Comprehensive WVD Deployment for Staffordshire County Council by A4S Cloud Solutions

Innovative Cloud-Based Windows Virtual Desktop Solution for Enhanced Efficiency and Security

Windows Virtual Desktop (WVD) is a hot topic right now for many companies and can serve as an excellent replacement for on-premise Remote Desktop Services (RDS) and Citrix implementations.

WVD promises to bring the benefits of cloud delivered underpinning infrastructures such as Active Directory, session hosts, networking, Windows EndPoint Protection, Office 365 & Azure MFA to the masses for a comprehensive and secure end user compute solution.

A4S were chosen for an ECIF funded delivery of WVD for Staffordshire County Council to help them understand if it could replace their existing on-premise Citrix farm and its disaster recovery session hosts.

A4S have delivered various projects for our client Staffordshire County Council including:

The team at A4S Cloud Solutions was excited to deliver the WVD solution particularly as the product current changes frequently and lessons would be learned as we worked through the nuances of WVD delivery.

WVD Deployment: Windows Virtual Desktop

SCC are interested in replacing their existing on-premise virtual desktop environment that when combined with it’s disaster recovery solutions takes significant hypervisor capacity.

As important as WVD itself, it was important the following questions were answered:

  • Could the clients applications with various nuances around integration and security function as MSIX packages. This approach is the direct replacement for Microsoft App-V, for more information read this link.
  • Can Microsoft Defender for Endpoint  with reporting coming from AAzure Log Analytics and Azure Sentinel replace their existing anti-virus solution?
  • Could roaming profiles managed by Microsoft FSLogix be easily migrated from the existing on-premise environment into WVD?
  • Can Azure MFA be used to protect user logons to WVD as a replacement for the existing MFA solution.

The solution would be delivered using automation for repeatability, it was essential the client’s IT teams were fully involved in the project at all times.

All delivery would be undertaken using our online project delivery environment.

A full review of the solution would be undertaken as well as a small user pilot to confirm suitability for a larger deployment.

Discovery: Client Requirements

A4S worked closely with the SCC end user compute focused IT team to perform a detailed review of the necessary infrastructure including:

  • Hypervisor
  • Roaming persona
  • Folder redirection
  • Licensing
  • Application delivery
  • Anti-virus & web proxy
  • OneDrive

Findings were documented and carefully reviewed with the client’s IT teams, particular attention was paid to ensuring persona migration was simple and effective, and that the correct WVD and MSIX App-Attach approach was taken to support legacy applications.

Microsoft Windows Virtual Desktop Design

Following an in depth review of the discovered environment; a detailed design document was produced firstly at a high level to confirm the overall approach, then was later updated to include build level information.

The design would be based on a Microsoft WVD reference architecture as per below.

Microsoft WVD reference architecture

The key designed capabilities of the environment include:

  • A full desktop virtualisation environment in Azure without having to run any of the additional gateway or web servers roles.
  • Multiple host pools to accommodate any number of diverse workloads.
  • The ability to create your own image for production workloads or test from the Azure Gallery.
  • Reduce costs with pooled Windows 10 Enterprise multi-session hosts to allow multiple users per VM.
  • The ability to provide individual ownership through personal (persistent) desktops if required.
  • Publish full desktop or individual remote apps from a single host pool, create individual app groups for different sets of users, or even assign users to multiple app groups to reduce the number of images.
  • Management facilitated with the use of built-in delegated access to assign roles and collect diagnostics.
  • Use the new Diagnostics service to troubleshoot errors.

Once an agreement on the high level design approach was established, the finer design details were defined and agreed, some of the main design elements are detailed below:

  • Role Based Access Control (RBAC), with the necessary minimum privileges assigned to the different lines of support such as third line administration through to service desk teams, these would later be potentially managed through Azure PIM.
  • Virtual Networking, the advantages of WVD include the more secure method of access called Reverse Connect which eliminates the need for the traditional RDS Gateway and Web roles.
  • The approach to host pools, in this case the use of shared session hosts was chosen from an application compatibility and cost perspective, the preferred load balancing option was also defined.
  • The specific Active Directory location was defined with attached group policies.
  • Persona management was designed to build on the clients already in place FSLogix solution, this would utilise an Azure hosted and AD integrated SMB share, eventually file replication between on-premise and Azure SMB shared would be configured to support a wider user migration with no loss of persona.

