Spark the future.

Daniel Mar, Principal Consultant

Microsoft Azure RemoteApp Deployment, Management and Administration

ARC442

A bit about myself…

Passionate All Blacks supporterRugby World Cup Champions!

MelbourneWorld’s Most Liveable City

15 years in high tech Singapore

• Microsoft MVP – System Center Cloud & Datacenter Management

• Citrix MVP for Desktop• Viridian and Carmine Tester• All things Azure infrastructure –

Backup, StorSimple, Site Recovery

aka Hyper-V and VMM

Topics covered todayDeployment ArchitecturesCloud Only with Azure AD Domain Services

Best Practices, Administration and TroubleshootingGPOsPrintingProfiles

Comparing to Citrix XenAppWhat scenarios work best?Citrix XenApp on Azure

Deployment Architectures

Desktop Virtualization solution progression

On-premises In cloud

Remote Desktop Session Host deployed on cloud infrastructure services

Customizable with minimum capital expenditure

RDS on IaaS

Session-based desktops

and RemoteApp

Cost-effective, easy to manage

Session-based computing

Access to pooled or personal Virtual Desktops running Windows Client OS

High performance, app compatibility

Virtual Desktop Infrastructure

User

Windows Server session-based applications delivered from the Azure Cloud

Turnkey solution, scale without large CAPEX

Azure RemoteApp

Two deployment options

RemoteApp cloud deployment

• Image available with Microsoft Office Professional Plus

2013 preinstalled

• Rapid provisioning: apps quickly available

• Automatic maintenance of platform image: OS and

apps

always up-to-date, Microsoft antimalware

• User logon with Microsoft account or corporate

credentials federated with Azure Active Directory

RemoteApp hybrid deployment

• Fully customizable apps, OS, and settings

• IT can manage template images and apply

updates via Azure Portal

• Full access to on-premises network

• User logon with corporate credentials federated

with Azure Active Directory

Requires a VNET to be configured and can be integrated with Azure AD Domain Services (AADDS)

non domain join domain join

Cloud Only Deployment with Azure AD Domain Services

RemoteApp Service

Session Host

Session Host

File Server

Session Host

Elastic Runtime

Persistent user data(50GB per user)

RDP

Authentication

Custom template imageMaintained via Azure Portal

Corporate Apps

Published Apps

LOBFiles

Domain Joined

Azure Active Directory

GPOs applied

Domain Joined

Cloud Only with Azure AD Domain Services

Demo

Custom Template image creation tips1. Template Image MUST use Windows Server 2012 R2 OS2. Use the Gallery Image on Azure as the starting point3. Install your Apps and test multiple user access4. Run the Powershell script – ValidateRemoteAppImage.ps1Other TipsRD Connection Broker must not be installedEncrypting File System (EFS) must be disabledImage must be SYSPREPed using the parameters /oobe/generalize /shutdown – run PowerShell Script.Uploading VHD from a snapshot chain is not supportedEnsure start menu shortcuts exist for ease of publishing later - %systemdrive%\ProgramData\Microsoft\Windows\Start Menu\Programs.Add a local administrator to custom image local administrators group to allow permission elevation for investigationsScheduled tasks do persist after sysprepDisable automatic software updates for published applicationsInstall the RDSH role and Desktop Experience feature before installing applications to ensure that any issues with application compatibility are discovered before the image is uploaded to RemoteAppCreate and test to validate before import/upload

http://azure.microsoft.com/en-us/documentation/articles/remoteapp-create-custom-image

Best Practices, Administration & Troubleshooting

Select Image

Publish Apps

Assign Users

Update &

upload image

UtilizeEvaluateConsume

Selecting an imageUsing custom appsWhich apps work on ARABest practices applicationCustom image creation steps

Publish via Start menu & path

Supported ClientsData storage & file sharingSession statesClient best practicesRedirectionUser Profile Disk (UPD)

Image creations solutionsUpdating your image flow

RECAP

Authentication methods

Hybrid deep dive

Cycle of management for Azure RemoteAppRefer Eric Orman sessions1. Fundamentals of Azure RemoteApp management and configuration [WIN322]

