Windows Virtual Desktop - Start VM on Connect

Start VM on Connect entered public preview on March 31 2021.

Start VM on Connect does exactly what it says on the tin. It will start a deallocated (powered off from the hypervisor) or start a stopped (powered off from the OS) Azure VM, natively from within the WVD clients. 

The purpose besides the obvious of powering on the VM, is to achieve the maximum cost savings by keeping the VM deallocated, where the compute charges for the VM are not charged, for as much of the time as possible.

Prior to this capability, IT could use the WVD Autoscaling tool, or Azure Automation to power on VM's at a time that IT predicts users will need it. So, for example, they may power on VM's at 08:30 for a 09:00 start. 
That however incurs 30 minutes of charges when the VM is powered on but not in use. However, what if the user is late or having a half day or is in fact not working at all that day. Then that increases those charges. Likewise, what if the user starts early, before the 08:30 start? That will result in unproductive time for the user and a support ticket for IT.

This is where Start VM on connect comes in, as it provides the end user with the control required to power on the VM - "just in time", therefore maximising the time it stays off.

Preview limitations

Start VM on Connect is currently in preview and comes with the following limitations:
  • Integration with PowerShell and RestAPI only. Support for the Azure portal will arrive shortly.
  • Used with Personal Host pools only.
  • Client support is limited to the Windows client (V1.2748), Store client and Web client. Support for iOS, macOS and Andriod will be delivered later in H12021.
Support for other clients, Automatic assigned Personal Desktops, and pooled Host pools will be coming.

Configuration

So, let's set this up. There are two steps:
1. Enable the Start VM on Connect property on your host pool. The host pool also needs to a validation Host pool.
2. Configure a custom RBAC role with the correct permissions that allows the Windows Virtual Desktop service to power on the Virtual Machine and read its state in order to report back 

Step 1

PowerShell

Firstly, we will do this via PowerShell as that is what is currently supported at this point in the public preview. You will need version 2.1.0 of the WVD cmdlets. As mentioned, the Azure Portal will support this shortly and instructions for configuring via the portal are listed in the third section below.

To enable:

Update-AzWvdHostPool -ResourceGroupName <resourcegroupname> -Name <hostpoolname> -StartVMOnConnect:$True

To disable this feature:

Update-AzWvdHostPool -ResourceGroupName <resourcegroupname> -Name <hostpoolname>
- StartVMOnConnect:$false

RestAPI

Secondly to update the host pool via RestAPI there is a new property to add to your request body.

 Name        

Type

 Description

Properties.startVMOnConnect

 Boolean

Configure if VM should start from deallocated or stopped state.


Further information on the RestAPI is available in this document

Azure Portal

Thirdly in the Azure portal. As mentioned, this is not supported in the public preview at the time of writing, but it will be coming shortly, hence I have included the steps below. But be aware you won't see this in the portal until the Azure portal integration has been added to the preview. 

Configuration is very straightforward. 

Go to your Host pool > Properties, and the Configuration section.

Set the "Start VM on connect" property of the host pool. 

You will need to have; a Personal desktop host pool that is in the Validation environment. Then set the Start VM on connect property.



Step 2

Custom RBAC role

The next step is to create a custom IAM role to enable the Windows Virtual Desktop service to make the calls to power on any of the actual VM's, as well as read the state of the VM so that it can report back its success or failure.

You will need to create a custom IAM role with just the permissions to read and power on VM's assigned to the Windows Virtual Desktop service in the scope of just your subscription.

To make this easier for yourself, just copy and save this JSON locally. This JSON has the virtual machines, start and read permissions already defined.
{
    "properties": {
        "roleName": "Start VM on Connect",
        "description": "Start VM on Connect Custom Role",
        "assignableScopes": [
            "/subscriptions/<SubscriptionID>"
        ],
        "permissions": [
            {
                "actions": [
"Microsoft.Compute/virtualMachines/start/action",
"Microsoft.Compute/virtualMachines/read"
],
                "notActions": [],
                "dataActions": [],
                "notDataActions": []
            }
        ]
    } 
}

Or you can copy this JSON from my GitHub.

Once you have it, just enter your subscription ID within it - (you will copy the Subscription ID in the first step below).

In the Azure portal, go to the subscription blade. Firstly, copy the Subscription ID and paste it in the <SubscriptionID> portion of the JSON, then select: Access Control (IAM). 

Click on Add and select Custom Role:



In the new custom role in the Baseline permissions at the bottom, select Start from JSON and select the JSON file copied from my GitHub you saved earlier that contains your Subscription ID.



Check the Permissions tab to see the Read and Start permissions:


Check your subscription is listed in the Assignable scopes tab.

Go to the Review + Create tab and click on Create. This will now create a new custom role with the required permissions assigned to your subscription.

The final step is to Add a Role Assignment, where you add this new custom role to the Windows Virtual Desktop Service. 

Back in the Access Control screen click on Add and select Add role assignment

In Role select your new custom role and in Select enter Windows Virtual Desktop and select the resulting WVD SPN, click on Save at the bottom.




Now to test.
Make sure your session host VM is deallocated or at least the VM is powered off. Go to either the Windows or Web clients and click on your personal desktop. You will see a small change to the connection screen stating that the VM is being started. Once the VM has been started the normal connection will occur.
Obviously it will take slightly longer than previsouly as the VM is started.

Windows WVD client (MSRDC):


Web Client:




Future capabilities in development.

There are a number of areas currently in development that will appear in the product in the near future:
  • Support for Android iOS (10.0.3 beta) and macOS (10.6.0) will be delivered later in H12021.
  • Support for Personal Host pools with Automatic assignment type
  • Support for Pooled host pools with Multi-session Windows 10
  • A new native auto-scaling service that will power off personal VMs.

Do you want a handy way to stop your personal VMs? If so, take a look at my other blog for the current methods in Azure to do so, plus a handy way to integrate Alexa with Azure to achieve this: 

Comments

  1. Will it stop / deallocate the Host when its not in use?

    ReplyDelete
    Replies
    1. No it won't. But that capability will be coming in an upcoming autoscaling service

      Delete

Post a Comment

Popular posts from this blog

Reassign a WVD Personal Session Host

AVD and Azure Active Directory Domain Join public preview

How to deploy a Windows Virtual Desktop host pool using Infrastructure as code from Azure DevOps