A4S produced detailed design documents for the in-scope solution, at all times a cloud-first approach was taken inline with the clients ambitious cloud planning.

Our designs take into account the scalability and resilience needed, we also factor in security and will recommend various Microsoft Azure security technologies as best fit for the client need.

Application Delivery

The client wishes to review the use of MSIX App-Attach application delivery, the current approach to application delivery would be greatly improved through the use of MSIX in terms of consistency, deployment scope and service desk impact.

MSIX functions both on-premise and in your Azure VWD environments, it uses a layering approach to ensure application OS integration remains, there are some similarities to the VMWare approach of App Volumes.

Predictably there have been many customer groans as Microsoft have dropped their popular App-V deployment technology in favour of MSIX, however recently an App-V to MSIX native conversion tool has been made available, this huge time and cost saver that allows clients to retain their sometimes significant App-V investment.

MSIX App-Attach application delivery

Anti-Virus and Web Proxy

The client is interested in replacing it’s existing anti-virus and internet proxy solution with the recently renamed Microsoft Defender for EndPoint solution, the design incorporated both the anti-virus and web proxy elements, this would potentially support the clients decision to move further toward cloud first technologies.

The added advantage of using these solutions is the ability to integrate monitoring and alerting with Azure Log Analytics and Sentinel, when combined these cloud based solutions provide an incredible level of in depth reporting.

Some example visualisations and screens provided by the combination of Sentinel and Log Analytics are shown below illustrating possible power and detail that can be achieved in a very short time frame:

Microsoft Defender for EndPoint solution

Fully Automated Deployment: Azure Resource Manager

A4S where possible always utilise fully automated deployments through technologies such as Azure Resource Manager (ARM) templates.

The Microsoft YouTube channel includes useful ARM template videos for your review:

ARM templates can be used to deliver multiple solutions at scale with assurance that every configuration is consistent and not prone to human error during the actual deployment process.

Training the Clients IT Teams on Window Virtual Desktop

Throughout the project the need to involve the clients IT teams was central to our design and deployment approach.

Effective skills and knowledge transition helps to ensure the long term success of the clients cloud journey, A4S is committed to working closely with our clients and we utilise a number of methods to ensure our clients receive the knowledge and skills they need to succeed including:

  • Constant online sharing of assets as they’re being produced, we take an iterative approach with frequent consultation rather than making stakeholder wait for the final product.
  • Routine iterative reviews of design documents.
  • A high volume of online conversation using our online project management portal.
  • Routine operational processes created that integrate with existing infrastructure solutions where appropriate.
  • Delivery activities undertaken with stakeholders attending shared Microsoft Teams meetings.
WVD Deployment: Windows Virtual Desktop

Positive Use of The A4S Online Project Management Tool

All of our projects are carried out with real time access to all aspects of the project, at any time a stakeholder can see:

  • Task progress.
  • Risks and Issues.
  • Decisions.
  • Meeting Minutes.
  • Budget position.
  • Schedule and actions.


On this project in particular stakeholders of all levels engaged in a timely manner and with productive and helpful contribution. By keeping communications all in one place we ensure actions, issues and much more are never missed.

Lessons Learned through WVD Implementation

Despite being at a pre-pilot stage, already important lessons have been learned, for exiting clients our lessons learned log is here, for those who are yet to enjoy the experience of working with A4S we have shown them at a high level below:

  • FSlogix easy persona migrations from on-premise to Azure WVD are possible.
  • MSIX provisioned legacy applications can function as normal due to the high level of OS integration when compared to Microsoft App-V.
  • WVD Windows 10 shared sessions cost can be very low compared to a linked-clones approach.
  • MFA prompts occur at a minimum of 1 hour intervals, this can be a security concern for some clients depending on their security needs, at the time of writing; per connection MFA prompts are in the pipeline but with no engineering date.

Conclusion

With the delivery phase of the Windows Virtual Desktop environment completed, it’s clear that the Microsoft cloud hosted solution is always changing and improving, the process of deploying WVD is far from a simply next, next, next activity with various pre-requisite tasks and detailed changes to the client’s environment needed.

Even at a pre-pilot stage we can see very positive signs around ease of migration from existing on-premise solutions to WVD in areas such as persona migration and application OS integration.

We look forward to continuing the project into the pilot stage with our forward thinking client!

Client comments on Windows Virtual Delivery

“The experience of working with A4S always had knowledge sharing, positivity and transparency at its core, once again our teams have enjoyed the process of learning more about cloud based delivery.”

“We need to fully understand if Azure Windows Virtual Desktop can replace our existing on-premise solution so that can potentially be decommissioned saving space and cost.”

“Potentially as important as WVD is the potential to replace our existing anti-virus and application delivery approaches with Microsoft EndPoint Protection and MSIX App-Attach.”

“Microsoft EndPoint Protection is exciting as it could consolidate our architecture more into cloud delivery with very detailed reporting and analysis.”

“MSIX App-Attach could transform our application delivery across all Windows devices with significant cost savings and operational improvements.”

“We look forward to the next stage of the project which is to perform a user pilot to confirm the use case and architecture benefits of WVD and its associated technologies.”

The SCC Technical Design and Architecture Manager Pam Rowley has been particularly supportive for this WVD delivery and is keen to see the potential of benefits of a cloud based virtual desktop delivery demonstrated, once piloted; SCC can decide if WVD can replace their existing on-premise virtual desktop environment to being operational savings and performance improvements.

Pam Rowley
Technical Design and Architecture Manager

Staffordshire County Council

Comments From A4S Cloud Solutions

“We immediately understood SCCs need to progress this delivery at speed and with minimum impact to their already busy IT teams.”

“During the project kick off meeting we quickly discussed understood the potential fit and benefit of WVD which also includes the operational benefits of MSIX App-Attach and Microsoft Protection for EndPoint which would be integrated into Azure Log Analytics.”

“Working with the SCC IT team is a great opportunity for A4S, and working with a client who is focused on understanding a solution like WVD in detail is a great help.”

“SCC made highly skilled team members available during this project, they’ve been engaging throughout the project and were always quick engage, make decisions and to respond with any urgently needed information.”

“A4S would once again like to again thank the SCC IT teams for the opportunity to be part of this project and we look forward to further opportunities to work together in the future.”

About Staffordshire County Council

We deliver vital services around the clock. From managing the flow of traffic to helping our communities be more sustainable. We’re dedicated to improving the lives of children, families and vulnerable people across Staffordshire. And what we do touches so many lives, in so many ways, making the work we do varied, but most of all rewarding.

Frequently Asked Questions

Windows Virtual Desktop (WVD) is a comprehensive desktop and application virtualisation service hosted on the Microsoft Azure cloud. It benefits public sector organisations by providing secure, remote access to desktop environments and applications, improving flexibility, reducing IT costs, and ensuring business continuity. WVD also enhances data security and compliance, which is crucial for public sector entities.

A4S Cloud Solutions assisted Staffordshire County Council by designing and implementing a tailored WVD solution. This included assessing their specific needs, setting up the WVD environment on Microsoft Azure, and providing ongoing support and management. The deployment ensured that council employees could securely access their work environments remotely, enhancing productivity and operational efficiency.

The key benefits of deploying WVD for local government councils include improved remote work capabilities, enhanced data security, streamlined IT management, cost savings on physical infrastructure, and increased scalability. WVD allows council employees to access their desktops and applications from anywhere, ensuring continuity of services and better responsiveness to citizen needs.

Implementing Windows Virtual Desktop in public sector organisations addresses challenges such as secure remote access, data protection, IT infrastructure costs, and disaster recovery. WVD provides a secure and efficient way to support remote work, protect sensitive data, reduce the need for physical hardware, and ensure that critical services remain operational during disruptions.

A4S Cloud Solutions ensures a smooth WVD deployment for public sector clients by offering a comprehensive approach that includes initial consultation, tailored solution design, seamless implementation, and ongoing support. They conduct thorough assessments to understand client needs, configure the WVD environment for optimal performance, and provide training and support to ensure that users can effectively utilise the new system. This approach guarantees a successful deployment that meets the unique requirements of public sector organisations.

Windows Virtual Deployment for Staffordshire County Council

Want to learn more about Windows Virtual Desktop Solutions?
Click the link below

Windows Virtual Desktop (WVD) transforms remote work by offering a secure and flexible virtualisation service on Azure. It provides access to Windows 10 desktops and applications from any device, anywhere, ensuring consistent performance and productivity. With advanced security, scalability, and cost-efficiency, WVD simplifies IT management through centralised deployment and maintenance. Ideal for remote work, WVD ensures business continuity, robust security, and operational flexibility.

To see the wide range of projects we’ve worked on, click here to read other case studies.