您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

Windows 虚拟桌面 Azure 登陆区域检查Windows Virtual Desktop Azure landing zone review

Contoso cloud 采纳团队迁移到 Windows 虚拟桌面之前,它需要一个 Azure 登陆区域,该区域能够承载桌面和任何支持的工作负荷。Before the Contoso cloud adoption team migrates to Windows Virtual Desktop, it will need an Azure landing zone that's capable of hosting desktops and any supporting workloads. 以下清单可帮助团队评估登陆区域的兼容性。The following checklist can help the team evaluate the landing zone for compatibility. 此框架的 " 就绪" 方法 中的指南可帮助团队构建一个兼容的 Azure 登陆区域(如果尚未提供)。Guidance in the Ready methodology of this framework can help the team build a compatible Azure landing zone, if one has not been provided.

评估兼容性Evaluate compatibility

  • 资源组织计划: 登陆区域应包括对要使用的订阅或订阅的引用、有关资源组使用的指导以及要在团队部署资源时使用的标记和命名标准。Resource organization plan: The landing zone should include references to the subscription or subscriptions to be used, guidance on resource group usage, and the tagging and naming standards to be used when the team deploys resources.
  • Azure AD: 应为最终用户身份验证提供 Azure AD) 实例或 Azure AD 租户的 Azure Active Directory (。Azure AD: An Azure Active Directory (Azure AD) instance or an Azure AD tenant should be provided for end-user authentication.
  • 网络: 在迁移之前,应在登陆区域中建立任何所需的网络配置。Network: Any required network configuration should be established in the landing zone prior to migration.
  • VPN 或 ExpressRoute: 此外,任何支持虚拟桌面的登录区域都需要网络连接,以便最终用户能够连接到登陆区域和托管资产。VPN or ExpressRoute: Additionally, any landing zone that supports virtual desktops will need a network connection so that end users can connect to the landing zone and hosted assets. 如果为虚拟机配置了一组现有终结点,则仍可以通过 VPN 或 Azure ExpressRoute 连接将最终用户路由到这些本地设备。If an existing set of endpoints is configured for virtual desktops, end users can still be routed through those on-premises devices via a VPN or Azure ExpressRoute connection. 如果连接尚不存在,你可能需要查看有关配置 " 就绪方法" 中的网络连接选项的指导。If a connection doesn't already exist, you might want to review the guidance on configuring network connectivity options in the Ready methodology.
  • 监管、用户和标识: 为实现一致的强制,任何控制从虚拟机访问和管理用户及其标识的要求都应配置为 Azure 策略并应用于登陆区域。Governance, users, and identity: For consistent enforcement, any requirements to govern access from virtual desktops and to govern users and their identities should be configured as Azure policies and applied to the landing zone.
  • 安全性: 安全团队已经查看了登陆区域配置并批准了每个登陆区域,以供其使用,包括外部连接的登陆区域和任何任务关键型应用程序或敏感数据的登录区域。Security: The security team has reviewed the landing zone configurations and approved each landing zone for its intended use, including landing zones for the external connection and landing zones for any mission-critical applications or sensitive data.
  • Windows 虚拟桌面: Windows 虚拟桌面平台即服务已启用。Windows Virtual Desktop: Windows Virtual Desktop platform as a service has been enabled.

团队通过使用 准备好的方法 中的最佳实践,并且可以满足前面提到的特定要求的任何登陆区域,都可以作为此迁移的登录区域。Any landing zone that the team develops by using the best practices in the Ready methodology and that can meet the previously mentioned specialized requirements would qualify as a landing zone for this migration.

若要了解如何构建 Windows 虚拟桌面,请查看 Windows 虚拟桌面需求To understand how to architect Windows Virtual Desktop, review the Windows Virtual Desktop requirements.

后续步骤Next steps

有关云采用之旅的特定元素的指南,请参阅:For guidance on specific elements of the cloud adoption journey, see: