SSAS Azure RemoteApp

SaaS Azure RemoteAppRiwut LibinukoMicrosoft MVP

Microsoft Azure

Connect with Me

http://blog.libinuko.com

@cakriwut

http://www.youtube.com/user/cakriwut/

Riwut LibinukoMicrosoft SharePoint Server MVP, currently living inSingapore. Master degree in Computer SystemEngineering, with more than 10 years in IT industry.

I love coding, robotics, financial engineering and foods. Iuse Lego Mingstorm, Arduino, Raspberry Pi for my projects. My latest project is to create PBX usingRaspberry Pi and Sipura 3102.

Active contributors to MSDN Forum, Code Sample Gallery, Curah, Nuget, Codeplex and many more.

Agenda

Application Virtualization and Azure

RemoteApp Step-by-Step

Publish Applications

Manage Users

Create Custom Image

What is Application Virtualization?

“Application virtualization is software technology that encapsulates application software from

the underlying operating system on which it is executed.“ - Wikipedia

Native Application

Deployment

Operating System

Applications

I/O

Libraries

Drivers

Emulated environment

Applications

Emulated

Operating System

Libraries

Drivers

Emulated I/O

Virtualized Application Deployment

Application Virtualization strategy on the Microsoft Azure Platform

Desktop as a Service

DaaS

Software as a Service

SaaS

RDS

Remote DesktopRemote App

6

RDP

(Remote Desktop Protocol)

Server Remote Desktop Host

Remote Desktop Client

Application

Remote Desktop & Remote App

Visual

Studio

Skype

Visual

Studio

Skype

In Remote Desktop, client will access the desktop remotely as if he/she is

working directly in the remote computer.

In Remote App, client will access the application remotely as if the

application is installed locally.

Rational Behind RemoteApp• Deploying software onto each and every widely distributed client

becomes more and more complex. RemoteApp allows to distribute

or locate software in centralized location.

• People uses different client form factor running Windows, iOS,

Android, Mac OS or embedded devices. RemoteApp can streamline

software distribution at ease.

• Collaboration between team in different region face challenge of

network bandwidth and latency. RemoteApp in central location in

Azure datacenter can reduce latency.

• Company needs CAPEX to build datacenter and OPEX to manage it.

RemoteApp in Azure removes CAPEX leaving only OPEX, making

room for more business focused investment.

What is Azure Remote App?

“Azure RemoteApp brings the functionality of the on-premises Microsoft RemoteApp program

backed by Remote Desktop Services to Azure. Azure RemoteApp helps you provide secure,

remote access to applications from many different user devices “ - Microsoft Azure

Azure cloudMicrosoft RemoteApp Azure RemoteApp

Microsoft RemoteApp is part of Microsoft Virtual Desktop Infrastructure.

It uses RDP – Remote Desktop Protocol that is resilient to network latency and loss.

9

Technology

VMs are identically configured through

images and grouped together – can be

easily scale-out on demand.

Pooled Virtual Desktop

Personal Virtual Desktop Session Hosted

Powered by Windows Server 2012 in

Azure’s reliable infrastructure is

managed by Microsoft

Each user can be assigned to specific VM

in Personal Virtual Desktop access – or

automatically assigned in Virtual

Desktop Pool.

In Session Hosted every user will be

assigned automatically to different RD

Session Host servers

10

2 Types of Deployment : Cloud and Hybrid

Cloud DeploymentHybrid Deployment

OnPrem

Resources

• Created using Create with VPN option

• Available to AD users from which AAD sync has been configured

• Connected to on premises Active Directory Domain

• Can access on premises resource like file servers, SQL server that are hosted on-prem

• Created using Quick Create option

• Available to any users that has AAD identities, including user having Microsoft accounts.

• Not connected to on premises Active Directory Domain

• Can not access on premises resource like file servers, SQL servers that are hosted on-prem

Important! Microsoft will not manage system and

application upgrade in Hybrid Deployment.

Remote App

Virtual Machine

Corporate Network

Microsoft SQL Server

Other published

resources

Cloud Deployment

Azure Data Center

Remote App

Virtual Machine

Corporate Network

Microsoft SQL Server

Hybrid Connection

Other published

resourcesHybrid

Connection

Manager

Hybrid Deployment

Azure Data Center

13

Image Name Installed Roles/Features/Applications

Windows Server 2012 Based on Microsoft Windows

Server 2012 R2 Datacenter

operating system

.

•NET Framework 4.5, 3.5.1, 3.5

•Desktop Experience

•Ink and Handwriting Services

•Media Foundation

•Remote Desktop Session Host

•Windows PowerShell 4.0

•Windows PowerShell ISE

•WoW64 Support

•Adobe Flash Player

•Microsoft Silverlight

•Microsoft System Center 2012

Endpoint Protection

•Microsoft Windows Media Player

Microsoft Office 365

ProPlus

Windows Server 2012 image

with Office 365 ProPlus client

application

•Access

•Excel

•Lync

•OneNote

•OneDrive for Business

•Outlook

•PowerPoint

•Project

•Visio

•Word

•Microsoft Office Proofing Tools

Microsoft Office 2013

Professional Plus (30 days

trial)

Windows Server 2012 image

with Microsoft Office 2013

Professional Plus. Only

available for trial! Can not be

transitioned to Production.

