Upload
others
View
26
Download
0
Embed Size (px)
Citation preview
Remote Desktop IO LabMarch 20th-22nd 2018
Redmond, Washington
WVD Infrastructure Services
Stefan GeorgievPM
RD ClientRD Client
What is RDS?
RD Client RD Infra Remote hostRDP RDP
RD Client Remote hostRDP
Remote hostRemote host
User profileSMB
Image
Host Pool(s)
Microsoft Confidential
Virtualization Terms and Definitions
Background: How does this work?
5%
15%
Rare
80%
Personal (persistent VMs)
Pooled
(non-Persistent VMs)
Single Session Multi-Session
Deployment models and share
Microsoft Confidential
Virtualization Scenarios
Security
and regulation
Financial Services
Healthcare
Government
Elastic
workforce
Mergers and acquisition
Short term employees
Contractor and partner access
Specific
employees
BYOD and mobile
Call centers
Branch workers
Specialized
workloads
Design and engineering
Legacy apps
Software dev test
Windows Virtual DesktopThe best virtual desktop experience, delivered on Azure
Windows 10
Office 365+
Optimized for Office 365 ProPlus
Deploy and scale in minutes
The only multi-user Windows 10 experience
What is Windows Virtual DesktopMicrosoft service on Azure for VDI/RDSH management
• Enables a multi-user Windows 10 experience,
optimized for Office 365 ProPlus
• Most scalable service to deploy and manage
• Most flexible service allowing you to virtualize both
desktops and apps
• Windows 7 virtual desktop with free Extended Security
Updates
• Integrated with the security and management of
Microsoft 365
Provides virtualization infrastructure as a managed
service
Utilizes Azure Active Directory identity management
service
Deploy and manage VMs in Azure subscription
Manage using existing tools like Configuration Manager
or Microsoft Intune
Simply connect to on-premise resources
High Level Architecture
Y O U R S U B S C R I P T I O N - Y O U R C O N T R O L
Windows 7
Enterprise
RemoteApp
Web access
Management
Diagnostics Gateway
Broker
Windows 10
Enterprise
M A N A G E D B Y M I C R O S O F T
Windows
Server 2012
R2 and up
Windows 10
Enterprise multi-
session
Load balancing
M A N A G E D B Y M I C R O S O F T
Compute Storage Networking
Azure AD AuthenticationClients authenticate with Azure Active Directory (Azure AD) identities
Azure AD allows usage of Conditional Access and Multi-factor Authentication
Windows VMs are AD domain-joined for optimal app compatibility
Windows Virtual Desktop
Microsoft-managed Azure services
FIR
EW
ALL
FIR
EW
ALL
Customer-managed Azure VMs & services
RD clients
Customer-managed
Azure SQL DB
VMsAzure AD
1
A A
Azure AD Connect
User Connection FlowUser launches RD client which connects to Azure AD, user signs in, and Azure AD returns token
RD client presents token to Web Access, Broker queries DB to determine resources authorized for user
User selects resource, RD client connects to Gateway
Broker orchestrates connection from host agent to Gateway
RDP traffic now flows between RD client and session host VM over connections 3 and 4
Windows Virtual Desktop
Microsoft-managed Azure services
FIR
EW
ALL
FIR
EW
ALL
Customer-managed Azure VMs & services
RD clients
Customer-managed
A A
Azure SQL DB
VMsAzure AD
1
0
42
3
Improved Isolation: Reverse ConnectOutbound WebSocket connections from VMs to Broker and Gateway
Bidirectional communications between VMs and RD infra over https (443)
No inbound ports need be opened on the VM.
Windows Virtual Desktop
Microsoft-managed Azure services
FIR
EW
ALL
FIR
EW
ALL
Customer-managed Azure VMs & services
RD clients
Customer-managed
A A
Azure SQL DB
VMsAzure AD
0
4
Multitenancy
Windows Virtual Desktop
Microsoft-managed Azure servicesFIR
EW
ALL
FIR
EW
ALL
Customer-managed Azure VMs & services
RD clients
Customer-managedAzure ADDomain Services
User ProfileAzure Files
A A
Azure SQL DB
VMsAzure AD
Azure ADDomain Services
User ProfileAzure Files
A A
VMsAzure AD
Extensible PlatformThird-party apps can use PowerShell or REST API to extend Windows Virtual Desktop platform
Examples: Deployment automation, VM scaling & provisioning, Web UI to configure, monitor, and troubleshoot, etc.
Windows Virtual Desktop
Microsoft-managed Azure servicesFIR
EW
ALL
FIR
EW
ALL
Windows 10 Enterprise multi-session
Customer-managed Azure VMs & services
RD clients
Customer-managed
A A
VMs
Azure AD
PowerShell
Third-party
app
Windows Server
Desktop Experience
Scalable multi-user legacy
Windows environment.
Windows Server
Multiple users
Win32
Office 2019 Perpetual
Long-Term Servicing Channel
Windows 10
Enterprise
Native single-session modern
Windows experience.
Windows 10
Single user
Win32, UWP
Office 365 ProPlus
Semi-Annual Channel
Virtualization Hosts Today
Windows Server
RD Session Host
Scalable multi-user legacy
Windows environment.
Windows Server
Multiple users
Win32
Office 2019 Perpetual
Long-Term Servicing Channel
Windows 10
Enterprise
Native single-session modern
Windows experience.
Windows 10
Single user
Win32, UWP
Office 365 ProPlus
Semi-Annual Channel
Virtualization Hosts of the Future
Windows 10
Enterprise Multi-session
Scalable multi-session modern
Windows user experience with
Windows 10 Enterprise security
Windows 10
Multiple users
Win32, UWP
Office 365 ProPlus
Semi-Annual Channel
FSLogix Improvements Low integrity application support
Faster load times for user profiles
Improves Outlook and OneDrive performance
Address book caching
Search index per user with Windows Server 2016 / 2012 R2
Integration with Azure Files (preview feature with AD Domain Services)
Cloud cache
FSLogix & WVD Integration Road Map
• Deploy as any other
independent product.
• Configure via FSLogix UI.
Public Preview
• Deploy as any other
independent product.
• Configure via FSLogix UI.
• We want to provide scripts
/ ARM templates.
GA
• Fully integrated with WVD
• Configurable and
Management via WVD UI
and RDS PowerShell
Post GA
Secure by DesignService:
Reverse connect isolates the customer environment
AAD integration, enables Conditional Access and MFA
All connections to the service are encrypted
Windows 10 Enterprise multi-session:
Windows Defender ATP optimized for virtualization
Network Requirements and Considerations
Requirements• Network must route to a Windows Server Active Directory (AD)
• This AD must be in sync with Azure AD so users can be associated between the two
• VMs must domain-join this AD
ConsiderationsConnectivity Type Special considerations
ExpressRoute Hybrid Dedicated network through service provider.
Site-to-Site VPN Hybrid Limited bandwidth compared to
ExpressRoute.
Azure AD Domain Services Isolated Must synchronize password hashes to Azure
AD
Deployment and Management OptionsDeployment:Through templates – Onboarding will be through Azure Marketplace or through Github using
ARM templates.
• Deploy new session host pools
• Update existing host pool
Management Using REST API’s
Capability to set and manage WVD setting directly
Can build complex workflows when partnered with WVD Rest APIs
Sample management UI (code and usable bits) will be provided PowerShell
Best option for repeatable deployment
Options to integrate with Azure Automation
Take advantage of DSC
Other options
Terraform
Working with partners and their management solutions.
Migration
• Migration will be allowed for Azure VMs that are part of other
virtualization environments (including RDS on Azure)
• Migration steps will be published as part of the WVD docs.
• Migration recommendations from AWS to WVD will also be published as
part of WVD docs.
• We will have partners (CloudJumper, Aspex) will also work with their
customers in automating migration from other clouds and technologies to
WVD.
Master Image Management
• Master image can be managed by any already existing process /
technologies. WVD does not introduce limitations.
• Azure Update Management
• SCCM
• 3rd party
• We are going to publish best practices document on how to configure a
golden image for WVD.
Patch Management
• It is recommended to designate a host pool as a pilot group that receives
the updates before all host pools are updated. This makes it possible to
test updates before mass deployment.
• Updates for VMs should also be managed by existing Update
Management solutions available for Azure. It is strongly recommended to
update all VMs within a host pool to keep a consistent user experience.
• The update can be staged in the maintenance window to always keep
systems available for user logon. After the maintenance window is
completed, all VMs within a collection must be at the same update-level.
Application Layering
For public preview and GA application layering is via 3rd party partners Liquidware
Application deployment PowerShell DSC / Extensions
Chocolatey
Full desktop vs. RemoteApp
• Based on what your users need to do.
• Full desktop
• Power Users / Developers that need to install their own apps
• Clients lack computing power / outdated
• Use RemoteApp
• Clients vary widely and application consistency is impacted
• Different version of the same app from different OS
VM management - SCCM
• SCCM can be used for applying VM-based policies and for keeping apps
and OS up-to-date
• Supported OS:
• Windows Server SKUs
• Windows 10
• Evaluating Win10EVD support for GA – this is not yet confirmed.
VM management - Intune
• Evaluating support for Win10 EVD through Intune.
• Right now there are gaps and we are pushing for this to be fixed by GA.
© Copyright Microsoft Corporation. All rights reserved.