Is There a Microsoft “Mobile First, Cloud First” Strategy for VDI?
Since Satya Nadella became Microsoft’s CEO, “mobile first, cloud first” is the new mantra. But what about Windows desktops and applications delivered from the cloud? If you want to establish an enterprise-level VDI or remote desktop environment that is only based on Microsoft products and components, you will be confronted with different management challenges. While the individual components of an RDVH/RDSH environment are great, putting them together properly and maintaining them sufficiently is a dark art. Sure thing, Citrix and VMware are able to compensate such shortcomings, but is this what Microsoft really wants? If not, what are the missing pieces?
Here are my top 5 reasons preventing Microsoft from being successful in projects with the goal to cloudify Windows desktops and applications:
- In a private cloud scenario, Server Manager is a great tool to set up basic Remote Desktop Virtualization Host (RDVH aka VDI) or Remote Desktop Session Host (RDSH aka Terminal Server) environments. But as soon as you want to establish enterprise-level RDVH/RDSH environments, Server Manager is not sufficient. You may think that System Center can help you here, but there is no deep integration into Remote Desktop Services configuration workflows out of the box. Dynamically adding new RDSH/RDVH components, such as RD Gateway, RD Connection Broker and RD Web Access, for scale-out scenarios is simply painful.
- In a public cloud scenario, Azure does not offer Windows 7 or Windows 8.1 VMs. Even if it may technically be possible to upload your own Windows client VMs to Azure, the licensing model does not allow you to give users access to them. The only option is to run hosted Windows Server VMs in the Remote Desktop Session Host role. Existing RD CALs can be used with Azure since beginning of this year. But the current Microsoft Office license model does not allow you to deliver Word, Excel and PowerPoint from these remote desktops. Besides this, nobody knows if Azure was designed for running RDVH and RDSH loads in a scalable way.
- Remote Desktop Gateway (RDG) was designed to establish secure connection to RDVH/RDSH environments from outside the intranet. Unfortunately, RDG requires to be Active Directory domain joined while sitting in the DMZ. This produces security risks most enterprise customers are not willing to accept. Adding a reverse proxy to the RDS architecture would be an adequate solution to this problem, but Microsoft decided to discontinue ISA Server. There’s also no official recommendation for a third party reverse proxy solution which may help solving the issue.
- There is no tool for daily user and system management tasks, like on-ramping new users, assigning users to new application sets after they changed their work role or managing temporary contractors. System Center Orchestrator may be a good solution, but there are no blueprints for such VDI-related workflows. A dedicated RDS management and monitoring tool would be very beneficial.
- There is no real image management and image streaming for RDVH environments, only sysprep and unattended setup. The underlying rather old-school Windows image management concepts would probably work fine if they were properly integrated with SMB3 and disk deduplication. System Center Virtual Machine Manager does not help here as using it for VDI guest image management is either painful or even impossible.
These are only my personal top 5 issues, but there are more. Here are some examples, just to give you an overview: There is no way to mix and match RDSH and RDVH deployments, only separate collections are allowed. The range of supported client platforms is still incomplete, in particular on the mobile client side (Windows Phone, ChromeBook, and Blackberry). There is no integrated management console which includes things like App-V or UE-V. The different profile management solutions roaming profiles, UE-V and User Profile Disk are not compatible with each other and there is no clear recommendation when to use what. There is no overall planning and deployment tool for RDSH/RDVH. Pooled VDI with multiple Hyper-V differencing images seems not to be very scalable and is definitely not manageable. There is no proper management of RD Connection Broker load balancing without modifying DNS settings. In addition, RDCB doesn’t allow the integration of physical machines into a collection. There is no simple way of customizing RD Web Access, only a quite complex web feed mechanism and no design tool for customizing the UI. Certificates are required at several places, but there is no overall management. There is no hybrid cloud management concept, combining RDVH/RDSH environments on premises and on Azure. And I wish there was a GPU-accelerated remoting concept that went beyond today’s RemoteFX basic graphics API intercept, supporting the full range of OpenGL and other modern high-end graphics APIs. And no, I will not start talking about VDA licensing today – it would not be good for my mental health.
That’s it for the moment. As I said earlier, I really like the individual RDS components, but they are a pain in the back to put together for enterprise-level environments. And I know for sure that Microsoft has the potential to come up with much better VDI and cloud solutions, but unfortunately they seem to be a little bit slow on this side. But if someone still wants to go Microsoft-only, I can offer to help you with such an RDVH/RDSH-only project. If there is a will, there is also a way.
Finally, here is a nice statement by Klaas Longhout, the director of the RDS Product Group, about what his recommendation is regarding Microsoft-only VDI/TS environments: “The guidance we give our sales team is that in general, they should start with Citrix + Microsoft as the best solution (all clients and hosts supported, best performing hypervisor (Hyper-V) + best high scale management solution). If the customer decides they do not want to go with a joint solution, we then specify that RDS is great if they do *not* need high scale admin GUI, have the correct clients supported (e.g. we don’t have a great XP, RIM, Chromebook, etc), correct hosts supported (we don’t support Vista, XP, etc), then RDS is a scalable solution with PowerShell.” Look at that, this statement in fact reflects reality. So nobody can say that the members of the RDS PG don’t know the limitations of their own product. And I know for sure that they are smart and skilled enough to fix the issues – if they were only allowed to do so. Okay Mr. Nadella, it’s your turn now! Make sure that your “mobile first, cloud first” strategy gets applied to Windows desktops as well.