This means it is identifying as a Windows Server operating system. It’s free for most everyone and works extremely well so use it. I really hope they will start enabling Azure AD authentication and login with SSO – that would be awesome. You will have free Extended Security Updates (ESU) until Jan 2023 and can run Windows 7 in the cloud in a secure and isolated fashion you would probably have a hard time doing on-prem without considerable security risk. This is great for just quick testing with the OS. GPU optimized VMs are supported with Windows 10 and Windows Server 2016 onward. Customize the image to your needs by installing LOB applications and sysprep the image. He is an Author, Speaker, and Local User Group Community Leader. Is the connectivity now good enough to allow this with minimal latency, would you need some special connectivity into Azure, or could you just rely on Internet VPN etc. What are your thoughts on those organisations that have client/server applications and how they can integrate WVD with their on prem backend services ? Less than 2 years later from my visit, RDmi evolved into Microsoft Windows Virtual Desktop (WVD) and became Generally Available on September 30, 2019. If you move the desktops to Azure, you still need Azure ExpressRoute or site-to-site VPN to your on-prem datacenter if the backend is there. Microsoft and every other software vendor on the planet has been in the process of delivering cloud-based PaaS (platform-as-a-service) offerings to the enterprise in a subscription form. Attempting to initiate a second Remote Desktop session will cause any users working locally on the machine or logged in through an existing RDP session to be kicked out. With WVD’s Windows 10 MS, users can have full access to those services and even Office 365 ProPlus. How many interactive sessions that can be active at the same time relies on your system's hardware resources (vCPU, memory, disk, and vGPU), how your users use their apps while signed in to a session, and how heavy your system's workload is. For more information about licenses and pricing, see Windows Virtual Desktop pricing. The last thing you want is to be told by a superior is that your org is moving its EUC control plane to the cloud and you’ve got a ‘deer in the headlights’ look. Microsoft does not support Windows 10 Enterprise multi-session on non-Azure deployments (for example, on-premises deployments). It will not help you with virtual desktop to backend server latency issues. Performance may or may not be acceptable, depends on the app and its tolerance with the backend. Also, make sure to leave the disk type as the default Premium SSD. As with anything DaaS (desktop-as-a-service), you need to develop a DevOps mentality and constantly analyze and improve the service you are offering to your users: The management plane for WVD, really the points of presence (POPs) for user ingress via the WVD Gateway/WVD Web, are not available in every region yet but they will be over time. In the past, customers delivered multi-session capabilities with Terminal Services on Windows Server. He also has an extensive background in web architecture and networking over his 20+ year career in IT. There are 3 options for Azure Stack: Azure Stack Edge, Azure Stack HCI, and Azure Stack Hub. I know all about it!”. Learn how to apply your license to a deployment at the Virtual Desktop documentation. So think of it as purpose-built for Microsoft WVD and VDI/SBC needs. If your app won't install, contact your application vendor for an updated version. This means you don’t need to publish the entire desktop of the OS to the user. No trip is complete without it. So don’t worry, your job is not going anywhere. You need to understand the pedigree of the solution to fully understand what it is and how to use it. And this is a big deal. Most customers use Windows 10 Enterprise multi-session, which allows multiple users to log on to each VM. Windows 10 Enterprise multi-session is in the Azure gallery. Perhaps some sort of trust with the identity provider (Azure AD), credential provider, and WVD agent or partner agent. 🙂. If yours hasn’t already, it will at some point soon so it’s in your best interest to begin understanding these technologies now so you are better prepared for the future, either at your current company or some company you may be working at in the future. This article answers frequently asked questions and explains best practices for Windows 10 Enterprise multi-session. Your email address will not be published. The remoting protocol used for Microsoft WVD is Remote Desktop Protocol (RDP) which we have used for RDS environments for many years. Microsoft Windows Virtual Desktop (WVD) has also introduced many game-changing technologies: Windows 10 Enterprise multi-session, FSLogix, and AppAttach. We recommend to deploy not more than 5,000 VMs per Azure subscription per region, this recommendation applies to both personal and pooled host pools based on Windows 10 Enterprise single and multi-session. I mean a general Windows-based virtual desktop experience. Fantastic article. Previously, only Windows Server could do this. Click on the Windows 10 Multi-session DG desktop that you created in Azure. Everything from computing and storage in IaaS, to PaaS services like Azure AD and Azure Files, to entire suites of products like Office and Windows 10 itself…they are all aligning to help virtual desktops. Every session was packed. It truly is one of the most powerful tools in your arsenal and you don’t have to lift a finger. Some of my fellow CTPs have