Azure Virtual Desktop

This section explains how to set up the integration between SysTrack and Azure Virtual Desktop.

Authentication

For authentication, SysTrack requires configuration of a Principal User (Application) in Azure Active Directory.

  1. Go to the URL: https://portal.azure.com/#home and access Azure Active Directory.

  2. Under the left Manage menu, click App registrations, then click + New registration.

    AVD_AppReg

  3. On the Register an application dialog, type a Principal User name in the Name field, select Accounts in this organizational directory only, then click Register. You can choose any name, but in this example, we are using the name WVD Principal User, which you will see in the following steps.

    AVD_AppRegName

  4. On the application Overview page under the left Manage menu, click Certificates and secrets.

    WVD_PrincipalUserOverview

  5. On the Certificates and secrets page, select the Client secrets tab, then click + New client secret.

WVD_PrincipalUserCertificateSecret

  1. On the Add a client secret dialog, type a Description, select when the secret Expires, and press Enter.

    WVD_PrincipalUserClientSecret

    In the next step, be sure to store the Value of the client secret where you will be able to find it. It cannot be retrieved at a later time.

  2. A new client secret is created. Copy the value and save it in an easy-to-find location. You need it to configure the Azure Virtual Desktop integration in SysTrack Configure.

WVD_PrincipalUserStoreSecret

  1. In addition to the client secret, make note of the Application (client) ID and Directory (tenant) ID which you can find on the Overview page of your Principal User.

    WVD_PrincipalUserAppIDTenantID

Configure Azure Virtual Desktop

Log Analytics Workspace

To retrieve any data through the API endpoints, first configure one Log Analytics Workspace which you will later use to configure the Diagnostic Settings on each level. You can type the name into the search bar or click the icon if shown in the recent Azure Services list.

AVD_LogAnalyticsIcon

  1. Click the Log Analytics workspaces icon to display a list of workspaces already configured.

    AVD_LogAnalyticsWorkspaces

    Lakeside recommends using the same workspace for all Diagnostic data collected by SysTrack.

  2. If there are no workspaces configured—or you want to use a different one—create it by clicking + Create on the left side of the menu.

    AVD_CreateLogAnalytics

  3. After selecting the Resource group and entering a Name, click Review + Create to display a validation confirmation page.

    AVD_CreateLogAnalyticsValidate

  4. Click Create to finalize your workspace.

Navigate to Azure Virtual Desktop

There are two areas where roles can be assigned: the Resource Group and the Azure Virtual Desktop. For either area, you can type the name into the search bar or click the icon if shown in the recent Azure Services list.

AVD_ResGrpsAVDicons

  • Selecting Resource groups displays all available resource groups you can configure. If you are unsure which resource group to assign roles to, you can also navigate from Host pools, Application groups, or Workspaces to the desired Resource Group.

  • Selecting Azure Virtual Desktop displays a Manage menu on the left with Host pools, Application groups, and Workspaces. Clicking on any of these options displays a list of available items on the right. The following examples show each type and what is displayed.

Host Pools

Each Host Pool is listed with its Name, Resource group, Location, and Subscription, plus a few other columns.

AVD_HostPools

Application Groups

Each Application group is listed with its Name, Resource group, Location, Subscription, Host pool, and Workspace.

AVD_ApplicationGroups

Workspaces

Each Workspace is listed with its Name, Resource group, Location, Subscription, and the number of Application groups it has been assigned to.

AVD_Workspaces

Configure Diagnostic Settings

To enable data collection, first configure the Diagnostic settings under the Monitoring menu on each level and item you want to collect from. For example, to collect diagnostic data for a specific Host Pool, you would do the following:

  1. Select a Host Pool from the list, then click Diagnostic settings on the Monitoring menu.

AVD_HostPoolMonMenu

To avoid duplicate data in the tables, Lakeside recommends having only one diagnostic setting configured. For example, you can either create one setting per type or one setting for all types, but don’t use multiple types in different settings. Also remember to use always the same Analytic Logs Workspace.

  1. On the Diagnostics Settings page, click + Add diagnostic setting.

    AVD_HostPoolAddDiagnostics

  2. Enter a Diagnostic setting name and select the Categories of data you want to collect. Under Destination details select Send to Log Analytics workspace and provide your Subscription and Log Analytics workspace names. The only categories SysTrack will collect are Checkpoint, Error, Management, Connection, and Feed.

    AVD_HostPoolDiagnosticsDetails

  3. When satisfied with your selections, click Save to create the setting.

  4. Close the pane by clicking the X in the upper right corner. You should see your new setting in the list.

    AVD_HostPoolDiagnosticsAdded

Test the Diagnostic Logs

After clicking the Logs button on the left menu, you can check what data you can retrieve from the different queries. This web interface provides many more options. The only queries SysTrack currently supports are: WVDConnections, WVDFeeds, WVDManagement, WVDCheckpoints, and WVDErrors. However, not all types are supported for each structure type, as shown in Supported Queries.

