Loading...

Secure Linux Access Using Azure Virtual Desktop

Secure Linux Access Using Azure Virtual Desktop

I've heard time and time again that Azure Virtual Desktop does not support Linux VMs in Azure.  I think that's really semantics, based on the realities of and complexities of Linux (so many distros / kernel version / management tools / access methods).  While Azure Virtual Desktop does not itself provision or manage Linux VMs, it does a wonderful job of supporting secure access to those Linux VMs through publishing access tools for Linux on Windows!

 

I know that many developers and testers love using the Windows Subsystem for Linux (WSL) on Windows VMs via AVD, but that can be complex to install, and usually means users leverage personal (expensive!) VMs to support one-to-one installs.

 

Azure Virtual Desktop lets you publish access tools via RemoteApp for users to connect to shared Linux VMs, saving money by centralizing compute, as well as wrapping the security benefits of Azure Active Directory / MFA / Conditional Access around your Linux VMs!

 

A deployment pattern growing in popularity is to publish access to Linux resources via AVD.  The AAD requirement for AVD is a perfect security wrapper for many dev and test Linux deployments, since it creates a security wrapper for those environments which might otherwise be challenging to implement (example:  where devs want to manage passwords on their own Linux machines!).

 

The common emerging patterns (outside of WSL) I have seen for secure Linux access using AVD include:

  • Leveraging AVD RemoteApp using:
  • Telnet (PuTTY, MobaXterm, other)
  • Xrdp access either with MSTC or MobaXterm
  • X11 access using X2go

AVD lets you publish either individual applications (Remote Apps) or the full Windows desktop experience:

John_Kelbley_0-1681293513391.jpeg

 

PuTTY – Easy (if you don’t need GUI!)

PuTTY is well known to your Linux users (I’ll bet, and super easy to install / publish via RemoteApp!).

Once it’s deployed, just share the IP address(es) of the hosts your users need access to, and they can setup the “saved sessions”:

John_Kelbley_1-1681293543236.png

 

John_Kelbley_2-1681293543237.png

 

Xrdp with MSTSC

Let's look at that Ubuntu Icon in the Remote Desktop application. 

While it is implemented as a Remote Application (our old friend MSTSC) it publishes a full Ubuntu desktop:

John_Kelbley_3-1681293590280.jpeg

 

When the user clicks on it, they get the familiar connection dialog:

John_Kelbley_4-1681293590281.jpeg

...and maybe that secondary authentication prompt for Windows
(again, this can be eliminated if you implement single sign on:)

John_Kelbley_5-1681293590282.jpeg

 

BUT THEN they get to their Linux desktop:

John_Kelbley_6-1681293590283.jpeg

 

In this case, it's an xrdp login prompt for a local credential stored in etc/passwd (could also be PAM integrated).

 

Once they log in - they have their desktop:

John_Kelbley_14-1681294581134.png

 

 

The secret sauce here is RemoteApp publishing!  All I'm doing is using MSTSC (built in RDP client in Windows published from AVD as a RemoteApp, with a few updates to the defaults:

John_Kelbley_13-1681294273315.png

 

It’s pretty easy to setup in Azure – happy to walk you through it if you like.

THE FINE PRINT:  You may have to grant users Local Admin rights on the VM where you publish MSTSC to the Linux box (one downside of using Xrdp...beyond having to load the protocol on your Linux hosts).

 

X-Windows Access (likely the preferred method if you want a GUI)

You can do something similar with MobaXTerm or X2Go (and not mess around with XRDP!).

This may actually be my PREFFERED method so that the xRDP package is not required in the Linux VMs.

 

I do like X2Go published via RemoteApp – super simple user interface:

John_Kelbley_8-1681293764339.png

 

 

John_Kelbley_9-1681293764353.png

…and then I’m into my full Linux Desktop (in this case, a Linux Data Science VM in Azure):

John_Kelbley_10-1681293764379.png

 

Oh, and I'm in no way trying to slight MobaXterm here by not showing a picture of it... it's a great, multi-protocol access tool!

 

Published on:

Learn more
Azure Architecture Blog articles
Azure Architecture Blog articles

Azure Architecture Blog articles

Share post:

Related posts

Azure Database for PostgreSQL Flexible Server - Elastic Clusters, faster disks, and AI updates

Increase scalability, optimize performance, and integrate advanced AI features with Azure Database for PostgreSQL Flexible Server. Scale up wi...

17 hours ago

Introducing the new Linux-based Azure Cosmos DB Emulator (Preview)

We are excited to announce the preview release of the new Linux-based Azure Cosmos DB Emulator! This latest version is built to provide faster...

2 days ago

Azure Cosmos DB Shines at Microsoft Ignite 2024!

Microsoft Ignite 2024 took over the Windy City this week, bringing with it new technological innovation and exciting product announcements apl...

3 days ago
Stay up to date with latest Microsoft Dynamics 365 and Power Platform news!
* Yes, I agree to the privacy policy