AZURE
Windows Virtual Desktop
Deep Dive
Micha Wets
Microsoft MVP | Cloud Solution Architect
Technology strategist at ASPEX
@MichaWets
‘How to shift’to a modern desktopCore steps and processes for large-scale deployment of Windows 10 and Office 365 ProPlus
Microsoft CSP
AZURE
Management
Delivery
Modern desktop
Cloud
???
????<Partner>managed desktop
<Customer>managed desktop
On devices
Surface& OEMs
Best experience for end users and IT
Modern desktop in the cloud
Modern desktop
managed by Microsoft
+ partn
er extensib
ility
Modern desktop strategy
AZURE
Remote Desktop Services improved
RDS Win2008R2 RDS Win2012R2 RDS Win2016 RDS Win2019
AZURE
• RDS Infrastructure Feedback• Citrix vs RDS
Challenges
Selection of Partners
Invited by Microsoft for Workshop
Workshop invite
• Active as Hosters• Delivering Apps & Desktops• RDS & Citrix
4 Partners around the world
AZURE RDmi Private Preview
RDmi release
Deploy
TestingFeedback
Changes
AZURERemote Desktop modern infrastructure (RDmi)
Consists of: RDmi Infra Tenant to manage connections between RD clients and Customer Managed Azure VMs
RDmi Infra Tenant
ASPEX/CSP Azure services
FIR
EW
ALL
FIR
EW
ALL
Customer-managed Azure VMs & servicesRD clients
Customer-managed
A A
Azure SQL DB
VMsAzure AD
Introducing
Windows Virtual Desktop
AZURE
+
+
+
The best virtual desktop experience, delivered on Azure
Enable optimizations for
Office 365 ProPlus
Migrate Windows Server (RDS)
Full Desktops and RemoteApps
Deliver the only multi-sessionWindows 10 experience
Windows Virtual Desktop
+ Deploy and scale in minutes
Windows 10+
Office 365
Windows
Server
+ Work from any device
AZURE
Windows Virtual Desktop
Microsoft-managed Azure servicesFIR
EW
ALL
FIR
EW
ALL
Customer-managed Azure VMs & servicesRD clients
Customer-managed
Windows Virtual Desktop
A A
Consists of: Azure service to manage connections between RD clients and Customer Managed Azure VMs
• Connect to Windows desktops and applications from their favorite client device from anywhere on the internet
Azure SQL DB
VMsAzure AD
AZUREMultitenancy
Windows Virtual Desktop
Microsoft-managed Azure servicesFIR
EW
ALL
FIR
EW
ALL
Customer-managed Azure VMs & services
RD clients
Customer-managed Azure ADDomain Services
User ProfileAzure Files
A A
Azure SQL DB
VMsAzure AD
Azure ADDomain Services
A A
VMsAzure AD
VPN
AZURE
DefaultTenant Group
Tenant Tenant
HostPool Hostpool
SessionHosts
UserSessions
AppGroups
RemoteAppRemoteDesktop
Hostpool
Tenant
WVD Object Model
CustomTenant Group
CustomTenant Group
CustomTenant Group
CustomTenant Group
AZURE
WVD Object Model
TenantGroup
Tenant
HostPool
SessionHost
UserSession
AppGroup
RemoteAppRemoteDesktop
Azure
Azure AD tenant
Azure resource group and
Windows image
Azure VM
Signed-in user
Subset of apps on image
Published Windows
application
Published Windows desktop
AZURE
Prerequisites
Azure Subscription
Azure Active Directory setup
• Full admin rights
• Azure AD Connect
• ADFS (optional for SSO)
Domain controller (or Azure Active Directory Domain Services)
Optional: Networking/on-prem connectivity – express route, VPN, etc.
Requirements
AZURE
Create WVD host pool and join new VMs
Azure Market Deployment
Demo
AZURE
Modern Workplace
AZURE
Power Users / Developers that need to install their own apps or admin privileges
Clients lack computing power / outdated
Non-persistent and persistant
Clients vary widely and application consistency is impacted
Different version of the same app from different OS
Full desktop vs. RemoteApp
Based on what your users need to do.
Full desktop Use RemoteApp
AZURE
HostPool flexibility
• RemoteApp and desktop app groups
• Set different load balancing algorithms
• Single or multi-session session host VMs
• Pooled or personal (future) session host VMs
AZURE
Windows Server
2012 R2 / 2016 / 2019
RD Session Host
Scalable multi-user legacy
Windows environment.
Windows Server 20xx
Multiple users
Win32
Office 2019 Perpetual
Long-Term Servicing Channel
Windows 10
Enterprise
Native single-session modern
Windows experience.
Windows 10
Single user
Win32, UWP
Office 365 ProPlus
Semi-Annual Channel
Virtualization hosts today
AZURE
Windows 10
Enterprise
Native single-session modern
Windows experience.
