Azure Virtual Desktop – Terraform – Create a Host Group, Desktop Application Group and Workspace for Clustered Remote Application aka Published Applications (Part 3) (2023)

In the previous blog post we look at creating Personal Desktop (1x1 mapping) and Shared Desktop (1 x Many) using TerraformAzure Virtual Desktop – Terraform – Create a Host Pool, Desktop Application Pool and Workspace for Personal Desktop (Part 1) | AskAreshandAzure Virtual Desktop – Terraform – Create a Host Pool, Desktop Application Pool and Workspace for Team Desktop (Part 2). In this series of blog posts I will show how to create AVD Host Pool, Application Pool and Workspace using Terraform for Pooled Remote App aka Published Applications (1xMany)

We will create the following three types of configurations using Terraform:

• Azure Virtual Desktop – Personal Desktop (1×1) – Part 1
• Azure Virtual Desktop – Pooled Desktop (Multi-Session Full Desktop Experience) – Part 2
• Azure Virtual Desktop – Remote Application (Multi-session Application, also known as Published Apps) – Part 3

Note– We build Pooled RemoteApp in this post and next post were the other guys. In this post In this post I will not show the case of creating a service principal and secret, please refer to Part 1 for this activity.

Prerequisites

Here are the prerequisites before you start

• An Azure subscription
• The Terraform CLI
• The Azure CLI
• Emptywithin your Azure subscription to use Terraform

Terraform – Authentication via Service Manager & Secret client

Before we run any Terraform code the following powershell (Make sure it's running as an administrator) will run and save the credentials as environment variables. If we do this via the environment variable, we don't need to store the following information in the providers.tf file. In a future blog post there are better ways to store the following details and I hope to introduce them:

# PowerShell $ env: arm_client_id = "9E453B62-0000-0000-0000-00000006E1AC" $ env: arm_client_secret = "z318q ~ 000000000000000000000000000000 _" $ env: arm_tenant_id = "a02e602c-0000-00-00-0 Arm_subscription_id = " 7b051460-00000-00000-00000-000000ecb1"

• Azure Subscription ID – Azure Portal Subscription copy ID
• Customer ID – From the above step you will have the details
• Client Secret – From the above step you will have the details
• Tenant ID – While creating the Enterprise Apps in ADD, you will have the details

Terraform Folder Structure

Here is the folder structure for the terraform code:

Azure Virtual Desktop Pooled RemoteApp– Create a directory to publish the following Terraform code (providers.tf, main.tf, variables.tf and output.tf)

+---Config-AVD-Pooled-RemoteApp| | main.tf| | output.tf| | providers.tf| | variables.tf

AVD Configuration – Pooled RemoteApp – Providers.tf

Create a file named providers.tf and enter the following code:

terraform { require_providers { azurerm = { source = "hashicorp/azurerm" version = "3.49.0" } azuread = { source = "hashicorp/azuread" } }}provider "azurerm" { attributes {}}

AVD Configuration – Pooled RemoteApp – main.tf

Create a file named main.tf and insert the following code. Let me explain what we are trying to achieve here:

• Create a resource group
• Create a workspace
• Create a Host Pool
• Create a Remote Application Group (RAG)
• Partner workplace and RAG
• Map the Azure AD group to the Desktop Application Group (RAG)
• Map the Azure AD Group to the Resource Group for RBAC for the Session Host (Virtual Machine User Login)

# The resource group name is extracted when the execution plan is applied.resource "azurerm_resource_group" "rg" { name = var.rg_name location = var.resource_group_location tags = var.tags}# Create AVD workspaceresource "azurerm_virtual_desktop_workspace" "varspace" { name .workspace resource_group_name = azurerm_resource_group.rg.name location = azurerm_resource_group.rg.location friendly_name = "${var.prefix} Workspace" description = "${var.prefix} Workspace" tags = var.tags}# Create host pool resource AVD " azurerm_virtual_desktop_host_pool" "hostpool" { resource_group_name = azurerm_resource_group.rg.name location = azurerm_resource_group.rg.location name = var.hostpool friendly_name = var.hostpool validate_environment = false . getisaadjoined:i:1; drivestoredirect:s:*;audiomode:i:0;videoplaybackmode:i:1;redirectclipboard:i:1;redirectprinters:i:1;devicestoredirect:s:*;redirectcomports:i:1;redirectsmartcards:i:1;usbdevicestoredirect: s:*;enablecredsspsupport:i:1;redirectwebauthn:i:1;use multimon:i:1;enablerdsaadauth:i:1;" description = "${var.prefix} HostPool" type = "Pooled" #[Pooled or Personal] preferred_app_group_type = "RailApplications" #[Desktop or RailApplications] maximum_sessions_allowed = 5 #[Tweak based on your vm tshirt size] load_balancer "Dtype_th " #[BreadthFirst or DepthFirst] tags = var.tagsscheduled_agent_updates { enabled = true timezone = "AUS Eastern Standard Time" # Update this value with the desired time zone schedule { day_of_week = "Saturday" hour_of_day = 1 #[1 here means 1:0 AM] }}} resource "azurerm_virtual_desktop_host_pool_registration_info" "registrationinfo" { hostpool_id = azurerm_virtual_desktop_host_pool .hostpool.id expiration_date = var.rfc3339}# Create "AVDgroup" resource_group_name = azurerm_resource_group.rg.name host_pool_id = azurerm_virtual_desktop_host_pool.hostpool. id location = azurerm_resource_group.rg.location type = "RemoteApp" name = var.app_group_name friendly_name = "RemoteApp AppGroup" description = "${var.prefix} AVD RemoteApp application group" varet_on = [azurerm_virtual_desktop.desktophostartpool_space] tags = var. tags}# Associate Workspace and DAResource "azurerm_virtual_desktop_workspace_application_group_association" "ws-dag" { application_group_id = azurerm_virtual_desktop_application_group.rag.id workspace_id = azurermworksktopign_virtual_id. the Application Group (RAG) resource "azurerm_role_assignment" "AVDGroupRemoteAppAssignment" { scope = azurerm_virtual_desktop_application_group.rag.id role_definition_name = "Desktop Virtualization User" principal_id = data.azuread_group.AVDGroup.object_id }# Assignment for the AAD Group for the resource group ment" "RBACAsignment" { scope = azurerm_resource_group.rg.id role_definition_name = "Virtual Machine User Login" principal_id = data.azuread_group.AVDGroup.object_id}

