VDI-in-a-Box!Microsoft Desktop Virtualization

for Smaller Scenarios and Businesses

Greg ShieldsSenior Partner & Principal Technologist

www.ConcentratedTech.com

IT’s Mission Statement,Compliments of…Well…Me.

• “It is the core mission of IT to create, manage, and ensure the secured access to business applications and data.”

Greg Shields,

TechNet Magazine,

February, 2010

Fulfilling that Mission

• We IT Pros troubleshoot desktops.We IT Pros fix printers.We IT Pros install software.We IT Pros keep the network running.

• But above all else, our job is to create and manage that secured access to our business’ applications and data.● Without it, our business cannot operate.● Without it, we have no job.

DISCUSS: How Do We Do That?

• What mechanisms are available today to deliver applications and data to users?

IT 2.0:Delivering Applications and Data

• What mechanisms are available today to deliver applications and data to users?● Local desktops & laptops● File servers and shares● App-V● Remote Desktop Services● Virtualized RDS● RemoteApp for Hyper-V● XP Mode / MED-V / Client Virtualization ● VDI, Pooled Virtual Desktops● VDI, Personal Virtual Desktops

Increasing Com

plexityIncreasing M

anagement B

urdenIncreasing O

verhead Cost

Lightweight to HEAVYweight Spectrum

● Local desktops & laptops● File servers and shares● Remote Desktop Services● App-V● Virtualized RDS● RemoteApp for Hyper-V● XP Mode / MED-V / Client Virtualization ● VDI, Pooled Virtual Desktops● VDI, Personal Virtual Desktops

Lightweight

HEAVYweight

PUTTING THE PIECES TOGETHER

Architecting a VDI Infrastructure

SOLUTION: Right-size Application Delivery to User Needs

• IT’s 2.0 approach concerns itself as much with how the app is delivered as the app itself.

1. Direct Installation

2. Streamed Installation

3. RDS session hosting

4. VDI

• VDI can be an excellent solution forapps that don’t work atop XP/2008!

SOLUTION: Right-size Application Delivery to User Needs

• For small scenarios and needs, VDI-in-a-Box aggregates Microsoft’s VDI functions onto a single server.

• With RemoteApp for Hyper-V, users needn’t know they’re on a hosted desktop.

RDS

Hyper-V Web Access

Conn. Broker

BUILDING A VDI-IN-A-BOXExtended Demo

Step 1: Install Components

• Install RDS Role Services to Server● RD Session Host● RD Virtualization Host (adds Hyper-V)● RD Connection Broker● RD Web Access (adds IIS)● RD Licensing*

Step 2: Generate & Install Certs

• Remote Desktop Connection Manager● Virtual Desktops: Resources & Configuration● Digital Signature● Sign with Digital Certificate

• This will install a self-signed certificate.● The usual caveats about using self-signed certificates

apply here.

Step 3: Spoof the Trust on this Cert

• Use Group Policy● Computer Configuration | Policies | Admin Templates |

Windows Components | RDS | Remote Desktop Connection Client

● Specify SHA1 thumbprints of certificates representing trusted .rdp publishers.

● Enter the certificate thumbprint.

• Doing this forces RDS to trust your self-signed certificate.

Step 4: Create and ConfigureVirtual Machines

• Install Windows 7 or Windows XP machines.• Install Integration Services (if necessary).• Enable Remote Desktop.• Configure the Remote Desktop Users Group.• Enable Remote RPC for RDS

● HKLM\System\CurrentControlSet\Control\TerminalServer; AllowRemoteRPC = 1

• Enable Firewall Exceptions● Remote Desktop Services● Remote Service Management

Step 4½: Create and ConfigureVirtual Machines

• Add RDP Protocol Permissions.● wmic /node:localhost RDPERMISSIONS where

TerminalName="RDP-Tcp" CALL AddAccount "contoso\rdvh-srv$",1● wmic /node:localhost RDACCOUNT where "(TerminalName='RDP-Tcp'

or TerminalName='Console') and AccountName='contoso\\rdvh-srv$'" CALL ModifyPermissions 0,1

● wmic /node:localhost RDACCOUNT where "(TerminalName='RDP-Tcp' or TerminalName='Console') and AccountName='contoso\\rdvh-srv$'" CALL ModifyPermissions 2,1

● wmic /node:localhost RDACCOUNT where "(TerminalName='RDP-Tcp' or TerminalName='Console') and AccountName='contoso\\rdvh-srv$'" CALL ModifyPermissions 9,1

● net stop termservice● net start termservice

Step 4¾: Create and ConfigureVirtual Machines

• Add the RD Virtualization Host’s Computer Account to the VM’s Administrator’s Group.

