Thursday, April 28, 2016

Run your Remote Desktop Server Connection Broker database in Azure SQL (Win Server 2016 TP5)

Windows Server 2016 Technical Preview 5 is out! For Remote Desktop Services, this brings a great new feature to the table! Remote Desktop Services in TP5 allows you to store the RD Connection Broker database in Azure SQL! This is a very interesting scenarios for RDS on Azure IaaS but can also be used for an on premises or hosted scenario.

How to configure this? The process of setting up RDS Deployment (Quick or Standard) via Server Manager or PowerShell in Technical Preview 5 is similar to setting this in up Windows Server 2012(R2).

Now we need to setup an Azure Database. Select New from the Azure Portal and choose SQL Database.image

In the New Server window provide a server name, logon and location.

Next, provide a database name, subscription and new (or existing resource group) and select a blank database. For testing purposes in my lab I selected the Basic tier but in future production environments the Tier should be chosen based on the performance needed.

That is basically it! The database will now be created in Azure.

Once it’s finished, the screen below is what you will end up with. Click “Show database connection strings” and copy the ODBC connection string and save it, you’ll need this later on.

From the RDMS console in Server Manager you can select the option “Configure High Availability”, still similar to Windows Server 2012 R2. In this case however, you will be presented with the option to choose a Dedicated database server or a Shared database server. For Azure Databases the option obviously is Shared database server. Note for this to work, similar to HA in Windows Server 2012 R2, you still need the SQL Server Native client to be installed on all RD Connection Broker servers.

Provide the DNS name for the RD Connection Broker, similar to setting up High Availability in Windows Server 2012. Copy the ODBC connection string you saved earlier and enter the password in the string, this is the password you provided while setting up the Azure database.
Double check the information and click next.

The Windows Internal Database is now migrated to the Azure Database
The Server Manager console now reflect the changes and shows “High Availability Mode”.

Obviously other factors now also come into play like performance, what Azure SQL Tier do I need, what connectivity is required etc. These require more in depth testing, and we still have time since this is only Technical preview, but for now it’s a great new feature that adds more options and flexible deployment scenarios of RDS on Azure IaaS or on premises! image

Tuesday, April 12, 2016

Remote Desktop Preview App now supports Azure RemoteApp! (Insiders ring)

The latest update to the Azure RemoteApp Preview App (version 856) in the Microsoft App Store (currently only in the insiders rings) now contains support for Azure RemoteApp! This means you can now start using this client to launch applications hosted in Azure RemoteApp.

What is the experience like?
First download and install the latest Remote Desktop Preview App from the Appstore (note that you currently have to be in the insiders rings to see the update, other rings will follow soon)

After launching the App we now have a new option called “Azure RemoteApp, Sign in to a source feed to get apps”.

Simply enter the account you want to use that is assigned to an Azure RemoteApp collection and click Sign In.

The App will start to retrieve the applications that are assigned, which in my case took a few seconds.

And here are the applications that are assigned to my user.

By single clicking, a user session is logged on and the application is launched. Similar to the ClickOnce client, or any RemoteApp environment, the launch of 1st application takes a little longer because at this stage the session is being logged on. Any 2nd or 3rd application we launch leverages the same session and is faster in launch time.

Here I have several applications open. By clicking the three dots in the upper center of the App you can easily switch between active application i.e. if you have minimized an application and want to bring it back up.

Optionally, you can pin RemoteApps by right clicking the App and selecting “Pin To Start”

Currently there is no intuitive way to return to the main screen of the App to launch additional apps. To return to the main screen, first press the button with the 3 dots again, and then click the Back arrow button.

Also, once in the main screen, there currently is no easy way to switch back to an active session, the only method is to launch an additional app from the same source. Ideally you would like to switch concurrent active session easily especially in scenarios where users have multiple feeds from different sources or are in the middle of a migration path from on premises RemoteApp to Azure RemoteApp. Microsoft has confirmed that functionality to provide easy switching of active session is on the roadmap. As with any Azure service or App, it’s all about continuous development, so expect updates to this App regularly too.

Finally, the App collects recently launched RemoteApps and if you right click the tile in the Start Screen, you can quickly launch recently opened RemoteApp and Pin them from the Start Screen as well.

Monday, April 4, 2016

Estimating Azure RemoteApp network bandwidth usage

imageMicrosoft updated some articles for guidance on estimating Azure RemoteApp network bandwidth usage.

”…Azure RemoteApp uses the Remote Desktop Protocol (RDP) to communicate between applications running in the Azure cloud and your users. This article provides some basic guidelines you can use to estimate that network usage and potentially evaluate network bandwidth usage per Azure RemoteApp user.

Estimating bandwidth usage per user is very complex and requires running multiple applications simultaneously in multitasking scenarios where applications might impact each other's performance based on their demand for network bandwidth. Even the type of Remote Desktop client (such as Mac client versus HTML5 client) can lead to different bandwidth results. To help you work through these complications, we'll break the usage scenarios into several of the common categories to replicate real-world scenarios. (Where the real-world scenario is, of course, a mix of categories and differs by user.)

Before we go further - note that we assume RDP provides a good to excellent experience for most usage scenarios on networks with latency below 120 ms and bandwidth over 5 MBs - this is based on RDP's ability to dynamically adjust by using the available network bandwidth and the estimated application bandwidth needs. This article goes beyond those "most usage scenarios" to look at the edge, where scenarios begin to unwind and user experience begins to degrade.

Now check out the following articles for the details, including factors to consider, baseline recommendations, and what we did not include in our estimates…”

Source & more info:

Estimate Azure RemoteApp network bandwidth usage
How do network bandwidth and quality of experience work together?
Testing your network bandwidth usage with some common scenarios
Quick guidelines if you don't have the time or ability to test

Friday, March 11, 2016

HTML5 updates & improvements for Azure RemoteApp

On January 13, the HTML5 client for Azure RemoteApp became available in public preview. I wrote a blog post on the user experience with this initial version here: HTML5 for Azure RemoteApp available in public preview!

Yesterday, the next major update to HTML5 has been made available! The most important changes in this release are:

1. Support for Dynamic resolution
The session is no longer fixed to a specific remote resolution, the session now automatically adjusts resolution if you change your browser size

Here is the Azure RemoteApp HTML5 client at full Windows Size

Here is de browser resize in action, this takes about ~2 seconds

And here is the end result:

2. Audio redirection is now supported!
It's hard to demonstrate this in a blog post, but I can assure you it's working :) The audio service in your Azure RemoteApp RDSH must obviously be running for this to work

3. Mouse cursor updates
This really helps for the overall user experience. Previously, mouse cursus updates were not visible which made it really hard to e.g. resize application windows etc. See the example below. Mouse cursus updates are now coming through.

4. Support for browsers without WebGL support
Previously there were some issues with browsers without WebGL support which caused crashes of the browser and session disconnected errors. This has been resolved.

5. Support for cloud only deployments
In the first release of the HTML5 client, only Hybrid Collections (domain joined collections) were supported. With the lastest release Cloud Deployments (non-domain joined collections) are also supported!

This latest HTML5 should be deployed to all Azure regions by now!

Wednesday, March 9, 2016

Build a Proof-of-Concept RDS Azure IaaS Environment with FSLogix Apps created a guide that walks you through the steps required to install a Proof-of-Concept (POC) environment for RDSH Full Desktop with FSLogix Apps. FSLogix Apps is a software agent that enables virtual desktop administrators to eliminate some of their biggest problems in VDI and RDSH. FSLogix Apps 2.1 allows admins to massively reduce the number of Windows Gold images, easily manage per-user applications, and optimize license costs while assuring compliance.

PoC environments created according to this install guide can be used to test applications controlled by FSLogix Apps in a reproducible way.

The IaaS RDSH environment is built entirely in Azure and includes the supporting network and domain infrastructure.  We build the environment in the cloud in order to minimize costs associated with required hardware, and to streamline the build process.
Get the guide here:

The diagram below shows the outcome of the PoC environment.

Friday, March 4, 2016

Publish applications to specific users in Azure RemoteApp

What is this about?

This is a feature many have been waiting for! What is it all about? Consider the following scenario. You have created an Azure RemoteApp collection housing several applications. You provide access to this Azure RemoteApp collection to your users. These users could be working in several departments, and based on their role or persona require different sets of applications. An important caveat to realize is that currently all users who have been granted access to an Azure RemoteApp collection will see all application published in that collection! And of course this does not mean that you cannot prevent users from actually opening that application. Using technologies like i.e. AppLocker you would be able to prevent users from starting an application. However, users will still see all the applications in their Azure RemoteApp client and, all of the applications will be placed in the users local Start Menu (for Windows clients). Not an easy task to explain this to your end users.

Microsoft has listened to this feedback, functionality is in private preview now to publish specific RemoteApp application to specific users within a single Azure RemoteApp collection!

