Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET
Microsoft Azure

Forget Amazon Workspaces – Build a DaaS in Microsoft Azure (or any Other Cloud)

Amazon just announced the availability of a new service offering called Amazon WorkspacesAt first glance this service looks like virtual desktop infrastructure (VDI) in the cloud, a so-called desktop-as-a-service (DaaS) offering a Windows 7 “experience” in the cloud. But as anyone familiar with remote desktop services licensing will know, this would be an illegal business; there is no Virtual Desktop Access (VDA – the license required for VDI) licensing through Services Provider License Agreement (SPLA – the licensing required when operating in a hosted infrastructure). What has Amazon done? And can you do it for yourself?

How Amazon Built Workspaces

The Amazon Workspaces solution offers you the “experience” of Windows 7. Note my very careful wording: I know that some AWS evangelists are incorrectly stating that you will get Windows 7 in Workspaces. As I’ve already stated, this would be illegal and Microsoft would very rapidly put an end to it. Amazon has not built a hosted VDI solution based on Windows 7. Instead, they have built a Remote Desktop Services farm based on Windows Server 2008 R2. Then they enabled the desktop experience of Windows Server to soften the edges and give the user the impression of running in Windows 7.

One might question the sanity of building something on a 3-version old version of RDS; the performance cannot come anywhere close to what you can get from Windows Server 2012 R2 (WS2012 R2). Maybe Amazon want to offer a non-“Metro” user interface to their customers.

Editor’s Note: Amazon’s own Workspaces FAQ says that “WorkSpaces provide users with the Windows 7 Experience, provided by Windows Server 2008 R2 with RDS.” We’d suggest that both the FAQ and Amazon representatives should be more clear on this point.

Sponsored Content

Say Goodbye to Traditional PC Lifecycle Management

Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.

Build Your Own Workspaces in Microsoft Azure (or any Other Cloud)

If you like the idea of building a hosted RDS farm or even selling DaaS to your customers, but you’d like to get the best performance and features, then you can build your own competitor to Amazon Workspaces in Microsoft Azure, or any other public cloud. I recently built a proof-of-concept in Microsoft Azure.

Deploying a RDS session host farm in Microsoft Azure

My RDS VMs running in Microsoft Azure

I deployed fault tolerant domain controllers, web access/gateway servers, and session hosts (aka Terminal Servers), with a single broker. The result was a highly available RDS session host farm that could be securely and remotely accessed from Windows, Windows Phone, Windows RT, Android, and iOS devices using a Microsoft RDS client. I could have added a file server cluster for storing personal data.

Deploying Remote Desktop Services on Windows Azure

My RDS farm design for Windows Azure

That’s the technical aspect. The more complicated bit is the licensing. Windows Azure provides you with Windows Server licensing and nothing more. If you want to run any Microsoft software, such as SQL Server or use any services that require additional licensing, such RDS, in those virtual machines then you must acquire additional licensing. This is where a licensing specialist comes in handy.

Some products offer mobility via Software Assurance (SA). This means that you can license the product as if you wanted to run it on-premise, attach SA, and gain a benefit to allow you to install the product in a public cloud. Note that some of these benefits explicitly mention Microsoft Azure and do not include third party clouds. Other products require that you sign a SPLA contract, even if you are not a hosting company. For example, in my design, if I wanted to use it for production usage, then I would have needed RDS licensing. In the SPLA world, these licenses are per-user per month Subscriber Access Licenses (SALs). So in summary: I would use the Windows Server license that is included in Windows Azure. I would need to sign a SPAL contract for RDS SALs. And then I would need to get licensing for all the desktop applications that I would intend to share via RDS. As you can see, working with a good licensing specialist would be required.

Related Topics:

Aidan Finn, Microsoft Most Valuable Professional (MVP), has been working in IT since 1996. He has worked as a consultant and administrator for the likes of Innofactor Norway, Amdahl DMR, Fujitsu, Barclays and Hypo Real Estate Bank International where he dealt with large and complex IT infrastructures and MicroWarehouse Ltd. where he worked with Microsoft partners in the small/medium business space.
Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: