Whitepaper - Azure Virtual Desktop With Liquidware FlexApp

Introduction

This Whitepaper has been authored by Marius Sandbu (https://msandbu.org) and is aimed at providing information and guidance regarding Azure Virtual Desktop in combination with Liquidware FlexApp.

Azure Virtual Desktop is ’s new Cloud-based VDI solution delivered from , and with the ever-growing complexity of managing applications in a cloud-based environment, it is important to have proper tools in place to optimize application delivery.

About the Author

Marius Sandbu is a Guild Lead for Public Cloud working for TietoEVRY in Norway. Primary focusing on Cloud-based services, End-user Computing, and Security with more than 15 years of experience within IT.

He has also extensive experience with end-user computing solutions such as VMware Horizon, and Desktops, Microsoft RDS, and on Cloud platforms like Microsoft Azure, Cloud, ,

EUC Cloud solutions such as and Horizon Cloud, and other products such as Office 365 and Microsoft

365.

Marius is a Microsoft Azure MVP and part of the VMware EUC Champions group. You can contact him with any questions or feedback regarding this whitepaper on his email address: [email protected] or social media such as Twitter https://twitter.com/msandbu

Azure virtual desktop with Liquidware FlexApp - Page 1

Contents

OVERVIEW OF AZURE VIRTUAL DESKTOP AND LIQUIDWARE FLEXAPP 3

AVD - Architecture and traffic flow 4

Cloud Economics and Microsoft Azure 6

Ecosystem of Azure virtual desktop 7

Image Provisioning 7

Automatic Scaling 7

GPU based workloads 8

Management of Infrastructure 8

Azure Bastion 8

Azure Update Management 9

Setting up Azure virtual desktop 9

Prerequisites 9

AVD Setup 9

Updating a AVD Host pool with a new application 13

Limitations with AVD 13

Application Scalability and Image Management using FlexApp 15

FlexApp Architecture 16

Creating a FlexApp Application Layer for AVD 18

Leveraging FlexApp with Azure Blob Storage 22

Summary and the future architecture of application delivery 23

Azure virtual desktop with Liquidware FlexApp - Page 2

Overview of Azure Virtual Desktop and Liquidware FlexApp Azure virtual desktop (AVD) is Microsoft’s Cloud-based VDI/RDSH delivery platform built with PaaS services on Microsoft Azure. AVD was released in 2019 and is the result of the evolution of RDS in combination with new delivery offerings based upon providing a multi-user Windows 10 experience.

In addition to this Microsoft also acquired the company FSLogix which provides solutions aimed at ease of management of user-profiles in combination with Office 365 which is now a key part in Windows 10 as it is included by default when setting up multi-user desktops in Azure.

AVD is a service that is made free to eligible customers when customers have one of the following licenses

E3/E5 ● Microsoft 365 A3/A5 ● Microsoft 365 F1 ● Microsoft 365 Business ● Windows 10 Enterprise E3/E5 ● Windows 10 Education A3/A5 ● Windows 10 VDA per user

As part of getting access to the service you also get access to Multi-user Windows 10, FSLogix, and also access to Windows 7 with extended support.

Last year (2020) Microsoft also made numerous enhancements to the platform such as: ● AVD Optimized for Microsoft Teams with audio and video offloading ● RDP Shortpath providing better transport using UDP Protocol ● Monitoring capabilities using Azure Monitor ● Support for management tools such as Endpoint Manager and Defender ATP ● Screen Capture Protection features

While AVD is an evolving service it is lacking some core capabilities to provide optimized image lifecycle management and application delivery. Using FlexApp from Liquidware we can streamline the application delivery process and make Azure virtual desktop more flexible and reduce the need for multiple golden images that need maintenance, which we will cover more in detail as part of this whitepaper.

Azure virtual desktop with Liquidware FlexApp - Page 3

AVD - Architecture and traffic flow With AVD, Microsoft is responsible for the Management and Data plane in Microsoft Azure across different regions. As of now AVD consistent with the following components:

● Web Access (User-based access) ● Management Components ● Connection Broker ● Diagnostics Role (Used for Troubleshooting) ● Gateway (Handles user-session traffic)

Azure Virtual Desktop Ecosystem

The responsibility as a customer is managing the different VDI desktops which are grouped into one or more host pools and other Azure-based components that are used as part of the overall platform, such as VPN Gateway, Firewalls, or storage services.

