| Basel

Better Together: Windows 8.1 and Windows Server 2012 R2TechNet Event November 25th, 2013

Martin Weber

Technology Solution Professional

Microsoft Switzerland Ltd.

Public Devices Domain Joined

Un-managed Devices Managed Devices

RDSVDI

EAS Policy

Managed

Devices

Workspace

Managed Devices

RISK

Access

Managed Domain

Devices

Un-Managed

DevicesWorkspace

Simple access to corporate data

Enable offline access to files and folders stored on a Windows Server 2012 R2 file server

Simple Group Policy configuration for domain-joined computers, with easy discoverability for BYOD systems, as well

Leverages Web protocols (HTTP) for easy synchronization through firewalls

A complement to SkyDrive and SkyDrive Pro

Windows 8.1Work Folders

Deploying

the Work

Folders Role

5

6

Users can sync their work data to their devices.

Users can register their devices to be able to sync data when IT enforces conditional access.

IT can publish access directly through a reverse proxy, or conditional access can be enforced via device registration through the Web Application Proxy

IT can configure a file server to provide Work Folder sync shares for each user to store data that syncs to their devices, including integration with rights management

IT can selectively wipe the corporate data from Windows 8.1 clients

Devices

Apps and data

Active Directory discoverability provides users Work Folders location

7

Users can access corporate apps and data wherever they are.

IT can use the Web Application Proxy to authenticate users and devices with Multi-Factor Authentication

Use conditional access for granular control over how and where the app can be accessed.

Active Directory provides the central repository of user identity as well as device registration information.

Developers can leverage Windows Azure Mobile Services to integrate and enhance their apps.

Devices

Apps and data

Published apps

Active Directory integrated

8

Users and devices can be authenticated at the edge, prior to being granted access to the corporate environment.

Apps that are not claims-aware, such as NTLM and Basic authentication-based apps, can be published with pass-through, with no preauthentication performed.

9

Apps are configured with per-application publishing settings.

Remote Desktop Services (RDS)

…supporting BYOD Scenarios

Introducing Microsoft Remote Desktop app:Providing easy access from BYO devices

• Provides easy access to a variety of devices and platforms including Windows, Windows RT, iOS, Mac OS X and Android. (Available in App Stores per

10/2013)

• Extends the rich Windows experience to BYO devices and help users be productive without compromising compliance

• Provides flexibility by providing access to:• PCs (through an RD Gateway)• Personal and pooled virtual (VM)-based desktops• Session based desktops and• RemoteApp programs

What are Virtual Desktops (VDI)…?Virtual Desktop Infrastructure (VDI) and Remote Desktop Services (RDS) session-based desktops are the

key technologies that enable virtual desktops, whereby a desktop that runs in the data center can be

delivered to the end user’s device using the Remote Desktop Protocol. When combined with

technologies that enable app and user state virtualization, organizations can achieve a high degree of

desktop optimization and security as well as reduced total cost of ownership.

Desktops, apps, user data

VDI and session-based desktops are just another deployment model for Windows.

Separating Desktop Computing LayersMicrosoft delivers a broad range of desktop virtualization offerings to

address your unique business and IT challenges.

• Folder Redirection

• Roaming Profiles

• User Experience Virtualization (UE-V)

• Profile disks

• Application Virtualization (App-V)

• Virtual Desktop Infrastructure (VDI)

• RemoteApp

• RDS session-based desktops

Data and user settings

Applications

Operating System

Scenarios for VDIProvide a managed desktop to unmanaged devices:

• Contract workers

• Employee-owned PCs and secondary devices

Desktops that demand high levels of security and compliance:

• Nonmobile desktops in specific industries (i.e., financial services, health care, government)

Centralizing desktop management for remote locations:

• Branch offices

• Offshore locations

Task worker scenarios:

• Call center workers

• Shared terminals, such as factory kiosk or nursing stations

Embracing Bring Your Own Device

FIREWALL

VDI

Microsoft Office 365

WINDOWS 8.1 ADVANCEMENTS

• High-fidelity Microsoft RemoteFX experience on LAN/WAN

• Multitouch support for modern apps and devices

• Support for local USB, Lync, etc.