Note– The individual applications have not yet been published. They can be published once you create the session host. After that, using Terraform, individual apps can be published as well. The applications exe path must be mapped to the operating system. I plan to create a separate blog post on creating session host via Terraform.

AVD Configuration – Pooled RemoteApp – variables.tf

Create a file named variables.tf and enter the following code:

variable "resource_group_location" { default = "australiaeast" description = "Resource Group Location - Australia East" } variable "rg_name" { type = string default = "AE-DEV-AVD-01-PO-A-RG" description = " Name of the resource pool in which service objects will be deployed"}variable "workspace" { type = string description = "Name of the Azure Virtual Desktop Workspace" default = "AE-DEV-AVD-01-WS"}variable "hostpool" " { type = string description = "Name of the Azure Virtual Desktop Pool host" default = "AE-DEV-AVD-01-PO-A-HP"}variable "app_group_name" { description = "Name of the Azure Virtual Desktop application group " type = string default = "AE-DEV-AVD-01-RAG"}variable "rfc3339" { type = string default = "2023-05-20T12:43:13Z" #Update this value with a future date description = " Registration token expiration"}variable "prefix" { type = string default = "AE-DEV-AVD-01-HP-" description = "Prefix of the name of the AVD HostPools"}variable "tags" { type = map( string ) default = { Environment = "Dev" Department = "IT" Location = "AustraliaEast" ServiceClass = "DEV" Workload = "Host Pool 01" }}data "azuread_client_config" "AzureAD" {}data "azuread_group" "AVDGroup" { display_name = "Win365-Users" }

AVD Configuration – Pooled RemoteApp – output.tf

Create a file named output.tf and insert the following code. This will show the console what is being developed in the form of output.

output "azure_virtual_desktop_compute_resource_group" { description = "Name of the resource group where the session host will be deployed" value = azurerm_resource_group.rg.name} output "azure_virtual_desktop_host_pool" { description = "Name of the Azure hosttophost_pool" ol.hostpool .name}output " azurerm_virtual_desktop_application_group" { description = "Name of the Azure Virtual Desktop DAG" value = azurerm_virtual_desktop_application_group.rag.name } output "azurerm_virtual_desktop_workspace" { description = "Desktopzureme ual_desktop_workspace.workspace.name }output "location" { description = "The Azure area" value = azurerm_resource_group.rg.location}data "azuread_group" "aad_group" { display_name = "Win365-Users"}output "AVD_user_groupname" { description = "Azure Active Directory Group for AVD users" value = data.azuread_group.aad_group.display_name}

Start Terraform – AVD – Pooled RemoteApp

Run terraform init to initialize Terraform deployment. This command downloads the Azure provider required to manage your Azure resources. (Pulls AzureRM and AzureAD)

Terraform init -upgrade

Create Terraform Execution Plan – AVD – Pooled RemoteApp

Run terraform plan to create an execution plan.

terraform plan -out mainavdremoteapp.tfplan

Implement Terraform Execution Plan – AVD – Pooled RemoteApp

Run the terraform application to apply the execution plan to your cloud infrastructure.

terraform apply mainavdremoteapp.tfplan

Validate the output in the Azure Portal

Go to Azure portal, select Azure Virtual Desktop and Select Host pools, Application Group and Workspace created using Terraform.

Liquidate the above resources (Optional)

If you want to delete all above resources, you can use below commands to destroy. Execute the terraform plan and set the destruction flag.

terraform plan -destroy -out mainavdremoteapp.destroy.tfplan

Terraform execution application to implement the execution plan.

terraform app mainavdremoteapp.destroy.tfplan

Quick Start Links

The intent here is to get you up and running with Terraform on Azure Virtual Desktop Solution:

I hope you find this information helpful in getting started with Terraform to deploy Azure Virtual Desktop – Pooled Remote App. Let me know if I've missed any steps or details and I'll be happy to update the post.

Thanks,
Ares Sarkari

Labels:AVD,Blue,Azure Virtual Desktop,HashiCorp,IaC,Microsoft,PowerShell,Terraform