With the fuzz these these about Windows Virtual Desktop on Azure coming out soon, I’m get a lot of questions around VDI and desktop delivery functionality and how to deliver this from Microsoft Azure, what kind of possibilities do we have? what vendor has the best support? what kind of integrations are possible? and so on…
Want to read more about the options? Stay tuned for my free ebook on building Modern Workplace solutions in Azure!
Earlier I wrote a post which I called Remote Desktop 2.0 which was about moving the desktop to the cloud –> https://msandbu.org/remote-desktop-2-0-moving-end-user-computing-to-the-cloud/ and what kind of vendors we have in this marketspace and the difference between them. Now that blogpost is already over two years old, and I see now that most of the material there is already out of date so therefore I wanted to write a bit more about what kind of options we have now when building VDI and remote desktop solutions in Microsoft Azure.
When building VDI in Azure we have many different options to choose from depending on what kind of level of complexity ,fuctionality we want and level of integrations. We can of course use the regular infrastructure approach and build our own set of virtual machines in Azure using RDS or Citrix or some else vendor which we can build from scratch, depending on vendors support. This approach of course requires us to have full control and management of the underlying virtual infrastructure, but again this requires to manage and maintain the entire stack. Even if we are using pure infrastructure some vendors provide good integrations with Azure either with image provisioning, identity or even power control options, too allow us to start and stop virtual machines on a specific schedule to save cost.
Now if we don’t want to manage the entire stack we can look more of using an PaaS/SaaS approach where we maintain certain parts of the deployment but not everything (such as the management plane). Might be that we only have our image containing our LOB (Line of Business Applications) that we upload to a platform and point it to our Azure subscription and let it take care of the rest or that we don’t care about the Azure pieces at all and we just want to have a virtual desktop delivery without all the complexity. This is where we see that most of the vendors are going now, moving away from delivering a just a platform for delivering applications and we maintain rest of the infrastructure and moving towards providing DaaS (Desktop-as-a-service) dir, which has been something that many MSP have been delivering for years. Now we have vendors such as Nutanix Xi Frame or Citrix Virtual Apps/Desktop Essentials and Microsoft with their Virtual Windows Desktop offering.
Many vendors have gotten quite far when it comes to building integrations into Azure with for instance simple image management and provisioning, power control and identity access using Azure AD. What I see is that some vendor have built basic integrations into Azure, while some have gotten a bit further.
Many are looking into vendors that have good built-in integrations to Azure and to take benefit from their extensive list of services and not having to build more virtual infrastructure but benefit from using native PaaS services to provide simple services but also utilizing other service such as
- Having Azure AD for main authentication for end users
- Integration with Automation layer (ARM) to do machine provisioning.
- Support for different instance types.
- Automatic monitoring using built-in tools such as Azure Monitor.
- Using Azure PaaS Services for their backend such as SQL for brokering, configuration and utilization data.
- Using Azure Storage PaaS for User Profiles.
- Automatic Scaling based upon user activity, scaling out verticaly.
- Power Scheduling
- Supporting Hybrid workloads to have integration with on-prem workloads.
- Integration with Storage solutions for accelerated and caching but also for profile storage.
So what kind of vendors do we have in the market and what kind of support do they have?
NOTE: There are more vendors in this area, which I might add eventually more, but these are the ones I wanted to cover in this blogpost.
VMware Horizon for Azure
VMware Horizon for Azure I’ve written about previously, (https://msandbu.org/comparison-between-horizon-cloud-and-citrix-cloud-on-azure/) VMware Horizon for Azure is similar to Citrix when it comes to hosting its own control plane, but unlike Citrix and Microsoft, VMware does not control the data plane. Using VMware Horizon for Azure you automatically deploy unified gateways in your Azure enviroment that are using for remote access. So VMware has done great work there to make this flow automatically. Again like Citrix and Microsoft, VMware requires that you have your own Active Directory down, Azure virtual network and subscription.
They also provide with power management in Microsoft Azure to start/stop virtual machines based upon demand and they also have a built-in provisioning option. They also have integration with NSX Cloud to provide a hybrid SDN between on-prem and Microsoft Azure, which of course provides a high level of network security and control unlike the others.
- Image Provisioining using Cloning
- Supported for Managed Disks and most instance types
- Support for GPU instances in Azure
- Support for Azure Active Directory using VMware Identity components
- Cost management and Azure monitoring using vRealize
- Microsegmentation using NSX-T with NSX Cloud
- Encryption of VM’s using Azure KeyVault
Now on the other hand, VMware either does not have any other integration (from Horizon atleast) to Azure PaaS services, but most of it is self-contained within the platform itself, but again I would also like to move monitoring from vRealize into Azure Monitor or that VMware Cloud could do a bit more in terms of monitoring and pull Azure data out and into the control plane.
Nutanix Xi Frame
Nutanix is of the few vendors here, that have a completly SaaS based VDI solution. With no requirements to having your own Azure subscription or having your own infrastructure. Here you can gain access to a virtual desktop directly running in Azure using different instance sizes in a web browser.
Nutanix Xi Frame works against Microsoft Azure or against AWS, and they handle everything and we from an end-user perspective only get access to the application. Now Frame is delivery in a web-browser which is of course great, but using TCP has its limitations compared to others, but it provides simplicity. Now since this is a SaaS based offering we don’t need to think about managing any type of backend services at all.
Now as I mentioned as part of Frame you can use their offering, or you can bring your own Azure subscription if you want too. This might be useful when you need access to on-premises resource using VPN or access to any shared backend services which you might have running in Azure, but Frame still takes care of all the pieces running in the subscription.