Wed 18 Nov, 9:45am

2. Advanced Azure RemoteApp deployment and configuration [WIN336]

Thu 19 Nov, 5:00pm

Azure RemoteApp Hybrid Deployment

RemoteApp Service

Session Host …

Session Host

Session Host

Elastic Runtime

Persistent user data(50GB per user)

Azure Active Directory

RDP

Authentication

Custom template imageMaintained via Azure Portal

Corporate Apps

Published Apps On-premises Network

Windows Server Active Directory

LOBFiles

Azure VPN

Domain Joined

Subject to IT policy via GP, System Center, or other enterprise management tools

Azure AD

Connect

Administration Best Practices

Apply GPOs to lockdown the RDSH and users – GPO filtering groupsSeparate GPOs for Computer and User only configurationsUse GPO Filtering AD Groups for Apply and Deny GPOsOU structure for GPO applicationSample GPO SettingsHide server drivesLoopback processing – Replace modeDisable access to Command prompt and Registry

Sample GPO configuration download - http://1drv.ms/1GMpaLa

Consider Home folders for storing data/Skype for BusinessOnly one Directory can be associated per subscriptionHybrid collections require AD connected accounts – Azure AD ConnectUSB and Drive redirection are disabled by default

User Group Policy

Computer Group Policy RD Session Host

RDS Admin

RDS User

RDS_User_GPO_Deny

RDS_User_GPO_Apply

RDS_Server_GPO_Apply

XRDS Administrators

RDS Users

RDSH Server Group

Locking down RD Session Hosts and Users with GPOs

Demo

Common Problems with RDS environments

Ask the question – What is the most common compliant you hear from users as an administrator in Remote Desktop environments?

1. Printing2. User Profiles3. Connections – User reports it’s

slow

- Graphics, images are not displayed correctly- Video playback is slow and choppy- Users lose track of where they saved their file

- Don’t have access to all the apps I need

Other Problems- Access to Documents/Drives- USB Redirection of devices- Applications don’t work as expected

Printing in Azure RemoteApp

Firstly do you need to print?

Questions to ask:Where is the printer located? How is the printer attached? Direct attached USB / NetworkWhere is the printer driver installed?Printing to local mapped client printers – redirection is enabled by defaultTry the Universal Remote Desktop Easy Print

Consider 3rd Party Print solutionsThinPrint /Tricerat ScrewDrivers/UniPrint/TSPrint

InternetAzure

RemoteApp Session Hosts

Client UserPC

Native printer drivers stored here

User prints documents in

Azure RemoteApp

session

HP LaserJet(redirected)

RDP Tunnel

HP OfficeJet(redirected)

Microsoft XPS Document Writer

(redirected)

HP LaserJet

HP OfficeJet

Microsoft XPS Document Writer

USB

Remote Desktop Easy Print Driver

Azure RemoteApp Redirected Printers

Enabled by DefaultControl policy with PowerShell or GPOs

BandwidthControl

Internet

.print Terminal Server

Azure RemoteApp

Session Hosts .print Client

Client UserPC

Native printer drivers stored here

User prints documents in

Azure RemoteApp

session

HP LaserJet

RDP Tunnel

HP OfficeJet

HP LaserJet

HP OfficeJetUSB

ThinPrint Output Gateway Print Driver

Microsoft XPS Document Writer

Optimised Printing over RDP- ThinPrint

Control specifically what printers are mapped

Optimised Printing over TCP - ThinPrint

Print outside of the RDP protocol tunnel

Deploy Print servers to optimise and centralise print jobs

WAN

BandwidthControl

\\ThinPrint Server\Fujitsu Xerox C1110

Internet

.print Engine

.print Terminal Server Extension

Fujitsu XeroxC1110 ThinPrint

Server

Azure RemoteApp

Session Hosts .print Client

Client UserPC

Native printer drivers stored here

User prints documents in

Azure RemoteApp

session

HP LaserJet

RDP Tunnel

HP OfficeJet

HP LaserJet

HP OfficeJetUSB

ThinPrint Output Gateway Print Driver

ThinPrint Output Gateway Print Driver

TCP 445

Local Print Server

TCP – Port 4000

.print Client

Fujitsu XeroxC1110

RAW TCP 9100

BandwidthControl

Microsoft XPS Document Writer

Printing in Azure Remote App

Demo

Managing Profiles with User Profile Disks

User Profiles are now stored in UPDWhat is stored here?AppData, ContactsDocumentsDesktopFavoritesMusic, Pictures, Videos