AVD is a service that is intended to be used in combination with Azure infrastructure, so to configure AVD, it requires that we have an Azure Subscription to get access and to provision VDI/RDSH hosts. Also, AVD requires that you have an Active Directory to which the AVD sessions hosts are joined to or Azure Active Directory Domain Services which is a PaaS service offering of Active Directory in Azure. Azure virtual desktop with Liquidware FlexApp - Page 4

All AVD services are multi-tenant and are running as PaaS services and are Microsoft’s responsibility. The core services are handling all brokering, traffic flow, and such to the session hosts on the backend.

NOTE: It should be noted that AVD does not support Azure AD joined devices on the infrastructure components, meaning that you cannot connect to a multi-user Windows 10 machine which is Azure AD Joined. This has however been announced and will be launched In preview soon → Azure Virtual Desktop: The flexible cloud VDI platform for the hybrid workplace | Azure blog and updates | Microsoft Azure

As part of AVD, you can also run Windows Server RDSH as part of Azure virtual desktop, where you are using a multi-user Windows Server, it should be noted that this requires that we have RDS CAL licenses also.

The services can also be used in combination with other services in Azure, which means that we can provision AVD VDI/RDSH hosts which have dedicated GPU capacity, RDMA based networking, high-end SSD performance or integrate with other PaaS services in Azure.

On each of the session hosts, we would need to install an agent (Azure virtual desktop agent) which will authenticate to the AVD service using an access token that is unique for each tenant. This will register the VDI/RDSH host to the AVD tenant and allow for incoming connections from the gateway.

NOTE: The Azure virtual desktop services are not available in all Azure regions, but are slowly rolling out to more and more regions. As part of the initial assessment, it is recommended that you use this site as a way to measure the latency to your closest region https://azure.microsoft.com/en-us/services/virtual-desktop/assessment/ and that your infrastructure should be as close as possible to the AVD components to provide an optimal user experience. If your VDI/RDSH servers are placed in another Azure region they will still communicate with the closest possible region where AVD is available.

Since all agents are communicating using a reverse TCP connection, it does not require any public-facing VDI/RDSH servers. The communication and authentication flow is as follows:

Azure virtual desktop with Liquidware FlexApp - Page 5

1. A user launches AVD client which authenticates to the Azure AD tenant. All Conditional Access Policies are evaluated against the user if any, the user signs in, and Azure AD returns a token to the user session. 2. The AVD client presents a token to the Web Access component, Broker queries the Azure SQL DB to determine resources authorized for the user. 3. The Gateway will through the AVD Agent communicate to the Active Directory Domain to which the VM’s are joined, to validate the user and get a Kerberos ticket. 4. User selects a resource, the AVD Client connects to Gateway which then initiates a session to the backend server using the reverse TCP connection.

NOTE: You can use the tool RDAnalyzer to detect the statistics and performance of your AVD Session, more information here → https://rdanalyzer.com/

NOTE: Since AVD is using reverse TCP session to the endpoint it will add some latency overhead to the connection compared to a Microsoft RDS/Citrix HDX/ VMware Blast session.

Cloud Economics and Microsoft Azure When setting up virtual infrastructure in Azure you need to understand the financial aspects of the different services that you are consuming.

Virtual Infrastructure in Azure is billed per second for the allocated hardware for any VM (CPU, Memory, and licenses). In addition, you also have other variable costs such as storage (disk usage and throughput) and network egress traffic from Microsoft’s data centers.

You can use the Azure Cost calculator to create estimates for any given service in Azure→ Pricing Calculator | Microsoft Azure

Within Azure, you also have the option to reserve infrastructure capacity for either 1 or 3 years. Using reserved capacity you can reduce the cost of the overall virtual infrastructure by up to between 30 - 60%. .

Having a more flexible way of providing applications to any VDI or RDS session hosts in Azure can also reduce the number of virtual machines needed to provide applications to your users and also reduce the overall cost of your Azure environment.

Azure virtual desktop with Liquidware FlexApp - Page 6

Ecosystem of Azure virtual desktop Azure virtual desktop is constantly being enhanced by Microsoft with new functionality but is still lacking some core management capabilities such as image provisioning options and how to do management of the session hosts. Therefore, this section is used to describe some of the options available to us, to mitigate those limitations, but also to describe some of the possibilities within Microsoft Azure.

