In this webinar talk Dafydd Watkins, Lead Modern Workplace Engineer for Lloyds, walks through their adoption of Azure Virtual Desktop.
From 2m:35s he introduces himself, highlighting that the bank has 14-15,000 active devices on AVD, a migration delivered through 2022.
In 2023 they are building upon that to deliver multi-session and remote apps, and an additional 14,000 users.
At 4m:15s Dafydd describes the organizations requirements for AVD:
- Provide a standardized, secure work-from-home platform, that supports any device.
- Provide offshore colleagues with an enterprise managed device in regions where procurement of physical devices is complex.
- Reduce latency between business applications and associated back-end infrastructure.
- Transparency of VDI service costs to the business.
- Provide MS Teams to all colleagues and partners.
Dafydd explains the key criteria and principles for implementing AVD from 5m:30s:
- Adopt a modern, Cloud native workplace tool stack. Their shift to Windows 10 and AAD for identity was a major driver, as was the fact they are a big user of M365.
- They operate stringent testing requirements for new services being moved into production so VDI and the support service were helpful to this being achieved at pace.
- Procurement and provisioning through their ServiceNow portal.
At 7m:55s he explains the Cloud Native decision in more detail, which was primarily to move away from the ongoing costs of maintaining on-site hardware, as they experienced as a big Citrix user. Furthermore external, international partners were routed via MPLS to this Citrix platform and endured poor performance.
They also had to maintain a volume of fail-over capacity of this for DR scenarios, which added further costs and complexity, and in general the shift to a Cloud-based approach has addressed all of these issues, while naturally engendering greater scalability and resilience.
At 9m:44s he moves on to exploring why they opted for AVD, defining key influencing factors being:
- Mature APIs, so they could automate provisioning, and flexibility to use open source tools like Packer, which they use for all of their Clouds not just Azure.
- Free of charge as part of their M365 licencing, with high levels of integration across the MS suite, and key features like Teams Optimization.
- Also Lloyds is a user of Azure Sentinel and this too is well integrated with AVD.
Technical Decision Points
From 12m:35s these decisions are expanded upon from a technology perspective, notably:
- Infrastructure as Code: Decide on whether you’re going to implement your platform as code, and if so which tools will you use, such as Github Actions, Azure DevOps, and therefore what provisioning language you will use (eg Terraform .HCL or Bicep .bicep).
- What Azure region will you deploy to, and do you need region fail-over?
- Will you build or buy management functionality? At 15m:10s Dafydd highlights there are a lot of moving parts with AVD requiring management, which you can build in-house using tools like Powershell but if you lack the team skills/time, he recommends third party solutions like Nerdio.
- How will you manage your images – Lloyds uses Packer.
- What network design is needed to support your VDI capacity.
At 25m:50s Dafydd concludes the session by summarizing what they have learned from their AVD deployment:
- Break down your total AVD implementation into a sub-set of VDI scenarios, implementing the lighter ones first to generate traction, and then take on the more complex requirements. Utilize Agile practices to speed deployment.
- Finalize your Azure Landing Zone as a complete and mature fully working foundation before implementing AVD on top of it.
- Similarly key AVD support services should be established first, such as image management.
- It’s strongly recommended to utilize the infrastructure as code approach, working with tools like Terraform or Bicep.
- Resource and template libraries like the Azure Accelerator are very helpful for planning and prototyping your project.
- Conduct a full network audit and agree your DNS strategy upfront, to avoid the problems that arise from related configuration issues.
- Similarly audit any existing VDI implementations and understand the use cases for its adoption.
- Don’t under-estimate the people / skills requirements. AVD spans multiple technology domains, from networks through DevOps, and is a very sensitive area with stakeholders so requires considerable engagement.
- MS Teams has been very well received and so is a great killer app to encourage and reward adoption.
Wrapping up at 35m:40s Dafydd describes their future plans for AVD:
- Establish a POC for making VDI the primary device for all new users.
- Conclude migration of all legacy VDI infrastructure and cost optimize the platform.
- Adopt new AVD services like DevBox and Private Link.
- Privileged access workstations enabled with AVD.
- Remove on-prem AD dependency entirely from AVD.