blog.sachathomet.ch
Application virtualization, IoT and Cloud Computing, Blog of Sacha Thomet

azure

From OnPremises to Cloud – what should it be? A quickstart to the Azure VDIs

Currently, more and more companies are facing the question of whether to continue offering their VDI on‑premises traditionally or whether it should be provided from the cloud in the future.
The EUC world is in transition, and today there are far more serious alternatives than just one or two big, established manufacturers. Or maybe that’s just my personal opinion after stepping out of my bubble a little – but I think there are new needs, and the market is now trying to address them.

I have been a “Citrix tech evangelist” for years, and I am still absolutely convinced of their technology. For me, it’s clear that Citrix has developed the most powerful application and desktop virtualization technologies. However, the competition is catching up, and it doesn’t have to be the ultimate solution for every customer. The company I work for is increasingly focusing on Microsoft and has been pursuing a cloud strategy for years.
It follows naturally that the option to replace on-premises VDIs with a Microsoft Azure VDI solution must be considered.

Some readers of this page may have had the chance in the last two years to hear the presentation by Fabian Tschanz, Stefan Moser, and myself at one of the events (e.g., at the Workplace Ninja Summit or at E2EVC) – they will know that we already ran a project for our developers using Microsoft AVD Single Session as a developer VDI on “greenfield” sites.
Now, things are easy when you start on a greenfield site; however, replacing existing systems becomes difficult due to existing and sometimes unnamed requirements. Sometimes a solution is built for one purpose and then used for something else – something the platform developers didn’t foresee – so it gets lost during migration. So, requirements engineering must be done again here.

Next, we want to cover the following use cases:

  • Dedicated VDI for power users with specific needs (usually without company devices) and
  • Users of pooled VDIs, who use the VDI occasionally and may also have a company device.

Microsoft offers many solutions, and new variations are still being introduced. So, what is the right choice?

Windows 365? Microsoft Azure Virtual Desktop? And if that’s not enough – there’s also Windows 365 Frontline and/or AVD Multi‑Session. And what is Windows 365 Frontline in Shared Mode?

So, let me try to break this down a bit. When I had to explain On‑Prem, IaaS, PaaS, and SaaS to someone, the pizza model (see image here) helped me, which Albert Barron, Global Principal Architect, Financial Services at Google, explained in a 2014 LinkedIn post.

I wouldn’t claim to be as clever and good at explaining things as Barron, but I’ll try to break down Microsoft Azure VDIs – all the ones mentioned above – into different mixtures of PaaS and SaaS.

Windows 365 Cloud PC

  • Fully persistent cloud PC for each user
  • Fixed resource allocation (dedicated VM)
  • Integrated with Microsoft Endpoint Manager (Intune) for management
  • Easy setup without complex infrastructure


🍕In the pizza model, I’d say this is like dining out in a restaurant that always has a place for me – my name is on my dedicated table. I can choose pizzas from the menu in defined sizes. If I provide a recipe, this pizza will be topped and baked according to my wishes.

Windows 365 Frontline Dedicated

  • Specifically designed for shift workers or shared usage
  • Each user has a dedicated VM that’s only used during working hours
  • Licensing based on concurrent usage (not per user)
  • Automatic shutdown outside of shift times to save costs


🍕In the pizza model, I’d say this is like dining out in a restaurant where multiple parties share a table alternately – The table is used by three different parties in one day. I can choose pizzas from the menu in defined large sizes. If I provide a recipe, this pizza will be topped and baked according to my wishes.

Windows 365 Frontline Shared

  • Multiple users share the same cloud PC
  • Specifically for environments with shared workspaces (e.g., call centers)
  • Cost-effective usage since no dedicated machine per user is required
  • Resources are dynamically allocated


🍕In the pizza model, I’d say this is like dining out in a restaurant where multiple parties share a table alternately – the table is used by three different parties in one day. All parties must eat the same pizza in the same large size. I can choose pizzas from the menu in two defined large sizes. If I provide a recipe, this pizza will be topped and baked according to my wishes.

AVD (Azure Virtual Desktop) Single Session

  • Each user has their own VM (similar to Windows 365, but more flexible)
  • Support for different VM SKUs (custom performance)
  • Management via Azure Resource Manager, not Intune
  • Licensing via existing Microsoft 365 licenses or separate Windows licenses


🍕In the pizza model, I’d say this is like dining out in a restaurant that always has space for me – I can decide how the table is set and how big it should be. With pizza, I’m more flexible: it doesn’t have to be round, I can also make it square. If I make a mistake, the pizza gets extremely expensive and I can’t finish it – or it’s so small that I’m still hungry. I can customize the venue and the tables.