excellent articles and tools that will help you with FSLogix availability, profile size, and profile compaction tools here: MSIX is a Windows app package container format that borrows from all the benefits over the years of MSI, .appx, App-V, and ClickOnce. We recommend you use FSLogix profile containers when you configure Windows 10 Enterprise in non-persistent environments or other scenarios that need a centrally stored profile. At Ignite 2018, Microsoft officially announced the Windows10 Multi-Session, the first official multi-user Windows 10 version that allowed multiple concurrent users to connect. I’d also like to see the possibility to login using B2B accounts. Just not on your hypervisor and hardware of choice. You have all 56 regions available to you for your workloads. It was basically a half-rack full of HCI that’s designed to be an extension of Azure cloud but running locally in your remote datacenter. Windows Virtual Desktop session host virtual machines (VMs) including Citrix Cloud and VMW Horizon Cloud on Azure deployments are charged at Linux compute rates for Windows 10 single, Windows 10 multi-session and Windows Server. Especially these days with Coronavirus and increased work from home policies many enterprises have adopted. My On-Premises AD where I am referring to is also running in Azure. The RDP Wrapper Library project allows you to support multiple RDP sessions on Windows 10 without replacing the termsrv.dll file. This is currently a “just in time” tool but it would be nice to see it take data points for you over a period of time and report back to you. This capability gives users a familiar Windows 10 experience while IT can benefit from the cost advantages of multi-session and use existing per-user Windows licensing instead of RDS Client Access Licenses (CALs). We recommend using the latest version for improved performance and reliability. For example, the other day one of my colleagues wanted to run a script against a baseline clean version of the OS to collect some system variable information and this how it was done quickly. You use it exactly the same way as before minus license files but plus many new validated storage options for increased scale. I just want things to work and not have to deal with versions of various components I have to keep track of and remember to update. This setting is the default because it does not require you to maintain the setting and you only have to worry about having enough VMs in your host pool. Check out this video from Randy Cook and Joydeep Mukherjee‘s MSIX app attach session at Microsoft Ignite 2019. The image can be deployed above as shown in your WVD tenant creation. When you're done customizing, upload the image to Azure with the VHD inside. He has some excellent visuals and PowerShell here showing what the manual experience should be so you can simply copy and paste them as you follow along in the video above. The guide walked you through bringing your Azure hosted Windows Virtual Desktop and on premises resources (using Workspace Configuration) together, so users access them in one place. Windows 10 Enterprise multi-session, formerly known as Windows 10 Enterprise for Virtual Desktops (EVD), is a new Remote Desktop Session Host that allows multiple concurrent interactive sessions, which previously only Windows Server could do. You should not worry about this too much. Remember, WVD is a native Azure service so it was built with AAD in mind. This is a limitation of the Windows OS, it does not understand OIDC (web authentication) natively and needs something in the middle to translate this authentication into something Windows understands and can use for SSO (certificate). Likewise, if you attempt to install the Citrix VDA and it detects it’s not in Azure, it will also throw an error message. Required fields are marked *. For a full list of applicable licenses, see Windows Virtual Desktop pricing. After that, get Windows Virtual Desktop from the Azure Marketplace and use it to deploy a new host pool with the customized image. Every fallen leaf felt like it was unique but somehow fit into a big beautiful pattern on the ground. Only Windows 10 Enterprise multi-session or the regular one-to-one Windows 10 should be used for EUC needs. You can continue to publish just Windows apps only to the user if you wish. Sounds like yet another game-changer for app delivery that will benefit all of EUC: The little known benefit of your Microsoft WVD entitlement. I maintain a cheat sheet here called “The How to Build A Windows Virtual Desktop (VDI) Experience Properly Cheat Sheet” which at the time of writing this article has 55 considerations you need to be aware of that I’ve come across in my career building these types of environments for enterprises. This feature is in Private Preview right now and of course, you must shell out the cash for the Azure Stack Hub hardware as well as the pay-as-you-use consumption. When the user starts an app, for Windows SSO to work you will need AD FS configured or they will be prompted to authenticate again. Summary. For workloads, RDmi was designed to allow you to utilize Server OS as with RDS, but also add the capability to deliver one-to-one virtual desktops with Windows 10 OS. At the time of writing there are 1809, 1903, and 1909 builds: or you can use “Microsoft Windows 10” without Office installed and optimized in the image. That esoteric blue on black “Microsoft Azure” logo on the front panel is just calling to me: WVD supports Azure Active Directory. DaaS (desktop-as-a-service) should quite literally