From de01a8485db999b7654822e44bed39284d2b86de Mon Sep 17 00:00:00 2001 From: Igor Pagliai Date: Sun, 9 Jul 2023 10:46:53 +0200 Subject: [PATCH] Final review and adjusted priorities --- checklists/avd_checklist.en.json | 61 ++++++++++++++------------------ 1 file changed, 26 insertions(+), 35 deletions(-) diff --git a/checklists/avd_checklist.en.json b/checklists/avd_checklist.en.json index 176c8d78c..e337c4de3 100644 --- a/checklists/avd_checklist.en.json +++ b/checklists/avd_checklist.en.json @@ -33,7 +33,7 @@ "subcategory": "Capacity Planning", "text": "Estimate the number of different Host Pools to deploy ", "description": "Based on your selection criteria, how many Host Pools you would need? You should consider to have multiple ones in case of multiple OS images, multiple regions, different hardware required, different Host Pool type, different user requirements and SLA (Top users, Execs, Office Worker vs. Developers, etc.), different RDP settings (applied at Host Pool level), required number of VMs in the host pool exceeding maximum capabilities", - "guid": "", + "guid": "4e98495f-d3c0-4af2-aa59-a793395a32a7", "severity": "High", "link": "https://learn.microsoft.com/en-us/azure/virtual-desktop/terminology?WT.mc_id=Portal-fx#host-pools" }, @@ -41,9 +41,9 @@ "category": "Foundation", "subcategory": "Capacity Planning", "text": "For Personal Host Pool type, select the proper assignment type", - "description": "Confirm that the difference between automatic and direct assignment is well understood and the selected option is appropriate for the scenario in question.", + "description": "Confirm that the difference between automatic and direct assignment is well understood and the selected option is appropriate for the scenario in question. Automatic is the default setting.", "guid": "b38b875b-a1cf-4204-a901-3a5d3ce474db", - "severity": "Medium", + "severity": "Low", "link": "https://docs.microsoft.com/azure/virtual-desktop/configure-host-pool-personal-desktop-assignment-type" }, { @@ -52,17 +52,8 @@ "text": "For Pooled Host Pool type, select the best load balancing method", "description": "Check which one to use and available options, be aware that if autoscaling will be used, it sets it to breadth-first.", "guid": "cbd8682a-6abc-4a2a-9fda-1dbf3dc95d48", - "severity": "Medium", - "link": "https://docs.microsoft.com/azure/virtual-desktop/host-pool-load-balancing" - }, - { - "category": "Foundation", - "subcategory": "Clients & Users", - "text": "Determine if users will consume AVD using full desktops and/or remote applications ", - "description": "Determine if users will be offered full desktops (DAG) and/or Remote Applications. Document your choice in the 'Comment' column.", - "guid": "13c00567-4b1e-4945-a459-837ee7ad6c6d", "severity": "Low", - "link": "https://learn.microsoft.com/en-us/azure/virtual-desktop/terminology#application-groups" + "link": "https://docs.microsoft.com/azure/virtual-desktop/host-pool-load-balancing" }, { "category": "Foundation", @@ -88,7 +79,7 @@ "text": "Estimate the number of Applications for each Application Group", "description": "Applications are grouped under Application Groups as containers for publishing and assigning permissions: we recommend that you do not publish more than 50 applications per application group.", "guid": "fa9f2895-473d-439b-ab8e-5a5cf92c7f32", - "severity": "Medium", + "severity": "Low", "link": "https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/azure-subscription-service-limits#azure-virtual-desktop-service-limits" }, { @@ -106,7 +97,7 @@ "text": "Run workload performance test to determine the best Azure VM SKU and size to use", "description": "Use the link provided to set a starting point for SKU decision, then validate using a performance test. Ensure a minimum of four cores for Production is selected per Session Host (multi-session)", "guid": "e1112dbd-7ba0-412e-9b94-ef6e047d2ea2", - "severity": "Medium", + "severity": "High", "link": "https://docs.microsoft.com/windows-server/remote/remote-desktop-services/virtual-machine-recs" }, { @@ -124,7 +115,7 @@ "text": "Determine if Session Hosts will require GPU", "description": "Host Pools with GPU require special configuration, please be sure to review the referenced article.", "guid": "c936667e-13c0-4056-94b1-e945a459837e", - "severity": "Medium", + "severity": "Low", "link": "https://docs.microsoft.com/azure/virtual-desktop/configure-vm-gpu" }, { @@ -151,7 +142,7 @@ "text": "Assess external dependencies for each Host Pool", "description": "The dependencies on resources external to the AVD pool should be assessed and reviewed, for example Active Directory, external file shares or other storage, on-premises services and resources, network infrastructure components like VPN and or Express Route, external services and 3rd-party components. For all these resources, latency from the AVD Host Pool needs to be evaluated and connectivity considered. Additionally, BCDR considerations need to be applied to these dependencies as well.", "guid": "6abca2a4-fda1-4dbf-9dc9-5d48c7c791dc", - "severity": "Low", + "severity": "Medium", "link": "https://learn.microsoft.com/en-us/azure/architecture/example-scenario/wvd/windows-virtual-desktop?toc=%2Fazure%2Fvirtual-desktop%2Ftoc.json&bc=%2Fazure%2Fvirtual-desktop%2Fbreadcrumb%2Ftoc.json" }, { @@ -160,7 +151,7 @@ "text": "Review user client OS used and AVD client type", "description": "AVD offers a variety of client types (fat, thin, web) to connect over different platforms (Windows, MacOS, iOS, Android). Review limitations of each client and compare multiple options when possible.", "guid": "a1f6d565-99e5-458b-a37d-4985e1112dbd", - "severity": "Medium", + "severity": "Low", "link": "https://learn.microsoft.com/en-us/azure/virtual-desktop/users/connect-windows" }, { @@ -241,7 +232,7 @@ "text": "Select the proper AVD Session Host domain join type", "description": "VMs can be Active Directory (AD) domain-joined, Hybrid AD-joined, Azure AD Joined or Azure AD DS joined. Be sure to review supported scenarios, limitations and requirements from the referenced article.", "guid": "ea962a15-9394-46da-a7cc-3923266b2258", - "severity": "Medium", + "severity": "High", "link": "https://learn.microsoft.com/en-us/azure/virtual-desktop/prerequisites?tabs=portal#supported-identity-scenarios" }, { @@ -268,7 +259,7 @@ "text": "Create a specific OU in Active Directory for each Host Pool", "description": "Recommended to create a separate OU per Host Pool under a separate OU hierarchy. These OUs will contain machine accounts of AVD Session Hosts. ", "guid": "6db55f57-9603-4334-adf9-cc23418db612", - "severity": "Low", + "severity": "Medium", "link": "https://docs.microsoft.com/azure/virtual-desktop/create-host-pools-azure-marketplace" }, { @@ -319,7 +310,7 @@ { "category": "Identity", "subcategory": "Active Directory", - "text": "A Windows Server Active Directory forest/domain is in sync with Azure Active Directory", + "text": "A Windows Server Active Directory forest/domain must be in sync with Azure Active Directory", "description": "You can configure this using Azure AD Connect (for hybrid organizations) or Azure AD Domain Services (for hybrid or cloud organizations).", "guid": "5119bf8e-8f58-4542-a7d9-cec166cd072a", "severity": "High", @@ -331,7 +322,7 @@ "text": "Configure Azure Files share for Azure Active Directory (Azure AD) Kerberos authentication", "description": "If Azure Files is used and pre-requisites can be satisfied, it is recommended to configure (Azure AD) Kerberos authentication. This configuration will allow to store FSLogix profiles that can be accessed by hybrid user identities from Azure AD-joined or Hybrid Azure AD-joined session hosts without requiring network line-of-sight to domain controllers.", "guid": "e777fd5e-c5f1-4d6e-8fa9-fc210b88e338", - "severity": "High", + "severity": "Medium", "link": "https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-hybrid-identities-enable" }, { @@ -403,7 +394,7 @@ "text": "Evaluate the usage of Virtual-Desktop-Optimization-Tool", "description": "This tool-set has been created to automatically