Image Provisioning Out of the , AVD comes with the ability to provision a pool of servers as part of the Azure Marketplace which is using the underlying automation layer in Azure called Azure Resource Manager. This provides an automated setup of worker nodes also known as Host Pool in AVD.

The ARM templates can be used to provision host pools based upon a predefined list of images from Microsoft such as Windows 10, Windows 7, or Windows Server. However, as part of this, it does not handle image lifecycle management. So if you have to update an OS with a new set of patches you would need to create a new set of Host Pools based upon that.

To simplify the update of your golden image in AVD you have the option to use some built-in tools in Azure or other open-source tools such as

● Hashicorp Packer (https://packer.io/) ● Azure Image Builder (https://bit.ly/3bx4ZRR) ● AVD Administration (https://blog.itprocloud.de/Windows-Virtual-Desktop-Admin/)

These tools can then be used as a way to create and update the golden image which is then used as the base image to create Host Pools. AVD Administration can also be used to provision Host Pools based upon an existing image, or you can use other mechanisms such as ARM or Terraform.

Here is an example of the use of ARM to update an existing Host Pool with the use of a pre-created image → https://github.com/Azure/RDS-Templates/tree/master/AVD- templates/Update%20existing%20AVD%20host%20pool

Automatic Scaling As part of the economics and elasticity of the public cloud, you would want to be able to scale up and down your resources depending on usage. Since in Microsoft Azure you are paying for the resources you use, with for instance virtual machines you pay each second a VM is running for the compute capacity. So when your employees are not at work you would like to scale down to reduce the cost.

Initially, when AVD was released, Microsoft did not provide a good solution to do automatic scaling up and down of resources. Fortunately, Microsoft recently created a new feature based upon Azure Functions to do automatic scaling. You can use the scaling tool to:

● Schedule VMs to start and stop based on Peak and Off-Peak business hours. ● Scale-out VMs based on the number of sessions per CPU core. ● Scale in VMs during Off-Peak hours, leaving the minimum number of session host VMs running.

Azure virtual desktop with Liquidware FlexApp - Page 7

You can read more information on how to set it up here → https://docs.microsoft.com/en-us/azure/virtual- desktop/set-up-scaling-script

GPU based workloads As part of Microsoft Azure, we also can provision virtual infrastructure with dedicated GPU hardware. This is extremely useful in combination with GPU-based workloads such as CAD applications or GPU-heavy products. This can be used in combination with AVD as part of a Host Pool.

Azure provides different types of GPU-based hardware from NVIDIA and AMD and two types of GPU . With NVIDIA-based GPU cards, Microsoft is using a feature in Hyper-V called Discrete Device Assignment which allows us to directly attach a physical GPU card directly to a virtual machine, essentially to pass an entire PCIe device into a VM. With AMD-based GPU cards, Microsoft is using a feature called MxGPU which is built on top of SR-IOV (Single-Root I/O Virtualization).

If you are planning to use GPU-based instances in Azure in combination with AVD there are two typical instance types you should consider.

● NVv4: https://docs.microsoft.com/en-us/azure/virtual-machines/nvv4-series (based upon AMD Radeon Mi25) with the use of MxGPU you can have different types of GPU profiles ranging from ⅛ of GPU card up to a dedicated GPU. ● NVv3: https://docs.microsoft.com/en-us/azure/virtual-machines/nvv3-series (based upon NVIDIA Tesla M60) where you start with 1 dedicated GPU and can have up to 4 GPU cores.

Management of Infrastructure In regards to the management of virtual infrastructure in Microsoft Azure, there are many services available that can make it easier for operations to manage virtual infrastructure.

Azure Bastion In Azure, you also have different services that can be used for management or virtual machines without needing to expose virtual machines directly with a public IP address. An example of this is Azure Bastion. Azure bastion can be used to access a virtual machine residing in Azure through the Azure Portal. Essentially you authenticate to the VM through the portal and access it via RDP, and you have a connection to the VM via HTML5 based interface.

So if you have a VM that you need to troubleshoot in Azure, you can open the VM pane and click Connect to the VM through the Bastion service.

