RDmi is a milestone for the future of RDS. Here’s how it works

RDmi remains in private Technical Preview, but it’s already an exciting milestone with huge potential.

By Benny Tritsch and Kristin L. Griffin

Microsoft first introduced the concept of Remote Desktop modern infrastructure (RDmi) at Inspire 2017 in Washington, D.C., and then again at Ignite 2017 in Orlando. As of today, RDmi is not publicly available and can only be tested in the context of a private Technical Preview. We’re going to provide a concise overview of the currently disclosed facts.

In a nutshell, RDmi combines traditional Windows desktops and applications with modern cloud concepts. At this point, you may ask yourself why Microsoft would make a major investment into such a solution or service. Is there a good technical reason and a compelling business case?

Yes, there is and you will learn about it in this article.

Before RDmi

As long as enterprise IT was organized around on-premises datacenters, the delivery of remote desktops and WinForm applications was straightforward: Farms (or collections) of Remote Desktop Session Host (RDSH) servers with all necessary Windows applications installed constituted so-called Remote Desktop Services host pools. Such a host pool provides authenticated and authorized users with access to interactive remote sessions. Remote Desktop Services (RDS) backend servers represent the infrastructure or control layer, responsible for session brokerage (including load balancing), authentication, authorization, resource assignment, web-based user access, network encryption, and license management.

Remote desktop client software allows users to connect to their interactive sessions from different kinds of endpoint devices. Add-on products developed by Citrix, VMware, Parallels, and other software vendors build on top and extend the core RDS functionality. All was good for many years.

But what if customers wanted to migrate their local or remote Windows desktops and applications to an Azure-centric world? Unfortunately, they discover that Microsoft missed out on providing a simple, fast, and cheap mechanism to transform existing line-of-business WinForm applications into native cloud apps. Oops!

Okay, let's switch to plan B and just move all Windows desktops and applications to an RDS Infrastructure-as-a-Service model hosted in Azure. This means that all RDS infrastructure and resource roles are implemented in Azure virtual machines. Despite the fact that Windows Server 2016 Remote Desktop Services included some nice improvements for better cloud compatibility, these changes did not go far enough to make RDS a first-class citizen in any Azure service model. In addition, the Azure price model is not suited to run a conventional RDS environment 7x24 at decent costs. Bummer!

And let’s not even think of plan C, based on Azure RemoteApp, better known as the ARA Disaster. The good news is that Microsoft seems to have learned from the mistakes of the retired ARA.

This is exactly why RDmi is needed.

RDmi concepts

RDmi was born in the cloud and runs in Azure. One of its fundamental design concepts is that the RD Session Hosts or Virtual Desktop VMs are deployed into one or multiple (virtual) networks that are completely separated from the RDS infrastructure layer. The refactored RD infrastructure services (RD Broker, RD Web, and RD Gateway) use Azure Web Apps as the underlying platform and none of them is domain joined. In addition, RDmi introduces the RD Diagnostics service which correlates events end-to-end, i.e., from RD client through infrastructure layer to RD Session Host. 

RDmi architecture

All RDmi infrastructure services benefit from the autoscaling features that are built into the underlying Azure Web App service. By defining two very simple rules, the RD infrastructure roles dynamically allocate or deallocate resources to match performance requirements. Another advantage of the RDmi design is that it can be securely used for multi-tenant deployment—a feature that independent software vendors and managed service providers have always wanted to have. It means that one infrastructure layer can be used in conjunction with multiple RDSH host pools assigned to different customers and their respective ADs.

Host pools contain RD Session Host or Windows 10 worker VMs, hosted in an Azure Infrastructure-as-a-Service model. As a prerequisite, a new RDmi guest agent must be installed on every worker VM that is a member of a tenant's host pool. As soon as the agent is running, it establishes and maintains an outbound WebSocket connection to the RD Broker service and registers as a member of a tenant-specific host pool.

As a result, the RD Broker service knows all members of each host pool and all related tenant assignments. Using this information, the broker is able to properly dispatch and orchestrate connections from clients to RD Session Hosts. Since RDmi is based on Azure AD, multi-factor authentication (MFA) can be enabled with a simple setting. This is an improvement since on-prem RDS roles are AD-based, which makes MFA difficult to set up.

An RDmi user connection is initiated when the client authenticates with the Azure Active Directory that belongs to a tenant's host pool. All optional Azure AD security features are enabled by default, such as certificates, MFA, and Intelligent Security Graph. On successful user login, the RDmi client receives an Azure AD token which it presents to the RD Web service. RD Web forwards this information to the RD Broker which determines the resource authorization for the user. Now, the user is presented with the available resources in the RDmi client user interface and selects one of them, for example, by clicking on the icon that represents a full remote desktop. The broker does some load-balancing magic and selects one of the available RD Session Hosts.

