Azure Virtual Desktop - Terraform - Create a host pool, desktop application pool, and workspace for pooled remote applications, also known as published applications (part 3) (2023)

In the previous blog post, we discussed creating the personal desktop (1 x 1 mapping) and the pooled desktop (1 x many) using Terraform.Azure Virtual Desktop: Terraform - Create a Host Pool, Desktop Application Pool, and Personal Desktop Workspace (Part 1) | Ask AreshyAzure Virtual Desktop: Terraform - Create a host pool, desktop app pool, and workspace for the pooled desktop (part 2). In this series of blog posts, I will demonstrate how to create the AVD host pool, application pool, and workspace using Terraform for pooled remote applications, also known as published (1xMany) applications.

We are going to create the following three types of configurations using Terraform:

• Azure Virtual Desktop – Personal Desktop (1×1) – Part 1
• Azure Virtual Desktop - Pooled Desktop (Multi-Session Full Desktop Experience) - Part 2
• Azure Virtual Desktop - Remote Application (Multi-session Application, also known as Published Applications), Part 3

Use– We are creating Pooled RemoteApp in this post and the other types were created in the subsequent post. In this post In this post I will not show the case of creating service principal and secret, please refer to Part 1 for that activity.

previous requirements

The following are the prerequisites before getting started

• An Azure subscription
• CLI de Terraform
• Azure CLI
• permissionswithin the Azure subscription to use Terraform

Terraform: authentication via Service Principal and Client Secret

Before running any Terraform code, we'll run the following powershell (make sure you run it as administrator) and store the credentials as environment variables. If we do this via the environment variable, we don't have to store the following information inside the provider.tf file. In the future blog post there is a better way to store the details below and I look forward to showing them:

# PowerShell$env:ARM_CLIENT_ID = "9e453b62-0000-0000-0000-00000006e1ac"$env:ARM_CLIENT_SECRET = "Z318Q~000000000000000000000000000000000000000_"$env:ARM_TENANT_ID = " a02e602c-0000-000-0000-0e0000008bba61"$env:ARM_SUBSCRIPTION_ID = " 7b051460-00000-00000-00000-000000ecb1"

• Azure Subscription ID: The Azure portal subscription copies the Azure Subscription ID.
• Client identification: from the previous step you will have the details
• Client Secret – From the previous step you will have the details
• Tenant ID – When creating the enterprise applications in ADD, you will have the details

Terraform folder structure

The following is the folder structure for the terrraform code:

Azure Virtual Desktop Clustered Remote App– Create a directory where the following Terraform code will be published (providers.tf, main.tf, variables.tf, and output.tf)

+---Config-AVD-Pooled-RemoteApp| | principal.tf| | salida.tf| | proveedores.tf| | variables.tf

Configure AVD – Pooled RemoteApp – Providers.tf

Create a file called providers.tf and insert the following code:

terraform { required_providers { azurerm = { source = "hashicorp/azurerm" version = "3.49.0" } azuread = { source = "hashicorp/azureread" } }}provider "azurerm" { features {}}

Configure AVD – Pooled RemoteApp – main.tf

Create a file called main.tf and insert the following code. Let me explain what we are trying to achieve here:

• Create a resource group
• Create a workspace
• Create a host group
• Create a Remote Application Group (RAG)
• Associate Workspace and RAG
• Map the Azure AD group to the Desktop Application Group (RAG)
• Assign an Azure AD group to the resource group for RBAC for the session host (VM user login)

# El nombre del grupo de recursos se genera cuando se aplica el plan de ejecución.resource "azurerm_resource_group" "rg" { name = var.rg_name location = var.resource_group_location tags = var.tags}# Create AVD workspaceresource "azurerm_virtual_desktop_workspace" "workspace" { name = var .workspace resource_group_name = azurerm_resource_group.rg.name location = azurerm_resource_group.rg.location friendly_name = "${var.prefix} Workspace" description = "${var.prefix} Workspace" tags = var.tags}# Create AVD host poolresource " azurerm_virtual_desktop_host_pool" "hostpool" { resource_group_name = azurerm_resource_group.rg.name location = azurerm_resource_group.rg.location name = var.hostpool friendly_name = var.hostpool validate_environment = true #[true false] start_vm_on_connect = true custom_rdp_properties = "targetisaadjoined:i:1; drivestoredirect:s:*;modo de audio:i:0;modo de reproducción de video:i:1;redireccionar portapapeles:i:1;redireccionar impresoras:i:1;devicestoredirect:s:*;redireccionarcomports:i:1;redireccionartarjetas inteligentes:i:1;usbdevicestoredirect: s:*;enablecredsspsupport:i:1;redirectwebauthn:i:1;use multimon:i:1;enablerdsaadauth:i:1;" description = "${var.prefix} HostPool" type = "Pooled" #[Pooled o Personal] preferment_app_group_type = "RailApplications" #[Desktop o RailApplications] maximum_sessions_allowed = 5 #[Tweak basado en el tamaño de su camiseta vm] load_balancer_type = "DepthFirst " #[BreadthFirst o DepthFirst] etiquetas = var.tagsscheduled_agent_updates { habilitado = verdadera zona horaria = "AUS Eastern Standard Time" # Actualice este valor con el horario de zona horaria que desee { día_de_la_semana = "Sábado" hora_del_día = 1 #[1 aquí significa 1:00 am] }}}resource "azurerm_virtual_desktop_host_pool_registration_info" "registrationinfo" { hostpool_id = azurerm_virtual_desktop_host_pool.hostpool.id expiration_date = var.rfc3339}# Create AVD RAGresource "azurerm_virtual_desktop_application_group" "rag" { resource_group_name = azurerm_resource _group.rg.name host_pool_id = azurerm_virtual_desktop_host_pool.hostpool. id ubicación = azurerm_resource_group.rg.tipo de ubicación = "RemoteApp" nombre = var.app_group_name friendly_name = "RemoteApp AppGroup" descripción = "${var.prefix} grupo de aplicaciones AVD RemoteApp" depend_on = [azurerm_virtual_desktop_host_pool.hostpool, azurerm_virtual_desktop_workspace.workspace] etiquetas = var.tags}# Asociar espacio de trabajo y DAGresource "azurerm_virtual_desktop_workspace_application_group_association" "ws-dag" { application_group_id = azurerm_virtual_desktop_application_group.rag.id workspace_id = azurerm_virtual_desktop_workspace.workspace.id}# Asignar grupo de AAD al recurso de grupo de aplicaciones remotas (RAG) "azurerm _role_asignación" "AVDGroupRemoteAppAssignment" { scope = azurerm_virtual_desktop_application_group.rag.id role_definition_name = "Usuario de virtualización de escritorio" principal_id = data.azuread_group.AVDGroup.object_id}# Asigne el grupo AAD al grupo de recursos para RBAC para el host de sesiónresource "azurerm_role_assignment" "RBACAssignment" { scope = azurerm_resource_group.rg.id role_definition_name = "Inicio de sesión de usuario de máquina virtual" principal_id = data.azuread_group.AVDGroup.object_id}