Frame also supports Azure AD based access and is not dependant on Active Directory but can be integrated with if needed.
Microsoft RDS
Using Microsoft RDS in Azure is also a way to provide virtual apps and desktops in Azure, even if it is essentially setting up Windows Server 2019 with the different RDS components on your own. RDS has always consisted of multiple key components, Web interface, Connection broker, Gateway and the session hosts. Now unlike the on-prem version, RDS does not support VDI only Session hosts as part of the deployment in Azure since it is dependant on Hyper-V to provide VDI with Client OS.
RDS is also lacking integrations with Microsoftt Azure, it has some integrations like the Connection Broker that can use Azure SQL for the high-availability database, which has been there for some time already. It can also use NPS Server with Azure MFA extension for MFA authentcation or use the Azure AD App Proxy for the same purpose. But since this is Microsoft’s product I would have seen more Azure integration into this product, but we will see later on that most of these Azure based integrations have been aimed at Windows Virtual Desktop instead.
- Some Support for Azure PaaS
- Simple deployment
And some limitations that it has compared to the other vendors.
- No automated provisioning
- No VDI Support
- No support for other PaaS Services such as UDP with Azure Storage.
- No monitoring capabilities inside Azure Monitor or any monitoring packages.
- Still requires Active Directory backend for deployment.
Citrix Virtual Apps and Desktop
This is essentially the regular on-premises version of Citrix XenApp/XenDesktop, but it still has an pretty good integration with Microsoft Azure. Building this requires essentially setting up Delivery Controllers, Storefront, NetScaler and the other necessary components in Microsoft Azure such as an Active Directory. As mentioned above in their other offering Citrix has a good list of integrations when it comes to Azure.
- Image Provisioining using MCS
- Supported for Managed Disks and all Instance types
- Support for GPU instances in Azure
- Support for App-layering with direct integration against Azure
- Support for Azure Active Directory using Citrix FAS components
- Intune support for NetScaler for Conditional Access rules
And now some features that I’m missing when it comes to Azure support, such as having support for SQL PaaS for instance such as Azure SQL or Managed instance to make it a bit easier to adopt Azure without the need to have multiple server for simple configuration databases.
- No support for Azure PaaS services such as SQL for Databases
- No capabilities for Azure Monitoring services or integrations with Citrix Director
- No support for Azure Storage with for instance UPM
- No automated deployment of Gateway component.
Citrix Cloud
As its counterpart, Citrix Cloud has the same integrations with Microsoft Azure but with some exceptions. As part of Citrix Workspace (Storefront..) they now have native integration with Azure AD for end-user and administator authentication. Citrix Analytics has now built-in integration with Graph API to pull out activity log and react on that activity. Lastly that Autoscale as part of Citrix Cloud also have native capabilites with Azure to be able to power on / off based upon load and schedule (when it get releases) Also with NetScaler-Gateway-As-A-Service they also have built-in Points of Presense location in some of the Azure datacentres to provide low latency connections to desktops running in Azure.
- Image Provisioining using MCS
- Supported for Managed Disks and all Instance types
- Support for GPU instances in Azure
- Support for App-layering with direct integration against Azure
- Support for Azure Active Directory for end-users and administrators using Workspace
- Intune support for NetScaler for Conditional Access rules (NGaaS does not have this feature)
With Citrix Cloud the architecture is a bit simplified, since it doesn’t require any SQL databases and moving more into features into Citrix but we are still required to have our own Active Directory and other additional services that we might need backend. Also I would like for the Citrix Cloud connectors to use Azure integrations to be able to deploy automatically in Azure, such as in case of maintaince Citrix could essentially deploy a new virtual machines to replace the old one.
- No capabilities for Azure Monitoring services or integrations with Citrix Director
- No support for Azure Storage with for instance UPM
- No automated deployment of Gateway component (Unless you are using NGaaS)
Microsoft WVD (Note: Still in Preview)
Microsoft WVD which is now in Preview is essentially RDMi, where Microsoft is hosting the RDS infrastructure component such as the broker, licensing, diagnostics and the gateway. Setting up a Microsoft WVD enviroment, is setting up a tenant at Microsoft WVD broker and integrating your clients with that.
As part of Microsoft WVD we essentially setup our infrastructure which still requires Active Directory and install agent which communicate back to the WVD Infrastructure. When an end-user connects it using a WebSocket connection which is tunneled trough the WVD Gateway back to the client. So what does it provide in terms of integration with Azure, besides that this is a native Azure service. The session hosts is essentially a scale set.
- Automated Scaling of hosts in Azure based upon Scaling script
- Control Plane and Management integrated into Azure AD
- Support for Azure files for Profile management using FSLogix
- All Control plane components are automatically configured.
And now some features I would like to have when it comes to Azure support, as of now the scaling abilities of the service based upon having a script which scales up and down.
- Automated scaling as a service and not based upon scripts
- Still requires Active Directory backend
- Monitoring and diagnostics are still using PowerShell
- No direct integration with Azure Monitor
Summary
So here we have a summary of the different products and support they have in Azure, of course some are pure IaaS with provides more flexibility, while others are moving more and more into PaaS area and therefore might have a different approach and functionality level. Regardless if WVD is coming out, Microsoft and other have a long way to go when it comes to be able to fully utilize the Azure full range services. For me personally I would like to have less depedancy on infrastructure or other components such as Active Directory and still have SSO using SAML or other. Secondly I would like for my service to stay true to the properties that a cloud platform has such as autoscaling when needed and being the platform to be automated.
NOTE: There is an community addon from Sepago that can be used to collect and monitor RDS and Citrix using Azure Monitor –> http://loganalytics.sepago.com/