Windows 10
Single user
Win32, UWP
Office 365 ProPlus
Semi-Annual Channel
Virtualization hosts of the future
Windows 10
Enterprise multi user
Scalable multi-user modern
Windows user experience with
Windows 10 Enterprise security
Windows 10
Multiple users
Win32, UWP
Office 365 ProPlus
Semi-Annual Channel
Windows Server
2012 R2 / 2016 / 2019
RD Session Host
Scalable multi-user legacy
Windows environment.
Windows Server 20xx
Multiple users
Win32
Office 2019 Perpetual
Long-Term Servicing Channel
AZURE
Windows 10
Enterprise
Native single-session
modern
Windows experience.
Windows 10
Single user
Win32, UWP
Office 365 ProPlus
Semi-Annual Channel
Virtualization hosts of the future
Windows 10
Enterprise multi user
Scalable multi-user modern
Windows user experience
with Windows 10 Enterprise
security
Windows 10
Multiple users
Win32, UWP
Office 365 ProPlus
Semi-Annual Channel
Windows Server
2012 R2 / 2016 / 2019
RD Session Host
Scalable multi-user legacy
Windows environment.
Windows Server 20xx
Multiple users
Win32
Office 2019 Perpetual
Long-Term Servicing Channel
Windows 7
Enterprise
Native single-session
Windows experience.
Windows 7
Single user
Win32, UWP
Extended Security Updates
AZURE Azure AD Authentication
Enables Azure AD security features, such as Conditional Access, Multi-factor Authentication, and Intelligent Security Graph
Windows Virtual Desktop
Microsoft-managed Azure servicesFIR
EW
ALL
FIR
EW
ALL
Customer-managed Azure VMs & servicesRD clients
Customer-managed
A A
Azure SQL DB
VMsAzure AD
1
AZURE
Improved Isolation: Reverse Connect
Bidirectional communications between VMs and WVD services over https (443)
Windows Virtual Desktop
Microsoft-managed Azure servicesFIR
EW
ALL
FIR
EW
ALL
Customer-managed Azure VMs & servicesRD clients
Customer-managed
A A
Azure SQL DB
VMsAzure AD
0
AZURE
Windows Virtual Desktop
Microsoft-managed Azure servicesFIR
EW
ALL
FIR
EW
ALL
Customer-managed Azure VMs & servicesRD clients
Customer-managed
A A
Azure SQL DB
VMsAzure AD
1
User Connection Flow
0
4
2
3
2
AZURE
• HTML5 Webclient• Full Desktop
Multi-user Windows 10 experienceDemo
Demo
AZURE
Master Image Management
Master image can be managed by any already existing process and technologies including
• Azure Update Management
• System Center Configuration Manager
• ARM Script provided by MS
• 3rd party
Best practices document will be provided to assist in configuration of a golden image for WVD
Application masking technology to minimize the number of golden images and simplify app image management
AZURE Pre-steps – enroll master image
AZUREExtensible Platform
Third-party apps can use PowerShell or REST API to extend Windows Virtual Desktop platform
Examples: Deployment automation, VM scaling & provisioning, Web UI to configure, monitor, and troubleshoot, etc.
Windows Virtual Desktop
Microsoft-managed Azure services
FIR
EW
ALL
FIR
EW
ALL
Windows 10 Enterprise multi-session
Customer-managed Azure VMs & services
CSP / MSP
A A
VMsAzure AD
PowerShell
AZURE
Microsoft Confidential
WVD PowerShell
PowerShell cmdlet Description
Set, Get-RdsContext
New, Get, Set, Remove-Rds<objectName>
New, Export, Remove-RdsRegistrationInfo
Get, Set-RdsRemoteDesktop Manage RemoteDesktop
Get, Set, Remove-RdsSessionHost
Get-RdsStartMenuApp
Add, Get, Remove-RdsAppGroupUser
Get, Disconnect-RdsUserSession
Send-RdsUserSessionMessage
Invoke-RdsUserSessionLogoff Sign user out of session
Get-RdsDiagnosticActivity
AZURE
WVD Deployment and management options
Management
• Powershell cmdlets
• REST API
• Simple Mgmt UI (later this year)
• Azure Portal (post GA)
Deployment
• Azure Marketplace
• ARM templates
Hosting partners
Leverage multitenancy support to scale the number of customers
AZURE
Role-Based AccessControl concepts
Principal
Azure AD user, group, or app
(Example: [email protected])
Role
Set of capabilities
(Example: RDS Owner)
Scope
Object instance
(Example: Tenant1)
Assignment
Principal+Role+Scope
(Example: user1+RDS Owner+Tenant1)
AZURE
TenantGroup
Tenant
HostPool
SessionHost
UserSession
AppGroup
RemoteAppRemoteDesktop
AZURE
WVD PowerShell – Delegated AccessPowerShell cmdlet Description
Get-RdsRoleDefinition Gets currently defined role definitions (currently only built-in)
New, Get, Remove-RdsRoleAssignment Operates on role assignments
AZURE
Windows Virtual Desktop
Management & DiagnosticsDemo
Demo
www.aspex.be
AZURE
Windows Virtual Desktop
Management & DiagnosticsDemo
Demo
AZURE
• Outlook caching + Windows Search support
• OneDrive for Business (and Files On-Demand) support• Per-Machine version of OneDrive now available
• Native SharePoint support in Windows Explorer
• Office 365 ProPlus computer activation license roaming
• Skype for Business GAL caching
• OneNote support + UWP
• Microsoft Teams support for Virtual Desktops coming soon• Per-Machine installation available now
FSLogix benefits to Windows Virtual Desktop
FSLogix Technologies
With the acquisition of FSLogix, eligible customers will get access to
three core pieces of technology
Profile & Office 365 ContainerReplacement for roaming profiles and folder redirection. Dramatically speeds up
logon and application launch times.
