Windows Virtual Desktop Deep Dive - Home - Experts Live ... · AZURE Windows Virtual Desktop Deep...

AZURE

Windows Virtual Desktop

Deep Dive

Micha Wets

Microsoft MVP | Cloud Solution Architect

Technology strategist at ASPEX

@MichaWets

‘How to shift’to a modern desktopCore steps and processes for large-scale deployment of Windows 10 and Office 365 ProPlus

Microsoft CSP

AZURE

Management

Delivery

Modern desktop

Cloud

???

????<Partner>managed desktop

<Customer>managed desktop

On devices

Surface& OEMs

Best experience for end users and IT

Modern desktop in the cloud

Modern desktop

managed by Microsoft

+ partn

er extensib

ility

Modern desktop strategy

AZURE

Remote Desktop Services improved

RDS Win2008R2 RDS Win2012R2 RDS Win2016 RDS Win2019

AZURE

• RDS Infrastructure Feedback• Citrix vs RDS

Challenges

Selection of Partners

Invited by Microsoft for Workshop

Workshop invite

• Active as Hosters• Delivering Apps & Desktops• RDS & Citrix

4 Partners around the world

AZURE RDmi Private Preview

RDmi release

Deploy

TestingFeedback

Changes

AZURERemote Desktop modern infrastructure (RDmi)

Consists of: RDmi Infra Tenant to manage connections between RD clients and Customer Managed Azure VMs

RDmi Infra Tenant

ASPEX/CSP Azure services

FIR

EW

ALL

FIR

EW

ALL

Customer-managed Azure VMs & servicesRD clients

Customer-managed

A A

Azure SQL DB

VMsAzure AD

Introducing

Windows Virtual Desktop

AZURE

+

+

+

The best virtual desktop experience, delivered on Azure

Enable optimizations for

Office 365 ProPlus

Migrate Windows Server (RDS)

Full Desktops and RemoteApps

Deliver the only multi-sessionWindows 10 experience

Windows Virtual Desktop

+ Deploy and scale in minutes

Windows 10+

Office 365

Windows

Server

+ Work from any device

AZURE

Windows Virtual Desktop

Microsoft-managed Azure servicesFIR

EW

ALL

FIR

EW

ALL

Customer-managed Azure VMs & servicesRD clients

Customer-managed

Windows Virtual Desktop

A A

Consists of: Azure service to manage connections between RD clients and Customer Managed Azure VMs

• Connect to Windows desktops and applications from their favorite client device from anywhere on the internet

Azure SQL DB

VMsAzure AD

AZUREMultitenancy

Windows Virtual Desktop

Microsoft-managed Azure servicesFIR

EW

ALL

FIR

EW

ALL

Customer-managed Azure VMs & services

RD clients

Customer-managed Azure ADDomain Services

User ProfileAzure Files

A A

Azure SQL DB

VMsAzure AD

Azure ADDomain Services

A A

VMsAzure AD

VPN

AZURE

DefaultTenant Group

Tenant Tenant

HostPool Hostpool

SessionHosts

UserSessions

AppGroups

RemoteAppRemoteDesktop

Hostpool

Tenant

WVD Object Model

CustomTenant Group

CustomTenant Group

CustomTenant Group

CustomTenant Group

AZURE

WVD Object Model

TenantGroup

Tenant

HostPool

SessionHost

UserSession

AppGroup

RemoteAppRemoteDesktop

Azure

Azure AD tenant

Azure resource group and

Windows image

Azure VM

Signed-in user

Subset of apps on image

Published Windows

application

Published Windows desktop

AZURE

Prerequisites

Azure Subscription

Azure Active Directory setup

• Full admin rights

• Azure AD Connect

• ADFS (optional for SSO)

Domain controller (or Azure Active Directory Domain Services)

Optional: Networking/on-prem connectivity – express route, VPN, etc.

Requirements

AZURE

Create WVD host pool and join new VMs

Azure Market Deployment

Demo

AZURE

Modern Workplace

AZURE

Power Users / Developers that need to install their own apps or admin privileges

Clients lack computing power / outdated

Non-persistent and persistant

Clients vary widely and application consistency is impacted

Different version of the same app from different OS

Full desktop vs. RemoteApp

Based on what your users need to do.

Full desktop Use RemoteApp

AZURE

HostPool flexibility

• RemoteApp and desktop app groups

• Set different load balancing algorithms

• Single or multi-session session host VMs

• Pooled or personal (future) session host VMs

AZURE

Windows Server

2012 R2 / 2016 / 2019

RD Session Host

Scalable multi-user legacy

Windows environment.

Windows Server 20xx

Multiple users

Win32

Office 2019 Perpetual

Long-Term Servicing Channel

Windows 10

Enterprise

Native single-session modern

Windows experience.