be a service all the way through and we are seeing that type of simplicity for admins was very well thought out with WVD. So it makese sense to do Windows SSO using PaaS instead of having to rely on an on-prem or IaaS based AD FS and CA. The WVD team and Office team worked together to make this image so everything is going to work very well with this image. Microsoft Windows Virtual Desktop is an Azure-powered service that lets users access a multi-session Windows 10 experience from anywhere. Host pools are groups of Windows Desktop OS and Server OS VMs you stand up in Azure that you will use to deliver a remoting session. It’s more of the set it and forget it type load balancing for this reason. App Masking and Java Redirection are nice and have been great for me in the past when I needed those features. Jason Samuel is a Technical Solutions Management Security Architect working at Alchemy Tech Group in Houston, TX with a primary focus on enterprise mobility, security, virtualization, and cloud technologies from Citrix, Microsoft, & VMware. I am hoping in time we will see the Windows core engineering team add a credential provider for both Windows desktop and server OSes where the needs of SSO over a remoting protocol is considered. 3. For example, you can navigate to the WVD web client at https://rdweb.wvd.microsoft.com/webclient/index.html and you will immediately see your Azure AD account can be used to enumerate resources (virtual desktops and RemoteApp applications). I am sure we will continue seeing this developed throughout the year as well as the partner solution ecosystem extending the capabilities further. Since WVD is using the RDP protocol, the same human interface device peripherals and USB redirection as you have used with the Remote Desktop Connection (RDC) client applies with the WVD Desktop client: https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/remote-desktop-app-compare#redirection-support. Thus far we have seen a very heavy development in capability for WVD. The hosting of WVD services on Azure is ‘part of the price’. Sometimes a use case is to give users access to just an app within the datacenter and not expose and entire Windows shell environment to them. Manage your end-to-end Windows Virtual Desktop deployment alongside … I have done this configuration successfully. With WVD you can choose the number of VMs you want to deploy but they are going to sit there in a powered-on state costing you IaaS compute you are going to pay a lot of money for regardless if anyone is actually using them or not. This capability gives users a familiar Windows 10 experience while IT can benefit from the cost advantages of multi-session and use existing per-user Windows licensing instead of RDS Client Access Licenses (CALs). Yes, WVD supports NVIDIA GRID and AMD Radeon backed VMs as well for high-performance graphics workloads, one of the mainstays of EUC and remoting. Mark Russinovich just tweeted last week it would be at 58 regions imminently. Additionally, we are seeing a lot of features coming for the Azure ecosystem and other Microsoft products themselves that are designed to support WVD. The list is updated all the time so check https://docs.microsoft.com/en-us/azure/virtual-desktop/partners for the latest. This means it is identifying as a Windows Server operating system. Currently there is no support for Windows 10 Multi-Session, for this guide I am using the Windows 10 Enterprise 2004 image from the Image Gallery. Azure AD Conditional Access policy can also target Windows Virtual Desktop: The VMs in your host pool acting as session hosts, however, must be Active Directory joined at this time against your nearest domain controller to where the workloads reside. There is nothing you need to do to make this work. To help you understand and draw a correlation, this is very much like many of the remoting solutions we have used in the EUC world such as Citrix Gateway (NetScaler Gateway) for Citrix VAD environments and Unified Access Gateway for VMware Horizon environments. In terms of licensing, Microsoft has announced WVD access and multi-session Windows 10 will be part of Windows 10 Enterprise licenses (e.g. Windows 10 Enterprise for Remote Sessions: Another new Windows variant on the way. RDmi was to be an easy way for all the traditional RDS infrastructure roles to run in Microsoft Azure as a service without the need for Windows Servers so that customers don’t have to worry about deploying and maintaining them anymore. The only cost to you is Azure IaaS consumption of your workloads in the host pools (CPU, RAM, and storage for the VMs and user profiles). That’s exactly what Microsoft WVD, Citrix VAD, VMware Horizon, etc. Windows 10 multi-session is part of Windows Virtual Desktop (WVD), meaning that it only runs on Azure. Azure, AWS, GCP, on-prem data centers are all data centers at the end of the day and you want to keep users, their clients, and servers/databases as close as possible to said data center for the best user experience. Microsoft WVD requires you to use AD FS for SSO using the ConfigureWVDSSO PowerShell script in the PowerShell Gallery. Hints appeared last week that Microsoft may be close to offering multi-session remote desktop access to Windows 10 Enterprise as an alternative to, and complement of, Windows Server. Use this service for free to uproot these boat anchors and move them into your modern EUC environment: App Assure is part of the FastTrack Center Benefit. Ideally I would love to see Azure AD and some kind of CA-as-a-service capability in Azure to help with