1. Home
  2. Training Library
  3. Microsoft Azure
  4. Courses
  5. Implementing Networking for Azure Virtual Desktop

AVD Client Connectivity

Start course
Overview
Difficulty
Intermediate
Duration
31m
Students
87
Ratings
5/5
starstarstarstarstar
Description

The most fundamental component of any cloud solution is the network. It is networking that will provide connectivity and security to your applications and solutions. This is most critical with an internet-accessible solution like Azure Virtual Desktop, so we need to properly build it and secure it.

In this course, we will help you design your Azure Virtual Desktop network components so you can not only gain insight into those Azure services but also understand how they integrate and relate to the Azure Virtual Desktop service and help you to pass the Azure Virtual Desktop Specialty exam.

Learning Objectives

  • Understand Azure virtual desktop networking requirements
  • Recommend the correct solution for network connectivity
  • Implement your Azure Virtual Desktop networking solution
  • Manage connectivity to the internet and on-premises networks
  • Implement and manage network security
  • Manage Azure Virtual Desktop session hosts using the Azure bastion service
  • Monitor and troubleshoot network connectivity

Intended Audience

  • Azure administrators with subject matter expertise in planning, delivering, and managing virtual desktop experiences and remote apps, for any device, on Azure
  • Anyone looking to learn more about Azure Virtual Desktop

Prerequisites

To get the most out of this course, you should have knowledge of the following:

  • Azure networking
  • Network security 
  • Network monitoring and troubleshooting
Transcript

Clients connect to AVD in two basic ways. First, is from the public internet. The second is from a Hybrid network. Now, if you're okay with your users connecting over the public internet, and all of your supported services are in Azure, then you may not need Hybrid connectivity at all. The Hybrid Option is where you can connect to your existing corporate resources on-prem or over a private connection to Azure. To implement this, you need an Azure Virtual Network Gateway.

This gateway can only be deployed into your virtual networks Gateway Subnet, which I'll show you how to set up in a moment. Now, the Hybrid Option breaks down further into these following options. First is an Azure ExpressRoute. This is a private direct connection between your company, the provider of your choice, and Microsoft. This is the highest bandwidth and best performance solution you can have, but it is also the highest cost.

Next is a Site-to-Site VPN. If you have your domain controllers or other resources on-site that your AVD users will still need access to, then you will need a Site-to-Site VPN. As the name implies, this VPN connects multiple corporate locations together so they can share resources. This VPN comes in many levels of performance, so check the Azure documentation so you can have all the information to make the right decisions.

Finally, there is a client VPN, also known as a Point-to-Site VPN. If you want to require your AVD clients to connect to a VPN before they can get to AVD, then you will want to have a Point-to-Site VPN. If this is the case for you, you will also need to leverage Azure Active Directory Conditional Access rules to deny connectivity from IP address ranges that are not in your corporate networks connecting to Azure Virtual Desktop.

There is one more way to get connected to Azure Virtual Desktop, and that's using something called RDP Shortpath. If you remember back to the Reverse Connect model, once you connected to the AVD Gateway service, the Gateway would have a session host make an outbound connection to you over the public internet. RDP Shortpath changes how that connection is made.

As you can see in the picture on the right, there is a new connection line at the top. The client is allowed to connect directly to the session host over the Hybrid network connection. There's also a change in protocol. Reverse Connect uses TCP port 443, but RDP Shortpath uses the UDP protocol on port 3390. The reason for this? UDP as a protocol is much more efficient than TCP. There are less handshakes, less retries, and it is specifically more efficient for this kind of traffic that we use in Azure Virtual Desktop.

About the Author
Avatar
Dean Cefola
Principal Azure Engineer
Students
134
Courses
3

Dean Cefola is a Principal Azure Engineer at Microsoft and has worked in the IT industry for over 20 years. Dean has been supporting Azure Virtual Desktop from the beginning and is the Microsoft FastTrack Global Leader for AVD.