50GB Maximum size in Azure RemoteAppKeep UPD disks small by using Folder Redirection GPO settings Disable UPD http://blogs.msdn.com/b/rds/archive/2015/11/11/disable-user-profile-disks-upds-in-azure-remoteapp.aspx

Alternative - Manage Profiles using Roaming Profiles, 3rd Party solutions

Azure Remote App Packages and Limits

Tier Basic Standard Premium Premium Plus

Collections per user

1

Users – basic Tier 400 (default) 800 (maximum)

250 (default) 500 (maximum)

100 (default) 200 (maximum)

50 (default) 100 (maximum)

Compute Instance

A3 A3 A3 A3

Number of users per A3

16 10 4 2

Minimum purchase quantity

20 20 5 5

Storage (user) – User Profile Disk

50GB 50GB 50GB 50GB

But what about Citrix XenApp?

Citrix Product comparison

On-premises In cloud

Remote Desktop Session Host deployed on cloud infrastructure services

RDS on IaaS

Session-based desktops and RemoteApp

Session-based computing

Access to pooled or personal Virtual Desktops running Windows Client OS

Virtual Desktop Infrastructure

User

Windows Server session-based applications delivered from the Azure Cloud

Azure RemoteApp

Citrix Workspace Suite

SSL VPN Gateway Load

Balancing

Branch & Cloud WAN Optimization

Device Manager

Windows Desktops

SharePoint & File SharesStorageZones

Windows Apps

Mobile Apps

SasS & Web Apps

On-premises

Delivery Controllers Apps & Data

DMZService

Management

Limitations of Azure RemoteApp

Single user to single collection Windows 2012 R2 OS only No Granular assignment of users to published applications (roadmap)

vGPU support/3D applications (roadmap)

Monitoring tools/Troubleshooting connectionsPublishing the full desktopLinux Support

It’s all in the protocol

Citrix ICA protocol has been around for many yearsRecent edition includes Framehawk – addressing performance over WANHDX Experience

Other key Citrix featuresPrelaunch and Linger Flash Optimisation AppDNA for application migrationMonitoring with EdgeSight in Director Generic USB

LyncIC

A co

nnectio

n(H

DX

Bro

adca

st)

Framehawk

DCR

Thinwire

Keyboard & Mouse

Clipboard

Printing

Audio

Mobile sensorsSmartcard

Flash

Drives

Multimedia

Screen Graphics

A case for Azure RemoteApp

Cloud Only environments/Green fieldSmaller, less complex environmentsIntegration with Office 365Integration with Azure hosted IAAS appsIntegration with Azure Active DirectoryApplications only run on Windows 2012 R2Number of users < 800 per collection – up to 50 collectionsSmall printing requirementsInfrequent access – Microsoft pricing is geared to this

Azure RemoteApp

A case for Citrix XenAppLarge complex and enterprise environmentsMultiple site, domains and forestsScale from hundreds to thousands of usersConnection brokering – Advanced load management

Integrated Monitoring with EdgeSightNetscaler support - GSLBHigh end 3D graphics applications Linux OS and App supportMultiple OS support – Windows 2012 R2, Windows 2012, Windows 2008 R2

Image management and updates – PVS, MCS Citrix Receiver

Client Support

Client Support MatrixPlatform Azure RemoteApp Citrix Receiver

Windows clients (x86/x64)

Yes Yes

Windows 8.1 RT Yes Yes

Windows Phone 8.1/10 Yes Yes

Android Yes Yes

iPad and iPhone Yes Yes

Mac Yes Yes

Linux Coming (HTML web client) Yes

Blackberry Yes

Chrome OS Coming (HTML web client)

Yes

HTML 5 Browser Coming Yes

https://www.remoteapp.windowsazure.com/ClientDownload/AllClients.aspx

Azure RemoteApp Thin Client SupportWindows Embedded Standard 7

Windows Embedded 8 Standard

Windows Embedded 8.1 Industry Pro

Windows 10 IoT Enterprise

Deployment scenario for XenApp in AzureWhat would an enterprise deployment of XenApp in Azure look like?

