Wednesday, November 17, 2021

Empowering AVD Image deployments with Azure Pipelines, Bicep and Liquit!

In any Cloud implementation, automation is key in becoming successful. Azure Virtual Desktop (AVD) is no different. AVD is a service in Azure and for a big part its managed by Microsoft for you. But it doesn’t stop there. Microsoft manages the control plane components and you as the partner or customer organization need to deal with the components that you are responsible for. Basically, anything that shows up in your or your customers Azure Subscription as well as the various AVD clients you use.

This means you as the partner or customer organization can focus on what’s really important, the perceived end user experience and optimizing that experience for your specific use case or scenario. This involves things like auto-scaling, profile management, image optimization and yes, also maintaining applications and putting in place proper application life cycle management.

Its probably no surprise that by far the number one application published and used in AVD is Microsoft 365 apps for enterprise. Microsoft already does a good job at providing that in various marketplace images for AVD including the FSLogix agent that improves the user experience. Most AVD environments however also include 3rd party applications specific to the customers organization.

When dealing with AVD Personal scenarios it makes sense to treat your AVD personal hosts as you would treat your physical devices. Since there is a 1-to-1 relationship between the user and the VM, you can have the same application distribution and update approach for both physical and virtual environments. When dealing with AVD Pooled Scenarios, many organizations prefer a ‘traditional’ approach based on a golden image strategy. This ensures that the user experience is same the regardless of the session host their session lands on. It also allows testing applications and OS updates in a separate staging environment prior to production. Furthermore, it allows reverting back to a previous image version in case issues arise. And, based on Infrastructure as Code, you can deploy and expand your host pool in a fully automated way.

In an ideal world, both user profiles and all applications are fully separated from the Session Host OS. For the first piece is the puzzle, FSLogix Profile Containers already makes sure a user’s profile is fully separated and stored centrally on Azure Files or Azure NetApp files. For the second piece of the puzzle, MSIX app attach is a great solution. It allows you to place an extracted MSIX application inside a VHDX container and attach it to the Session Host. This is fully transparent to the OS as well as to the user. Basically, the OS is tricked into thinking an MSIX application was installed and you can register the application to a set of users. As ideal as this sounds, it does mean that the application needs to be in the MSIX format. Hopefully application vendors will start to embrace MSIX and delivers their applications natively as MSIX too. Until that time however, applications need to be transformed from MSI or Exe towards MSIX. Although there are both free and paid tools out there that help you in this process, most organizations will not achieve 100% success rate in the transformation process.

There are many ways to deal with installing applications as part of your AVD Image Deployment. In this blog post, I focus on using a fully automated approach using Liquit as the application source and an Azure DevOps Pipeline leveraging Bicep and Az Cli for the automation part.

The goals is to create a new image from scratch based on an Azure Market place image, have Liquit install all applications, capture the image towards an Image Gallery and deploy new Session Host servers towards an AVD Host pool.

  • It all starts with a Deployment in Liquit containing the applications we want to install as part of this AVD Image. In this case its a combination of applications coming from the huge Liquit Setup Store as well as custom added and modified applications.
  • As part of an Azure DevOps pipeline, Bicep is used to deploy a new Template VM in Azure based on the OS version and SKU provided as the parameter.
  • Next, the Liquit Agent is installed and a pre-configured agent.xml is downloaded from a secure Azure Files location to configure the Liquit Agent.
  • The Liquit Agent now installs all the applications as configured in the Deployment
  • Next, the Template VM is sysprepped, stopped and deallocated
  • The pipeline continues by capturing the template VM and placing as a new Image Version inside an Azure Compute Gallery (previously Shared Image Gallery) and the sysprepped Template VM is removed from Azure.
  • Next, the pipeline generates a new host pool registration token to prepare for the Session Host servers to be added.
  • And finally, the pipeline deploys x number of Session Host Servers, joins them to the domain, installs the AVD Agent and adds them to the configured Host pool.

The entire process only took 26 minutes to complete! In case of an application update or new application, it can simply be added to the Liquit Deployment and within 26 minutes it is available in the AVD Host pool. Introducing an approval step between a deployment towards a test environment and a production environment can of course easily be added.

Interested in the details and code behind this deployment? Join me on a webinar together with the Liquit team on December 7th 3PM CET, for demo-heavy session that walks through this scenario!

#AVD #Liquit #AzureVirtualDesktop