Greetings! My name is Morgan Simonsen, Product Manager for Microsoft Azure here at Lumagate. Our CTO, Kristian Nese, has been so kind as to let me hijack his blog to tell you about all the exciting stuff that is happening around the new RemoteApp service in Microsoft Azure. So continue reading…
An old hero…
Windows Server Remote Desktop Services, formerly known as Windows Terminal Services, is a longtime favorite for delivering a host of different Windows-based applications. So popular, in fact, that a company like Citrix, owes its very existence to it. No matter what your scenario, network, user mass or budget; with Remote Desktop you can deliver almost any app to your users. Everything from Notepad and Calculator, to CAD software and games. Add to that the ease of management, scalability, broad endpoint support and security, and you understand why everyone from schools to the military use Remote Desktop Services.
The core of the RDS technology is a shared Windows Server where each user gets an isolated session to run his apps and manage his data, but in the 20 years since its inception, RDS today consists of a host of different components and services. Remote Desktop Gateway to tunnel RDS traffic safely over the Internet protocol HTTPS. Remote Desktop Virtualization host where, using Hyper-V, each user gets his own VM instead of just a session. Connection Broker to load balance and reconnect users across a group of servers. Resource manager to equally distribute a server’s resources among its logged on users. RemoteApp to publish single apps instead of a full desktop. RemoteFX to harness CPU and GPU hardware acceleration features. Remote Desktop clients for almost any platform, supporting all of the above feature. The list goes on. In addition, we have a large number of ISVs delivering add-ons to RDS.
Putting all this functionality together has become a field of expertise of its own, but the whole thing is about to get a whole lot easier.
Introducing Azure RemoteApp
With the Microsoft Azure RemoteApp service, now in public preview, Microsoft has merged the power of Remote Desktop Services with the flexibility and agility of the public cloud, creating one of the most versatile application delivery solutions to date. In a nutshell; RDS is offered on the Azure platform as a service, for us to consume by usage (including OS and CAL licenses), and we can populate that service with the Windows applications we need, legacy or other.
From a technical standpoint, there is nothing stopping you from deploying your own RDS services in Microsoft Azure IaaS VMs, or any other IaaS offering for that matter. Any challenges you are likely to face are related to licensing, not technology. Of course, you have to design and implement the whole thing yourself. With Azure RemoteApp, you no longer have to.
With Azure RemoteApp you get the choice of two deployment options; a RemoteApp Cloud Deployment or a RemoteApp Hybrid Deployment. You can have several deployments of any type in your Azure subscription. The main difference is that a hybrid deployment can integrate with your existing Windows Server Active Directory environment and access internal resources over VPN, whereas the cloud deployment cannot.
RemoteApp Cloud Deployment
The main concept behind the Cloud Deployment is to provide a Remote Desktop Service for application delivery that is not integrated with your existing infrastructure. The session host servers in a cloud deployment are not part of your infrastructure and you have no control over them. They are just back-end resources that you never interact with. With the cloud deployment you can either use one of the Microsoft provided VM images, or create your own with the apps you require. Provisioning a cloud deployment with a Microsoft image is very quick, typically done in minutes, whereas using your own image requires you to create a gold image on premises, configure it and upload it to the RemoteApp service. The Microsoft images come with Windows Server 2012 R2 Datacenter with all in-box applications, Office 2013 Professional Plus, Oracle Java, Adobe Flash and Adobe Reader. If your users only need those apps and you don’t require integration, you can go with the Microsoft image. If you require other apps, but still no integration, you can create your own gold image and create a RemoteApp cloud deployment using that. All cloud deployment VMs have Internet access, but cannot reach your internal on-premises network or any virtual networks you have in Azure, except if those networks publish services on the Internet. Microsoft cloud deployment images are updated and maintained by Microsoft on a regular basis, your cloud deployment images are updated and maintained by you on-premises and uploaded to the RemoteApp service.
