Azure RemoteApp is Remote Desktop-as-a-Service. It combines the Azure platform capabilities with the proven technology of Remote Desktop Sessions and the RDP Protocol. This is the session I gave at the Microsoft Campus Days 2014 in Copenhagen, Denmark.

1. Building Azure RemoteApp
Data3007
Morgan Simonsen
Principal Consultant, Lumagate
#CampusDays
#007FFF

2. #CampusDays
Morgan Simonsen
• Principal Consultant Cloud and Datacenter
Product Manager Microsoft Azure
@Lumagate
• P-TSP@Microsoft
• MCSE, MCSA, MCT
• MVP (Directory Services)
• Twitter: @msimonsen
• Email: morgan.simonsen@lumagate.com
• Blog: morgansimonsen.wordpress.com
• Blog: cloudpower.no

3. #CampusDays
Agenda
• Welcome to Mohoro
• RemoteApp; what is it and why do we need it?
• Scenario walkthrough
• Features
• Demos
• Cost
• Questions and comments

4. Today’s challenges
• Deliver applications to mobile platforms (BYOD)
• Respond to dynamic business requirements for IT:
• Seasonal/temporary workers
• Vendors
• New employees (mergers and acquisitions)
• Reduce infrastructure costs (move CAPEX to OPEX)
• Provide access to legacy applications
• Protect corporate resources and ensure compliance

6. Tenant1 Cloud Service1
Other Tenant
AD
Desktop Hosting Service
VM
Public Internet
Load Balancer/VPN
RDLic RDCB RRDDSHSH
VM
File
Server
Services
VM
Storage
Azure Fabric
Network
Azure Services
...
RDGW RDWeb
RRDDSSHH
Session Desktop
Collection
VM
RemoteApp
Collection
SSQQLL
VM
Compute
Tenant1 Cloud Service2
Management
Portal
Traffic Manager
Tenant 1 Premises
Public Internet
VPN
AD
Other Tenant
On-premises
Services
Azure Desktop
Hosting - Reference
Architecture and
Deployment Guides

7. Azure RemoteApp
Azure RemoteApp
combines Windows
application experience
and powerful RDS
capabilities
on Azure’s reliable
platform and helps IT to
bring, scale, agility and
global access to corporate
applications.

8. Introducing Azure RemoteApp Preview
Remote applications
delivered from the
reliable Azure platform
Delivered via
Microsoft Remote
Desktop Protocol and
RemoteFX
Scale without large
capital expense
Flexible hybrid
or cloud deployment
options
User
Access from Windows,
iOS, Mac OS X, and
Android devices

9. #CampusDays
RemoteApp Elastic Runtime
• Azure RemoteApp blog storage with template images
• Azure Infrastructure-as-a-Service (IaaS) Virtual Machines and Virtual Network (vNet)
• Azure Machine Learning AutoScaling
• Automatically maintained Remote Desktop components:
• Connection Broker
• Gateway
• Azure Load Balancer
Template Image
Azure
RemoteApp
Blog Storage
Remote Desktop Session Hosts
Virtual Network
Azure Machine Learning
Autoscaling
Azure Load Balancer
Remote Desktop
Gateway Hosts
Remote Desktop
Connection Broker
Service Cert
service
certificate

10. #CampusDays
Azure RemoteApp Identity
• Logon options
• Microsoft Account (MSA)
• Azure AD
• MFA supported
• MSA MFA
• Azure AD MFA
• ADFS MFA
• Azure RemoteApp can only authenticate
against default Azure AD directory for the
subscription

11. Windows Server
2012 R2 session
virtualization
Dynamic
scalability
Global
presence
High fidelity
with RDP
Secure,
WAN-ready
connectivity
Clients for
Windows, Mac,
iOS, Android
Two deployment choices
RemoteApp cloud deployment
Image available with Microsoft Office Professional Plus
2013 preinstalled
Rapid provisioning: apps quickly available
Automatic maintenance of platform image: OS and
apps always up-to-date, Microsoft antimalware
User logon with Microsoft account or corporate
credentials federated with Azure Active Directory
RemoteApp hybrid deployment
Fully customizable apps, OS, and settings
IT can manage template images and apply updates via
Azure Portal
Full access to on-premises network
User logon with corporate credentials federated with
Azure Active Directory

12. Try it right now!
A public demo of cloud deployment is available for everyone to try:
• Visit remoteapp.azure.com
• Install client for your platform
• Log on with Microsoft Account

13. Cloud deployment in detail
Published apps
RemoteApp Service
Microsoft
account
Identity options
RDP
Elastic runtime
…
DirSync/Federation
(optional)
Persistent user data
(50GB per user)
Custom template image or
prebuilt with Office
On-premises network
Windows Server
Active Directory
Azure Active
Directory
Authentication
User

14. #CampusDays
Cloud Deployment Details
• No access to internal corporate resources
• Internet access
• Access publicly available resources
• Office 365 and SaaS apps
• Your own systems if they are publicly exposed
• Custom applications in template image

15. #CampusDays
Cloud Deployment Demo
Accessing a Cloud Deployment
Creating a Cloud Deployment

16. Hybrid Deployment
• Core technology:
Azure Virtual
Networking with
Site-to-Site VPN
• RemoteApp Virtual
Networks built on
Azure to seamlessly
access on-premises
resources
• Core technology:
Azure Active
Directory with
DirSync
• RemoteApp
leverages Azure AD
to control user
access and enable
Single Sign-On
• Core technology:
Windows Server
Active Directory
on-premises
• RemoteApp hybrid
session hosts are
domain-joined and
conform to on-premises
policies

17. Hybrid deployment in detail
RemoteApp Service
Identity options
RDP
Authentication
Domain
Joined
Subject to IT policy via
GP, System Center, or
other enterprise
management tools
On-premises network
Corporate Apps
DirSync
User
Persistent user data
(50GB per user)
Elastic runtime
…
Azure VPN
Custom template image
Maintained via Azure Portal
Corporate apps
Azure Active
Directory

18. #CampusDays
Azure RemoteApp Hybrid Deployment network scenarios
• ARA deployments run in Azure vNets
• Cloud deployment vNets are invisible
• Hybrid deployment vNets can be configured
• Hybrid deployment VPN connections options:
• Only supports one VPN S2S connection
• ARA_vNet<->LocalSite
• ARA_vNet<->Azure_vNet
• Full Azure vNet2vNet functionality available:
• Cross region/subscription etc.
Azure RemoteApp
Virtual Network
DC File Server SQL
Azure RemoteApp
Virtual Network Azure Virtual Network

19. #CampusDays
Hybrid Deployment Details
• Access to internal corporate resources
• Internet access
• Access publicly available resources
• Office 365 and SaaS apps
• Access internal resources
• S2S VPN
• Custom applications in template image
• RemoteApp Session Host VMs joined to Active Directory domain
• Group Policy
• Folder Redirection
• Logon scripts

20. Selecting a deployment
RemoteApp cloud deployment
• Image with Office 2013 ProPlus pre-installed
• Identity flexibility
• Rapid provisioning
• Automatic maintenance, turn-key
• Integrating with back-end infrastructure is not
required
RemoteApp hybrid deployment
• Secure access to data or resources on-premises
• Corporate Active Directory-based identity required
• Servers domain-joined and conforming to on-premises
IT policy

21. #CampusDays
Hybrid Deployment Demo
Accessing a Hybrid deployment
Creating a Hybrid deployment
Customizing a Hybrid deployment

22. #CampusDays
Scenario
• The company Langskip builds viking longships
• Hybrid network on-premises/Microsoft Azure
• IAM using FIM
• Hybrid Identity with Active Directory/Azure AD
• MDM with Windows Intune
• Data Protection with Azure RMS
• Azure RemoteApp for app access

23. #CampusDays
Demo Setup
Azure GW
168.63.16.53
Azure GW
RPWLRNNM0000
WS2012R2 RRAS
WAN NIC: DHCP
LAN NIC: 192.168.131.1
Azure GW
137.135.206.252
Langskip-dc3
DC/GC/DNS
ls-fs1
File Server
RemoteApp
Session Host
RPWLRNNM0001
RemoteApp
Session Host
Langskip-dc1
DC/GC/DNS
10.1.0.4
Langskip-dc2
DC/GC/DNS
10.1.0.5
Ls-aadsync1
AADSync
10.1.0.6
Internet
Azure West
Europe
Azure North
Europe

24. #CampusDays
RemoteApp Template images

25. Patching and updates
Template
Image
Cloud deployment Automatically
maintained
Latest OS and
application updates
rolled out on an
ongoing basis
Custom
Image
Cloud deployment
Hybrid Deployment
Updates under
IT control
Always the latest
version of Microsoft
Office Professional
Plus
Hybrid deployment
Only
Ongoing updates:
Update running
RDSH VMs with GP,
WSUS, SC, and other
management tools
from on-premises
Image-based
updates: Upload a
new template image
and apply it to a
RemoteApp instance
Updates rolled out
automatically

26. #CampusDays
RemoteApp Template Image requirements
• The image size must be a multiple of MBs (1024)
• If you try to upload an image that is not an exact multiple, the upload will fail
• The image size must be 127 GB or smaller
• It must be on a VHD file (VHDX files are not currently supported)
• The VHD must not be a generation 2 virtual machine
• The VHD can be either fixed-size or dynamically expanding
• A dynamically expanding VHD is recommended because it takes less time to upload to Azure than a fixed-size
VHD file.
• The disk must be initialized using the Master Boot Record (MBR) partitioning style
• The GUID partition table (GPT) partition style is not supported.
• The VHD must contain a single installation of Windows Server 2012 R2.
• It can contain multiple volumes, but only one that contains an installation of Windows.
• The Remote Desktop Session Host (RDSH) role and the Desktop Experience feature must be installed
• The Remote Desktop Connection Broker role must not be installed.
• The Encrypting File System (EFS) must be disabled.
• The image must be SYSPREPed using the parameters /oobe /generalize /shutdown
• DO NOT use the /mode:vm parameter