• Reboot.

• Enable Snapshot Rollback.● Right-click the VM and choose Snapshot.● Rename the Snapshot to “RDV_Rollback”.

Step 5: Configure RD Web Access

• Add the Server’s computer account to the local TS Web Access Computers group.

• Configure RD Web Access to Point toRD Connection Broker.

Step 5: Configure the Desktop Pool

• Back in RD Connection Manager, start the Configure Virtual Desktops wizard.● Add the server as an RD Virtualization Host.● Add the server as an RD Session Host.● Clear the Assign personal virtual desktop box.

• Create a Virtual Desktop Pool.● Add the virtual desktops you just created.● Supply Display Name and Pool ID.

Step 6: Start Your Virtual Desktop!

• Navigate to https://server/rdweb.● Double-click on the Desktop Pool you just created.● Voila!

Desktops to RemoteApps

• Yet, there are problems with deploying desktops.● Double-desktops to manage.● Double-desktops to secure and update.● Retaining an old OS past its lifetime.● Deploying a HEAVYweight solution to fix a lightweight

problem.

Desktops to RemoteApps

• Yet, there are problems with deploying desktops.● Double-desktops to manage.● Double-desktops to secure and update.● Retaining an old OS past its lifetime.● Deploying a HEAVYweight solution to fix a lightweight

problem.

• In the end, you just have a few applications that need a different delivery mechanism.

• BETTER SOLUTION: RemoteApp for Hyper-V!

RemoteApp for Hyper-V

• Yet, there are problems with deploying desktops.● Double-desktops to manage.● Double-desktops to secure and update.● Retaining an old OS past its lifetime.● Deploying a HEAVYweight solution to fix a lightweight

problem.

VDI: How Users Connect

• With traditional VDI, users connect to a provisioned desktop that resides in a pool.

RAFH-V: How Users Connect

• With RemoteApp for Hyper-V, users instead connect seamlessly to an application on a pooled desktop.

RAFH-V: Provisioning Applications

• Using RemoteApp for Hyper-V, problem applications can be delivered to users directly.

● Hosted atop a pooled desktop.● Maintains the VDI architecture, installs problem applications

away from user desktops.● Remotable across any network connection supported by RDP.● User experience improved greatly by SP1.

RAFH-V: Provisioning Applications

• Using RemoteApp for Hyper-V, problem applications can be delivered to users directly.

● Hosted atop a pooled desktop.● Maintains the VDI architecture, installs problem applications

away from user desktops.● Remotable across any network connection supported by RDP.● User experience improved greatly by SP1.

• One major limitation: No support (currently) for RD Gateway or RemoteApp and Desktop Connection.

● I am currently researching why this limitation exists.

REMOTEAPP FOR HYPER-VExtended Demo

Step 7: RemoteApp for Hyper-V

• Open the Remote Desktop Client.• Create a new connection, as if it were a direct

connection.• Save the RDP file and manually add…

● Remoteappapplicationmode:i:1● Alternate shell:s:rdpinit.exe● RemoteApplicationName:s:{appName}● RemoteApplicationProgram:s:{appProgram}● DisableAppCapsCheck:i:1● Prompt for Credentials on Client:i:1● Loadbalanceinfo:s:tsv://vmresource.1.{poolID}

Step 7: RemoteApp for Hyper-V

• Finally provision RDP file to users.● Group Policy Preferences● Systems Management Solution

Lightweight to HEAVYweight Spectrum

● Local desktops & laptops● File servers and shares● Remote Desktop Services● App-V● Virtualized RDS● RemoteApp for Hyper-V● XP Mode / MED-V / Client Virtualization ● VDI, Pooled Virtual Desktops● VDI, Personal Virtual Desktops

Lightweight

HEAVYweight

Your Feedback is Important

Please fill out a session evaluation form drop it off at the conference registration

desk.

Thank you!