As the name suggest Hybrid RemoteApp deployments integrate with your existing infrastructure. In this deployment type the RemoteApp VMs are joined to your Windows Server Active Directory and require network communication over VPN to function. The RemoteApp VMs are created on a dedicated virtual network in Microsoft Azure that is connected to your on-premises network through regular Site-2-Site VPN. All rules and requirements for Azure vNet design applies to vNets dedicated to Azure RemoteApp. Once the VMs are provisioned and joined to your AD you can manage them through Group Policy. You cannot log onto the desktop as an administrator and make local changes. Almost the full Group Policy feature set is available to you and you can run both policies and preferences, as well as user logon scripts. Some Group Policy settings, like disable remote desktop, will not work. When users access a RemoteApp hybrid deployment the RDS host VMs can access all internal resources, if allowed. Setting up a hybrid deployment is a little more involved than the cloud option. You have to perform Azure vNet design with VPN connectivity, create a gold image on-premises and upload it to the RemoteApp service (and maintain that image on a regular basis), provide domain join credentials and set up Azure Active Directory Sync (DirSync).
Connecting to Azure Remote Access requires specialized support. On Mac OS and IOS this is built into the regular Remote Desktop client while Windows clients have dedicated RemoteApp software. Regardless of platform the RemoteApp bits are available on the Azure RemoteApp site: https://www.remoteapp.windowsazure.com/
Authentication to RemoteApp cloud deployments is performed either with a Microsoft Account or an Azure Active Directory account. Hybrid deployments require identity synchronization (DirSync) and therefore cannot use Microsoft Accounts.
Logging into Azure RemoteApp presents you with the usual Azure logon prompt. If you have implemented Multi-Factor Authentication or Identity Federation they work the same with RemoteApp as with other Azure services.
Once authenticated you are presented with all the applications the user account has access to:
Applications from both cloud and hybrid deployments are shown together. If you start an app from a cloud deployment you get immediate access, but apps from hybrid deployments require one more authentication step. This time it is an actual Windows domain logon. Since the hybrid deployment RemoteApp servers are joined to your AD you have to provide domain credentials to access them:
Azure RemoteApp is supported on Mac OS X, iOS, Android and Windows (Windows Phone coming soon). You can get the appropriate client either on the RemoteApp website or in your platforms marketplace (just search for RemoteApp or Remote Desktop).
User profiles and data
In cloud deployments each user is give 50 GB of persistent storage through their profile. Even though the cloud deployment RemoteApp VMs are stateless, the user profiles are persisted on other storage and loaded at each logon. Users have full write access and click-to-install apps also work. Users can also access any other type of cloud storage like SharePoint Online, OneDrive for Business, OneDrive, Dropbox etc. These will be synced into the persisted user profile. Anything stored outside the user profile can be lost at any give time.
Hybrid deployments get the same storage allotment (50 GBs) and have the same abilities with regards to cloud storage. However, you can also give users of hybrid deployments access to any internal storage you might have, like regular shared folders or DFS. Using logon scripts or Group Policy you can also map drive letters.
Since Azure RemoteApp is provided as a service, hardly any of the complexities of regular Remote Desktop Services deployments apply. By default each deployment; cloud or hybrid is give two server instances which together support 10 users (5 per server). When the number of logged on users approaches 10; one or more, instances are automatically provisioned and added to the deployment. Machine learning algorithms are used to predict the required number of additional instances. Conversely, when users log off the service scales down to the original 2 instances and 10 users. Farm configuration, certificates, high availability, load balancing, firewall configuration and service management and updated are all handled for you.
Licensing and cost
Azure RemoteApp includes the Windows Server OS license, Windows Server Client Access License (CAL) and Remote Desktop Services CAL. The only thing you have to license on your own are the applications you offer through the service. You are charged either per named user or consumption.
Once the service goes GA you will be given the option of selecting which billing option you prefer, per deployment.
Since Azure RemoteApp is currently in preview, and since I do not in any capacity represent Microsoft Corp, anything I have written here might be wrong or might be changed once the service is released. You have been advised!
For even more information about Azure RemoteApp we would like to invite you to our August 29th webinar. I will give you lots of demos as well as a full walkthrough of setting up both cloud and hybrid deployments. Hopefully I will also be able to answer all your questions. Sign up HERE!
We have also created a RemoteApp Proof of concept (POC) package that we are offering at a discounted price to anyone attending the webinar. Also, check with your Microsoft representative if you are eligible for either Business Investment Funds (BIF) or Proof of concept Microsoft funding.
Hope to see you on the 29th!
Principal Consultant and Product Manager – Microsoft Azure