Azure virtual desktop with Liquidware FlexApp - Page 8

The Azure Bastion Service is a PaaS service that is integrated into your virtual network in Azure and is used for management purposes and not for end-users. Providing Azure Active Directory protected service to provide remote access for administrators into any virtual machine running within Microsoft Azure.

Azure Update Management Update management is a feature that provides much of the same functionality as WSUS (Windows Server Update Services) and can be used to schedule automatic updates on virtual infrastructure running in Azure. The solution is based upon another service called Azure Automation but allows us to define schedules for when patches should be installed on our virtual infrastructure

Setting up Azure virtual desktop To set up Azure virtual desktop you will first need to have completed the following prerequisites.

Prerequisites ● Have the following license mentioned in the first section available and assigned to your users ● Azure Subscription (where you have owner access) ● Azure Active Directory (Global Administrator access) ● Active Directory or Azure AD Domain Services ○ If you are using Active Directory it needs to be set up in Hybrid Mode, meaning that users need to be synced out to your Azure Active Directory ● Virtual Network which is configured and attached to Active Directory ○ This means that the VNET has DNS configured and is pointing to Active Directory domain controllers.

AVD Setup Once this is done we can start setting up the Azure virtual desktop components which are three main components, a AVD Workspace, host pools, and application groups. The first part is AVD Workspace which is a logical grouping of application groups we will create later.

Azure virtual desktop with Liquidware FlexApp - Page 9

1. Go into the Azure Portal → Create a Resource → Type Workspace to create a workspace

NOTE: When setting up a Workspace make sure to configure diagnostics settings as well to point to a Log Analytics workspace, since this is required if you want to collect diagnostics and error logs from the AVD service.

Once that is done we can start with creating an example host pool containing some machines running the multi-user Windows 10 image.

2. Go into the Azure Portal → Create a Resource → Type Azure virtual desktop - Provision a host pool.

Azure virtual desktop with Liquidware FlexApp - Page 10

This wizard will create a host pool, but also provide you with the option to create some virtual machines that will be part of that host pool. The host pools also determine what kind of type will be created either automatically or directly assigned.

Also, the location of the host pool will determine where AVD will store the metadata. As of now, two main locations are supported, either US-based data centers or West Europe. Your session hosts and VDI desktops can be placed in any Azure region regardless of where the workspace is created.

Next in the wizard you also have the option to automatically provision virtual machines which will be added to that host pool. The wizard will also use an OS extension on the virtual machines to do the following.

● Install the AVD Agent and assign the VM’s to the host pool. ● Domain Join the VM to the specific domain. ● Create a local administrator account for troubleshooting purposes.

Just make sure that you define the correct set of information such as the virtual network information so that the virtual machines can contact the domain controllers and also the correct set of credentials that are used for running

Azure virtual desktop with Liquidware FlexApp - Page 11

domain join. The wizard will also set up a Virtual Machine Administrator, which is a local admin account that can be used to troubleshoot any issues on the provisioned VM’s.

Once the host pool with the virtual machines is created we need to create one or more application groups.

The Application Group will be used to tie together the Workspace, Host pools, and defining the user assignments. When setting up the application group you define the previously created host pool with the allocated virtual machines.

3. Go into the Azure Portal → Create a Resource → Type Application Group

Once the Application Group is created, any assigned user should be able to log on to the assigned desktop or application.

NOTE: You can check if the host pool VM’s are available by going into the Azure Portal → Host Pool → Choose the newly created host pool and see if the VM’s are available.

Host Pool VM’s available Azure virtual desktop with Liquidware FlexApp - Page 12

Users can then logon to the session using the AVD client or using the AVD web portal which is accessible at https://rdweb.AVD.microsoft.com/arm/webclient

Updating a AVD Host pool with a new application To update a host pool with a new application or to update an existing application in case we have deployed a host pool with a line-of-business application, the following steps would need to be done to get the host pool updated.

1: Restore the golden image from the snapshot.

2: Update the image with the latest updates and LOB Applications.

3: Create a new snapshot (for backup purposes).

4: Preparing the image for deployment within a AVD host pool.

5: Update the current AVD host pool.

6: (Optional) publishing any new application from the host pool.

