- Scott Manchester, Principal Group Program Manager
- Joydeep Mukherjee, Senior Product Marketing Manager
- David Belanger, Senior Program Manager
- Guest speaker: Sridhar Mullapudi, VP of Product Management, Citrix
Joydeep starts off.
At the last Ignite, Microsoft committed to making RDS the virtual workspace platform of choice. In WS2016, they added performance, scale, and optimization for the cloud. They considered all of this to be “platform capabilities”.
Future Innovations Overview
- Increasing security, by leveraging things like signals from the security graph, MFA.
- More cloud ready, a second level of cloud enablement on Azure.
- Windows Apps everywhere
Scott takes over.
Secure authentication powered by Intelligent Security Graph:
- Azure AD integration
- Single sign on, MFA
- Conditional access
Secure environment powered by modern infrastructure:
- Each tenant in its own sandboxed environment
- Isolation of infra roles from desktop and app hosts
- No inbound IP ports – more on this later in the session.
They’ve been adding AAD integration into the RDS clients. An “enlightened app” is shown, and he’s subscribes to a feed. He signs in, and the normal AAD MFA process kicks in. The RemoteApp client loads and shows the published apps (and published desktop) from the feed.
This will go live next year, and maybe this AAD functionality will be in all clients by then.
Normally, gateway, web access are domain joined and public facing. In the same network as connection broker, license server, RDVH and session hosts.
Going forward with Modern Infrastructure, the RDVH goes away, merged into the broker. A new diagnostics role is added. So, gateway, web access, diagnostics, connection broker and license server are non-domain machines. In an isolated VNet, the domain joined appllication and desktop hosts are joined to Azure AD.
Multi-tenancy is native to this design. The non-domain stuff has no domain join so it’s multi-tenant. The session/app hosts are domain joined so they are per-tenant.
IP-wise, 443 is required to the gateway, but the hosts are not public facing.
More Cloud Ready
Deploy gateway, connection broker, web server, licensing server as Azure App Services roles – PaaS reduces costs and maintenance. The legacy method will still be supported for on-prem deployments. App and desktop hosts are VMs which integrate with this PaaS deployment via a package. FYI, you can deploy the PaaS stuff in Azure, and do your VM hosts in Azure or on-prem (hybrid RDS deployment).
He opens the Azure Portal. There are no VMs in the Azure deployment. The infrastructure roles run in App Services. Key Vault is being used to store certificates. The broker DB is using Azure SQL. PaaS is possible because every role is stateless, other than the DB. Scaling out is easy: it’s web apps! You just use the scale out feature of web apps to add instances to the app service plan. You can also using auto-scaling to do it based on demand (rules monitoring CPU usage for scale out and scale in). If you don’t know this stuff, it’s very easy to set up scaling.
A company called PeopleTech (sounded like that) has built a UI for managing RDS Modern Infrastructure (RDMI). Apparently it’s similar to what RDS in Project Honolulu will look like.
Sridhar from Citrix
Honestly, this isn’t a big deal for me because none of my customers use Citrix, and Citrix’s “Azure” products only work in Enterprise Agreements. This is a marketing pitch so there’s no notes here other than support for Windows 10 S.
Back to MS with David.
An MS-owned RDS client for Mac is in public preview. It looks nice. Admins can group desktops logically for easy click-and-login. There’s thumbnails for identifying the desktops. There are options to disable thumbnails (privacy) and for list view (scale). It will support AAD with RDMI. Applications can be in folders. The Mac OS has some limitations – running published apps don’t get their own native icons in the task bar like they do on Windows, but MS will work around that, including app switching.
Next up is the Windows App for the RDP client. A lot of future improvement here are focused on admin usage (needed if it’s ever going to replace MSTSC.EXE). Indicator to see which desktops are connected. Multiple simultaneous connections is supported. You can easily switch desktops and go “home”. A coming feature in the app is to put the desktops into different windows. There will be an option in settings to open each connection as a new window. RDP files can be associated with the App and open the desktop in a new window. For high DPI devices, you will be able to control the resolution and/or scaling of the display. You’ll also be able to choose to stretch the content but keep the aspect ratio, or stretch the content only. When you create groups, you can move connections between the groups.
Right now, almost all of this is available now, except multi-window support.
Next up is the new HTML5 web client. This will support RDMI and classic WS2016 deployments. In the demo, you can see the UI is refreshed and modern. It kind of runs similarly to the Windows Store remote desktop app. When connected, the session is in the browser. When you go full screen, an RDP bar is pinned at the top by default, but you can un-pin it to give more space to the app/desktop.