Implement Azure Virtual Network Connectivity
As you know, Azure Virtual Desktop is a desktop and application virtualization service that runs in the Azure cloud. Azure Virtual Desktop works across devices (Windows, Mac, iOS, Android, and Linux) with apps that you can use to access remote desktops and apps.
First you need to understand how this works before digging in more. Azure offers a cloud service that accesses a container for all the virtual machines in your deployment. All the virtual machines in this cloud service are talking to each other and are on the same network.
What Is Azure Virtual Network?
Azure Virtual Network (VNet) is the foundation for a private network in Azure. VNet allows various kinds of Azure resources, including virtual machines, to firmly communicate with each other, the Internet, and on-premises networks. VNet facilitates Azure resources to securely communicate with each other, the Internet, and on-premises networks.
By linking Azure Virtual Desktop host pools to an Active Directory domain, you can specify the network topology to gain access to virtual desktops and virtual apps from the intranet or Internet, based on company policy. You can connect an Azure Virtual Desktop instance to an on-premises network utilizing a virtual private network (VPN) or, with the help of Azure ExpressRoute, expand the on-premises network into the Azure cloud over a private connection.
There are a number of scenarios that you can achieve by using a virtual network, such as communicating with Azure resources with the Internet, communicating between Azure resources, communicating with on-premises resources, filtering network traffic, routing network traffic, and integrating with Azure services. Let’s discuss each scenario in detail starting with communicating with the Internet. The communication between Azure resources is accomplished through a network such as a virtual network, virtual network service endpoint, or virtual network peering. Figure 4-1 shows the access to Azure PaaS and IaaS and on-premises connectivity.
Figure 4-1. Azure VNet
Communicate withtheInternet
All resources in a virtual network can communicate outbound to the Internet by default. You can communicate inbound to a resource by assigning a public IP address or a public load balancer. You can also use a public IP or public load balancer to manage your outbound connections.
When using only an internal standard load balancer, outbound connectivity is not available until you define how you want outbound connections to work with an instance-level public IP or a public load balancer.
Connect to Azure Resources
Azure resources communicate securely with each other in one of the following ways:
•\ Through a virtual network: You can deploy VMs and several other types of Azure resources to a virtual network, such as Azure app service environments, Azure Kubernetes Service (AKS), and Azure Virtual Machine Scale Sets.
•\ Through a virtual network service endpoint: Extend your virtual network private address space and the identity of your virtual network to Azure service resources, such as Azure Storage accounts and Azure SQL Database, over a direct connection. Service endpoints allow you to secure your critical Azure service resources to only a virtual network.
•\ Through VNet peering: You can connect virtual networks to each other, enabling resources in either virtual network to communicate with each other, using virtual network peering. The virtual networks you connect can be in the same or different Azure regions.