•Access

•Excel

•Lync

•OneNote

•OneDrive for Business

•Outlook

•PowerPoint

•Project

•Visio

•Word

•Microsoft Office Proofing Tools

Default RemoteApp Images

Basic vs Standard plans

Target User Task worker Information worker

Sample application Date entry, expense

reporting

Productivity such as

Office application

Storage (user) 50GB 50GB

Starting price (user/month) $10 $15

Hours included in starting price /

mo40 40

Hourly overage rate / hour $0.175/hr $0.2/hr

Capped price (user/month) $17 $23

StandardBasic

RemoteApp Step-by-Step

DemoRemoteApp Creation (Quick Create)

• Create Remote App using Quick Create options

• Use standard template during Remote App creations (Office Professional Plus 30 days trial)

• Select list of applications to publish through Remote App

• Using Remote App Client

17

User Management

Hybrid

ADSync +

ADFS

Microsoft Account Yes No

Azure AD cloud only Yes No

ADSync with password sync Yes Yes

ADSync without password Yes No

ADSync with AD FS Yes Yes

3rd Party Azure supported

identity provider (example Ping)Yes No

Multi-factor Authentication Yes Yes

Cloud

AAD

MS

Account

RemoteApp

MFAADSync

User

Important! Azure Active Directory is holding the primary

role in any authentication model for Azure Remote App

User Accounts Source

DemoRemoteApp User Management(Azure Active Directory + MFA)

• Using Azure Active Directory to manage Remote App User

• Add Remote App User

• Configure Multi-Factor Authentication

• Using Remote App Client

What is multi-factor authentication?“Multi-factor authentication (MFA) is a method of authentication that requires the use of more

than one verification method and adds critical second layer of security to user sign-in and

transaction.“ - Microsoft Azure

Simple Authentication

In MFA, user needs to provide any two of

following verification method:

• Something you know (typically

password)

• Something you have (a trusted device

like phone, token etc.)

• Something you are (such as fingerprint,

biometric)

Password

Multi-factor

Authentication

Password Token

DemoRemoteApp User Management(ADSync + MFA)

• Configure ADSync to synchronize on-prem AD and Azure Active Directory credentials

• Add on-prem AD user as Remote App user

• Configure Multi-Factor Authentication for on-prem AD user

• Using Remote App Client

What is ADSync?“Synchronization of AD accounts between on-premises Active Directory and Azure Active

Directory, either with or without password synchronization.”

AD User will virtually have access to

Cloud Resources using same

credential in his Active Directory.

In ADSync + ADFS, the user will

only need to login once (Single-

Sign-On) using his Active Directory

credential to access Cloud

Resources.

Corporate Network

Active Directory

ADFSAzure Active

Directory

ADSync

Cloud Resources

Custom Image checklist (1/2)

Answer

Data Retention Do not store data that can be lost, should only contains

applications

VM File Image File format VHD (no support for VHDX)

The VHD must not be a generation 2 Virtual Machine

Image size <= 127 GB

Image size must be multiple of MBs (no fraction)

OS Configuration

(mandatory)

Use Master Boot Record (MBR) partition (no support for

GUID partition table)

Windows Server 2012 R2 or newer OS single boot only

Remote Desktop Session Host role

Desktop Experience feature

Important! RemoteApp mages are stateless and should only contain applications.

Answer to checklist must be all “YES”, before you can use for RemoteApp custom image

Custom Image checklist (2/2)Important! RemoteApp images are stateless and should only contain applications.

Answer to checklist must be all “YES”, before you can use for RemoteApp custom image

Answer

Optional Applications that you intend to publish through RemoteApp

Forbidden Remote Desktop Connection Broker is not installed

Encrypting File System is disabled

Do not create snapshot image for upload

Run sysprep /oobe /generalize /shutdown after finalizing

all application installation (DO NOT use /mode:vm )

Using dynamically expanding VHD is recommended to reduce upload time.

Simple Licensing RulesImportant! Office 2013 Professional Plus Trial is intended for evaluation and testing only. The RemoteApp

created using this template image cannot be transitioned to production and will be disabled at the end of the

trial period.

Licensing Rules of Thumb

1. RemoteApp does not require any

Windows licenses or Remote Desktop

CALs

2. You cannot use a CAL or Volume License

agreement in a cloud collection

3. You can use a Volume License agreement

to activate applications in your hybrid

collection (except for Office).

4. You must have license to share the app

or you are legally entitled to share for

other 3rd party application

Microsoft

3rd Party

Ensure legal entitlement & license agreement

with 3rd party apps publisher.

Cloud Deployment

NO CAL

NO Volume License

Office 365 service plan for Office products

Non Office Products

Non Microsoft Products

Hybrid Deployment

YES Volume License

(except for Office)

RemoteApp does not required any Windows Licenses or Remote Desktop CALS

DemoCreate custom image

• Create virtual machine as base image

• Install application in the virtual machine (Visual Studio , Skype)

• Finalize the image (sysprep)

• Upload image in Remote App image collection

• Create Remote App using custom image

Get startedVisit azure.microsoft.com

IdeasForFree

Blog by Riwut Libinuko, a hands on IT Architect,

also Microsoft SharePoint Server MVP living in

Singapore.

Contains articles, tips and trick, troubleshooting

on SharePoint and other technologies.

Find out more at the http://blog.Libinuko.com