AVD_HostPoolDevLogs

Supported Queries Host pool Application groups Workspace
WVDConnections X    
WVDFeeds     X
WVDManagement X X X
WVDCheckpoints X X X
WVDErrors X X X

Configure Roles

For SysTrack to be able to retrieve any data, you need to set some roles. There are different ways to set it up, some of which are described here.

Regardless of setup method, begin by clicking Access control (IAM) on the menu of the selected object, which can be a Resource Group, a Host Pool, an Application Group, or a Workspace. All should display a menu similar to the following:

AVD_IAMfromMenu

Assign Roles

The following steps apply to any object.

  1. Click Access control (IAM) on the object's menu.

  2. On the right side, you can click Role assignments to view the roles currently assigned.

  3. To add a new role, click +Add on the top left and select Add role assignment.

    AVD_AddHostAssignment

  4. On the next page, select a role then click Next. There are many roles, so you may want to narrow your choices by either typing the name or parts of it into the search field or by selecting a Type or Category. In this example, Log Analytics Reader is selected. See What Roles to Assign for a discussion of role selection criteria.

    AVD_AddRoles

  5. On the next page, you can select the members you want to assign to that role—which in this case will be the WVD Principal User you created above. Click + Select members to display the dialog shown below on the far right side. You can use the search bar to narrow down the list. After finding the user you want to add, select that user, then click Select.

    AVD_RolesSelectMembers

  6. The selected user is displayed in the Members list as shown below. Click Review + assign or Nextto advance to the last page and display an overview of your selections.

    AVD_RolesMembersList

  7. Click Review + assign. The specified member will be added to the selected role and will now appear on the Role assignments page.

    AVD_RoleAssignments

What Roles to Assign

The following two tables list the different roles you can assign and the levels they need to be assigned to. The recommended configuration is also the easiest: Assign either the Reader role or the Log Analytics Reader role to your WVD Principal User on the Resource Group or Subscription level as shown in the first table. If you do so, there is no need to assign any roles on any other object because they are inherited down, giving you access to retrieve the desired data. You can also assign roles on the Host Pool, Application Group, and Workspace levels as shown in the second table.

On Resource Group Level
Role Name Description
Reader Will find the Resource Group and inherits down to host pools, application groups and workspaces and can retrieve data on each level without setting additional roles on each level.
Log Analytics Reader Same as Reader role.
Owner Same as Reader role but will grant full access to the assigned member which means the member could also be used to make changes to that resource. Not recommended.
Desktop Virtualization Reader Will find the Resource Group and inherits down to host pools, application groups and workspaces but cannot get any data if not configured on each level separately.
Desktop Virtualization Host Pool Reader Will find the Resource Group and all Host Pools assigned to this resource group only but cannot get any data if not configured on each host pool.
Desktop Virtualization Application Group Reader Will find the Resource Group and all Application Groups assigned to this resource group only but cannot get any data if not configured on each application group.
Desktop Virtualization Workspace Reader Will find the Resource Group and all workspaces assigned to this resource group only but cannot get any data if not configured on each workspace
On Host Pool, Application Group, or Workspace Level
Role Name Description
Reader Will find the Resource Group and inherits down to host pools, application groups and workspaces and can retrieve data on each level without setting additional roles on each level.
Log Analytics Reader Same as Reader role.
Owner Same as Reader role but will grant full access to the assigned member which means the member could also be used to make changes to that resource. Not recommended.

SysTrack Configuration

After completing the configuration above, Azure Virtual Desktop data collection can be set up using SysTrack Configure under Integrations as shown below.

  1. Log into SysTrack Configure with a user that has TAS rights to modify settings in SysTrack Configure.

  2. Select the Integrations page under SysTrack Settings.

  3. Click the Lock icon in the upper right to allow for editing.

  4. On the Other Integrations tab, click the Edit icon next to Azure Virtual Desktop.

    integrations_AVD

  5. In the Authentication fields, enter the following information:

    • Tenant ID: The tenant ID you noted above.

    • Client ID: The client ID you noted above.

    • Client Secret: The client secret you noted above.

  6. In the Log Analytics Collection fields, enter the following information:

    • Subscription ID: Your Azure subscription ID.

    • Collect types of data: Select one or more data types to collect.

    • Retention Period (days): Specify how long to retain the collected data.

  7. Click OK, then click Save Changes.

  8. Click the open Lock icon to end your editing session.