AVD solutions for different customers.

Question

AVD solutions for different customers.

Cvam 0

What is the best practices to setup avd for my different customers customers

Prrudram-MSFT 28,281 Reputation points Moderator

2023-08-21T06:29:02.08+00:00

@Cvam

If an answer has been helpful, please consider accepting the answer to help increase visibility of this question for other members of the Microsoft Q&A community. If not, please let us know what is still needed in the comments so the question can be answered. Thank you for helping to improve Microsoft Q&A!

2 answers

Your answer

Prrudram-MSFT 28,281 Reputation points Moderator

2023-08-21T06:29:02.08+00:00

@Cvam

If an answer has been helpful, please consider accepting the answer to help increase visibility of this question for other members of the Microsoft Q&A community. If not, please let us know what is still needed in the comments so the question can be answered. Thank you for helping to improve Microsoft Q&A!

Answer 1

Hello @Cvam

In addition to the other responses, I am providing more insights that help you evaluate the best practices for setting up Azure Virtual Desktops for different customers that involves careful planning and implementation to ensure security, performance, and manageability.

Tenant Isolation: Set up separate Azure AD tenants or Azure subscriptions for each customer to isolate their environments. This helps prevent cross-customer data leakage and simplifies management.

Network Segmentation: Use Azure Virtual Networks to isolate customer environments at the network level. This provides a secure boundary and helps control traffic flow between environments.

RBAC and Access Control: Implement Role-Based Access Control (RBAC) to ensure that only authorized personnel can access and manage specific customer environments.

Dedicated Resource Groups: Create dedicated resource groups for each customer's AVD deployment. This makes it easier to manage resources and permissions specific to each customer.

Custom Templates: Create custom AVD templates that align with each customer's requirements, including virtual machine configurations, applications, and settings.

Image Management: Maintain separate image galleries for each customer, containing the required OS images and application configurations. This allows you to provide tailored experiences for each customer.

Azure Policy and Governance: Implement Azure Policy and Azure Blueprints to enforce consistent governance, compliance, and security standards across customer environments.

Security and Compliance: Configure security features such as Azure Firewall, Network Security Groups, and Azure Security Center to protect customer data and applications.

Monitoring and Logging: Set up monitoring and logging using Azure Monitor and Azure Log Analytics to gain insights into performance, usage, and potential issues.

Scaling and Performance: Design your AVD deployment architecture to handle the expected load from each customer. Use Azure Autoscale to automatically adjust resources based on demand.

Backup and Disaster Recovery: Implement backup and disaster recovery strategies tailored to each customer's needs. Use Azure Backup and Azure Site Recovery for data protection and business continuity.

Automation and Deployment: Use infrastructure as code (IaC) tools like Azure Resource Manager templates or Azure Bicep to automate the deployment and management of customer environments.

Testing and Validation: Before deploying to a customer environment, thoroughly test your setup in a non-production environment to identify and address any issues.

Documentation: Maintain detailed documentation for each customer's environment, including configurations, settings, deployment procedures, and troubleshooting steps.

Customer Collaboration: Involve your customers in the planning process to align their requirements with the AVD deployment. Regularly communicate with them to ensure their needs are being met.

Stay Updated: Keep track of the latest Azure AVD updates, features, and security recommendations to ensure your customer environments remain secure and up to date.
Use the latest Windows Virtual Desktop version: It is recommended to use the latest version of Windows Virtual Desktop that is compatible with your application. This will ensure that your application is running on a secure and up-to-date platform.

Remember that each customer might have unique requirements, so these best practices should be adapted to fit the specific needs of each customer's environment.

In case, you are using same tenant/subscription for multiple customers, use separate host pools for each customer: To ensure that each customer's data is isolated from other customers, it is recommended to use separate host pools for each customer.

More details:

Use appropriate virtual machine sizes: When creating virtual machines for AVD, you can select a virtual machine size that defines the characteristics of the virtual machine, such as CPU, memory, and storage. It is important to select an appropriate virtual machine size that meets the needs of each customer.

