreased noticeably after running the Virtual Desktop Optimization Tool. Do you have any problems with orphaned Start Menu shortcuts after running the tool? Have the user open Task Manager, then end the following two processes: ShellExperienceHost.exe StartMenuExperienceHost.exe Have them check the Start Menu and they should be gone. Happy optimizing! 🙂 Let us know your feedback on the tool in the comment section below. Prefer to watch and learn? There’s also a video on Azure Academy available later this week by Dean Cefola. You can find it here.
Digital event: Azure Virtual Desktop Master Class on January 25
Join us for the upcoming Azure Virtual Desktop digital event Learn best practices for delivering secure remote work experiences with Azure Virtual Desktop. Hear the latest product updates and virtual desktop infrastructure (VDI) optimization tips from Microsoft experts, partners, and community leaders. Join us at this free digital event to: Explore technical deep dives covering the newest Azure Virtual Desktop features. Learn how to deploy, optimize, and manage Azure Virtual Desktop at scale. Get tips for optimizing the costs of your Azure Virtual Desktop environment. Find out how to apply Azure security practices for desktop virtualization. Discover strategies for migrating your Remote Desktop Services, Citrix, and VMware VDI from on-premises to Azure. Delivered in partnership with Intel. Register now > Azure Virtual Desktop Master Class Tuesday, January 25, 2022 9:00 AM–12:00 PM Pacific Time
Teams bandwith in an VDI environment
We offered a Microsoft Azure Stack HCI solution as a talking point to a customer with with 9 branches. They want (now with thin clients) with +/- 70 CCU via RDS to use office 365, sharepoint, an application in which building materials can be viewed in 3d and Teams Teams in particular has caused quite a few problems in the testing process because all teams run session through the RDS hosts and thus have to share the bandwidth, and that performs to cry. That is why it is thought to switch to FAT Customers to run teams locally with local bandwidth. Now the end user has also stated that they stand for VDI, and that is all possible according to Microsoft, but I expect that this will require a lot more computing power and that men will have the same challenge that all teams will have to share the bandwidth of the hosts session. If you then switch to FAT customers in order to solve the team problem, VDI does not have many advantages anymore, I think. Alle suggestions and help is appreciated. So the questions are, - should we suggest to them to stay with thin clients or change to fat clients. - what can we do to improve their thinclient / TEAMS experience?Learn here how to Manage your Windows Virtual Desktop host pools with Azure Bastion
Learn here how to Manage your Windows Virtual Desktop host pools with Azure Bastion We all remember stepping stone, or also called jump management servers to manage and maintain your Remote Desktop, or infrastructure server environment internally (and externally) through a Remote Desktop Connection with the most common reason; it’s just easy? “From an security perspective this is the most worst you can do, because once hackers are in - you’ve got access to almost everything!” Azure Bastion is a relatively new Azure service that can simplify as well as improve remote connectivity - as a secure better alternative for stepping stone servers to your Windows Virtual Desktop - and infrastructure Virtual Machines on Microsoft Azure. Azure Bastion is completely web-based and works via SSL. In some simple configuration clicks - and most importantly without exposing any RDP (or SSH) ports to the outside internet - you can access your Windows Virtual Desktop Virtual Machines in Azure. What is Azure Bastion? Azure Bastion is a new Azure Platform service you could leverage to enable external access to your resources in Azure Infrastructure-as-a-Service (IaaS). The service is completely HTML5 based and works from every modern web browser. The service automatically streaming to your local device via an RDP/SSH session over SSL on port 443. This makes it easy and secure to go over corporate firewalls without any adjustments. Also, it doesn’t require you to expose any Public IP or Remote Desktop Services port on your Network Security Group (NSG) for the internet. Azure Bastion works over port 443, this is the only port you need to open from the outside to the inside over the Network Security Group (NSG). After that, the connection proceeds to the subnet in the Azure Virtual Network where the Bastion Service persists and connect via the NSG of the VMs you want to leverage internally over the Remote Desktop (3389) or SSH (22) ports. A secure way to access your Windows Virtual Desktop as well as infrastructure servers in your Azure Infrastructure-as-a-Service