Skip to main content
Skip table of contents

Creating Host Pools, Workspaces, and Application Groups

Overview

Starting in v1.2, Hydra has the ability to create Host Pools, Workspaces, and Application Groups. This allows AVD administrators to create all of the foundational constructs for an AVD deployment within the Hydra portal and not have to jump back and forth between the Azure and Hydra portals. 

Terminology

First, it is important to understand the terminology behind the various components and how they interoperate. Specifically, Host Pools, Application Groups, and Workspaces. Microsoft defines these in their documentation.

Icon Legend

See below for the various icons and what they represent. This will make it easier to understand the tree menu while navigating, modifying, and creating the various resources:

Frame 1490.png

Creating a Host Pool

To create a host pool, navigate to Azure Resources > Virtual Desktop on the left-hand navigation menu. 

Frame 1491.png

You will notice two sections: Host Pools and Workspaces:

Frame 1492.png

The majority of the configuration will be completed on the Host Pools section, while the Workspaces section will simply contain the association of App Groups to Workspaces. 

To get started, select either the Host Pools top-level container or the specific subscription and click Add to start the Add New Host Pool Wizard:

Frame 1493.png

Fill out the various fields and configurations. Notice that even the RDP properties and configuration can be accomplished within the same wizard, streamlining the deployment compared to creating it via the Azure Portal. For more information, see the Microsoft Documentation.

Frame 1494.png
Frame 1495.png

Once the Host Pool is created, you will see it automatically populate underneath the Subscription. 

Creating an Application Group

The next step is to create an Application Group under the Host Pool. To do this:

  1. Expand the Host Pool and select the App Groups container underneath.

Frame 1496.png

  1. Select the appropriate App Group you wish to create, depending on whether you are delivering Published/Remote Apps or full desktops. This will trigger the Add Remote Application Group Wizard:

Frame 1497.png

Adding Remote Apps to an Application Group

If the Application Group supports Remote Apps, you can then add Remote Apps and their respective configuration. Select the RA-enabled Application Group, and select one of the two options:

  • Add app from start menu: Queries the session host for apps present in the Start Menu. Note that at least one session host must be online for this to function. This allows for many of the various properties, such as the executable path, to be prepopulated.

  • Add app manually: Manually add the Remote App by inputting these various properties, as defined in the Microsoft documentation:

Frame 1498.png

Assigning an Application Group

To assign an Application Group, the Service Principal used in the Tenants section must have appropriate Entra permissions to query the Entra groups, much like the permissions for removing devices in Entra.

Allow Hydra to show users and groups. Hydra can display users and groups in the directory for various purposes, such as assigning a user or group to an application group in AVD. To allow that, add the following permission:

Part

Value

API:

Microsoft Graph

Type:

Application permissions

Permission:

“Group.Read.All” and “User.ReadBasic.All”

This permission is valid for all users and groups. Use it carefully and monitor for misuse. Use private endpoints for Hydra and disable public access to the Hydra app service.

Giving admin consent. The added permissions need consent from a privileged administrator and are shown as “not granted” in the status field:

Frame 1508.png

Clicking Grant admin consent for company starts the consent process. After the completion, the service principal has the permissions:

Frame 1509.png

Additional service principals. Repeat this step for each service principal you are using in Hydra (listed in the tenant configuration of Hydra).

Managed Service Identity. PowerShell is needed to give the MSI the API permission, like in the configuration of the service principals.

Before users can see the desktops or remote apps presented, they must be entitled to them. Use the Assign button next to the Application Group to entitle the appropriate users or groups:

Frame 1499.png

Notice that you also have the ability to unassign users within this window:

Frame 1500.png

Creating a Workspace 

Application Groups must also be associated with a Workspace for users to access them. A Workspace is a logical container within the Windows App or Remote Desktop app to organize and group the various apps and desktops for the user. 

To create a Workspace:

  1. Select the top-level Workspaces container or Subscription in the Workspaces section, typically on the far-right side, and click Add:

Frame 1501.png

  1. Input the Subscription / Resource Group, the Workspace name, Location, and optional tags, and select Add.

Frame 1502.png

Associate an Application Group with a Workspace

To associate or link an Application Group with a Workspace:

  1. Select the Workspace and click Link application group:

Frame 1503.png

A list of unassociated Application Groups will appear.

  1. Select all of the Application Groups you wish to link to this Workspace, and click Save

Frame 1504.png

  1. To unlink the Application Group, select the Application Group and click Unlink:

Frame 1505.png

Modifying Existing Properties

If you wish to modify the existing objects after creation, select the Host Pool, App Group, or Workspace, and click Properties. Note that some fields cannot be edited due to Azure limitations.

Frame 1506.png
Frame 1507.png

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close