Upload
others
View
6
Download
0
Embed Size (px)
Citation preview
| Basel
Better Together: Windows 8.1 and Windows Server 2012 R2TechNet Event November 25th, 2013
Martin Weber
Technology Solution Professional
Microsoft Switzerland Ltd.
Public Devices Domain Joined
Un-managed Devices Managed Devices
RDSVDI
EAS Policy
Managed
Devices
Workspace
Managed Devices
RISK
Access
Managed Domain
Devices
Un-Managed
DevicesWorkspace
Simple access to corporate data
Enable offline access to files and folders stored on a Windows Server 2012 R2 file server
Simple Group Policy configuration for domain-joined computers, with easy discoverability for BYOD systems, as well
Leverages Web protocols (HTTP) for easy synchronization through firewalls
A complement to SkyDrive and SkyDrive Pro
Windows 8.1Work Folders
Deploying
the Work
Folders Role
5
6
Users can sync their work data to their devices.
Users can register their devices to be able to sync data when IT enforces conditional access.
IT can publish access directly through a reverse proxy, or conditional access can be enforced via device registration through the Web Application Proxy
IT can configure a file server to provide Work Folder sync shares for each user to store data that syncs to their devices, including integration with rights management
IT can selectively wipe the corporate data from Windows 8.1 clients
Devices
Apps and data
Active Directory discoverability provides users Work Folders location
7
Users can access corporate apps and data wherever they are.
IT can use the Web Application Proxy to authenticate users and devices with Multi-Factor Authentication
Use conditional access for granular control over how and where the app can be accessed.
Active Directory provides the central repository of user identity as well as device registration information.
Developers can leverage Windows Azure Mobile Services to integrate and enhance their apps.
Devices
Apps and data
Published apps
Active Directory integrated
8
Users and devices can be authenticated at the edge, prior to being granted access to the corporate environment.
Apps that are not claims-aware, such as NTLM and Basic authentication-based apps, can be published with pass-through, with no preauthentication performed.
9
Apps are configured with per-application publishing settings.
Remote Desktop Services (RDS)
…supporting BYOD Scenarios
Introducing Microsoft Remote Desktop app:Providing easy access from BYO devices
• Provides easy access to a variety of devices and platforms including Windows, Windows RT, iOS, Mac OS X and Android. (Available in App Stores per
10/2013)
• Extends the rich Windows experience to BYO devices and help users be productive without compromising compliance
• Provides flexibility by providing access to:• PCs (through an RD Gateway)• Personal and pooled virtual (VM)-based desktops• Session based desktops and• RemoteApp programs
What are Virtual Desktops (VDI)…?Virtual Desktop Infrastructure (VDI) and Remote Desktop Services (RDS) session-based desktops are the
key technologies that enable virtual desktops, whereby a desktop that runs in the data center can be
delivered to the end user’s device using the Remote Desktop Protocol. When combined with
technologies that enable app and user state virtualization, organizations can achieve a high degree of
desktop optimization and security as well as reduced total cost of ownership.
Desktops, apps, user data
VDI and session-based desktops are just another deployment model for Windows.
Separating Desktop Computing LayersMicrosoft delivers a broad range of desktop virtualization offerings to
address your unique business and IT challenges.
• Folder Redirection
• Roaming Profiles
• User Experience Virtualization (UE-V)
• Profile disks
• Application Virtualization (App-V)
• Virtual Desktop Infrastructure (VDI)
• RemoteApp
• RDS session-based desktops
Data and user settings
Applications
Operating System
Scenarios for VDIProvide a managed desktop to unmanaged devices:
• Contract workers
• Employee-owned PCs and secondary devices
Desktops that demand high levels of security and compliance:
• Nonmobile desktops in specific industries (i.e., financial services, health care, government)
Centralizing desktop management for remote locations:
• Branch offices
• Offshore locations
Task worker scenarios:
• Call center workers
• Shared terminals, such as factory kiosk or nursing stations
Embracing Bring Your Own Device
FIREWALL
VDI
Microsoft Office 365
WINDOWS 8.1 ADVANCEMENTS
• High-fidelity Microsoft RemoteFX experience on LAN/WAN
• Multitouch support for modern apps and devices
• Support for local USB, Lync, etc.
