This content applies to the Fall 2019 release of Windows Virtual Desktop from Microsoft.
Part 4 | Create a Host Pool
In Part 1 of this series, I gave you an overview of Windows Virtual Desktop. In Part 2, you created a WVD tenant. In Part 3, you created a service principal and a role assignment for the service principal. Now you will use the Azure Marketplace to provision a host pool. Host pools contain the virtual machines that users connect to in your WVD tenant.
Provision a new host pool
Start by signing in to your Azure Portal. Then, in the search bar at the top, type Windows Virtual Desktop. Be sure to select Windows Virtual Desktop – Provision a host pool from Marketplace. Windows Virtual Desktop under Services is used with the Windows Virtual Desktop Spring 2020 update, which I will cover in future posts.
This will take you to an overview of Windows Virtual Desktop. Click Create to begin provisioning your host pool.
The host pool provisioning wizard is organized into pages, or tabs. There are four tabs: Basics, Configure virtual machines, Virtual machine settings and Windows Virtual Desktop information.
On the Basics tab:
Select your subscription from the list.
2. Resource group
Select an existing resource group, or select Create new and provide a unique name.
If you are trying to select an existing resource group an it is not in the list, you might need to change the region first in the next field, and then try to select the resource group again.
Select a region from the dropdown list.
4. Host pool name
Enter a name for your host pool. This name must be unique.
5. Desktop type
If you select Personal, each user will be permanently assigned to a virtual machine.
If you select Pooled, you will be able to take advantage of Windows 10 multi-session, and have multiple users per VM.
6. Default desktop users
Enter a comma-separated list of UPNs of the users you want to grant access to Windows Virtual Desktop.
The users you list here will be added to the Desktop Application Group, and have access to the full Windows 10 desktop.
You can add users later as well, using PowerShell. I like to add a single user here, for testing, and add additional users later.
If you want to test your deployment at the end of this post, add at least one licensed user. Remember the license requirements from Part 1?
7. Service metadata location
Choose the same location as the virtual network that has connectivity to your Active Directory domain controller.
8. Select Next: Configure virtual machines
Configure virtual machines
On the Configure virtual machines tab:
Create an Availability Set
Availability Sets ensure that the VMs are distributed across multiple, isolated hardware nodes in a cluster, providing high availablilty.
The usage profile determines the number of users per vCPU. The choices are Light (6), Medium (4), Heavy (2) and Custom. Choose custom to create a specific number of VMs.
The total number of users, combined with the usage profile and the VM size will determine how many VMs are created in your host pool.
Number of VMs = TotalUsers / (UsageProfileNumber * #ofvCPUs)
If you choose Light (6), and enter a total number of users of 50, and pick a VM size that has 4 vCPUs, you will create 3 VMs in your host pool. Each VM has 4 vCPUs and each vCPU can support 6 users, that’s 24 users per VM. Two VMs would cover 48 users, you’ll need 3 VMs for 50 users.
Virtual machine size
Here you will see the number of VMs that will be created, based on your selections above, and the default VM size.
You can accept the default size, or select Change size to select a different size VM.
Virtual machine name prefix
VMs will be named by adding a dash and an incrementing number to the prefix you specify. (Prefix-1, Prefix-2,…)
6. Select Next: Virtual machine settings
Virtual machine settings
On the Virtual machine settings tab:
You can choose Blob storage, Managed image, or Gallery. The information required will be different, depending on what you choose.
Blob storage will require an image URL that points to a generalized .vhd file in your storage account.
Managed image will require the name of the Azure managed image to be used as the source OS for the VMs and the name of the existing resource group that contains the Azure managed image.
Gallery will present a list of available OS images to choose from.
Choose between Premium SSD, Standard SSD, and Standard HDD
AD domain join UPN
Enter the UPN and password of an account that has permissions to join the VMs to your domain.
A local user account with the same user name and password will be created on the VMs in your host pool.
Ideally, you would use a standard AD user account, that has been delegated the ability to join machines to the domain.
Do not use an account that has MFA enabled.
Specify domain or OU
If you select No the suffix of the AD domain join UPN from the previous step will be used as the domain name to join, and the computer accounts for the VMs will be created in your default location in Active Directory. You can move them later, if you need to.
If you want to specify a different domain, or specify a specific OU to create the computer accounts for the VMs in, select Yes and provide the domain name and/or the distinguished name of the OU.
Select the virtual network that is connected to your Active Directory domain controller.
Select the subnet that the virtual machines will be connected to.
7. Select Next: Windows Virtual Desktop information
Windows Virtual Desktop information
On the Windows Virtual Desktop information tab:
Windows Virtual Desktop tenant group name
In most cases, you should leave the default value. This is used to simplify the management of multiple tenants.
Windows Virtual Desktop tenant name
Enter the name of your Windows Virtual Desktop tenant you created in Part 2.
Windows Virtual Desktop tenant RDS Owner
Select the type of account to use when creating your host pool. This account must have RDS Owner or RDS Contributor permissions in your Windows Virtual Desktop tenant.
If you select User account, enter the UPN and password.
If you created a service principal in Part 3, select Service Principal. Enter the application ID and password for the service principal, and the Azure AD tenant ID.
4. Select Next: Review and create
Review and create
When you select Review and create, Azure will run your configuration through a validation check. You should see a green bar across the top, stating that the validation passed. If validation fails, most likely some required information is missing or not valid. Use the Previous button, or click on the tab names at the top and make the appropriate changes.
Once everything looks correct, and validation passes, select Create to start the deployment of your host pool. This will take 20 minutes or longer, depending on how many VMs you are creating.
You can watch the deployment progress on the next screen. You can navigate away from this screen without interrupting the deployment.
Once the deployment has completed, you can select Go to resource, and you can see the resources that were deployed. You can select a resource and see details about the resource.
Connect to Windows Virtual Desktop
Time to test it out! There are a couple of ways to connect to Windows Virtual Desktop, depending on the OS you are using. For this test, you will use the web client, which will allow you to connect from any OS, all you need is an HTML5-capable browser.
Open your browser and navigate to https://rdweb.wvd.microsoft.com/webclient, and authenticate using the account you added to the Default desktop users when deploying the host pool.
Once authenticated, on the All Resources tab, you should see your tenant listed, with an icon representing the host pool.
Click the icon to connect. In the RDP prompt for access to local resources, make any changes necessary, and select Allow
You will then be prompted to Enter your credentials. Enter the user’s credentials again. This is to authenticate to the VM, where the prior authentication was to the WVD tenant. SSO is in the works.
Congratulations, you are now connected to a Windows Virtual Desktop!
If you chose the Windows 10 Enterprise multi-session with Office 365 ProPlus, you will notice that Office is already installed. How easy was that?
Now that you have Windows Virtual Desktop up and running, your next task is to determine what users need access, and what they need access to. For full desktop access, you can add additional users to the Desktop Application Group using PowerShell. If you want to limit access to specific applications, you will need to create RemoteApp groups and grant access to them. I will show you how to do both in Part 5, Manage App Groups.