Recommended Solution for Network Connectivity
Azure networking products and services support a wide variety of networking capabilities, so it is important to correctly identify the network requirements for your Azure Virtual Desktop deployment. How you structure these services and the networking architectures you choose depend on your organization’s workload, governance, and connectivity requirements.
The decision tree (common assessment framework) in Figure 3-2 can help you determine the networking tools or services to use for Azure Virtual Desktop.
The following questions can help you make decisions based on the Azure networking services:
•\ How many IP addresses do you need in your virtual network (based on the size of Azure Virtual Desktop virtual network)?
The number of IP addresses needed in the virtual network will mainly depend on the number of session hosts you want to deploy in the virtual network plus a buffer IP address for future growth. Use appropriate address ranges as defined in your existing networking architecture to be able to scale out your Azure virtual network infrastructure.
•\ Will your workloads require connectivity between virtual networks and your on-premises datacenter?
You need on-premises connectivity in case you want to extend your Active Directory on-premises domain in Azure or allow an application that runs on your Azure Virtual Desktop deployment to reach on-premises resources.
•\ Will you need to inspect and audit outgoing traffic by using on-premises network devices?
Your security policies might require Internet-bound outgoing traffic to pass through centrally managed devices in the cloud or on-premises environment. This can be achieved by using forced tunneling to direct all traffic to a specific firewall/device.
•\ Do you need multiple virtual networks?
The number of virtual networks you will need depends on the number of regions you want to deploy Azure Virtual Desktop session hosts in. If you are planning to deploy Azure Virtual Desktops in multiple regions, then you need a virtual network in that region with all the connectivity and security.
•\ Do you need to connect multiple virtual networks?
You can use virtual network peering to connect services in another Azure virtual network. For example, you have all the shared services such as extended ADDS and DNS present in a hub virtual network, and you want Azure Virtual Desktop to use the shared services for name resolution and authentication.
•\ Will you need custom DNS and a domain join?
Yes, Azure Virtual Desktop supports domain join for session hosts so that you can apply an organization-specific compliance policy to the session host. AVD virtual network DNS settings can be changed to custom DNS and can point it to organization-specific DNS server so that it can help to resolve Active Directory domain names and join the session host to the domain.