How does it work?

Currently the feature can only be configured using PowerShell, the functionality is not available in the Azure Portal yet. I'm guessing we'll see this after Azure RemoteApp will become available in the new Azure Portal.

Open Azure PowerShell and connect to you Azure subscription. If you have not performed this before, check out this guide.Use Windows PowerShell cmdlets with Azure RemoteApp

Run the following command Get-AzureRemoteAppCollection <collectioname>. This command outputs the current configuration of your collection. The Aclevel parameter shows the current mode of the Azure RemoteApp collection.

A collection can be set into one of two modes:
  • The mode “collection mode”, is the mode where all users in a collection can see all published applications. This is the default setting
  • The mode “application mode”, ”, is the mode where users only see applications that have been explicitly assigned to them. This is the new mode that is blog post is about.

Switching modes to application mode is easy. Run the command
Set-AzureRemoteAppCollection -CollectionName <collection> -AclLevel Application

After running this command, initially all users will see all of the original published apps. Let's now start to assign a specific application to specific users. The first step is to get the currently published applications. This can be achieved by running the command
Get-AzureRemoteAppProgram -CollectionName <collection> | ft alias,name

Now, to remove a specific application for a specific user we run the command Remove-AzureRemoteAppUser -CollectionName <collection> -UserUpn <UPN> -Type OrgId -Alias <App Alias>

That's it! In this example we now have removed Outlook 2016 for the user rdstest. This happens instantly. If the user refreshed the Azure RemoteApp client, the changes are reflected immediately.

Before the command

After running the command:

And of course, if we check out the Azure Portal we'll still see Outlook 2016, it will still be visible for all other users.

To check what other users still do have access to this application, use the command
Get-AzureRemoteAppUser -CollectionName <collection> -Alias <App Alias>

Again, do realize that is not in any way a security mechanism. It does not prevent users to start the application in another way. To accomplish this use technologies like i.e. Microsoft AppLocker.

The approach of these PowerShell commands, removing users from seeing a certain application, is of course slightly different to a more common approach where you assign specific users (or a specific group) to an application in stead of assigning the application to all users and remove access for specific users. For the end user the result is the same of course, and, with some PowerShell scripting you should be able to configure assignments based on group membership. These new PowerShell commands however are a great first step!

This new functionality also opens doors for vendors like Unidesk and FSLogix that provide application layering. If you combine this new functionality with Application Layering you can remove certain applications from Azure RemoteApp and also completely prevent users from launching that application using other ways.

Being able to show users only the application they need is a heavily requested feature. The feature is currently available as a “private preview” to selected customers who have opted in. If you are interested in trying it out early, please let Microsoft know via this survey.

Tuesday, February 2, 2016

BriForum 2015 session video on Azure RemoteApp publically available!

Could not attend BriForum 2015 last year? Attendees already had access to the content, but as of today, all the videos from last year's BriForum conferences are publically available! Between BriForum 2015 London and Denver, 83 session videos were produced with more than 100 hours of content!

This includes the session Benny Tritsch and I presented on Azure RemoteApp. Check out the recording here:

Obviously some topics in the session are already out dated since there have been many continuous development cycles of Azure RemoteApp in the mean time, but who know, you might see us present an updated version this year!

Unfolding the Azure RemoteApp Magic

Instead of using virtual desktops, many users just want their remote apps embedded in their local desktops. Microsoft Azure RemoteApp (ARA) allows users to run Windows programs hosted on Azure side-by-side with their local programs. This makes Azure RemoteApp programs appear as if they were running on the user’s local PC or tablet. In this session, Freek and Benny dive deep into Azure RemoteApp. They will start by explaining the underlying concepts and demonstrating a cloud-based (quick) deployment. In addition, they cover the more advanced Hybrid Deployment including setting up connectivity to on-premises servers as well as creating custom templates. A particular highlight of the session is the advanced part, discussing Azure RemoteApp performance, auto-sizing, limitations, and tips & tricks. Other topics covered are pricing, licensing and SLAs. Come and see the session and allow two Microsoft RDS MVPs to guide you through the magic behind Azure RemoteApp!
  • Getting familiar with the Azure Remote App concept, the scenarios and it’s limitations
  • Get experience into setting up Cloud- as well as Hybrid Deployments of Azure RemoteApp
  • Gain insight into the more advanced topics of Azure RemoteApp and learn tips & tricks
  • Familiarizing with the licensing options, pricing and SLA