27. #CampusDays
RemoteApp Image build process
1. Install Windows Server 2012 R2 in a Hyper-V VM
2. Install the Remote Desktop Session Host (RDSH) role and the Desktop Experience
feature
3. Install additional Windows features required by your applications
• .NET Framework 3.5
4. Install and configure the programs and applications you want to publish through
RemoteApp
• Office
• LOB
• Java
• Flash
• RMS Sharing
5. Perform any additional Windows configurations required by your applications
6. Disable the Encrypting File System (EFS)
7. SYSPREP the image

28. #CampusDays
RemoteApp Image Upload
• Install Azure PowerShell module
• Register image in Azure portal
• Download template image script
• Upload-AzureRemoteAppTemplateImage.ps1
• Upload
• .Upload-AzureRemoteAppTemplateImage.ps1 -SAS "?sv=2012-02-
12&sr=b&si=59174f0c-6dfb-4e5b-9171-
afcaf2c60b0e&sig=DNdfCon4QaVsz0iSP4mWYcPrngtVecoxAPWav43bAE8%3D" -URI
"https://cdvwe065826859rdcm.blob.core.windows.net/goldimages/59174f0c-
6dfb-4e5b-9171-afcaf2c60b0e.vhd"

29. #CampusDays
Image building tips
• Include troubleshooting tools in your images by default
• Add language packs
• Try to make as many customizations in image as possible
• Do not rely on Group Policy
• PowerShell DSC
• Create a copy before running Sysprep so you can start where you left off
• Use version numbers in image names
• Keep a change log for each image

30. #CampusDays
Azure RemoteApp Clients

31. #CampusDays
RemoteApp Supported Client platforms
• Dedicated RemoteApp client
• Windows 7
• Windows 8
• Windows RT
• Client leverages underlying RDP client
• Integrated into RDP app
• Mac
• iOS
• Android
• Windows Phone 8

32. #CampusDays
About profile disks
• User profiles stored in VHDs attached to user profile directory via mount
point in file system
• WindowsAzureDrive
• Profile disks are pr. Azure RemoteApp deployment
• No way to wipe profile today
• Common troubleshooting technique for
Remote Desktops
• Disks mapped by username, not GUID
• User delete/recreate leads to profile
permission issues

33. #CampusDays
RemoteApp Additional Info
Features
Optmizations
Billing
More Information

34. #CampusDays
RemoteApp Features (1)
Price (per user) Free during preview
Window Server version Windows Server 2012 R2
Microsoft Office Professional Plus 2013 
Bring your own applications  (Cloud and Hybrid)
Planned device/OS support
Windows 8.x, Windows 7, Windows RT,
Windows Phone 8.1, iOS, Android, Mac OS X
Microsoft account support  (Cloud deployment)
Active Directory, virtual network (optional) 
Storage (per user) 50 GB
Regions
U.S. East, U.S. West, Europe North, Europe West,
Asia Pacific East, Asia Pacific Southeast

35. #CampusDays
Features (2)
Copy/paste support 
Printer redirection 
Drive redirection 
Full desktop No (under evaluation)
Sound and sound redirection 
Assign app to group No
Manage service via PS Probably
Run an app based on local file association No
Delete corrupt profiles Probably
Golden image in Azure IaaS VM Planned
Host reboot Cloud: No
Hybrid: Manually
Unified vNet Management Planned
ClickOnce Application Support 

36. #CampusDays
RemoteApp Optimization
• Network latency will impact end user experience
• Get an estimate of latency using ping or azurespeedtest.azurewebsites.net
• Optimizations:
• Automatic network detection
• Bitmap caching
• UDP transport
• RemoteFX
• Use latest RDP client possible

38. #CampusDays
RemoteApp Scaling
• Service never scales below 2 VMs
• 10 users (5/VM)
• While new instances are provisioned

39. #CampusDays
More information
• Azure RemoteApp website: http://remoteapp.azure.com
• Documentation: http://azure.microsoft.com/en-us/
documentation/services/remoteapp/
• Remote Desktop Services Blog: http://blogs.msdn.com/b/rds/

40. #CampusDays
The Riddle
Azure is a variation of blue that is
often described as the color of the sky
on a clear summer's day. Its dominant
wavelength is about 488 nm.
On the RGB color wheel, "azure" (color
#007FFF) is defined as the color at 210
degrees, i.e., the hue halfway between
blue and cyan.

41. EVENT SPONSORER
TRACK SPONSORER
EXPO SPONSORER

42. #CampusDays
Q&A
#Ask me about everything!
Join me at the Microsoft Booth the next
30 minutes @Meet The Experts
Dont forget to: Evaluate this session!