I spent all of last week at Microsoft Ignite. On Monday, I presented a theater session about remote end-user experience benchmarking using REX Analytics in front of a fairly large crowd in the expo hall. I also saw Freek Berson's theater session on virtual desktops in the cloud, did some FSLogix booth duty, attended a few breakout sessions every day, and had some great conversations. It was a busy week!
I wrote this blog post sitting at the Orlando airport waiting for my flight out, trying to digest the week and rest my legs—I heard from several attendees that they walked 6+ miles in the conference center every day. Sometimes this all felt like a workout program for geeks, with some information sharing as a bonus. But was this bonus worth all the walking?
When Satya Nadella opened Ignite, he set the stage: it's all about the intelligent cloud, modern workplaces, smart infrastructure, and business applications. Well, this is generic enough that it requires some further clarification. Satya said that his ambition is to empower every person and every organization on the planet to achieve more.
Well okay, now that we know what his vision is, we want to learn the details. For Windows remoting experts like me, the central questions are all around the future role of desktop virtualization. In the following are my personal interpretations and findings when trying to find real answers at Ignite.
Remote Desktop Services context
Before digging into the details, I want to explain the title of this article. After Microsoft's decision to retire Azure RemoteApp (ARA) about a year ago, the RDS product team underwent a major reorganization that was even visible from the outside. If you wanted to compare the RDS team with a forest, a substantial part of it was burned down by a wildfire and only the strongest trees survived. But now, fresh young trees are growing from the ashes in an environment with open sky. Some early results are fascinating and were long awaited, which also includes collaboration with other Microsoft product groups. It kind of feels like “RDS Unchained.” Another title could have been "The rise of the RDS Phoenix," but I thought that this would go too far.
According to Satya, the modern workplace will be represented by Microsoft 365. In a nutshell, this is Office 365, Windows 10, and Enterprise Mobility + Security (which includes Intune) in a single license bundle. When I understand this announcement right, Microsoft 365 includes a Windows 10 license assigned to a user (and not to a device). I had a chat with some Microsoft 365 product group members in the expo hall and they confirmed that this Windows license can be used on-prem or in Azure. They agreed that it allows the hosting of a personal Windows 10 VM on Azure, with remote access from any device, and with authentication and authorization by Azure Active Directory. Availability should be within the next 3 to 6 months. It's like a dream finally coming true: personal remote Windows 10 desktops in the cloud without weird licensing conditions.
The breakout session "Learn about our vision and upcoming innovations for Microsoft Remote Desktop Services" was delivered by Joydeep Mukherjee, Scott Manchester, and David Belanger. The opening message was "more secure, more cloud ready, and Windows apps everywhere."
Scott presented the cloud side of the story, starting with security. In the future, RD server authentication will be powered by Intelligent Security Graph, which includes Azure Active Directory, single sign-on, multi-factor authentication, and conditional access. In a demo, he showed an enlightened RDP client with MFA connecting to resources published from an environment based on the brand-new RD modern infrastructure (RDmi) hosted in Azure. None of the RD backend services—such as RD Connection Broker, RD Web Access or RD Gateway—were running on top of an Azure VM. Instead, they were all implemented as .NET Core services delivered in a PaaS model. An integrated Azure console prototyped by the external partner PeopleTech allowed basic RDmi management. The highlights of the upcoming RDmi backend are that it's not part of a domain, and that only port 443 needs to be open to the outside to connect. One or more app and desktop host deployment groups (formerly called Collections) are located in separate networks, allowing true multi-tenancy. This means that RD Session Host servers or Windows 10 VMs can be grouped within multiple deployments, with each deployment belonging to a different Active Directory domain. This is great news for cloud service providers, hosters, and large enterprises.
Citrix’s Sridhar Mullapudi also had a guest spot in the session, highlighting some of the now-familiar aspects of the Citrix–Microsoft partnership.
David Belanger continued the session with the client side of the story. He demonstrated a Mac client leveraging the new cross-platform RD core engine. This new client engine comes with an SDK and may replace the current MSTSC component one day. It allows third parties to build their own remote connection client software, connecting to virtual desktops and applications from a range of client operating systems. David also showed a new Windows 10 Universal Windows Platform (UWP) client designed for Windows 10 and Windows 10 S. It supports multiple remote desktops now that can be organized in groups. What impressed me most when seeing this new UWP client is the fact that you can interactively change size and resolution of the remote display as well as the DPI scaling—a feature particularly useful when connecting from high-DPI endpoints. David's final demo highlighted the upcoming HTML5 Web client for both RDmi and on-prem Windows Server 2016 RDSH. The HTML5 client is currently in private preview, general availability is planned for Spring 2018. This is very cool, and I want to try it out as soon as possible.
It was very obvious that client experience is very important now. In a follow-up conversation after the session, I learned that Microsoft wants to position Windows 10 S as the preferred device for enterprises with a modern cloud connected environment, Azure AD identity, and management via EMS. Windows 10 S devices do not support on-prem AD join and GPO management. 10 S devices are optimized for UWP or Centennial apps from the Microsoft store, and HTML apps in Edge.
For those who don't know, the Centennial toolkit enables desktop developers to package and publish their existing .NET and Win32-based Windows applications to the Windows Store; developers can also use Centennial to call common UWP APIs and services. For applications that are neither based on UWP nor on Centennial, the RDS team is envisioning a way to wrap traditional remote Windows applications in such a way that their RDP files can be published on the store and use the UWP RDS client when launched. This would allow support for all the security and performance promises made with Windows 10 S, while still being able to run all legacy applications.
More RDmi details
In their breakout session "Learn about modern infrastructure roles in RDS," Clark Nicholson and Pavithra Thiruvengadam went deeper into some of the cloud aspects previously introduced by Scott Manchester. Clark is the mastermind behind the RDmi design and Pavithra runs the demos—together they make a great presenter team. I've collected a list of details from Clark's RDmi explanations, Pavithra's demos, and questions from the audience.
- In RDmi, all RD backend components are .NET Core Web Services, delivered as Azure App Services (PaaS). The RDmi console is based on an extended Azure Apps Services model, including UI elements to manage Azure resources.
- RDmi introduces an RDmi agent that can be installed on Windows Server 2016 and Windows 10. This agent establishes a persistent connection to the RDmi broker service, used for bi-directional signaling. This enables functions such as load balancing and deployment group management.
- With RDmi, the RD Virtualization Host role on Hyper-V is gone. It's enough to install the RDmi agent on a Windows 10 VM. Enterprise customers can host such Windows 10 VMs on nested virtualization in Azure.
- Existing Windows Server 2016 and Windows Server 2012 R2 RDSH implementations will be compatible with the RDmi agent.
- RDmi version 1 doesn't work across Azure geos.
- UDP is not supported in RDmi v1.
- When client endpoint and RDSH servers are in the same on-prem network, RDP traffic is still routed through the RDmi Gateway app service when using RDmi v1.
- RDmi introduces an analytics app service for collecting telemetry data.
- The RDmi public preview is planned for Jan 2018, general availability in RS4 (Spring 2018 release). RDmi v2 may follow with RS5 (Fall 2018 release).
Ignite 2017 was a great event, with many new things to learn and much exciting news. Most of the things may not be relevant immediately, but the clearly, they show where RDS is heading and that it has a "modern" future.