3. IT’s Mission Statement,Compliments of…Well…Me. “It is the core mission of IT to create, manage, and ensure the secured access to business applications and data.” Greg Shields, TechNet Magazine, February, 2010
4. Fulfilling that Mission We IT Pros troubleshoot desktops.We IT Pros fix printers.We IT Pros install software.We IT Pros keep the network running. But above all else, our job is to create and manage that secured access to our business’ applications and data. Without it, our business cannot operate. Without it, we have no job.
5. DISCUSS: How Do We Do That? What mechanisms are available today to deliver applications and data to users?
6. IT 2.0:Delivering Applications and Data What mechanisms are available today to deliver applications and data to users? Local desktops & laptops File servers and shares App-V Remote Desktop Services Virtualized RDS RemoteApp for Hyper-V XP Mode / MED-V / Client Virtualization VDI, Pooled Virtual Desktops VDI, Personal Virtual Desktops Increasing Complexity Increasing Management Burden Increasing Overhead Cost
7. Lightweight to HEAVYweight Spectrum Local desktops & laptops File servers and shares Remote Desktop Services App-V Virtualized RDS RemoteApp for Hyper-V XP Mode / MED-V / Client Virtualization VDI, Pooled Virtual Desktops VDI, Personal Virtual Desktops Lightweight HEAVYweight
18. SOLUTION: Right-size Application Delivery to User Needs IT’s 2.0 approach concerns itself as much with how the app is delivered as the app itself. Direct Installation Streamed Installation RDS session hosting VDI VDI can be an excellent solution forapps that don’t work atop XP/2008!
19. SOLUTION: Right-size Application Delivery to User Needs For small scenarios and needs, VDI-in-a-Box aggregates Microsoft’s VDI functions onto a single server. With RemoteApp for Hyper-V, users needn’t know they’re on a hosted desktop. RDS Conn. Broker Hyper-V Web Access
21. Step 1: Install Components Install RDS Role Services to Server RD Session Host RD Virtualization Host (adds Hyper-V) RD Connection Broker RD Web Access (adds IIS) RD Licensing*
22. Step 2: Generate & Install Certs Remote Desktop Connection Manager Virtual Desktops: Resources & Configuration Digital Signature Sign with Digital Certificate This will install a self-signed certificate. The usual caveats about using self-signed certificates apply here.
23. Step 3: Spoof the Trust on this Cert Use Group Policy Computer Configuration | Policies | Admin Templates | Windows Components | RDS | Remote Desktop Connection Client Specify SHA1 thumbprints of certificates representing trusted .rdp publishers. Enter the certificate thumbprint. Doing this forces RDS to trust your self-signed certificate.
24. Step 4: Create and ConfigureVirtual Machines Install Windows 7 or Windows XP machines. Install Integration Services (if necessary). Enable Remote Desktop. Configure the Remote Desktop Users Group. Enable Remote RPC for RDS HKLMystemurrentControlSetontrolerminalServer; AllowRemoteRPC = 1 Enable Firewall Exceptions Remote Desktop Services Remote Service Management
25. Step 4½: Create and ConfigureVirtual Machines Add RDP Protocol Permissions. wmic/node:localhost RDPERMISSIONS whereTerminalName="RDP-Tcp" CALL AddAccount "contosodvh-srv$",1 wmic/node:localhost RDACCOUNT where "(TerminalName='RDP-Tcp' or TerminalName='Console') and AccountName='contosordvh-srv$'" CALL ModifyPermissions 0,1 wmic/node:localhost RDACCOUNT where "(TerminalName='RDP-Tcp' or TerminalName='Console') and AccountName='contosordvh-srv$'" CALL ModifyPermissions 2,1 wmic/node:localhost RDACCOUNT where "(TerminalName='RDP-Tcp' or TerminalName='Console') and AccountName='contosordvh-srv$'" CALL ModifyPermissions 9,1 net stop termservice net start termservice
26. Step 4¾: Create and ConfigureVirtual Machines Add the RD Virtualization Host’s Computer Account to the VM’s Administrator’s Group. Reboot. Enable Snapshot Rollback. Right-click the VM and choose Snapshot. Rename the Snapshot to “RDV_Rollback”.
27. Step 5: Configure RD Web Access Add the Server’s computer account to the local TS Web Access Computers group. Configure RD Web Access to Point toRD Connection Broker.
28. Step 5: Configure the Desktop Pool Back in RD Connection Manager, start the Configure Virtual Desktops wizard. Add the server as an RD Virtualization Host. Add the server as an RD Session Host. Clear the Assign personal virtual desktop box. Create a Virtual Desktop Pool. Add the virtual desktops you just created. Supply Display Name and Pool ID.
29. Step 6: Start Your Virtual Desktop! Navigate to https://server/rdweb. Double-click on the Desktop Pool you just created. Voila!
30. Desktops to RemoteApps Yet, there are problems with deploying desktops. Double-desktops to manage. Double-desktops to secure and update. Retaining an old OS past its lifetime. Deploying a HEAVYweight solution to fix a lightweight problem.
31. Desktops to RemoteApps Yet, there are problems with deploying desktops. Double-desktops to manage. Double-desktops to secure and update. Retaining an old OS past its lifetime. Deploying a HEAVYweight solution to fix a lightweight problem. In the end, you just have a few applications that need a different delivery mechanism. BETTER SOLUTION: RemoteApp for Hyper-V!
32. RemoteApp for Hyper-V Yet, there are problems with deploying desktops. Double-desktops to manage. Double-desktops to secure and update. Retaining an old OS past its lifetime. Deploying a HEAVYweight solution to fix a lightweight problem.
33. VDI: How Users Connect With traditional VDI, users connect to a provisioned desktop that resides in a pool.
34. RAFH-V: How Users Connect With RemoteApp for Hyper-V, users instead connect seamlessly to an application on a pooled desktop.
35. RAFH-V: Provisioning Applications Using RemoteApp for Hyper-V, problem applications can be delivered to users directly. Hosted atop a pooled desktop. Maintains the VDI architecture, installs problem applications away from user desktops. Remotable across any network connection supported by RDP. User experience improved greatly by SP1.
36. RAFH-V: Provisioning Applications Using RemoteApp for Hyper-V, problem applications can be delivered to users directly. Hosted atop a pooled desktop. Maintains the VDI architecture, installs problem applications away from user desktops. Remotable across any network connection supported by RDP. User experience improved greatly by SP1. One major limitation: No support (currently) for RD Gateway or RemoteApp and Desktop Connection. I am currently researching why this limitation exists.
38. Step 7: RemoteApp for Hyper-V Open the Remote Desktop Client. Create a new connection, as if it were a direct connection. Save the RDP file and manually add… Remoteappapplicationmode:i:1 Alternate shell:s:rdpinit.exe RemoteApplicationName:s:{appName} RemoteApplicationProgram:s:{appProgram} DisableAppCapsCheck:i:1 Prompt for Credentials on Client:i:1 Loadbalanceinfo:s:tsv://vmresource.1.{poolID}
39. Step 7: RemoteApp for Hyper-V Finally provision RDP file to users. Group Policy Preferences Systems Management Solution
40. Lightweight to HEAVYweight Spectrum Local desktops & laptops File servers and shares Remote Desktop Services App-V Virtualized RDS RemoteApp for Hyper-V XP Mode / MED-V / Client Virtualization VDI, Pooled Virtual Desktops VDI, Personal Virtual Desktops Lightweight HEAVYweight
41. Your Feedback is Important Please fill out a session evaluation form drop it off at the conference registration desk. Thank you!