This would need to be updated for each application or update that will be part of AVD. Other tools can be used to simplify the master image deployment mentioned earlier in this whitepaper. However, that is mainly automating these tasks.

Limitations with AVD As mentioned earlier, there are currently some limitations in AVD when it comes to certain key areas for any VDI admin.

● Image Lifecycle Management - As mentioned above, there are limited options to do image lifecycle management of images as part of the native service in AVD. You will need to invest time into other products or tools to build similar automation of golden images.

● Integrated Management Capabilities - Organizations coming from other platforms or products will miss out on having simple centralized management capabilities for features such as policies, helpdesk operations, and monitoring. Microsoft is building new capabilities for some of these features which are

Azure virtual desktop with Liquidware FlexApp - Page 13

currently in preview.

● Application Management and Application Layering - Microsoft has made some investments into a new feature called MSIX AppAttach (Currently in Preview), which is part of the new application framework MSIX. MSIX is intended to replace App-V since Microsoft announced that they are no longer maintaining App-V and that support for App-V is ending in 2026 → MDOP support extended - Microsoft Lifecycle | (in addition the support for App-V for certain Windows 10 editions also apply)

To make image management simple, you would need to solve two key things to ensure a simple way to update machines with new applications and to have a few images you need to maintain as possible.

● Abstract away the application from the golden image and the machines (The focus of this whitepaper) ● Abstract away the user profile from the machines.

Application layering simplifies application delivery, instead of having applications directly installed into the VDI desktops, applications are mounted from a virtualized hard drive, using a filter driver that mounts the application into the . This allows the application to work and interact with the operating system as any other application but allows us to abstract away the application from the underlying system file system. Allowing it to be stored outside of the operating system, essentially providing application mobility.

From a VDI perspective, this means that we can have fewer golden images and use application layering to handle application availability across different VDI desktops. When the user needs access to an application it can either be available on the underlying OS or be mounted on demand.

Azure virtual desktop with Liquidware FlexApp - Page 14

Application Scalability and Image Management using FlexApp Leveraging FlexApp for AVD you can gain the following benefits.

● Reduces base image management by delivering applications and corresponding updates as attached layers, reducing the need for multiple golden images. ● Compatible with App-V virtualization and MSIX packaging formats. ● Application layers can be mounted from Microsoft Azure reducing the need for additional virtualized infrastructure. Also used in combination with block cache which cache frequently used data blocks of an application locally to increase the speed of the applications. ● Simplified package editor to allow direct changes to the application such as registry settings, shortcuts, services, and such. ● FlexApp Packaging uses native features in Windows 10 to automatically revert VM to an earlier state, which provides simplicity for Azure-based environments. ● FlexApp also provides Application Cloaking which allows you to mask applications from certain users on the same machine. Meaning that you do not need multiple VDI desktops to provide multiple applications.

FlexApp can easily be deployed via the Azure Marketplace where you can get a pre-installed virtual machine that contains FlexApp and ProfileUnity running with a trial license.

Within Azure click on Create a Resource → Search the Marketplace → ProfileUnity and FlexApp

NOTE: We recommend setting up FlexApp using a clustered method, which requires at least 3 nodes. While the server is not responsible for the actual mounting of layered applications it is only used for management purposes and licensing.

This virtual machine should be placed within the same virtual network (or any other connected network) as the other AVD VDI machines and needs to be able to co communicate and be configured as part of the Active Directory domain.

NOTE: If you want to set up a virtual machine with ProfileUnity from scratch or using other automation tools, look at the installation guide for more detailed instructions ProfileUnity™ with FlexApp™ Technology: Installation & Configuration Guide (liquidware.com) Azure virtual desktop with Liquidware FlexApp - Page 15

If you want to use tools like Terraform or ARM to do deployment of the virtual machine then you can use the following attributes to define the marketplace image for automated deployment. storage_image_reference { publisher = "liquidware" offer = "profileunity_flexapp" SKU = "684" version = "latest" }

Once the virtual machine is deployed you can log in using RDP using the defined username and password as part of the Azure Resource Manager deployment. Then you need to join the newly created virtual machine to the existing Active Directory domain.

When the VM is deployed into the domain you can log on to the ProfileUnity Management Portal which is available as a shortcut on the deployed virtual machine or logging into the web console on https://ip:8000 (which is the default management port).