Windows SSO needs. Windows 10 Enterprise E3/E5 and Microsoft 365 E3/E5). There is a management tool but even in Microsoft’s documentation, they encourage you to download the code from GitHub and customize the tool ( https://docs.microsoft.com/en-us/azure/virtual-desktop/manage-resources-using-ui): With all that said, there is a more robust GUI management experience coming for administrators and was shown off by Scott Manchester at a Microsoft Mechanics Live session at Ignite 2019. For more information about licenses and prici… On-Premises Active Directory. The session should launch giving you access to the Windows Virtual Desktop. Over time, the solution is going to get easier and ultimately make your life easier as an EUC engineer. This property keeps the OS compatible with existing RDSH management tooling, RDSH multi-session-aware applications, and mostly low-level system performance optimizations for RDSH environments. If you attempt to export it out of Azure and run it on-prem it will throw an error message. The storage options for storing the FSLogix Profile Container and Office 365 container .vhd / .vhdx files for each user need to be considered from a performance and availability standpoint. To get started, you need to create a WVD tenant (also known as a WVD Workspace). But if you’re using Citrix, you can use Citrix FAS, but this is complex (many servers/services involved) and in the end you still need to create a shadow account. Would that be the short conclusion as it looks today? B2B accounts is a great ask. I want to give a rundown on what exactly Microsoft WVD is and how you can use it with your existing investments. You can see the most up to date planning poster for Microsoft WVD is really all the same concepts and architecture we saw with RDmi. These releases follow the same support lifecycle policy as Windows 10 Enterprise, which means the March release is supported for 18 months and the September release for 30 months. Watch this video and you can see it at the 14:05 mark. My standard for VDI is usually 4 vCPU and 8 GB RAM for a good experience so this Medium profile will likely be perfect for most users. I’m a big proponent of turnkey these days. I would recommend the latter with Office 365 Pro Plus installed, however, if you intend actually use it in production with users: Yes, the “winver” command will say Windows 10 1909 Enterprise for Virtual Desktops (EVD) at the moment but the proper term is Windows 10 Enterprise multi-session and will likely be changed to reflect this. You can use any supported configuration tool, but we recommend Configuration Manager version 1906 because it supports Windows 10 Enterprise multi-session. When the user then starts an app, do they need to authenticate again or are they SSO’d? Can we leverage SCCM from Onprem to deploy patches? If you try to install software on Windows 10 multi-session, it will report a ProductType value of 3 back to the software installer. For more information, see Plan your hybrid Azure Active Directory join implementation. Apply comprehensive device management on your terms that supports users on-premises, in the cloud, or both. Specifically, you will want to focus on the NV series VMs for your session hosts and what is available is dependent on the regions you are deploying the VMs in as well as what’s enabled on the subscription you have chosen during WVD host pool provisioning: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sizes-gpu. He is 1 of 42 people in the world that has been awarded as a VMware EUC Champion and VMware vExpert. As we enter 2020, many companies are looking ahead on what their EUC environment strategy is and how to use and incorporate Microsoft WVD with partner solutions. I have been learning a lot about WVD in the last few weeks but this article really put those pieces together, some great info here, thank you. In fact, because the MSIX app attach .vhd is read-only, it will utilize the FSLogix Profile Container .vhd to store application state which means app state can roam between VM sessions as well. Yeah, even generalized that’s 55 considerations. He is certified in several technologies and is 1 of 63 people globally that is a recipient of the prestigious Citrix Technology Professional (CTP) award. The results are sometimes very interesting. One of the differences is that this operating system (OS) reports the ProductType as having a value of 3, the same value as Windows Server. The future of storing your Microsoft / FSLogix Profile Container on Azure Files as platform service (lowest TCO) for Windows Virtual Desktop, FSLogix S2E1 Configuring FSLogix Profiles and Office Containers for the enterprise, https://docs.microsoft.com/en-us/fasttrack/win-10-app-assure, https://docs.microsoft.com/en-us/azure/virtual-desktop/set-up-scaling-script, https://docs.microsoft.com/en-us/azure/active-directory/devices/howto-device-identity-virtual-desktop-infrastructure, Microsoft Authenticator passwordless phone sign-in, https://docs.microsoft.com/en-us/azure/virtual-desktop/partners, Web – for virtual desktop and RemoteApp virtual app enumeration, SQL – using Azure SQL instead of on-prem SQL Server to store the database, Microsoft Windows 7, Windows 10, and Windows 10 IoT – use the, Any device with a modern web browser – use the HTML5 based, Remote Desktop Services (RDS) Client Access License (CAL), Remote Desktop Services (RDS) Subscriber Access License (SAL), FSLogix Profile Container – gives you roaming profiles and folder redirection capability via a filter driver that mounts the disk during session launch.