Reference Architecture – Multi-Region Azure Native Qumulo and Azure Virtual Desktop
This article describes a solution that delivers highly-available Azure Virtual Desktop services to on-prem and/or remote users. The solution described in this article is distributed across two separate Azure regions in an active-active configuration.
The solution is deployed across two Azure regions, using Nerdio Manager for image, resource management, and connection services, FSLogix for user profile and environment management, and Azure Native Qumulo Scalable File Service (ANQ) to host user profile data, as shown in the following diagram(s).
Download a Visio file of this architecture.
- Azure Native Qumulo Scalable File Service (ANQ) to host the individual VHD-based profiles of each desktop user. A separate ANQ instance has been deployed in each region.
- Azure Virtual Network
- VNet Injection to connect each region’s ANQ instance to the customer’s own Azure subscription resources
- Azure Virtual Desktop, deployed in two Azure regions, with a separate pool of users assigned to each region’s AVD resources as their primary site, and each region set up as the secondary site for the other region in the event of a regional service interruption.
- Nerdio Manager to simplify and streamline the process of managing AVD-related services: resource pools, connectivity, security, desktop images, applications, and service monitoring.
- FSLogix Profile Containers to connect each AVD user to their assigned profile on the ANQ storage as part of the login process
- Qumulo Continuous Replication, configured to replicate user profile data from each region’s local ANQ cluster to the ANQ instance in the other region, ensuring that user profile services will still be available in the event of a regional failover.
Regardless of the particular use case behind its adoption, Azure Virtual Desktop services can simplify software deployment and compliance, enterprise security, and client hardware lifecycle management. Enterprises that use a multi-region AVD solution can optimize connectivity for geographically dispersed end users, minimizing latency to corporate data and services. High-availability is enabled with profile portability and continuous replication between regions to ensure desktop services are available in the event of a regional service interruption.
ANQ supports high performance throughput for remote desktop profiles, so AVD users benefit from reduced login times. At the IT level, enterprises benefit from ANQ’s scalability that supports exabyte-plus file services in a single namespace.
Integrating desktop services into Azure can also yield favorable TCO numbers when compared to the cost of acquiring and managing per-user client workstations and laptops, particularly in large-scale enterprises with a widely distributed user base.
Potential Use Cases
This solution can be used by enterprises that are looking to satisfy any or all of the following applicable scenarios:
- Remote end users: As today’s enterprises make increased use of a globally distributed workforce, a multi-region AVD deployment can be leveraged to minimize latency when accessing enterprise resources from anywhere in the world.
- Workforce elasticity: In some cases, organizations may need to bring a large number of workers online quickly, e.g. for seasonal help, as part of a merger / acquisition process, or in response to external events that have shuttered physical facilities and sent users home. An AVD solution can deliver corporate desktop services quickly and reliably, and be made available even to end users whose client hardware is not up to corporate / enterprise standards.
- Desktop image management: The use of ephemeral desktops that are created right before a user connects, and then destroyed as the user logs off a few hours later, means that the process of updating operating system versions and images, can be rolled out across an entire enterprise within days by simply updating the relevant base image and redeploying to a new resource pool.
- Software management: AVD also simplifies the process of deploying new enterprise software applications, maintaining licensing compliance on existing software agreements, and preventing the installation of unauthorized software by rogue users.
Security and compliance: In heavily-regulated environments, such as healthcare, government, education, or the financial sector, an AVD solution can be easily configured via policy to enhance compliance with relevant corporate standards, as well as any applicable legal and regulatory requirements. These policies and standards can be more difficult to enforce on physical client hardware, e.g. preventing data theft via USB drive, or deactivating enterprise antivirus/monitoring tools.
Enterprises planning a highly-available Azure Virtual Desktop solution that uses Azure Native Qumulo deployment for desktop profile storage should factor the following considerations in their planning and design processes.
Scalability and Performance
A high-availability AVD solution designed to provide desktop services to a large number of geographically-dispersed users should factor the following considerations into the solution’s capacity and design
- Capacity and growth – Since an ANQ cluster can easily scale as needed in response to an increased user count or to a higher space allocation per user, enterprises can improve the overall TCO of the solution by not over-provisioning file capacity before it’s needed.
- Performance – The overall architecture of the solution should include the possibility of a failover event, in which users and desktops from both regions are suddenly dependent on a single region for both data and compute services. The solution should either be designed to provide sufficient performance to all users at all times, or should include the capability of increasing available resources within the solution’s designated recovery-time objective (RTO) to ensure acceptable performance.
- Latency – When assigning users to one region or the other, the user’s location relative to one region’s access point vs. the others should be a key factor.
The high-availability AVD solution can be connected to enterprise resources on-prem or in other public clouds via either ExpressRoute or VPN, and to other Azure-based enterprise resources via Azure Virtual Network connectivity.
Depending on the specific configuration of your enterprise, authentication can be provided via Microsoft Entra ID or by your own Active Directory.
Since this solution provides user-facing services, antivirus, anti-malware, and other enterprise software monitoring tools should be included in each virtual desktop as well.
Replicated user profiles are read-only under normal circumstances. The solution’s RTO should include the time needed to fail over to the secondary ANQ instance (e.g. break the replication relationship and make all profiles writable) before connecting users from the remote region to AVD instances.
Deploy this scenario
- To deploy Azure Native Qumulo Scalable File Service, visit our website.
- For more information regarding deployment of Azure Virtual Desktop, visit the Azure Virtual Desktop documentation page.
- For more information regarding FSLogix, refer to the FSLogix documentation page.
To learn more about the use of Nerdio Manager for Enterprises or Managed Service Providers, visit the Nerdio website.
The following links are provided for reference purposes and should be reviewed and replaced with links appropriate to the specific Qumulo solution/use case described in this artifact.
Azure Native Qumulo Scalable File Service (Marketplace)
Azure Native Qumulo Scalable File Service (Azure blog) Azure Native Qumulo Scalable File Service
Azure Native Qumulo Scalable File Service Guide (Azure Product Documentation)
Using Failover with Replication in Qumulo
Qumulo Replication: Make Target Writable