Day 33: AZ-140 Pt.2.2 - Create & Configure Hostpools

Section 2: Implement a Windows Virtual Desktop Infrastructure (25-30%)

Create and configure host pools and session hosts

The below should cover the following criteria for this section of the exam:

Create a host pool by using the Azure portal 
Automate creation of Windows Virtual Desktop host and host pools by using PowerShell, Command-Line Interface (CLI), and Azure Resource Manager templates
Create a host pool based on Windows client or Windows Server session hosts  
Configure host pool settings  
Manage licensing for session hosts that run Windows client or Windows Server  
Assign users to host pools  
Apply OS and application updates to a running Windows Virtual Desktop host 
Apply security and compliance settings to session hosts 

In order for FSL to work with my on-prem estate and have somewhere to be stored, I need a few things first:

 1. ADConnect installed and setup, this has already been covered in a previous blog. 

2. A storage account, this will sit in my HP RG I created before.

Creating my hostpool

In order to create a hostpool in the portal, its as simple as typing hostpool in add resource:

It's worth noting at the moment the below is the locations available (I selected W. Europe).
In addition, for now I will only create 1 hostpool (to save costs, I'll add the power pool later).
You will need a workspace, I have created one already called ws-wvd-prod-weu-01.

The exam also wants us to know how to add this all via PowerShell so follow and I will document this also in another blog related to this exam.

Taking a quick glance at the RG, its starting to fill out nicely. Holy naming conventions!

Creating my VM

So onto creating our VM via the host pool blade, I have configured it as per below:

As this machine will be joining your domain you need to ensure the name prefix is set.
I select multi-session here, but bare in mind I will create a custom gold image later.
The size is low, however would be a D4 if my sub allowed for it.
Lastly only 1 VM, as its a multi-session box.

Configure Domain Join

You can set a domain to join, however I opt to use the UPN of the account doing the domain joining, the system then works out based on my custom domain name what domain I am referring to.
You would need to create a domain join account in your on prem AD and wait for AD to sync. I would suggest creating an account specifically for WVD join purposes.
You also need to set a local admin account for your machine and password. The local admin account cant be called Administrator.
Lastly, if you didn't peer your vnets or add the dns of your DC, this step will fail.

Monitor the deployment of the VM

Once you hit verify and create, and create I would suggest keeping an eye on the status.
You have to consider a lot of steps are being performed here, fingers crossed! It should take no longer than 10 minutes to finish. If it's failed, it will let you know in below screens as an example. I would say this phase has tripped me up a few times so practice this step.

You want something that looks like the below, all green.

If we check in AD, we should see the machine also.

Configure hostpool settings

We can modify hostpool setting using the blade within the hostpool.

Manage host licenses

We can modify hostpool setting using the blade within the hostpool.

Assign hostpools to users

We can grant users access to the hostpool by using the app group blade.
I have added my WVD Multi-Session Users group to the DVU RBAC role.
Once done this can be viewed in the assignments blade.

Manage Updates

Azure Update Management can be utilized to update machines like with SCCM.
I have previously blogged about this and how to configure.
I suspect however that this exam might be talking about using the validation pool, this essentially allows us to test our changes first before we push them into production, testing the updates pushed out on patch Tuesday.

Apply security and compliance settings

As the machines are domain joined, they should invoke our on prem AD GPOs once placed in an OU with GPOs being advertised to them.
We can also enable Just In Time access which might be what this exam point it asking for.


I will probably review this section multiple times as I find out more.




Popular posts from this blog

Day 34: AZ-140 Pt.2.3 - Create Gold Images & Deploy

Day 43: AZ-140 Pt.6 - Summary