BENEFITS• Secure, fast browsing

• Rich user experience;

• Touch enabled with Windows 8.1 devices

• Centralized management of app and data (IT)

• Enhanced security and compliance (IT)

• Great choice of Windows devices

Hosted apps(RemoteApp)

Powered by RDS

VDI with Windows Server 2012 R2

Powered by Windows Server 2012 R2

1 platform • 1 experience • 3 deployment choices

Personal

VMsFirewall

Desktop

sessions

Pooled

Virtual machines

(VMs)

Public locationCorporate office Branch office Home

Sessions Personal VMsPooled VMs

Choosing the right VDI architecture

Ease of management

App compatibility

Personalization

Cost-effectiveness

Good

Better

Best

Rich multimedia

experiences

Benefits of Microsoft VDI

Rich experience everywhere Best value for virtual desktops Efficient management

True USB and multitouch

remoting

Consistently rich

performance

Simplified wizard

In-box management

console

Fairshare

Lower-cost storage

User disks

Intelligently patching

User Profile Disk Multiple storage optionsFair Share

Best value for VDI with key platform capabilities

Support direct attached, network, or

storage area network (SAN) storage of

VMs; automatic tiering and

deduplication

Dynamically distribute

bandwidth, CPU, and disk

use

Maintain user

personalization in pooled

deployments

High availability for all roles

RemoteApp

• RemoteApp applications can integrate seamlessly with the desktop.

• RemoteApp applications look and behave like locally installed apps.

• A special icon helps to identify them as RemoteApp applications rather than locally installed apps.

• The RemoteApp workspace can be configured by using Group Policy.

Cloud or not Cloud?

SkyDrive vs. SkyDrivePro vs. WorkFolders…?

Quo Vadis: SkyDrive vs. SkyDrive Pro vs. Work Folders

Co

nsu

mer

Pers

on

al

Data

Ind

ivid

ual

Wo

rk

Data

Team

Wo

rk

Data

Pers

on

al

devic

es

Data location

SkyDrive Public Cloud

SkyDrive Pro SharePoint / Office 365

Work Folders “On Premise” File Server

Folder Redirection /

Client-Side Caching “On Premise” File Server

Your Data is always with You

Pro

Replacement DeviceUser Settings on

Replacement Device

Work folders or

Windows DeviceLost or Damaged Device User Data on

Replacement Device

Lightweight, Easy Registration process for Personal Devices

Enables access to data when using a registered, trusted device; leverages the user and device identities together

Used with Dynamic Access Control in Windows Server 2012 R2

Primarily a security capability, potentially combined with MDM for manageability

Workplace Join

Connections

HomeGroup

Proxy

Radio devices

Workplace

Network

Join your workplace network so that you can use network resources like internal

websites and business apps.

Apps and services from IT

someone@example.com

Workplace

Enter your user ID to get workplace access or turn on device management

Join

Turn on

Workplace

amyers@contoso.com

Connections

HomeGroup

Proxy

Radio devices

Workplace

Network

Enter your user ID to get workplace access or turn on device management.

This device has joined your workplace network

Your organization’s device management system lets your IT admin set up apps and network

connections for you.

Leave

Turn on

CancelTurn on

Get apps and services from IT

I agree to the Terms of Use

Some workplaces have policies, certificates, and apps that help

you connect your device to business info.

If you connect your PC, your workplace can apply settings, collect

basic information, and install or remove apps they manage. Talk

with your IT admin to learn more about your specific workplace.

User-provided devices are “unknown,” and IT has no control. Partial access can be provided to corporate information.

Registered devices are “known,” and device authentication allows IT to provide conditional access to corporate information.

Domain-joined computers are under the full control of IT and can be provided with complete access to corporate information.

Browser session single

sign-on (SSO)

Seamless two-factor

authentication for web apps

Enterprise apps SSO

Desktop SSO

Connections

HomeGroup

Proxy

Radio devices

Workplace

Network

Workplace

Device not joined to Workplace

Join

CancelSign in

User name

amyers@contoso.com

Password

Sign in with a certificate

Connecting to a service