VDI without the hassle based on Microsoft Azure RemoteApp
In December last year, the Microsoft Azure RemoteApp service moved from state preview to commercial availability. In fact, RemoteApp allows any organization to very quickly deploy the infrastructure of terminal servers and publish corporate applications on it for remote access via RDP. Only this infrastructure is not built on the local servers and storage organization, but based on virtual machines (VM) and cloud storage Microsoft Azure. In this article, I will explain how to implement the simplest scenario of using RemoteApp. More detailed information can be found in the “ Using Applications Anytime, Anywhere with Azure RemoteApp ” course on the MVA portal.
Let's imagine that an organization’s mobile employees need access to a specific set of business applications. Ideally, from any place where they are, and from any device, no matter what operating system is used on it. Perhaps we will get the maximum solution close to the ideal by deploying the terminal server, installing the necessary applications on it and publishing them using the tools of the Remote Desktop Services. The RDP client is now available for all major platforms: Android, iOS, Windows, Windows Phone, so you can practically talk about "any device." Well, for "any place" we will make a reservation - any where there is an Internet connection. This solution is familiar and understandable to IT professionals, provides the necessary level of security, since servers and applications are monitored and updated centrally, finally, it is quite universal.
But everything has a downside. Obvious disadvantages of the proposed approach can be cost and scalability. Depending on the complexity and resource intensity of the published applications and the number of users who connect to them, you may need not one server, but several, but with a good storage system, and the price of the question may put an end to the whole beautiful idea. But even if we have / acquired the necessary capacity, will we be able to serve more users / applications if necessary? How quickly can the solution capacity be increased and, again, at what price?
')
Now let's imagine that the solution described is implemented not in the organization’s local IT infrastructure, but in the cloud; scales on demand, and very quickly; provides SLA; paid by consumption. Exactly this is the Microsoft Azure RemoteApp service (service). From a technical point of view, one or more VMs with Windows Server 2012 R2 and the role of RDS rise in Microsoft Azure. The image, on the basis of which VMs are created, you prepare in your local network. In this image, you add the applications you need and upload the image to Microsoft Azure. You can create as many images as you need. In the Microsoft Azure Management Portal, you’ll have to specify which applications to make available (publish) and for whom (give access to users to the organization). And if Microsoft Office components act as published business applications, then you don’t need to prepare an image, Microsoft Azure will do everything for you. Sounds good? Let's see how it works.
There are two options for deploying Microsoft Azure RemoteApp: cloud and hybrid.
In the case of cloud deployment, the VMs that are raised in Microsoft Azure are in no way connected to your local infrastructure. Well, almost nothing. That is, it is assumed that business applications inside the VM for their work do not require a local Active Directory, or some other components of the local network.
The question arises, which users will be able to connect to applications published in this way? As you can see from the figure, you can use Microsoft account for authentication, or local Active Directory entries. In the latter case, there is still some connection with the local infrastructure, and it assumes synchronization of the AD directory of the organization with Microsoft Azure. How this synchronization is configured I describe in detail in the second module of the course “ Corporate devices. How to manage hybrid credentials . ”
When using the cloud deployment option, you can upload your VM image with installed applications to Azure, or select a prebuilt image. At the time of writing the article in Microsoft Azure RemoteApp two ready-made images are available: from Windows Server 2012 R2 and from Windows Server 2012 R2 and with the pre-installed Office 365 applications (you should have an Office 365 subscription). You update your image on your own; for the finished image, automatic updating is supported (service packs, fixes, etc.).
In a hybrid deployment option, VMs that are being provisioned in Microsoft Azure bind to your local network via a VPN tunnel and, moreover, are included in your local AD domain. Authentication when connecting to published applications in this case should be based on domain accounts, and therefore setting up AD directory synchronization with Microsoft Azure is already a requirement.
In a hybrid model, you need to upload your prepared image to the cloud with the right set of applications. But since a tunnel with a local network is supported, it can really be any business application of the organization, including those dependent on other services and applications of the domain network. In a hybrid deployment, RemoteApp VMs look just like another IP segment of your infrastructure.
Now let's assume that we need remote access to the office suite, and step by step we will perform the cloud-based deployment of Microsoft Azure RemoteApp. This is the easiest and most visual way to get acquainted with the new Microsoft cloud service.
Cloud deployment consists of 4 steps:
Go to the Microsoft Azure Management Portal , select the REMOTEAPP section, click NEW in the lower left corner.
For cloud deployment, select QUICK CREATE ( CREATE WITH VPN , respectively, for the hybrid model). You must specify the name of the collection to be created, select the region, plan and image. In this case, a ready image is selected with Office 365 pre-installed.
The plan is available in two types, basic and standard. The base involves launching relatively lightweight applications, such as web applications, interface data entry applications, etc. The standard plan is better suited for heavier applications, such as Microsoft Office. Plans differ in price and maximum number of connected users, 400 users for a basic plan, 250 for a standard one.
Creating a collection takes about half an hour. As soon as you see the value “Active” in the STATUS column, you can start using the collection.
Recall that for the cloud deployment option, you can use authentication based on Microsoft Account, or domain accounts. In the latter case, you need to configure local AD synchronization and Azure Active Directory. I will not dwell on this process in detail, the details can be found here or in the above-mentioned course on managing hybrid credentials.
We click on the created collection and on the Quick Start page we see the next steps that need to be taken.
The figure shows that both the publication and the access configuration have already been completed. This is due to the fact that during the deployment of the collection, we chose a ready-made image. As a result, the Microsoft Azure Wizard raised VMs, published office applications, and granted them access to the account on whose behalf the deployment was performed.
However, you can always go to the PUBLISHING section and view / change the list of published applications.
Similarly, in the USER ACCESS section, you can edit the list of users who have access to applications. In my example, I added one user from the synchronized AD directory.
But in general, that's all! It remains to verify that the application is really available and working correctly. To do this, the client for the corresponding platform is downloaded via the link to the desired device ...
... and it starts.
Clicking Get Started , enter the necessary credentials in the authentication window and see the list of available applications.
By running any of them, for example Excel, we see the connection via RDP, and then the application window, which is almost nothing (well, except for the icon) does not differ from the applications on the device itself, although it is running in the RDP session from the Microsoft Azure cloud.
SLA for RemoteApp is provided at 99.9%.
We considered the easiest way to use Microsoft Azure RemoteApp. The steps for setting up a hybrid scenario, using other platforms for launching clients and other details can be found in the “ Using Applications Anytime Anywhere Anywhere with Azure RemoteApp ” course in the MVA portal. In addition, at the bottom of the pricing page , you will find the RemoteApp FAQ.
The technology is pretty easy to set up and use. Try, experiment, write your reviews.
I hope the material will be useful.
main idea
Let's imagine that an organization’s mobile employees need access to a specific set of business applications. Ideally, from any place where they are, and from any device, no matter what operating system is used on it. Perhaps we will get the maximum solution close to the ideal by deploying the terminal server, installing the necessary applications on it and publishing them using the tools of the Remote Desktop Services. The RDP client is now available for all major platforms: Android, iOS, Windows, Windows Phone, so you can practically talk about "any device." Well, for "any place" we will make a reservation - any where there is an Internet connection. This solution is familiar and understandable to IT professionals, provides the necessary level of security, since servers and applications are monitored and updated centrally, finally, it is quite universal.
But everything has a downside. Obvious disadvantages of the proposed approach can be cost and scalability. Depending on the complexity and resource intensity of the published applications and the number of users who connect to them, you may need not one server, but several, but with a good storage system, and the price of the question may put an end to the whole beautiful idea. But even if we have / acquired the necessary capacity, will we be able to serve more users / applications if necessary? How quickly can the solution capacity be increased and, again, at what price?
')
Now let's imagine that the solution described is implemented not in the organization’s local IT infrastructure, but in the cloud; scales on demand, and very quickly; provides SLA; paid by consumption. Exactly this is the Microsoft Azure RemoteApp service (service). From a technical point of view, one or more VMs with Windows Server 2012 R2 and the role of RDS rise in Microsoft Azure. The image, on the basis of which VMs are created, you prepare in your local network. In this image, you add the applications you need and upload the image to Microsoft Azure. You can create as many images as you need. In the Microsoft Azure Management Portal, you’ll have to specify which applications to make available (publish) and for whom (give access to users to the organization). And if Microsoft Office components act as published business applications, then you don’t need to prepare an image, Microsoft Azure will do everything for you. Sounds good? Let's see how it works.
Deployment options
There are two options for deploying Microsoft Azure RemoteApp: cloud and hybrid.
In the case of cloud deployment, the VMs that are raised in Microsoft Azure are in no way connected to your local infrastructure. Well, almost nothing. That is, it is assumed that business applications inside the VM for their work do not require a local Active Directory, or some other components of the local network.
