Designing for Azure Virtual Desktop User Identities and Profiles
The course is part of this learning path
An important aspect of designing an Azure Virtual Desktop (AVD) environment is ensuring you understand user identities and profiles. To get the most out of this cloud-hosted service, it is important to ensure our user identities are fully secure and integrated with the storage solutions you use for user profiles. This will in turn give a much better experience for your users.
AVD allows organizations to set up redundant, scalable, and agile environments that offer the following key capabilities:
- Integration with both cloud and on-premises identity and access management solutions
- Configuring Azure native and 3rd party storage solutions to facilitate user profiles
- Complete licensing solution that covers both Azure Virtual Desktop and Microsoft 365 SaaS services
From an identity perspective, you can synchronize your Azure cloud identities with on-premises Active Directory. This allows you to utilize hybrid join for your Azure Virtual Desktop session hosts and integrate your user profiles with Group Policy.
This course will help you design and plan your Azure Virtual Desktop identity and user profiles and allow you to understand how it integrates with other Azure services. It covers understanding choosing the appropriate licensing model, looking at the different storage solutions available, planning for user profiles, and planning for Azure AD Connect for identities.
- Select an appropriate licensing model for Azure Virtual Desktop based on requirements
- Recommend an appropriate storage solution (including Azure NetApp Files vs. Azure Files)
- Planning for Azure Virtual Desktop client deployment
- Planning for user profiles
- Recommending a solution for network connectivity
- Planning for Azure AD Connect for user identities
This course is intended for anyone who wants to become an Azure Virtual Desktop Specialist and is preparing to take the AZ-140 exam.
If you wish to get the most out of this course, it is recommended that you have a good understanding of Azure Administration, however, this is not essential.
Welcome to this module on recommending an appropriate storage solution including Azure NetApp Files vs Azure Files. It is important to understand the different storage solutions that are available and their features before you can recommend one. In this module, we will cover the following topics: What is Azure Files including its main features? What is Azure NetApp Files including its main features? Azure Files vs Azure NetApp Files where we will compare the features from both.
Let's start with looking at Azure Files. Azure Files is Microsoft Cloud's native file share as a service. You can compare it to an on-premises file server but hosted at an Azure data center. It supports both server message block, or SMB and network file system, or NFS protocols so you can utilize this service for different workloads and scenarios. From an Azure Virtual Desktop perspective, Azure Files is utilized to facilitate user profiles, and integrates with FSLogix to give a smooth roaming profile experience to the end user.
Let's now take a look at Azure NetApp Files and some of its features. Like Azure Files, this is also a cloud-hosted file share as a service, however, it is NetApp technology rather than Azure native. It is an enterprise-grade file share as a service and supports multiple protocols, much like its on-premises NetApp equivalent. There are also more tier options available with NetApp files as well as the existing premium and standard that are available with Azure Files. Azure NetApp Files also integrates with FSLogix to give a seamless roaming profile experience but with much better performance, which we will discuss shortly.
Now we understand what both storage types are and some of their key features, let's see how they compare. Whereas Azure Files is more optimized for random access workloads, NetApp Files is more suited to high performance and low latency workloads. From a protocol aspect, we know Azure Files supports SMB and NFS but it also supports REST protocols, whereas NetApp Files also has SMB, NFS and dual-protocol access. Availability of both services is similar, where Azure NetApp Files has its premium tier available in 30 plus regions and its standard tier available in all regions.
Azure NetApp Files has all its tiers available in 28 plus regions. When we look at network access differences, both are accessible from VPN Gateway and Express Route. However, only Azure Files can be potentially accessed from the Internet. With regards to identity-based authentication and authorization, both support Active Directory Domain Services and Azure AD DS. However, for Azure Files, identity-based authorization is only supported when utilizing the SMB protocol.
When we look at encryption, Azure Files allows for customer-managed or Microsoft-managed keys, whereas Azure NetApp files only allows for Microsoft-managed keys for all protocols. Finally, from a performance perspective, NetApp files supports Ultra and Premium disks and have much more higher IOPS and throughput, therefore offer a much better performance experience compared to Azure Files.
Shabaz Darr is a Senior Infrastructure Specialist at Netcompany based in the UK. He has 15 years plus experience working in the IT industry, 7 of those he has spent working with Microsoft Cloud Technologies in general, with a focus on MEM and IaaS. Shabaz is a Microsoft MVP in Enterprise Mobility with certifications in Azure Administration and Azure Virtual Desktop. During his time working with Microsoft Cloud, Shabaz has helped multiple public and private sector clients in the UK with designing and implementing secure Azure Virtual Desktop environments.