Azure ComponentsTraffic ManagerNetscaler from Azure MarketplaceMultiple Storage AccountsVirtual NetworksSQL Always on clusters

Reference:XA XD Azure Calculatorhttp://www.citrixandmicrosoft.com/Solutions/AzureCloud.aspx

Virtu

al N

etw

ork

Single Subnet

Delivery Controller

License Server

AD Controller

Delivery Controller

SQL Server

SQL ServerXA Session Hosts

Infrastructure Storage AccountXA Storage

Account

443

443

443

CitrixSouthEast.CloudApp.net

Virtu

al N

etw

ork

Single Subnet

Delivery Controller

License Server

AD Controller

Delivery Controller

SQL Server

SQL ServerXA Session Hosts

Infrastructure Storage AccountXA Storage

Account

443

443

443

Citrix East.CloudApp.net

Citrix.trafficmanager.net CNAME: citrixonazure.com

StoreFront

Netscaler

StoreFront

StoreFront

StoreFront

Netscaler

Citrix XenApp on Azure

Demo

Migration Scenarios to Azure RemoteApp

Currently deployed… Considerations for Azure RemoteApp

Notes

Single Remote Desktop Server deployment (All in one CB/WA/RDSH)

Apps supported on Windows 2012 R2 OS Migration should be simple

Remote Desktop Server Farm multiple RDSH, single location or in Azure IaaS – UPD disks

Host one collection in single Azure RegionLockdown with GPOs

UPD disks max 50GB

Remote Desktop Server Farm multiple RDSH, geographically dispersed – No UPD disks

One or multiple collectionsSingle or multiple Azure RegionsCall support to disable UPD

Single user to one collection only3rd party Profile solution or roaming profiles

Citrix XenApp 4.5 to XenApp 6.5 Farm – Single location (IMA architecture)

Apps supported on Windows 2012 R2 OSNumber of usersSingle collection – Single Azure Region

Granular assignment of users to published applications

Citrix XenDesktop 7.0Citrix XenApp 7.5/7.6 Farm – geographically dispersed – Netscaler GSLB (FMA architecture)

Number of usersSingle or multiple Azure Regions

Citrix XenApp on Azure Netscaler BYOD licenseConnection brokering across sitesHosting across 2 Azure regions

Summary and Recap

Summary

Deployment Architecture- Cloud only – non domain join - Hybrid with Custom Image – domain joinLockdown and Control your environment- GPOs- Printing- ProfilesConsider Citrix XenApp- Citrix on Azure as an option

Call to action - Try Azure RemoteApp

As an Admin?As an end user? Or

• Full management experience on Azure• 30 day trial before you buy• Setup Hybrid (domain join) collection withlockdown GPOs http://1drv.ms/1GMpaLa

1. Download client 2. Sign in using Microsoft Account3. Launch app

Thank YouRelated sessions and takeawaysWed 18 Nov, 9:45am - [WIN322] - Fundamentals of Azure RemoteApp management and configuration Thu 19 Nov, 5:00pm - [WIN336] - Advanced Azure RemoteApp deployment and configuration

Link to downloads Scripts, GPO samples - http://1drv.ms/1GMpaLa

Daniel Mardaniel.mar@infrontconsulting.com

Complete your session evaluation on My Ignite for your chance to win one of many daily prizes.

Continue your Ignite learning pathAzure RemoteApp Blog - http://blogs.msdn.com/b/rds/Azure RemoteApp Powershell - https://azure.microsoft.com/en-us/documentation/articles/remoteapp-tutorial-arawithpowershell/ Azure Active Directory Domain Services - https://azure.microsoft.com/en-us/documentation/services/active-directory-ds/ Citrix on Azure - http://www.citrixandmicrosoft.com/Solutions/AzureCloud.aspx Visit Microsoft Virtual Academy for free online training visit https://www.microsoftvirtualacademy.comVisit Channel 9 to access a wide range of Microsoft training and event recordings https://channel9.msdn.com/Head to the TechNet Eval Centre to download trials of the latest Microsoft products http://Microsoft.com/en-us/evalcenter/

© 2015 Microsoft Corporation. All rights reserved.Microsoft, Windows and other product names are or may be registered

trademarks and/or trademarks in the U.S. and/or other countries.MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY,

AS TO THE INFORMATION IN THIS PRESENTATION.