VDI/VAP – Virtual Desktop Infrastructure/App

Solution for workplace virtualization

Detailed Architecture and HW & SW Specifications

Recent licensing changes signal stronger Microsoft support for virtual desktop infrastructure (VDI) technology. VDI promises to reduce desktop management costs, improve flexibility for desktop access, and enhance security. However, realizing these benefits requires critical decisions about which users will use VDI, and what client hardware, server hardware, and virtualization architecture will be used to deliver it.

The Windows VDI

In a VDI, a user’s desktop (including the OS, applications, and user data) run on a virtual machine (VM) hosted on a centrally managed server, rather than locally on a user’s PC. The user’s local device, such as a PC or thin-client terminal, interacts with the desktop on the remote VM. The device connects to the VM using Remote Desktop Services (RDS, a superset of what was previously called Terminal Services), which forwards user input and display output over the network between the VM and the device. With the introduction of Windows Server 2016, Microsoft repurposed and expanded the capabilities of Terminal Services components beyond desktop display to also manage connections from local clients to VMs and provisioning of VMs on the server.

VDI can help organizations do the following:

  • Reduce the cost of desktop management by managing desktop configuration and applications centrally
  • Provide flexible access to desktops from shared devices, remotely located devices, or devices that are not owned or managed by the organization (such as contractors’ PCs or employees’ home computers)
  • Ensure the organization’s data is stored centrally, protected from loss, damage, and improper disclosure.

Key VDI Components

Despite being conceptually easy to understand, implementation and operation of a Windows-based VDI can be complex because it requires coordination of two key Windows server roles: Hyper-V, which creates and manages the VMs running on a server, and RDS, which manages the connection and interactions between a user and a VM-hosted desktop.

Windows Server 2016 (with its Hyper-V role; the stand-alone version, Hyper-V Server can also be used) creates and manages the VMs, including coordinating the shared use of the server’s hardware by the VMs. As a hypervisor, Hyper-V sits between the hardware, the Windows Server OS, and one or more VMs that run the guest OS, such as Windows 10 and the user’s desktop.

RDS lets users interact over a network with applications executing on a remote Windows server or PC. RDS uses the Remote Desktop Protocol (RDP) to send the user’s input to the remote application and display the application’s output on the user’s local device.

Many organizations already use RDS in the traditional Terminal Services fashion—to provide users with desktops in sessions, not VMs, running on Windows Server running on a centralized server. Although the combination of Application Virtualization (App-V) and RDS can eliminate many application compatibility issues, not all applications can run in RDSs; therefore, organizations are turning to VDI.

RDS is also a key component of VDI. A Remote Desktop Connection (RDC) client running on a thin client (without a local hard drive) a PC with a full OS (including PCs running a non-Microsoft OS) uses RDP to initiate the user’s connection to and interact with the session running on the server.

The RDS role incorporates specialized RDS services, including the following:

  • RD Web Access, which publishes user-specific information about which sessions or VMs are available to each user or group of users
  • RD Gateway, which secures and manages user connections coming across the Internet
  • RD Connection Broker, which directs the user to the correct session or VM
  • RD Session Host (RDSH), which has the dual role of hosting sessions on a server and directing users to the RD Virtualization Host for VDI
  • RD Virtualization Host, which interacts with Hyper-V to start or stop VMs and manage requests for VMs from a RD Connection Broker.

Additional VDI Components

Although Hyper-V and RDS are key VDI components, many other Windows Server roles and services must be coordinated to have a manageable and secure VDI, including the following:

  • Active Directory authenticates users and determines which VMs each user is offered, based on attributes such as their ID or group membership
  • To support migration of VMs from one physical server to another (for load balancing or reliability), the physical servers need common storage and Windows Failover Clusters
  • Folder Redirection and Roaming User Profiles ensure a user’s data and preferences are available on his VM.

Some services, while not mandatory, may also be used in a VDI and may need additional configuration to work with VDI:

  • Volume Shadow Copy and Data Protection Manager ensure VMs and physical servers are backed up
  • App-V facilitates deployment and management of user applications to VMs
  • Network Access Protection ensures a remote device connecting to the organization’s servers has the necessary software and antivirus signatures installed
  • Windows Server Update Services coordinates downloading of patches for installation on Windows Servers and VMs running Windows.

Many of these roles will already be deployed in an organization, but they must be configured to ensure they work cooperatively to facilitate VDI.

Centrally managing desktops shifts some of the burden for updating and patching desktop software to administrators. Some of the following management tools will already be deployed, but they will need to be configured to support the additional workload of managing centralized desktops:

  • Virtual Machine Manager (VMM) can manage the library of VMs, create VMs, and move VMs from one physical server to another as necessary
  • The Offline VM Patching Solution Accelerator, which is technically a PowerShell script rather than a System Center management tool, makes it easier to automatically keep VMs patched and up to date
  • Operations Manager manages the various physical servers and roles and provides status information to both administrators and to tools such as VMM, which can use the data to move VMs between physical servers
  • Configuration Manager can manage software installation and patching of both the OS and applications on physical servers and VMs.

Microsoft is working with long-time partner Citrix to ensure that Citrix and Microsoft virtualization tools work together. For example, Citrix Essentials for Microsoft Hyper-V offers advanced virtualization management capabilities for Windows Server 2016 Hyper-V in the areas of storage management and provisioning services.