BENEFITS• Secure, fast browsing
• Rich user experience;
• Touch enabled with Windows 8.1 devices
• Centralized management of app and data (IT)
• Enhanced security and compliance (IT)
• Great choice of Windows devices
Hosted apps(RemoteApp)
Powered by RDS
VDI with Windows Server 2012 R2
Powered by Windows Server 2012 R2
1 platform • 1 experience • 3 deployment choices
Personal
VMsFirewall
Desktop
sessions
Pooled
Virtual machines
(VMs)
Public locationCorporate office Branch office Home
Sessions Personal VMsPooled VMs
Choosing the right VDI architecture
Ease of management
App compatibility
Personalization
Cost-effectiveness
Good
Better
Best
Rich multimedia
experiences
Benefits of Microsoft VDI
Rich experience everywhere Best value for virtual desktops Efficient management
True USB and multitouch
remoting
Consistently rich
performance
Simplified wizard
In-box management
console
Fairshare
Lower-cost storage
User disks
Intelligently patching
User Profile Disk Multiple storage optionsFair Share
Best value for VDI with key platform capabilities
Support direct attached, network, or
storage area network (SAN) storage of
VMs; automatic tiering and
deduplication
Dynamically distribute
bandwidth, CPU, and disk
use
Maintain user
personalization in pooled
deployments
High availability for all roles
RemoteApp
• RemoteApp applications can integrate seamlessly with the desktop.
• RemoteApp applications look and behave like locally installed apps.
• A special icon helps to identify them as RemoteApp applications rather than locally installed apps.
• The RemoteApp workspace can be configured by using Group Policy.
Cloud or not Cloud?
SkyDrive vs. SkyDrivePro vs. WorkFolders…?
Quo Vadis: SkyDrive vs. SkyDrive Pro vs. Work Folders
Co
nsu
mer
Pers
on
al
Data
Ind
ivid
ual
Wo
rk
Data
Team
Wo
rk
Data
Pers
on
al
devic
es
Data location
SkyDrive Public Cloud
SkyDrive Pro SharePoint / Office 365
Work Folders “On Premise” File Server
Folder Redirection /
Client-Side Caching “On Premise” File Server
Your Data is always with You
Pro
Replacement DeviceUser Settings on
Replacement Device
Work folders or
Windows DeviceLost or Damaged Device User Data on
Replacement Device
Lightweight, Easy Registration process for Personal Devices
Enables access to data when using a registered, trusted device; leverages the user and device identities together
Used with Dynamic Access Control in Windows Server 2012 R2
Primarily a security capability, potentially combined with MDM for manageability
Workplace Join
Connections
HomeGroup
Proxy
Radio devices
Workplace
Network
Join your workplace network so that you can use network resources like internal
websites and business apps.
Apps and services from IT
Workplace
Enter your user ID to get workplace access or turn on device management
Join
Turn on
Workplace
Connections
HomeGroup
Proxy
Radio devices
Workplace
Network
Enter your user ID to get workplace access or turn on device management.
This device has joined your workplace network
Your organization’s device management system lets your IT admin set up apps and network
connections for you.
Leave
Turn on
CancelTurn on
Get apps and services from IT
I agree to the Terms of Use
Some workplaces have policies, certificates, and apps that help
you connect your device to business info.
If you connect your PC, your workplace can apply settings, collect
basic information, and install or remove apps they manage. Talk
with your IT admin to learn more about your specific workplace.
User-provided devices are “unknown,” and IT has no control. Partial access can be provided to corporate information.
Registered devices are “known,” and device authentication allows IT to provide conditional access to corporate information.
Domain-joined computers are under the full control of IT and can be provided with complete access to corporate information.
Browser session single
sign-on (SSO)
Seamless two-factor
authentication for web apps
Enterprise apps SSO
Desktop SSO
Connections
HomeGroup
Proxy
Radio devices
Workplace
Network
Workplace
Device not joined to Workplace
Join
CancelSign in
User name
Password
Sign in with a certificate
Connecting to a service