The first time you log in using the following info

Username: admin Password: (is blank) first time running. You define a password for the admin account after sign-in

Once you have configured the initial settings you can log in using your defined domain credentials.

FlexApp Architecture The FlexApp architecture consists of a ProfileUnity Server, where we create all our configuration, application assignments, and central administration. The ProfileUnity Server runs as a set of services on top of a Windows Server and it stores its data inside an included MongoDB database. Within each VDI or Session host, we would need to install the FlexApp client which can be configured using two different methods

● Group Policy (Preferred) ● Local Configuration Files

The configuration files can be stored on a simple file share or be placed on the SYSVOL folder which is by default highly available. When the agent service runs/starts it will locate any particular configuration files on that particular share and process those which are applicable for that user, machine, group, or any other context-aware setting. The agent is also responsible for handling the layering jobs, such as managing the filesystem and registry rewrites, using a pair of mini-filter drivers that run as the Liquidware Container service.

FlexApp architecture using Azure Storage Services with AVD

Azure virtual desktop with Liquidware FlexApp - Page 16

To create FlexApp Applications we also need a virtual machine that will act as a packaging machine. This will run the packaging console which is used to create, update, and repackage our FlexApp layers. This machine needs to be as clean as possible to avoid any issues when packaging applications. For Windows 10, FlexApp uses built-in mechanisms to revert Windows to an earlier state using System Restore mechanisms to simplify the packaging process for Azure-based environments.

The Packaging Console can also easily be used to modify existing packages such as remove any unwanted shortcuts, registry settings. In an upcoming version, it can also be used to interact with tasks and services that are defined/created as part of an application such as Google Update which is set up as a separate service, and scheduled tasks that you do not want to have active in a non-persistent environment.

Azure virtual desktop with Liquidware FlexApp - Page 17

Editing a package using the FlexApp Packaging Console

FlexApp can mount an application layer for a AVD desktop using two methods, either using VHDX where the VHDX file is located on a local fileserver within Microsoft Azure. Another approach is cloud mounted where the application layers will be stored on Azure Blob Storage, reducing the need for virtual infrastructure for storage. Using FlexApp we can simplify the application delivery so that instead of doing updates to the host pools to update with a newer version of the LOB application or to add new applications we can instead dynamically assign application layers to the end-users that will be added during login instead.

Creating a FlexApp Application Layer for AVD This shows the steps to fully creating an Application layer which is then deployed to a particular group of AVD users. Note however that this does not show the initial setup and configuration of the server and desktop packaging console infrastructure. Creating an application layer should always be done on a clean virtual machine that should be at the same OS, patch, service pack level, and running the packaging console.

NOTE: Refer to this knowledge base article of support for different Windows 10 versions → ProfileUnity Client-Side OS Support Matrix – Liquidware Customer Support (zendesk.com)

Here we will define a filter that contains a specific user group called AVD-users which we will allocate a set of FlexApp applications to. The FlexApp applications we will use are pre created applications from Liquidware.

Azure virtual desktop with Liquidware FlexApp - Page 18

With FlexApp you can define different filters depending on the needs to allocate different applications to different users and groups. These filters can be defined based upon machine class, operating system, connection type, or numerous other conditions such as users or groups. We need to define a filter before we can define a configuration.

1. First logon to the ProfileUnity WebConsole of the ProfileUnity server using a on https://ip:8000 with the defined administrator account 2. Go into Filter Management and Click Create 3. Define the name of the filter and use the condition User Group Membership (which will do an Active Directory lookup) and type the name of the Active Directory Group and then click Add. Then click Save.

4. (Template pane) Then we define a configuration file that will be deployed for the specific user group. Go into Configuration Management, click Create and choose Guided Configuration. Choose Windows 7, 10, 2016 or 2019 as a Desktop and 2016 & 2019 RDS full desktop template from the library and click Next.

5. (Variables pane) Define the home share network location for existing users.

6. (Domain Pane) Here we can automatically create the group policies which will automatically provide the ProfileUnity Agent to computers within a specific OU in our Active Directory domain. Here we can define the OU and let the wizard automatically create the group policy for us by running the Run GPO integration or we can do it manually.

Azure virtual desktop with Liquidware FlexApp - Page 19

7. Lastly, after the configuration is done and as part of the last option the wizard you have the option to deploy the configuration file which will push the configuration file into the NETLOGON folder.