Windows 10

Single user

Win32, UWP

Office 365 ProPlus

Semi-Annual Channel

Virtualization hosts today

AZURE

Windows 10

Enterprise

Native single-session modern

Windows experience.

Windows 10

Single user

Win32, UWP

Office 365 ProPlus

Semi-Annual Channel

Virtualization hosts of the future

Windows 10

Enterprise multi user

Scalable multi-user modern

Windows user experience with

Windows 10 Enterprise security

Windows 10

Multiple users

Win32, UWP

Office 365 ProPlus

Semi-Annual Channel

Windows Server

2012 R2 / 2016 / 2019

RD Session Host

Scalable multi-user legacy

Windows environment.

Windows Server 20xx

Multiple users

Win32

Office 2019 Perpetual

Long-Term Servicing Channel

AZURE

Windows 10

Enterprise

Native single-session

modern

Windows experience.

Windows 10

Single user

Win32, UWP

Office 365 ProPlus

Semi-Annual Channel

Virtualization hosts of the future

Windows 10

Enterprise multi user

Scalable multi-user modern

Windows user experience

with Windows 10 Enterprise

security

Windows 10

Multiple users

Win32, UWP

Office 365 ProPlus

Semi-Annual Channel

Windows Server

2012 R2 / 2016 / 2019

RD Session Host

Scalable multi-user legacy

Windows environment.

Windows Server 20xx

Multiple users

Win32

Office 2019 Perpetual

Long-Term Servicing Channel

Windows 7

Enterprise

Native single-session

Windows experience.

Windows 7

Single user

Win32, UWP

Extended Security Updates

AZURE Azure AD Authentication

Enables Azure AD security features, such as Conditional Access, Multi-factor Authentication, and Intelligent Security Graph

Windows Virtual Desktop

Microsoft-managed Azure servicesFIR

EW

ALL

FIR

EW

ALL

Customer-managed Azure VMs & servicesRD clients

Customer-managed

A A

Azure SQL DB

VMsAzure AD

1

AZURE

Improved Isolation: Reverse Connect

Bidirectional communications between VMs and WVD services over https (443)

Windows Virtual Desktop

Microsoft-managed Azure servicesFIR

EW

ALL

FIR

EW

ALL

Customer-managed Azure VMs & servicesRD clients

Customer-managed

A A

Azure SQL DB

VMsAzure AD

0

AZURE

Windows Virtual Desktop

Microsoft-managed Azure servicesFIR

EW

ALL

FIR

EW

ALL

Customer-managed Azure VMs & servicesRD clients

Customer-managed

A A

Azure SQL DB

VMsAzure AD

1

User Connection Flow

0

4

2

3

2

AZURE

• HTML5 Webclient• Full Desktop

Multi-user Windows 10 experienceDemo

Demo

AZURE

Master Image Management

Master image can be managed by any already existing process and technologies including

• Azure Update Management

• System Center Configuration Manager

• ARM Script provided by MS

• 3rd party

Best practices document will be provided to assist in configuration of a golden image for WVD

Application masking technology to minimize the number of golden images and simplify app image management

AZURE Pre-steps – enroll master image

AZUREExtensible Platform

Third-party apps can use PowerShell or REST API to extend Windows Virtual Desktop platform

Examples: Deployment automation, VM scaling & provisioning, Web UI to configure, monitor, and troubleshoot, etc.

Windows Virtual Desktop

Microsoft-managed Azure services

FIR

EW

ALL

FIR

EW

ALL

Windows 10 Enterprise multi-session

Customer-managed Azure VMs & services

CSP / MSP

A A

VMsAzure AD

PowerShell

AZURE

Microsoft Confidential

WVD PowerShell

PowerShell cmdlet Description

Set, Get-RdsContext

New, Get, Set, Remove-Rds<objectName>

New, Export, Remove-RdsRegistrationInfo

Get, Set-RdsRemoteDesktop Manage RemoteDesktop

Get, Set, Remove-RdsSessionHost

Get-RdsStartMenuApp

Add, Get, Remove-RdsAppGroupUser

Get, Disconnect-RdsUserSession

Send-RdsUserSessionMessage

Invoke-RdsUserSessionLogoff Sign user out of session

Get-RdsDiagnosticActivity

AZURE

WVD Deployment and management options

Management

• Powershell cmdlets

• REST API

• Simple Mgmt UI (later this year)

• Azure Portal (post GA)

Deployment

• Azure Marketplace

• ARM templates

Hosting partners

Leverage multitenancy support to scale the number of customers

AZURE

Role-Based AccessControl concepts

Principal

Azure AD user, group, or app

(Example: user1@contoso.onmicrosoft.com)

Role

Set of capabilities

(Example: RDS Owner)

Scope

Object instance

(Example: Tenant1)

Assignment

Principal+Role+Scope

(Example: user1+RDS Owner+Tenant1)

AZURE

TenantGroup

Tenant

HostPool

SessionHost

UserSession

AppGroup

RemoteAppRemoteDesktop

AZURE

WVD PowerShell – Delegated AccessPowerShell cmdlet Description

Get-RdsRoleDefinition Gets currently defined role definitions (currently only built-in)

New, Get, Remove-RdsRoleAssignment Operates on role assignments

AZURE

Windows Virtual Desktop

Management & DiagnosticsDemo

Demo

www.aspex.be

AZURE

Windows Virtual Desktop

Management & DiagnosticsDemo

Demo

AZURE

• Outlook caching + Windows Search support

• OneDrive for Business (and Files On-Demand) support• Per-Machine version of OneDrive now available

• Native SharePoint support in Windows Explorer

• Office 365 ProPlus computer activation license roaming

• Skype for Business GAL caching

• OneNote support + UWP

• Microsoft Teams support for Virtual Desktops coming soon• Per-Machine installation available now

FSLogix benefits to Windows Virtual Desktop

FSLogix Technologies

With the acquisition of FSLogix, eligible customers will get access to

three core pieces of technology

Profile & Office 365 ContainerReplacement for roaming profiles and folder redirection. Dramatically speeds up

logon and application launch times.

• Includes Office 365 Container, which roams Office cache data (Outlook OST, OneDrive

cache, Skype for Business GAL, etc.) and Windows Search DB with user in virtual desktop

environments.

App MaskingMinimize number of gold images by creating a single image with all applications.

Excellent app compatibility with no packaging, sequencing, backend

infrastructure, or virtualization.

Java RedirectionHelps protect the enterprise from vulnerabilities of multiple installed versions of

Java by mapping specific versions to individual apps or websites.

Container

Benefits

SMB Storage

Profile Container

Office 365 Container

App Masking

Java Redirection

Container

Uses native Windows

VHD capabilities–no hypervisor.

Very easy to deploy and manage.

Completely seamless end-user

experience.

Works with other application

management platforms.

Easy to test, implement,

and manage.

Reduces network and

filesystem load.

App Masking

Benefits Application Management without

sequencing, snapshotting,

packaging, or virtualization.

All apps installed in base image.

• Only apps a user is entitled to

are revealed.

• App entitlements can be

changed in real time.

• Works with fonts, plugins, and

more…

• Excellent app compatibility

Massively reduce the number of

gold images that must be

maintained

App Masking

Profile Container

Office 365 Container

Java Redirection

Profile Container

Office 365 Container

App Masking

Java Redirection

Benefits

Securely collocate multiple version

of Java on same base image

Run each app or website with

specific version of Java required for

full functionality

Uses FSLogix App Masking to hide

unused versions of Java when not

needed

Java Redirection

AZURE

FSLogix demoDemo

Demo

AZURE

Joint solutionWindows 10 and Office 365 ProPlus experience to mobile Firstline workers on their Samsung mobile devices

Full screen Windows 10 and Office 365 ProPlus

experience from Samsung DeX-enabled mobile devices,

providing the Windows Virtual Desktop experience

on an Android endpoint

Enhanced mobility and productivity with small and

big screen experience, allowing customers to

seamlessly switch from one application to another

Faster speeds and reduced latency with the

new Samsung Galaxy S10 support for 5G and

Wi-Fi 6

Benefits

Windows Virtual Desktop with Samsung DeX

AZURE

Mobile demoDemo

Demo

AZURE

Windows 7

Windows Server

2008 & 2008 R2 Office 2010SQL Server 2008 &

2008 R2

Jan 14, 2020 Oct 13, 2020

End of support schedule

Jul 9, 2019

AZURE

Learn more at microsoft365.com/shift

Now is the time to shift

AZURE

Windows Virtual Desktop timeline

September October November December 2019

Januari

Februari March April

IgniteAnnouncing WVD

Announcing Public Preview later 2018

WVDPublic Preview

21/03/2019

Summer

WVD GAGeneral Availability

2019

AZURE Windows Virtual DesktopPublic Preview & GA rollout

Windows Virtual Desktop

Microsoft-managed Azure services

Azure SQL DB

Public Preview

March 2019

High Available

Local Redundant

East US

GA

Summer 2019

High Available

Geo Redundant

East US & Central US

GA

+ xx Months

High Available

Geo Redundant

West Europe

AZURE

• Microsoft 365 F1, E3, E5, A3, A5, Business

• Windows 10 Enterprise E3, E5

• Windows 10 Education A3, A5

• Windows 10 VDA per user

• Remote Desktop Services (RDS) Client Access License (CAL)

• FSLogix products can be run anywhere, including on-premises

How do I get WVD and FSLogix?

AZURE

@MichaWets

AZURE

THANK YOUQUESTIONS?

blog.cloud-architect.be

blog.aspex.be@MichaWets