Day 30: AZ-140 Pt.1 - Planning
|Day 30: AZ-140 Pt.1 - Planning|
However, I am really interested in the upcoming AZ-140 due in March, so will re-book this as a proctored exam remotely.
The AZ-140 awards the "Microsoft Certified: Windows Virtual Desktop Specialty" qualification, which means that.
"Candidates for the Windows Virtual Desktop Specialty certification are Microsoft Azure administrators with subject matter expertise in planning, delivering, and managing virtual desktop experiences and remote apps, for any device, on Azure. Responsibilities for this role include deploying virtual desktop experiences and apps to Azure. Professionals in this role deliver applications on Windows Virtual Desktop and optimize them to run in multi-session virtual environments. To deliver these experiences, they work closely with Azure administrators and architects, along with Microsoft 365 administrators."
Unfortunately as it's in beta, all I can really do is look at https://docs.microsoft.com/en-us/learn/paths/m365-wvd/ which details enough I think.
I am sure some external courses will show up soon but for now I think the MS Learn does a a fair job of covering some of the below.
In the meantime, I can reference the exam skills measured which details how the exam is carved up so I will just go through each bit by bit.
Using this method, I can implement a new WVD solution as part of learning the exam subjects below.
Section 1: Plan a Windows Virtual Desktop Architecture (10-15%)
Part 1 - Design the Windows Virtual Desktop architecture
- assess existing physical and virtual desktop environments
- assess network capacity and speed requirements for Windows Virtual Desktop
- recommend an operating system for a Windows Virtual Desktop implementation
- plan and configure name resolution for Active Directory (AD) and Azure Active Director Domain Services (Azure AD DS)
- plan a host pools architecture
- recommend resource groups, subscriptions, and management groups
- configure a location for the Windows Virtual Desktop metadata
- calculate and recommend a configuration for performance requirements
- calculate and recommend a configuration for Azure Virtual Machine capacity
I will start by creating a Resource Group (RG) to keep everything neat and tidy in.
The resource group will be called: rg-wvd-prod-uksouth-01
- rg (resource group)
- wvd (windows virtual desktop)
- prod (production)
- uksouth (location)
- 01 (incase we create more)
I will then create a couple host pools, one for multi-session and one for power users.
In respect to networking and existing estate - my environment will use an existing DC which is on-prem, I will create a VNET called vnet-wvd-prod-uksouth-01 and this will be peered with my on-prem AD (which is hosted in Azure), the DNS will also be configured to use 10.0.0.4 and 10.0.0.5 so it can use my on-prem DNS for name resolution.
As part of the HP creation, I will configure the Desktop Application Group (DAG).
A few details on roles here: https://docs.microsoft.com/en-us/azure/virtual-desktop/rbac
However, I will be creating 4 roles and these will be tied to RBAC roles - these being:
- WVD Multi-Session Users
- WVD Power Users
- WVD Administrator Users
- WVD Service Desk Users
- WVD Multi-Session Users (Desktop Virtualization User)
This group will be granted logon access to machines in the MS HP.
- WVD Power Users (Desktop Virtualization Role)
This group will be granted logon access to machines in the Power HP.
- WVD Administrator Users (Host Pool Contributor, Application Group Contributor, User Session Operator, Session Host Operator, Virtual Machine Contributor)
This role will grant administrative access, allowing 2nd/3rd line to administer.
"The Host Pool Contributor role lets you manage all aspects of host pools, including access to resources. You'll need an extra contributor role, Virtual Machine Contributor, to create virtual machines. You will need AppGroup and Workspace contributor roles to create host pool using the portal or you can use Desktop Virtualization Contributor role."
Note: The WVD Administrators group has got a lot of RBAC roles tied to it, which unless there is a GA type role for WVD, I can't see what else to use - I'd like a role that does everything rather than having 1 role with a load of RBAC roles tied to it.
WVD Service Desk Users (User Session Operator)
This role will allow the user to perform basis admin tasks such as disconnecting users.