8. Once you are done with the configuration you need to assign it to a filter. Go back into the Configuration Management pane and click on the newly created profile and click the edit button.

Azure virtual desktop with Liquidware FlexApp - Page 20

9. When in Edit Configuration click on the Main menu and from there find the Require Filter for Execution option and choose the newly created filter from the list. (Optional) rename the configuration to something else.

10. Click the back button next to the configuration name which will get you back to the main configuration menu. Click on the FlexApp DIA (Department Installed Applications) menu, then click the Add FlexApp DIA Rule. Here you should have some predefined applications which are available from Liquidware’s example software repository stored on AWS S3

(NOTE: Also available under Inventory Management within the ProfileUnity Console).

Here you also have the option to define filters or if these applications should be installed for all users for which this configuration is defined.

11. Once you define the applications you want click Save. Then Click Update, this will automatically update the configuration file for the clients.

12. Next log on to a VDI client as part of the AVD Host pool which has the Group Policy created earlier assigned to it. When logging in you should see the splash screen showing the Liquidware logo appearing and seeing the applications that were defined in the DIA showing on the desktop. You can also verify this by seeing within Disk Manager that the virtualized hard drive has been mounted. Azure virtual desktop with Liquidware FlexApp - Page 21

NOTE: You can use the following guide to package your customer Line of business applications → ProfileUnity™ with FlexApp™ Technology: FlexApp Packaging Console Manual (liquidware.com)

Leveraging FlexApp with Azure Blob Storage

Liquidware FlexApp also supports as mentioned the use of Azure Blob Storage to store sets of data such as

● Management Console Configuration Files ● License Files ● User Portability Files ● FlexApp’s

To use Azure Blob Storage for all the different components we would need to provision two Azure Blob Storage Accounts.

● One storage account which stores the configuration files, license files, and FlexApp packages. ● One storage account stored the Portability files.

It is recommended to use Premium based storage to support faster load times for large applications. It should be noted that cloud-based storage it will automatically also enable block cache to reduce the load time of applications.

The setup of these Storage accounts is documented in this whitepaper → ProfileUnity™ with FlexApp™ Technology: Using Cloud Storage with ProfileUnity (liquidware.com)

Azure virtual desktop with Liquidware FlexApp - Page 22

Summary and the future architecture of application delivery In this whitepaper, we have taken a closer look at Azure virtual desktop and the ecosystem around it with Azure native services. Keeping a Azure virtual desktop environment updated with current versions of a line of business applications can be a cumbersome process. Also, with a complex set of applications, it might also require that you have multiple host pools to provide different versions of the same set of applications. We also looked at how using Liquidware FlexApp can provide more flexibility to a Azure virtual desktop environment using application layering to reduce the virtual infrastructure using Azure Storage Services.

Today, Azure virtual desktop only supports deployments configured with Active Directory and with the workforce changing to a more zero-trust based approach we also need to understand what kind of changes that will happen.

Microsoft is working on supporting Azure Active Directory based AVD deployments, meaning that the infrastructure and endpoints can be configured as Azure AD joined as an alternative to Active Directory based and provide SSO. Which is a core part of setting up a zero-trust based deployment; however many will still require access to the same set of applications in an Azure AD based setup.

Liquidware is also focused on supporting this future deployment model using Azure Active Directory. Meaning that in a future release you will be able to deploy and assign applications to end-users and groups which are only Azure Active Directory based.

So, in a future release if a user logs on to a AVD VM using Azure Active Directory based credentials they will be given access to the same set of applications. Also, with Microsoft moving away from App-V, Liquidware is committed to making it easier for enterprises to consolidate application delivery under a unified solution and will be providing support to App-V and MSIX conversion into FlexApp packages as well making it easier for enterprises to reuse existing App-V packages but use it together with Liquidware’ s delivery mechanisms.

Liquidware will also soon release an automation framework for FlexApp allowing enterprises to automate package sequencing either using CLI/Scripts or using DevOps based approach with tools such as Azure DevOps or GitHub to handle both provisioning of the AVD golden image and repackaging new applications using the same set of pipelines providing a full automation.

Azure virtual desktop with Liquidware FlexApp - Page 23