Explore this architecture diagram example representing a dual Azure Virtual Desktop (AVD) deployment using Microsoft Entra ID (formerly Azure Active Directory) for authentication and role-based access control across two separate companies.
This architecture diagram example represents a dual Azure Virtual Desktop (AVD) deployment using Microsoft Entra ID (formerly Azure Active Directory) for authentication and role-based access control across two separate companies, A and B. It showcases the integration between on-premises networks, shared services, and Azure-hosted environments with robust security and networking configurations.
When planning the architecture for a virtual desktop solution, it's crucial to ensure seamless integration between cloud resources and on-premises systems. Consider secure communication channels, replication between domain controllers, and data consistency when managing multiple networks and environments. Additionally, role-based access control is essential for managing user permissions across different virtual desktop pools and environments. Here, attention to scalability, security, and role-based access management is key to ensuring a smooth user experience.
In this example architecture diagram, the architecture is designed to extend on-premises Active Directory services to Azure, allowing seamless user access to Azure Virtual Desktop environments in both Company A and Company B. It leverages Microsoft Entra ID for identity management and synchronization, providing secure, role-based access control. The deployment ensures that each company has its own subscription, virtual networks, and storage accounts while utilizing a shared services network for centralized management.
On-Premises Network: The diagram shows two local ADDS domains (CompanyA.local and CompanyB.local) with domain controllers, which are synchronized to the cloud using Microsoft Entra Connect. This allows both on-premises and Azure-hosted resources to share consistent identity management.
Microsoft Entra Connect & Microsoft Entra ID: Entra Connect synchronizes local directories with the Microsoft Entra ID, allowing unified identity and access management for both local and cloud resources. The Microsoft Entra tenant (companyAB.onmicrosoft.com) manages desktop virtualization contributors and users from both companies (A and B).
Azure Virtual Desktop (AVD): The core feature of this architecture is the AVD deployment. Virtual desktop environments are hosted in separate subnets for Company A and Company B, each containing multiple AVD host pools. These pools provide users with access to virtual desktops, while storage accounts (A and B) store user profiles using Azure Files, enabling seamless access to files and settings.
ADDS Subnets: Both companies (A and B) have dedicated ADDS subnets in Azure, where domain controllers replicate information from the on-premises environment, ensuring users can authenticate and join AVD sessions seamlessly.
Gateway Subnet & VNet Peering: A gateway subnet enables secure communication between on-premises and Azure environments via IPSec, while VNet peering connects virtual networks within Azure, linking subnets and enabling cross-subnet communication between ADDS and AVD subnets.
This architecture is ideal for organizations transitioning to a hybrid cloud model, where local infrastructure is extended to the cloud while retaining centralized identity management. It supports companies with multiple business units or tenants (e.g., Company A and Company B) that require distinct virtual desktop environments but unified directory services. The solution is well-suited for businesses looking to modernize their desktop environments, boost scalability, and streamline user management while keeping local infrastructure intact.
Consider your own unique requirements, and tailor this architecture by adjusting the virtual network setups, access control rules, and storage configurations. You can create a similar architecture using various Azure services, ensuring flexibility and scalability as your virtual desktop needs evolve. Creating an architecture diagram with MockFlow is super easy with the built-in icons, symbols and drag and drop interface. Get started today.