There is already an open, outbound connection from the selected RD Session Host to the infrastructure layer which was previously initiated by the guest agent. A second WebSocket connect is opened from the RD Session Host to the RD Gateway. This will be in addition to the initial WebSocket connection that provides the heartbeat back to the broker. Based on that, a bi-directional connection between client and RD Session Host is established and "tunneled" through RD Gateway, using HTTPS port 443. No other port needs to be open and the users can work interactively in a secure manner. The different host pools (= tenants) are completely separated from each other and none of them exposes an open inbound port to the outside world.

Why get excited about RDmi? 

There are a number of advantages when using RDmi:

  • Running the RDS infrastructure layer on top of Azure Web Apps is potentially more cost effective than using virtual machines. However, note that currently, there is still no RDmi price model; only the current cost of Web Apps gives you a rough estimate.
  • RD infrastructure layer and RD Session Host pools are completely isolated from each other, which increases security.
  • Authentication and authorization is based on Azure Active Directory, plus federation.
  • RDmi was designed to support multiple tenants and Azure subscriptions per RD infrastructure layer, which reduces cost for hosting providers with large numbers of small to medium-sized tenants.
  • Each RD Session Host pool can have different AD configurations.
  • RDmi is taking advantage of Web Apps auto-scaling functionalities and the general Azure elasticity.
  • RDmi introduces a new diagnostics service to help troubleshoot connection problems.

Microsoft positions RDmi as an extensible platform. What this means is that Microsoft provides the base functionality for delivering Windows desktops and applications from Azure, and multi-tenancy and security are built-in right from the beginning. On top of that, RD PowerShell and a REST API can be used by ecosystem partners to extend RDmi. Examples are RD Session Host autoscaling, deployment automation, monitoring, or creating new management consoles.

Final thoughts

In our opinion, Remote Desktop modern infrastructure marks an exciting milestone. Its design has huge potential for enterprises, public administrations, and managed service providers that want to start hosting traditional Windows desktops and WinForm applications in Azure. We’re hoping that general availability of the first public release is not too far away. The only thing that we think is missing is the support of on-prem host pools—but maybe that's on the feature list of the next RDmi release.

The Microsoft RDS product group will be presenting RDmi and more in a session at the upcoming Inspire conference (session link here).

In our a follow-up article, you will learn about the RDmi deployment steps and what the administrator experience is.

Join the conversation

34 comments

Send me notifications when other members comment.

Please create a username to comment.

Is this a Citrix killer?
Cancel
Citrix is an old man in late sixties. It was FMA (flexible) 10 years ago. Not so much now.

It is going to retire soon.
Cancel
I don't think so. It's more like a new platform Citrix can build on top.
Cancel
Are you joking Benny? On top of RDMi? Why would customers buy something on top of RDMi if it works?
Cancel
No, I'm serious. RDmi will have missing pieces that are required in many enterprise environments. I'm thinking of additional user and tenant management consoles, image deployment tools, resource and performance analysis components, global load-balancing extensions, hybrid connectors, VPN gateways, extensions to the built-in identity management, enhanced policy features, and many more. I'm convinced there is lots of room for ecosystem partners like Citrix to add or integrate functionalities such as MCS, NetScaler or Citrix Studio. But this all relies on a stable and properly documented public RDmi API...
Cancel
Citrix already has a full stack based on RDSH. What are the benefits of building on top of RDMi?
Cancel
I have no idea what the cost will be per user at the end of the month. 

AWS Workspaces = $40/user. 
Cancel
Unfortunately, Microsoft has not disclosed the RDmi price model, yet.
Cancel
RDMi stands for RD mission impossible
Cancel

Hi Benny
* Are there any plans for Skype/Teams support at launch (audio/webcam video acceleration). Citrix still required here.
* Any virtual desktop or RDS host power management to keep costs down when machines are idle?  Enabling hibernation would be killer here to preserve persistent desktop session state. This would make a huge difference to TCO.

Cancel

I've not heard of plans to add Skype/Teams support to RDmi, but IMO that's more a general RDSH question.

Power management will be possible by using scale scripts for the host pools (= RDSH VMs). It's easier to enable power management for the RD Infrastructure services as they are built on top of Azure Web Apps.

Agree with you on hibernation. This would be a cool feature.