"The User Session Operator role lets you send messages, disconnect sessions, and use the "logoff" function to sign sessions out of the session host. However, this role doesn't let you perform session host management like removing session host, changing drain mode, and so on. This role can see assignments, but can't modify admins. We recommend you assign this role to specific host pools. If you give this permission at a resource group level, the admin will have read permission on all host pools under a resource group."
1. Assess network capacity and speed requirements for Windows Virtual Desktop
We want to have a small amount of machines available to begin with, but the idea with the HP themselves will be.
Multi-Session Desktop - Breath-first, we don't really care how the users get allocated, we'll leave this to Azure. The machines will be pooled and likely stay this way, however as they're multi-session, I probably only need 1 or 2. However, 1 for now will do.
Power Desktop - Depth-first, machines will get allocated once resources have been used up. The machines will be pooled, however may change to personal at some stage depending on performance as users will not have a persistent desktop. I will assign 3-5 desktops to keep costs down in my test environment.
2. Recommend an operating system for a Windows Virtual Desktop implementation
In Multi-Session we will use the WVD Windows 10 MS image.
In Power we will use standard Windows 10 image (non MS).
The OSs will be used as a base for my gold image process later on.
3. Plan and configure name resolution for Active Directory (AD) and Azure Active Directory Domain Services (Azure AD DS)
As previously mentioned, this will be handled via VNET peering and the DC DNS.
4. Plan a host pools architecture recommend resource groups, subscriptions, and management groups
We will create 1 RG for now as we only have limited requirements, but as demands increase we can decide if we want to change things up but I won't be needing them at the moment.
5. Configure a location for the Windows Virtual Desktop metadata
We created the workspace earlier: ws-wvd-prod-uksouth-01
6. Calculate and recommend a configuration for performance requirements
It gets a bit tricky here and we'll reference the below links.
So my MS users fall under Medium and my Power users fall under Power.
Multi-Session: D4s_v3 - 4vCPUs, 16GB
Power: Standard D2s v3 - 2vCPUs, 8GB
The reason the above is tricky, is because we don't have any existing performance data to go off, so we need to use the links above to get an idea. Its worth noting, we can always change the spec, we would just need to put the machines into drain mode and then resize them.
7. Calculate and recommend a configuration for Azure Virtual Machine capacity requirements
A tricky one again, this will depend on the users themselves, limits will be set to as low as possible and an increase will be made based on demand if there is a good reason for it.
Part 2: Design for user identities and profiles
8. Select an appropriate licensing model for Windows Virtual Desktop based on requirements, 9. recommend an appropriate storage solution (including Azure NetApp Files versus Azure Files), 10. plan for Windows Virtual Desktop client deployment.
Existing licenses will be used where possible, and Azure files will be used. Azure NetApp looks like its meant for demanding workloads, however may use ANA in much large environments, but for mine I don't need it.
9. Plan for user profiles
User profiles will be using FSLogix for keeping application configuration settings etc. Users will have access to a shared drive connecting back to on-prem. Users will have access to existing shared drives also, these will be mapped in.
10. Recommend a solution for network connectivity
Bastion will be configured to allow support teams to offer remote support to users, and in my instance a VPN will be configured to allow communication with on-prem shares. Lastly, connectivity to the endpoints will be provided via the Microsoft RDP app or via the website directly, using wvd.fisontech.net.
11. Plan for Azure AD Connect for user identities
All users will be synced in from on-prem using the AD Connect tool, we will be using passthrough authentication if required with hash sync as a backup incase we lose connectivity with the on-prem DC. In this instance, I would normally create a backup DC on prem to fail over to, I may do this if I decide I think I need it, in production you obviously would but as I have a limited subscription, I'd probably keep it to one to keep costs down.
Phew.. so that's the first bit and that's only 10-15% but I would say having a plan is probably the most time consuming thing to make and set out what you're going todo, the next section will be how to Implement a Windows Virtual Desktop Infrastructure (25-30%). The above may not cover everything but having a good breadth understanding of most points will certainly help in the exam I think.