apply setting referenced in white paper 'Optimizing Windows 10, version 2004 for a Virtual Desktop Infrastructure (VDI) role': https://docs.microsoft.com/windows-server/remote/remote-desktop-services/rds-vdi-recommendations-2004. Usage of the tool and/or optimizations mentioned in the white-paper should be considered. ", "guid": "829e3fec-2183-4687-a017-7a2b5945bda4", - "severity": "Medium", + "severity": "Low", "link": "https://github.com/The-Virtual-Desktop-Team/Virtual-Desktop-Optimization-Tool" }, { @@ -412,7 +403,7 @@ "text": "Determine if Microsoft OneDrive will be part of AVD deployment", "description": "If OneDrive is used and included in a golden image, be sure to follow the configuration procedure reported in the companion article in the 'More Info' section. Not in scope in this AVD checklist, but OneDrive optimizations like 'Known Folder Redirection' and 'Files On-Demand' should be evaluated used to reduce the space used in FSLogix profiles and provide a better user experience.", "guid": "e3d3e084-4276-4d4b-bc01-5bcf219e4a1e", - "severity": "Medium", + "severity": "Low", "link": "https://learn.microsoft.com/en-us/azure/virtual-desktop/install-office-on-wvd-master-image#install-onedrive-in-per-machine-mode" }, { @@ -421,7 +412,7 @@ "text": "Determine if Microsoft Teams will be part of AVD deployment", "description": "Be sure to review the requirements and configuration procedure contained in the companion article in the 'More Info' column. Since Teams automatic updates will be disabled, it is recommended to check and include Teams latest version in the golden image update process.", "guid": "b5887953-5d22-4788-9d30-b66c67be5951", - "severity": "Medium", + "severity": "Low", "link": "https://learn.microsoft.com/en-us/azure/virtual-desktop/teams-on-AVD" }, { @@ -439,7 +430,7 @@ "text": "Do not use the same storage account/share as Profile/Office containers ", "description": "It is highly recommended to use separate storage accounts/shares to store MSIX packages. If necessary, storage can scale out independently and not being impacted by profile I/O activities. Azure offers multiple storage options that can be used for MISX app attach. We recommend using Azure Files or Azure NetApp Files as those options offer the best value between cost and management overhead. ", "guid": "90083845-c587-4cb3-a1ec-16a1d076ef9f", - "severity": "High", + "severity": "Medium", "link": "https://docs.microsoft.com/azure/virtual-desktop/app-attach-file-share" }, { @@ -448,7 +439,7 @@ "text": "Review performance considerations for MSIX", "description": "In the referenced article, we reported few but important performance considerations for MSIX usage in AVD context, be sure to carefully review.", "guid": "241addce-5793-477b-adb3-751ab2ac1fad", - "severity": "High", + "severity": "Medium", "link": "https://docs.microsoft.com/azure/virtual-desktop/app-attach-file-share" }, { @@ -466,7 +457,7 @@ "text": "MSIX packages for 3rd-party applications", "description": "3rd-party software vendor must provide a MSIX package, it is not recommended for customer to attempt the conversion procedure without proper support from the application owner.", "guid": "bd362caa-ab79-4b19-adab-81932c9fc9d1", - "severity": "Medium", + "severity": "Low", "link": "https://docs.microsoft.com/azure/virtual-desktop/app-attach-faq" }, { @@ -691,7 +682,7 @@ "text": "If FSLogix Cloud Cache is used, consider moving the cache directory to the VM temporary drive.", "description": "Cloud Cache uses OS drive as local cache storage and may generate lot of pressure on the VM disk. Depending on the VM SKU and size used, the VM temporary drive can be a viable and performant solution where to relocate Cloud Cache cached content. Before adopting this solution, tests should be executed to confirm performance and stability. More details on Cloud Cache can be found here: https://learn.microsoft.com/en-us/fslogix/concepts-fslogix-cloud-cache. ", "guid": "b2d1215a-e114-4ba3-9df5-85ecdcd9bd3b", - "severity": "Medium", + "severity": "Low", "link": "https://docs.microsoft.com/fslogix/cloud-cache-configuration-reference" }, { @@ -718,7 +709,7 @@ "text": "Enable SMB multichannel when using a premium file share to host FSLogix profile containers.", "description": "SMB Multichannel enables clients to use multiple network connections that provide increased performance while lowering the cost of ownership. Increased performance is achieved through bandwidth aggregation over multiple NICs and utilizing Receive Side Scaling (RSS) support for NICs to distribute the IO load across multiple CPUs.", "guid": "5784b6ca-5e9e-4bcf-8b54-c95459ea7369", - "severity": "Medium", + "severity": "Low", "link": "https://learn.microsoft.com/en-us/azure/storage/files/storage-files-smb-multichannel-performance" }, { @@ -745,7 +736,7 @@ "text": "Use built-in provided administrative templates for AVD settings configuration", "description": "AVD provides administrative templates for Intune and Active Directory GPO. Using these templates it is possible to centrally several AVD configuration settings: Graphics related data logging, Screen capture protection, RDP Shortpath for managed networks, Watermarking. See companion article in 'More Info' colum for details. NOTE: FSLogix has its own separate template.", "guid": "5549524b-36c0-4f1a-892b-ab3ca78f5db2", - "severity": "Medium", + "severity": "Low", "link": "https://learn.microsoft.com/en-us/azure/virtual-desktop/administrative-template" }, { @@ -772,7 +763,7 @@ "text": "Assess the requirements for host pool auto-scaling capability", "description": "The scaling tool provides a low-cost automation option for customers who want to optimize their session host VM costs. You can use the scaling tool to schedule VMs to start and stop based on Peak and Off-Peak business hours, scale out VMs based on number of sessions per CPU core, scale in VMs during Off-Peak hours, leaving the minimum number of session host VMs running. Not available yet for Personal Host Pool type.", "guid": "7138b820-102c-4e16-be30-1e6e872e52e3", - "severity": "Low", + "severity": "Medium", "link": "https://learn.microsoft.com/en-us/azure/virtual-desktop/autoscale-scenarios" }, { @@ -826,7 +817,7 @@ "text": "Configure the Scheduled Agent Updates feature", "description": "The Scheduled Agent Updates feature lets you create up to two maintenance windows per Host Pool to update AVD components at a convenient time. It is recommended to specify maintenance windows then upgrading Session Hosts will not happen during peak business hours. Scheduled Agent Updates is disabled by default. This means that, unless you enable this setting, the agent can get updated at any time by the agent update flighting service.", "guid": "c067939b-e5ca-4698-b9ce-3bd91843e73f", - "severity": "Medium", + "severity": "Low", "link": "https://learn.microsoft.com/en-us/azure/virtual-desktop/scheduled-agent-updates" }, { @@ -835,7 +826,7 @@ "text": "Create a validation (canary) Host Pool", "description": "Host pools are a collection of one or more identical virtual machines within Azure Virtual Desktop environment. We highly recommend you create a validation host pool where service updates are applied first. This allows you to monitor service updates before the service applies them to your standard or non-validation environment.", "guid": "d1e8c38e-c936-4667-913c-005674b1e944", - "severity": "Low", + "severity": "Medium", "link": "https://docs.microsoft.com/azure/virtual-desktop/create-validation-host-pool" }, { @@ -1042,7 +1033,7 @@ "text": "Separate critical applications in different AVD Host Pools", "description": "Before approaching Azure Virtual Desktop BCDR planning and design, it is important to initially consider which applications are consumed through AVD are critical. You may want to separate them from non-critical apps and use a separate Host Pool with a different disaster recovery approach and capabilities.", "guid": "10a7da7b-e996-46e1-9d3c-4ada97cc3d13", - "severity": "Medium", + "severity": "Low", "link": "https://docs.microsoft.com/azure/virtual-desktop/disaster-recovery" }, {