• Includes Office 365 Container, which roams Office cache data (Outlook OST, OneDrive
cache, Skype for Business GAL, etc.) and Windows Search DB with user in virtual desktop
environments.
App MaskingMinimize number of gold images by creating a single image with all applications.
Excellent app compatibility with no packaging, sequencing, backend
infrastructure, or virtualization.
Java RedirectionHelps protect the enterprise from vulnerabilities of multiple installed versions of
Java by mapping specific versions to individual apps or websites.
Container
Benefits
SMB Storage
Profile Container
Office 365 Container
App Masking
Java Redirection
Container
Uses native Windows
VHD capabilities–no hypervisor.
Very easy to deploy and manage.
Completely seamless end-user
experience.
Works with other application
management platforms.
Easy to test, implement,
and manage.
Reduces network and
filesystem load.
App Masking
Benefits Application Management without
sequencing, snapshotting,
packaging, or virtualization.
All apps installed in base image.
• Only apps a user is entitled to
are revealed.
• App entitlements can be
changed in real time.
• Works with fonts, plugins, and
more…
• Excellent app compatibility
Massively reduce the number of
gold images that must be
maintained
App Masking
Profile Container
Office 365 Container
Java Redirection
Profile Container
Office 365 Container
App Masking
Java Redirection
Benefits
Securely collocate multiple version
of Java on same base image
Run each app or website with
specific version of Java required for
full functionality
Uses FSLogix App Masking to hide
unused versions of Java when not
needed
Java Redirection
AZURE
FSLogix demoDemo
Demo
AZURE
Joint solutionWindows 10 and Office 365 ProPlus experience to mobile Firstline workers on their Samsung mobile devices
Full screen Windows 10 and Office 365 ProPlus
experience from Samsung DeX-enabled mobile devices,
providing the Windows Virtual Desktop experience
on an Android endpoint
Enhanced mobility and productivity with small and
big screen experience, allowing customers to
seamlessly switch from one application to another
Faster speeds and reduced latency with the
new Samsung Galaxy S10 support for 5G and
Wi-Fi 6
Benefits
Windows Virtual Desktop with Samsung DeX
AZURE
Mobile demoDemo
Demo
AZURE
Windows 7
Windows Server
2008 & 2008 R2 Office 2010SQL Server 2008 &
2008 R2
Jan 14, 2020 Oct 13, 2020
End of support schedule
Jul 9, 2019
AZURE
Learn more at microsoft365.com/shift
Now is the time to shift
AZURE
Windows Virtual Desktop timeline
September October November December 2019
Januari
Februari March April
IgniteAnnouncing WVD
Announcing Public Preview later 2018
WVDPublic Preview
21/03/2019
Summer
WVD GAGeneral Availability
2019
AZURE Windows Virtual DesktopPublic Preview & GA rollout
Windows Virtual Desktop
Microsoft-managed Azure services
Azure SQL DB
Public Preview
March 2019
High Available
Local Redundant
East US
GA
Summer 2019
High Available
Geo Redundant
East US & Central US
GA
+ xx Months
High Available
Geo Redundant
West Europe
AZURE
• Microsoft 365 F1, E3, E5, A3, A5, Business
• Windows 10 Enterprise E3, E5
• Windows 10 Education A3, A5
• Windows 10 VDA per user
• Remote Desktop Services (RDS) Client Access License (CAL)
• FSLogix products can be run anywhere, including on-premises
How do I get WVD and FSLogix?
AZURE
@MichaWets
AZURE
THANK YOUQUESTIONS?
blog.cloud-architect.be
blog.aspex.be@MichaWets
Top Related