Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
When you create an Admin VM in your enclave all resources and hosts within your enclave are reachable through the Admin VM.
For certain enclave owners, the default access pattern surrounding the Admin VM might not satisfy your requirements for various reasons. For example, enclave owners might have requirements that disallow the Azure Bastion service.
Currently, Azure Bastion is the Azure service for secure remote connections using private IP addresses. This is expected behavior for Azure Enclave. However, should enclave owners require an alternative connection method, they can manually deploy a set of Virtual Machines (called Session Hosts in Azure Virtual Desktop) to access your Enclave. This can be done using native Azure cloud networking resources and Azure Enclave.
Prerequisites
Create a community and Enclave.
Create Azure Virtual Desktop through Azure portal into an Azure Enclave workload
- Create a workload with any specified name (for example,
wl-avd-mgmt-pool). - Deploy Azure Virtual Desktop resources to the workload resource group (for example,
wl-avd-mgmt-pool).- Create the Azure Virtual Desktop resources using the Virtual Machine template in the service catalog.
- Alternatively, follow the Azure Virtual Desktop deployment instructions to deploy Azure Virtual Desktop. For all steps that deploy Azure resources targeting a Resource group, select the workload resource group (for example,
wl-avd-mgmt-pool).
- Create community endpoint for necessary URL networking information.
- Create enclave endpoint for necessary IP/CIDR/port/protocol rule networking information.
- Create the enclave connection so that you can access the Azure Virtual Desktop service in Azure from specified enclaves.