Implementation of Windows Virtual Desktop

Business Requirement

Being a financial firm, security was one of the major concerns with Work from Home facilities. We had to make sure that each and every employee could securely access business applications hosted on-premises. Considering the fact that most of the users had a workstation in their offices which they used to access LOBs, we had to come up with solutions that would help them access these resources from their homes, using their personal laptops, PCs or mobile phones securely. The client wanted a setup that can quickly enable all of their employee bases to start their work from home while keeping the cost in check.

Solution

Keeping all the concerns in mind, Windows Virtual Desktop came out as the obvious choice. Thanks to Microsoft’s advancement in the VDI space, it was possible for us to plan & set up an infrastructure that could fulfil such requirement in a few days.

Approach

Following steps were undertaken to implement WVD efficiently.

  1. Since the customer was already using Office 365 as their email service provider, they already had on-prem AD in sync with Azure AD.
  2. We set up networking in Azure with multiple Subnets, NSG and established a site to site connection with the customer’s Datacenter.
  3. Azure Firewall was set up to make sure that only company mandated URL’s were accessible from WVD hosts via the internet. Traffic from all subnets was router to Firewall Subnet.
  4. Different WVD HostPools were set up for different departments, with varying configuration. Copying of files to and from WVD hosts was turned off and a maximum user limit was configured for each Host.
  5. FSLogix was set up and configured for all WVD HostPools to enable roaming profiles in order for the users to have a seamless experience
  6. Automation and Autoscaling were set up to achieve cost optimization.
  7. Dashboards were set up using Azure Monitor and Log Analytics to provide visibility of environment, usage and alerts.
  8. Azure backup was set up to make sure that user roaming profiles were set up quickly in case of a disaster.
  9. Storage and Event Hubs were configured to store Logs for different Azure services and were linked with IBM’s SIEM tools, QRADAR.

Outcomes

Following the best practices efficiently, we virtualized the customer’s big landscape of IT service, enabling each and every user to perform at peak without any disruption in the system while maintaining the highest level of security.

Virtualizing whole infra in one go seemed a major financial burden at first, but with our precise scoping and efficient deployment we were able to achieve the goal.