By Mary Branscombe and Azure Security News
Windows is getting ever closer to being a service. Part of that is the (not always successful) regular updates every six months, but Microsoft Managed Desktop and the new Windows Virtual Desktop (WVD) service on Azure are the other half of this.
If you don’t want the work of managing PCs and applications like Office 365, you can hand all that over to Microsoft. Or you can use WVD to put Windows on Azure as virtual desktops, where they’re much easier to patch and protect. So much easier, in fact, that if you put your Windows 7 desktops there, Microsoft will give you the extended security updates — which usually cost a deliberately high percentage of your support arrangement — free for three years (until January 2023).
Azure is already a popular destination for Windows desktop virtualisation using the traditional Remote Desktop Session Host (Terminal Services) approach with Windows Server — RDSH accounts for nearly 10 percent of Azure compute hours. When it launches, WVD will make Azure an even more appealing place to run virtual Windows desktops.
First, you don’t need to pay for any extra licences or CALs to use it. WVD usage rights are included in the Windows E3 and Office 365 Pro Plus licences that many enterprises already have — they’re effectively virtual desktop access rights and Office 365 subscription rights, and the full list is: Microsoft 365 E3, E5 and F1 licences, including educational E3, E5 and F1, plus Windows E3 and E5. All you’re paying for is the Azure compute and storage to run Windows 10 Enterprise and the Office applications (Excel, Outlook, PowerPoint, Word, Access, Project, Publisher and Visio), using Azure VM scale sets so you get as much compute as necessary for the users who are logged on. You can pick the VM size you want to use, and if your usage is predictable you can do that with budget Azure Reserved VM Instances.
And you don’t need one VM per user: WVD is the only way to run what Microsoft calls ‘multi-user Windows’ virtually. That means that one WVD VM on Azure can support two or more Windows users at the same time, all logged in with their own desktop and running their own applications in Windows and accessing their own files. (That’s been possible with Windows Server, but you don’t get the full compatibility of the Windows client desktop so there’s no Cortana or Windows Store apps, and it hasn’t shown up in cloud Desktop as a Service offerings.) Microsoft hasn’t published exact numbers for every scenario yet, but at Ignite there was talk of running 120 users on five VMs or having 24 users whose peak usage needs two virtual CPUs and 4GB of RAM, each running on a single VM with 8 virtual CPUs and 32GB of RAM, rather than 24 VMs with a total of 48 virtual CPUs and 96GB of RAM.
You can have different host pools with different resources and different rights for different types of users — not every user needs an admin account, for example, so you can limit those who do to a specific host pool. You also can have Azure pick the right VM size and specification for common workloads, and assign individual users or AD groups.
Persistent desktops or non-persistent multi-user session host farms are available, and you can choose how many users you have per CPU as well as how to load-balance users across the host pool. Resources can be evenly spread across all VMs at all times with ‘breadth’ mode, or ‘depth’ mode load balancing can be employed, where WVD fills up a VM with users before spinning up another one when more users log on.
SEE: 20 pro tips to make Windows 10 work the way you want (free PDF)
All this should make WVD a much cheaper way to run virtualisation: usually, you’re paying for the management tools, which are now free in the Azure portal, as well as for hardware or VMs to support all your individual users at peak usage (which not everyone needs all the time). Initially there will be a limited portal plus PowerShell support; services like ServiceNow can integrate through the REST APIs, and there will be a complete Azure portal UI for deployment and management when WVD is fully available. The sophisticated set of objects and commandlets means you can write PowerShell scripts to, say, start VMs so users don’t have to wait for them to be provisioned before they can get to work, or automate provisioning with ARM (Azure Resource Manager) templates.
Microsoft manages a lot of the VDI solution for you — web access, gateways, diagnostics, load balancing and the broker — so you don’t have to provision, manage, maintain and patch those infrastructure roles yourself. (This is based on multi-tenant Azure Web Apps, and is what Microsoft used to talk about as the Remote Desktop modern infrastructure [RDmi], which evolved into WVD.)
You can run Windows 7 Enterprise or Windows 10 Enterprise on WVD and even Windows Server 2012 R2+ (if you need that for developers or your existing virtualisation setup, although you will then need to pay for RDS client access licences). That’s a familiar experience for users, and for desktop administrators. You can virtualise the entire Windows desktop or for Windows 7 you can virtualise specific applications, which allows you to mix-and-match local and virtual applications.
SEE: Windows 10 power tips: Secret shortcuts to your favorite settings (Tech Pro Research)
Users can access WVD via the browser on whatever device they’re using, whether that’s a Mac or a Chromebook or an iPad, signing in through Azure AD. If it’s an unmanaged device, admins can require them to sign in with multi-factor authentication, and no data is left behind on the device after they disconnect — even if they’ve copied it into their clipboard.
But if they’re on a Windows 10 PC, users can access applications running in a virtual Windows desktop on Azure on their own desktop, sharing files or copying and pasting between them because hosted apps interact with local desktop apps as if they were running locally. Those hosted apps show up in the Start menu automatically (through the RDS feed, with all the different applications and desktops the user has access to) and sit in the Windows taskbar as usual, with a flag to mark that they’re not installed locally. (If that sounds familiar, it might be because some of the team behind WVD also created the Azure RemoteApp service.)
Application compatibility is the usual reason that organizations are still running Windows 7: if you run those applications you aren’t ready to migrate to Windows 10 in WVD on your Windows 7 licences, you get the benefits of running Windows 10 with much less work.
Roadmap and competition
WVD is currently in private preview (Microsoft isn’t accepting more applications for that) and organizations that have signed up have access to multi-user images in the Azure gallery and you’ll also be able to upload your own custom images to use. The public preview is expected this month or January 2019 (organizations can sign up for that in advance), but the launch date isn’t more specific than the first half of 2019.
WVD clearly competes with other desktop-as-a-service (DaaS) and VDI options, and the fact that it’s the only service with Windows 7 updates and multi-user support is an obvious advantage. Other desktop virtualisation providers will have to integrate with WVD to stay relevant, especially where they have tools that improve WVD (like ThinPrint’s cloud printing system or Lakeside’s resource monitoring tools).
Microsoft’s acquisition of FSLogix will definitely improve WVD by speeding up the time it takes to load user profiles in Outlook and OneDrive. These have to be copied to the VM for each user when they first log in instead of being cached on the PC they use every day, and the Outlook and Windows search indexes take time to build. Persistent desktops that always put the same user on the same machine will also help with that. Microsoft hasn’t yet said whether that FSLogix will only be available as part of WVD, but there are also partner solutions for WVD like Liquidware’s ProfileUnity that moves the user profile to a virtual disk that can be read in more quickly (that also works with multiple cloud Windows virtualisation services).
If you’re already using Citrix to virtualise applications, you can combine that with WVD using Citrix Workspace Windows Virtual Desktop. Virtualised apps and desktops will show up in the same Workspace interface for users and admins can monitor both environments with the same performance and security analytics tools. CloudJumper also lets customers monitor and manage WVD through its Cloud Workspace Management Suite, alongside CloudJumper virtual desktops and workspaces. That makes it easier for organizations already invested in desktop virtualisation to take advantage of the extra options and free virtualisation in WVD, which makes it an even more attractive option.
There are also Microsoft Cloud Solution Provider partners who can help organizations move to WVD, so it’s not accurate to view this as Microsoft gobbling up the VDI or DaaS market. WVD may bring more business to Azure, but it’s mostly just another option to make Windows easier for organizations to run. There’s even the possibility that WVD will come to Azure Stack to run in on-premises data centers.