The question arises, which users will be able to connect to applications published in this way? As you can see from the figure, you can use Microsoft account for authentication, or local Active Directory entries. In the latter case, there is still some connection with the local infrastructure, and it assumes synchronization of the AD directory of the organization with Microsoft Azure. How this synchronization is configured I describe in detail in the second module of the course “ Corporate devices. How to manage hybrid credentials . ”
When using the cloud deployment option, you can upload your VM image with installed applications to Azure, or select a prebuilt image. At the time of writing the article in Microsoft Azure RemoteApp two ready-made images are available: from Windows Server 2012 R2 and from Windows Server 2012 R2 and with the pre-installed Office 365 applications (you should have an Office 365 subscription). You update your image on your own; for the finished image, automatic updating is supported (service packs, fixes, etc.).
In a hybrid deployment option, VMs that are being provisioned in Microsoft Azure bind to your local network via a VPN tunnel and, moreover, are included in your local AD domain. Authentication when connecting to published applications in this case should be based on domain accounts, and therefore setting up AD directory synchronization with Microsoft Azure is already a requirement.
In a hybrid model, you need to upload your prepared image to the cloud with the right set of applications. But since a tunnel with a local network is supported, it can really be any business application of the organization, including those dependent on other services and applications of the domain network. In a hybrid deployment, RemoteApp VMs look just like another IP segment of your infrastructure.
Cloud deployment of Office 365 applications
Now let's assume that we need remote access to the office suite, and step by step we will perform the cloud-based deployment of Microsoft Azure RemoteApp. This is the easiest and most visual way to get acquainted with the new Microsoft cloud service.
Cloud deployment consists of 4 steps:
- Creating a RemoteApp collection
- Configure Active Directory synchronization (optional)
- Application Publishing
- User Access Configuration
Creating a RemoteApp collection
Go to the Microsoft Azure Management Portal , select the REMOTEAPP section, click NEW in the lower left corner.
For cloud deployment, select QUICK CREATE ( CREATE WITH VPN , respectively, for the hybrid model). You must specify the name of the collection to be created, select the region, plan and image. In this case, a ready image is selected with Office 365 pre-installed.
The plan is available in two types, basic and standard. The base involves launching relatively lightweight applications, such as web applications, interface data entry applications, etc. The standard plan is better suited for heavier applications, such as Microsoft Office. Plans differ in price and maximum number of connected users, 400 users for a basic plan, 250 for a standard one.
Creating a collection takes about half an hour. As soon as you see the value “Active” in the STATUS column, you can start using the collection.
Configure Active Directory synchronization (optional)
Recall that for the cloud deployment option, you can use authentication based on Microsoft Account, or domain accounts. In the latter case, you need to configure local AD synchronization and Azure Active Directory. I will not dwell on this process in detail, the details can be found here or in the above-mentioned course on managing hybrid credentials.
Application Publishing
We click on the created collection and on the Quick Start page we see the next steps that need to be taken.
The figure shows that both the publication and the access configuration have already been completed. This is due to the fact that during the deployment of the collection, we chose a ready-made image. As a result, the Microsoft Azure Wizard raised VMs, published office applications, and granted them access to the account on whose behalf the deployment was performed.
However, you can always go to the PUBLISHING section and view / change the list of published applications.
User Access Configuration
Similarly, in the USER ACCESS section, you can edit the list of users who have access to applications. In my example, I added one user from the synchronized AD directory.
But in general, that's all! It remains to verify that the application is really available and working correctly. To do this, the client for the corresponding platform is downloaded via the link to the desired device ...
... and it starts.
Clicking Get Started , enter the necessary credentials in the authentication window and see the list of available applications.
By running any of them, for example Excel, we see the connection via RDP, and then the application window, which is almost nothing (well, except for the icon) does not differ from the applications on the device itself, although it is running in the RDP session from the Microsoft Azure cloud.
SLA for RemoteApp is provided at 99.9%.
We considered the easiest way to use Microsoft Azure RemoteApp. The steps for setting up a hybrid scenario, using other platforms for launching clients and other details can be found in the “ Using Applications Anytime Anywhere Anywhere with Azure RemoteApp ” course in the MVA portal. In addition, at the bottom of the pricing page , you will find the RemoteApp FAQ.
The technology is pretty easy to set up and use. Try, experiment, write your reviews.
I hope the material will be useful.
Source: https://habr.com/ru/post/252731/
All Articles