Use– Individual applications are not yet published. They can be published once you have created the session host. After which, using Terraform, the individual applications can also be published. The exe path of the applications must be assigned within the operating system. I plan to create a separate blog post on creating session hosts via Terraform.

Configure AVD – Pooled RemoteApp – variables.tf

Create a file called variables.tf and insert the following code:

variable "resource_group_location" { default = "australiaeast" description = "Resource Group Location - Australia East"}variable "rg_name" { type = string default = "AE-DEV-AVD-01-PO-A-RG" description = "Name of resource group to deploy service objects to"}variable "workspace" { type = string description = "Name of Azure Virtual Desktop Workspace" default = "AE-DEV-AVD-01-WS "}variable "hostpool " { type = string description = "Azure Virtual Desktop Host Group Name" default = "AE-DEV-AVD-01-PO-A-HP"}variable "app_group_name" { description = "Name Azure Virtual Desktop group application" type = string default = "AE-DEV-AVD-01-RAG"} variable "rfc3339" { type = string default = "2023-05-20T12:43:13Z" #Update this value with a future date description = "Registration token expiration"} variable "prefix" { type = string default = "AE-DEV-AVD-01-HP-" description = "AVD HostPools name prefix"} variable "tags" { type = map( string) default = { Environment = "Dev" Department = "IT" Location = "AustraliaEast" ServiceClass = "DEV" Workload = "Host Pool 01" }}data "azuread_client_config" " AzureAD" {}data "azuread_group" "AVDGroup" { display_name = "Win365 Users" }

Configure AVD – Pooled RemoteApp – output.tf

Create a file called output.tf and insert the following code. This will display to the console what is being deployed in the form of output.

output "azure_virtual_desktop_compute_resource_group" { description = "Name of the resource group to deploy the session host to" value = azurerm_resource_group.rg.name} output "azure_virtual_desktop_host_pool" { description = "Name of the Azure Virtual Desktop host pool" value = azurerm_virtual_desktop_host_pool.hostpool .name}output "azurerm_virtual_desktop_application_group" { description = "Azure Virtual Desktop DAG name" value = azurerm_virtual_desktop_application_group.rag.name}output "azurerm_virtual_desktop_workspace" { description = " Azure Virtual Desktop workspace name" value = azurerm_virtual_desktop_workspace.workspace.name }output "location" { description = "Azure region" value = azurerm_resource_group.rg.location}data "azuread_group" "aad_group" { display_name = "Win365-Users"}output "AVD_user_groupname" { description = "Azure Active Directory Group for AVD Users Value = data.azuread_group.aad_group.display_name}

Initialize Terraform – AVD – Bundled RemoteApp

Run terraform init to initialize the Terraform implementation. This command downloads the Azure provider needed to manage your Azure resources. (It's pulling AzureRM and AzureAD)

initialize terraform -update

Create Terraform Execution Plan – AVD – Bundled RemoteApp

Execute the terraforming plan to create an execution plan.

terraforming plan -out mainavdremoteapp.tfplan

Apply Terraform Execution Plan – AVD – Bundled RemoteApp

Run terraform apply to apply the execution plan to your cloud infrastructure.

terraform aplicar mainavdremoteapp.tfplan

Validate the output in the Azure portal

Go to the Azure portal, select Azure Virtual Desktop, and select host pools, app pool, and workspace created with Terraform.

Clean Up Old Resources (Optional)

If you want to remove all previous resources, you can use the following commands to destroy. Execute the terraforming plan and specify the destruction flag.

terraform plan -destroy -out mainavdremoteapp.destroy.tfplan

Run terraform apply to apply the execution plan.

terraform aplicar mainavdremoteapp.destroy.tfplan

quick start links

The intent here is to get you started quickly with Terraform on Azure Virtual Desktop Solution:

I hope you find this information useful to get started using Terraform to deploy Azure Virtual Desktop - Clustered Remote App. Please let me know if I've missed any steps or details, and I'll be happy to update the post.

Gracias,
aresh sarkari

Hang tags:AVD,Azur,Azure Virtual Desktop,HashiCorp,IAC,microsoft,Power Shell,Terraformar