AVD (Azure Virtual Desktop) Multi Session

  • Multiple users share a single VM (Windows 10/11 Multi Session)
  • Ideal for companies with many simultaneous users (e.g., remote workplaces)
  • Resources are flexibly shared among users
  • More cost-effective than Single Session, as fewer VMs are needed


🍕 Similar to AVD Single Session, but I can let multiple people eat from a single pizza – this way I can efficiently make one pizza. The pizzaiolo only needs to serve one table because we need only one table, but eight people will be full. However, all eight must eat the same type of pizza. I can customize the venue and the tables.

So, what’s the right choice? Well, it really depends on the needs – there’s no wrong solution, maybe the solution just doesn’t fit the problem, aka challenge or use case.

In the coming weeks and months, I will likely be exploring the more flexible solutions with Azure Virtual Desktop in the Single Session and Multi Session variants, and I’m sure I will still face some decisions here…

Posted in Design, Guide | Tagged , , , , | Leave a comment

Tokenbased Citrix VDA registration

and how to combine the Microsoft AVD world easily with Citrix DaaS …

Over the past few months, Citrix has made significant investments to make the Virtual Desktop Agents (VDAs) independent of Windows domains. This was particularly important for Linux and Mac systems, and for some time now, it has been possible to provision non-domain-joined VDIs in Azure using Citrix tools. New in version 2407, available for the first time as a Tech Preview, is the ability to integrate Windows machines provisioned through other methods using a token, without requiring a domain, Delivery Controller, or Cloud Connector.

During the VDA installation, instead of specifying a Delivery Controller (DDC), the token can be directly provided:

(Important: The token itself, not the path to the token file, must be specified. This will maybe in future changed to provide a token File).
Instructions from Citrix: https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/install-configure/install-vdas.html#step-7-delivery-controller-addresses

The token must be generated first in the Citrix DaaS Console on the appropriate machine catalog where the VDA is to be integrated, via right-click:



It has to be a machine catalog with the Provisioning Method on the Setting Manual.
A single token can be used to deploy up to 100 VDAs, and the token is valid for a maximum of 14 days.

The installation steps are also described in the “Review the enrollment steps” section.

I used this new feature to integrate Azure AVD VMs created via pipeline into Citrix, which I had previously used through AVD. Now, I essentially have a VDI that I can broker and connect to traditionally via Microsoft, but also through Citrix. You may ask yourself why someone want to have the whole Citrix brokering stuff, but not using the Citrix provisioning method for Azure (MCS), this can have different reason, possibly because someone want to use an automated IaaS pipeline with bicep and have control over the provisioning / building of the infrastructure, or other obstacles to not using the Citrix techniques to build VMs. I can’t say more here, I just see a way to make things different and gain more control but still use the advantage of the Citrix techniques in brokering and the ICA protocol.

Since my machines are only in Azure AD, it is important that I configured the delivery group to set the LogonType to AzureAD. I accomplished this with the command:
Set-BrokerDesktopGroup <DeliveryGroupName> -MachineLogonType AzureAD

Additionally, if I still want to access the machine without Citrix, I need to add my user to the Direct Connection Access group. Otherwise, when connecting without Citrix, I will receive the following error:

These are my first experiences with the new token-based VDA rollout. Of course later these steps must be automated for a business environment when using the token, whereas in my hands-on experiment, everything was done manually through the graphical interface. If you are experimenting with this, please keep in mind that’s a TechPreview and not yet GA.

Posted in Design, Hands-on | Tagged , , , | Leave a comment
Language switcher
Recent Posts
Categories
Tags
"User Profile Manager" applepay AVD azure bev Citrix CitrixSynergy Citrix Virtual Apps and Desktops CTP cvad DaaS ev fintech homeassistant ifttt intermediate IoT iPad knowledgebase LaMetric microsoft MyStrom neon Netscaler Gateway VPX network Nvidia octoblu pizza PowerShell ProvisioningServices Quest Receiver revolut smartacus SmartHome StoreFront tesla vGPU VirtualReality VR windows365 XenApp XenDesktop XenDesktop 7.6 zak
Archives
Meta