environment. See below how it works from an architecture perspective… Did you know? The service operation from inside your Azure ARM portal. Use this specific Preview - https://aka.ms/BastionHost - URL to get access to the service. There are two ways that you can create a Bastion host resource: Create a Bastion resource using the Azure portal. Create a Bastion resource in the Azure portal by using existing VM settings. The Bastion Service is currently available for the following Azure DC regions. West US East US West Europe South Central US Australia East Japan East Bastion can also be used for secure SSH connections to for example Linux resources in your Azure IaaS environment If you create a bastion host in the portal by using an existing VM, various settings will automatically default corresponding to your virtual machine and/or virtual network. You must use a separate subnet in your virtual network to which the new Bastion host resource will be deployed. You must create a subnet using the name-value AzureBastionSubnet. This value lets Azure know which subnet to deploy the Bastion resources to. The Bastion PM team is adding some new futures soon, such as Azure AD and MFA integration and recording mode directly from the service. See here how it works I’ve recorded a short video after writing and creating my Azure Bastion Service, and to give you a sneak preview on the end result of this blog article – I’ve uploaded a video to show you the easiness and value. Check it out in the video below. Other secure alternatives... One other alternative way to reduce exposure to a brute force attack to your Windows Virtual Desktop environment is to limit (and IP whitelist - filter) the amount of time that a port is open. This is something you could achieve with the also not so old service Just-in-time VM Access, it’s an Azure Security Center feature you can leverage. In a nutshell; Just-in-time (JIT) virtual machine (VM) access can be used to lock down inbound traffic to your Azure VMs, reducing exposure to attacks while providing easy access to connect to VMs when needed. Read more about it here: https://docs.microsoft.com/en-us/azure/security-center/security-center-just-in-time How to Activate the Bastion Service Pre-step: Create a separate Azure Subnet for Bastion This step is easier to do prior to the Azure Bastion instance on Azure. One technical network requirement is to have a separate subnet, specifically for Azure Bastion traffic. You could either create a separate Azure Virtual Network and setup vNet peerings between your networks or just create a separate subnet in your existing vNet in Azure. This is the example I’m going to use in this article. Note: To be most efficient with your network addresses at least a /27 or larger subnet (/27, /26, and so on). Open the Azure vNet you want to use. Add a new Subnet Create the AzureBastionSubnet without any Network Security Groups, route tables, or delegations. Continue to the next step where we deploy the Bastion instance. Deploy Azure Bastion from the Azure Marketplace Just because Azure Bastion is still in Preview mode – you have to use this Preview Azure Marketplace URL below to get access to the service. The expectation is that this service becomes GA soon. Click on the URL below. https://aka.ms/BastionHost Search for Bastion (preview) in the Azure Marketplace Click on create Enter the required information for the VM deployment in your Azure IaaS environment. Optional: Assign a Public IP for the external Access to your Bastion server. Note: Make sure to select the correct Azure vNet we created/modified earlier. Click on the review+ create button Click on the Create button to start the deployment ... After a couple of minutes, the deployment is finished. Access my Windows Virtual Desktop images The following steps are similar to when you normally set up a Remote Desktop Connection to a Virtual Machine in Azure, although then through an MSTSC RDP file connection – we now leverage the Azure Bastion capabilities over HTML5 (clientless). Open the Virtual Machine that you want to manage Click on the Connect button Choose for the new option - BASTION Enter the Domain / Local Administrator credentials to get access to the VM Click on Connect There we go – I’m connected to my Windows 10 Multi-User master image inside Microsoft Azure via my Azure Bastion HTML5 (agentless) service!
NV series VM
I'm looking for information about the use of NV-Series VM for VDI implementation . What I need to understand how users will share this VM into virtual workstation. From documentation I see that a single NV24 VM can run up to 4 "virtual workstations" hence 4 users . My question is how do the users "share" that vm ? Do they simply RDP on that ? If they all 4 connect to it are RDS licenses needed ? Which operating systems are supported on that type of VM ? thanks