Use appropriate image gallery images: When creating virtual machines for AVD, you can select an image gallery image that defines the version of Windows that the virtual machine will run. It is important to select an appropriate image gallery image that meets the needs of each customer.

Use appropriate security settings: When setting up AVD, you can configure various security settings, such as enabling or disabling multi-factor authentication, conditional access policies, and network security groups. It is important to use appropriate security settings that meet the needs of each customer.

Use appropriate user profile settings: When setting up AVD, you can configure various user profile settings, such as user profile disks, folder redirection, and roaming profiles. It is important to use appropriate user profile settings that meet the needs of each customer.

Test the AVD environment: Before deploying AVD to customers, it is important to test the environment thoroughly to ensure that it is working as expected and meets the needs of each customer

If this does answer your question, please accept it as the answer as a token of appreciation.

SHIVAM RAJ 0 Reputation points

2023-08-21T08:30:21.22+00:00

How we can install RDS cals for windows server environment in avd . And also can we apply retail purchased RDS cals to azure avd.
Prrudram-MSFT 28,281 Reputation points Moderator

2023-08-21T09:05:39.57+00:00

SHIVAM RAJ

Azure Virtual Desktop (AVD) requires Remote Desktop Services (RDS) client access licenses (CALs) when your host pool contains Windows Server session hosts. You can install RDS CALs on the license server that's used to activate the RDS deployment.

Details here : https://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/rds-install-cals

Yes, you can purchase RDS CALs from Microsoft or from a Microsoft reseller. Retail purchased RDS CALs can be used in AVD if they are valid and have not been used in another RDS deployment.

To apply retail purchased RDS CALs to AVD, you need to activate the RDS license server using the retail purchased RDS CALs.

Once the license server is activated, you can install the RDS CALs on the license server as described above.
Cvam 0 Reputation points

2023-08-21T09:08:18.6133333+00:00

Thank You for the Information. I am confused regarding RDS cals with sa thing.
Prrudram-MSFT 28,281 Reputation points Moderator

2023-08-21T09:36:46.52+00:00

Let me know if there is anything else that I can help you with in detail.
SHIVAM RAJ 0 Reputation points

2023-08-21T09:40:59.6133333+00:00

Also do we require azure ad premium subscription on the tenant for users
Prrudram-MSFT 28,281 Reputation points Moderator

2023-08-25T05:36:47.52+00:00

SHIVAM RAJ I believe, you need an Azure AD Premium subscription to use Azure Virtual Desktop. Azure AD Premium provides additional features and capabilities beyond what's available in the free version of Azure AD, such as conditional access policies, self-service password reset, and group-based access management. These features are important for securing your Azure Virtual Desktop deployment and managing user access.
You can check with azure AD support on licensing part to confirm.

If this does answer your question, please accept it as the answer as a token of appreciation.

Answer 2

Always integrate Azure AD for identity and access management. This ensures seamless integration with other Office 365 or Microsoft 365 services. Enable MFA to add an additional layer of security for user logins.
Use Azure VNet peering or VPN gateways to connect to on-premises networks. Implement Azure ExpressRoute for dedicated and private network connections if your customers have large data transfer needs or require more consistent network performance. Set up Azure NSGs to control inbound and outbound traffic to NIC, VMs, and subnets.
Use FSLogix for profile containers to ensure fast login times and a consistent user experience. Regularly update and maintain golden images with necessary patches, updates, and applications.
Implement Azure Backup for VMs
Implement Azure Monitor and Log Analytics for comprehensive monitoring
Implement Azure Security Center for continuous security monitoring
Apply Azure Policies and Blueprints

SHIVAM RAJ 0 Reputation points

2023-08-21T08:30:00.17+00:00

How we can install RDS cals for windows server environment in avd . And also can we apply retail purchased RDS cals to azure avd.

Share via

AVD solutions for different customers.

2 answers

Your answer