Windows Virtual Desktop – A Game Changer?

Technology has traditionally played a game-changing role in society, because it’s ever-changing—in everything from tech gear and drones to artificial-intelligence assistants. Today, you can communicate in over 100 languages with Google Translate, and Google’s Pixel Buds puts a translator in your ear. There’s no reason to doubt that real-time translation will only get better in the near future. Perhaps you’ve heard of 3D printing. How about 3D metal printing? Desktop Metal is the biggest game changer in the metal 3D printing market, set to revolutionize manufacturing.

The Next Game Changer?

On September 24, 2018, Microsoft officially entered the Desktop as a service (DaaS) space by announcing Windows Virtual Desktop (WVD): a new desktop solution and service to be delivered on Azure.

What makes WVD unique?

Historically, desktop virtualization has been complex and costly to deploy and manage. WVD is slated to change this by using the Remote Desktop Modern Infrastructure (RDmi) to reduce the overhead of managing a virtual environment. Remote desktop infrastructure roles such as Gateway, Broker, Diagnostics, Web access, etc. will be managed and offered by Microsoft as a complete service on Azure, designed with simplicity and security in mind.

WVD introduces a never-before-seen Windows 10 multi-user experience that claims to be optimized for Office 365 ProPlus, scalable to deploy and manage, and offers the flexibility to virtualize desktops and apps to any endpoint device.

The benefit of architecting for multiple concurrent users against a single operating system or virtual machine (VM) all comes down to resource utilization. The single-VM-per-user model is typically sized based on anticipated peak usage. But in the typical workday, a task or an office worker rarely consumes the peak capacity of their VM resources—yet you still have to pay for the unused processing power and memory.

Consider a real-world scenario:

Imagine that 24 users each require 2 vCPUs and 4 GB of RAM. Instead of 24 dedicated VMs with a total of 48 vCPUs and 96 GB of RAM, with WVD & Windows 10 multi-user, you can deploy a single VM with 8 vCPUs and 32 GB of RAM and host all 24 users on the single VM. This configuration reduces the resource requirements by 80%, while still providing a good user experience.

This behavior may be adjusted by choosing any VM instance size from the Azure catalog to vary the density of users based on the workload type they require. A couple of preconfigured default workload types are available to help right-size the VM based on the total number of users (along with the ability to custom-size).

Additional Advantages

Unlike Windows server (which is traditionally used for multi-session), Windows 10 Enterprise is released on a semi-annual channel. Feature updates are released twice a year, which means testing and validation is simplified for desktops, laptops, and now the virtual environment, because they’re on the same consistent cadence.

This provides great app compatibility and allows users to have a consistent experience across their personal desktops and in a multi-session environment with access to Win32 apps and modern apps like Edge, Cortana, and Universal Apps.

If you have Windows 7 requirements, you can move these workloads to Azure, and as part of WVD you’ll get three years of Windows 7 Extended Security Updates free (after the end of extended support on Jan 14, 2020).

WVD also claims to be highly optimized to run Office 365 ProPlus apps like Outlook, OneNote, & OneDrive in persistent and non-persistent multi-user session farms.

Highly Optimized – How so?

Like a missing puzzle piece, on November 19, 2018, Microsoft announced the acquisition of FSLogix, a well-known next-generation app-provisioning platform that reduces resources, time, and labor required to support virtualization. Aligned with Microsoft, FSLogix will continue to enable faster load times for user profiles in Outlook and OneDrive. Optimizations include User Profile Containers with no Roaming Profiles or Folder Redirection, Office 365 Containers that enable Outlook caching and Windows Search support, OneDrive for Business support, OneNote caching, Skype for Business Global Address List caching, Native SharePoint support in Windows Explorer, Microsoft Teams support for virtual desktops, and computer-activation-license roaming.

Additionally, FSLogix offers Java Redirection and App Masking to help reduce the number of Windows gold images.

How do we manage this?

FSLogix puts you in control of your Windows images and apps (additional details to emerge). Existing tools like SCCM or Intune may be used to manage them (i.e. with security patching, etc.). Available images are in the Azure gallery, but you may also upload custom images. One only pays for the resources consumed in the subscription, or the Infrastructure as a Service (IaaS) being used to host the apps and desktops. Everything else is provided with the service.

The agility of how users are distributed across VMs is provided by load-balancing algorithms. This gives you the flexibility to create working environments for different users or groups within an organization.

WVD has a full set of rest APIs for automation, PowerShell cmdlets, the Azure Marketplace tool, and Azure Resource Manager (ARM) templates that will be available along with a full Azure portal experience for both management and deployment.

Licensing

WVD is free if you’re a Microsoft 365 E3, E5, or F1 customer, or a Windows E3 or E5 customer.

Security and Architecture

With RDmi, the architecture around how remote devices connect has changed. You no longer come inward to the network. Instead, you negotiate the cloud connection through the gateway and brokering service. Microsoft establishes an outbound connection from your environment to the service in Azure, allowing you to secure the edge of your network and insert Azure Active Directory (AD) between the users and the corporate network for remote apps & desktops. This means Azure security features such as conditional access, Multi-Factor Authentication, and Intelligent Security Graph may be used, while still maintaining back-end compatibility of having Windows VMs joined with classic AD domains and synced to Azure AD. With this security boundary, no residual data is left behind. Corporate assets are protected, and users can login via a browser.

If workloads require access to on-prem resources, you have the ability to connect them through either VPN or through the variety of available ExpressRoutes.

Security and Performance

In the past, disabling Windows Defender in VDI environments was recommended due to performance impacts, but Windows Defender is now optimized for multi-user mode. You may even use Search. This spring, a new management option will become available in the Windows release to help reduce the CPU and network overhead for installing security intelligence updates. More improvements that target VM performance will also be incorporated into the antivirus engine.

Final Notes

Microsoft is allowing good-standing partners, and vendors like Citrix, to inject their own management plane into the WVD management control plane, by way of rest APIs. This will allow Citrix to sell Microsoft WVD as a Microsoft Cloud Service Provider and integrate its own products and service offerings, such as Citrix Workspace (additional ecosystem partners include CloudJumper and Liquidware).

WVD is now in public preview, If you haven’t already please visit the preview page here. Time will tell if WVD becomes the next game changer. But it will definitely shake-up the Desktop as a Service (DaaS) world this year. Lastly, if you’re interested in learning more about Windows Virtual Desktop (WVD) or DaaS, please reach out to us. We’d love to help you out.

Share on

linkedin sharing button twitter sharing button