Cancel
All your cool features are available now. Power management both off and on based upon schedule/wake-on-lan/resource-load, IFTT scripting, even automated SDDC builds, all from one tool that is hypervisor agnostic. Look for the presentation of the tool at the end of the RDmi session.
Cancel
Scale numbers? RD UI chokes with 500 users today
Cancel
I absolutely agree with you, today's on-prem RD UI sucks, IMO it's unusable in an enterprise scenario with more than 250 users. But the underlying RDS engine is in fact very scalable as we can see in a number of RDS-only environments. But they all come with custom-developed management tools and consoles. My hope is that RDmi as a platform will leverage such 3rd party developments even more and help customers to move some of their workloads to the cloud..
Cancel
When Microsoft canceled ARA, they told us to use Citrix. Now they are back after 2 years! No one can understand what Microsoft wants.
Cancel
Citrix is not that great on Azure. That's why.
Cancel
I am super excited about RDMi. I have my Citrix rep to come back to negotiate renewal after RDMi ships. 
Cancel
According to a comment David Henshall made during his Synergy keynote, Citrix is planning to build solutions on top of RDmi...
Cancel
Why do we need that?
Cancel
DH also said he will not fire any employees. Citrix is closing offices. Hiring in Nanjing. And returning cash to shareholders instead of R&D.

Don't believe everything DH says. A company is judged by how it treats its employees. Look at comments here:
https://www.thelayoff.com/citrix-systems
Cancel
Microsoft has never shipped anything good in 1.0. We'll not touch it before 1.5 release.
Cancel
Suggestion to Microsoft: Be bold, Be right.

Cancel
Citrix will tell the customer that RDMi sucks and is a lock-in. It is only for small customers. It doesn't have the advanced HDX technology that is awesome at 800msec (circa 2010) latency and the PXE boot PVS (circa 2005) awesomeness.

Citrix will tell Microsoft that it loves RDMi and will even show it on slides at conferences.



Cancel
Rds (classic) has been waiting to die for a long time. It’s truely dated and has completely skipped over modern auth. Server 2016 has token updates but it’s token updates to rdsweb. With RDMI integrating modern auth, moving the key infra components into paas and giving service providers a real value proposition, the moment has arrived to geniunally reconsider app delivery strategies. Hopefully decent geo support (a major azure pain point) and a decent cost model is in play. Bring it on!
Cancel
Too many gaps to get excited. Microsoft has no log-off policies for non-persistent VDI. No thin-client support. No scale guidelines. Hard requirement for Azure AD Domain Services. Reliability is a big question mark with a brand new architecture. Microsoft is always 5 years behind the mainstream products. It’s ok to get MVPs excited but enterprise customers want something with guaranteed SLAs.
Cancel
I am sure there are a lot of gaps. That’s not the point. Microsoft is coming out with a native azure Remoting service. That’s a death call for Citrix!
Cancel
Spoonen? Lol
Cancel
VDI is dead, it's painful and unreliable and costs a fortune. RDS on the other hand implemented properly is highly scalable and cost effective. We have implemented Windows 2016 Full published desktops with Skype for Business, Office 2016, mandatory profiles with Ivanti for profile management. Done right this is a solid solution, reliable and we can easily get 50 sessions per mid range spec vm. The problem half the time with everyone bad mouthing RDS and Citrix is that the majority of people doing the implementation haven't the skills or dedication to make it work properly and that's why it gets a bad rap from management. The model still stands and I believe the RDS model is more relevant today than VDI as it has the potential to save companies loads of compute if done right.
Cancel
Should add migrating apps to azure is the easy part, there's nothing difficult about spinning up some machines in azure and installing your apps. The problem comes when those apps need to talk back to onPremise DBs or file shares and then the latency just kills it.
Cancel
What i miss in this discussion is the trend for organizations to move to SaaS, HTML5 based applications that run directly in the browser on any device. Why would any organization still want to move it's full RDS farm to a stable version of RDmi that will not be available before the end of 2019? By that time, the number of LoB applications that an organization needs will be even less and definately for a smaller user group. Innovation in the RDS/Citrix market place should be about making it easy and flexible to facilitate (and get rid of) the past in a cloud native world.
Cancel
Microsoft has so much talent. And promise.
Cancel
To be clear, the person who is posting this as "spoonen" is NOT Sanjay Poonen, COO of VMware, maybe someone else.  I do not endorse this statement, nor would I make anything similar.  VMware has a very good relationship with Microsoft.  And even though we compete with Citrix.  The vast majority of Citrix customers run on vSphere, and we want to see those customers successful.
Cancel
Spoonen is a d-bag, according to my sources at VMware!
Cancel
You care so much about what people say about you! Vanity metrics?
Cancel

-ADS BY GOOGLE

SearchVirtualDesktop

SearchEnterpriseDesktop

SearchServerVirtualization

SearchVMware

Close