Microsoft Azure

Forget Amazon Workspaces – Build a DaaS in Microsoft Azure (or any Other Cloud)

Amazon just announced the availability of a new service offering called Amazon WorkspacesAt first glance this service looks like virtual desktop infrastructure (VDI) in the cloud, a so-called desktop-as-a-service (DaaS) offering a Windows 7 “experience” in the cloud. But as anyone familiar with remote desktop services licensing will know, this would be an illegal business; there is no Virtual Desktop Access (VDA – the license required for VDI) licensing through Services Provider License Agreement (SPLA – the licensing required when operating in a hosted infrastructure). What has Amazon done? And can you do it for yourself?

How Amazon Built Workspaces

The Amazon Workspaces solution offers you the “experience” of Windows 7. Note my very careful wording: I know that some AWS evangelists are incorrectly stating that you will get Windows 7 in Workspaces. As I’ve already stated, this would be illegal and Microsoft would very rapidly put an end to it. Amazon has not built a hosted VDI solution based on Windows 7. Instead, they have built a Remote Desktop Services farm based on Windows Server 2008 R2. Then they enabled the desktop experience of Windows Server to soften the edges and give the user the impression of running in Windows 7.

One might question the sanity of building something on a 3-version old version of RDS; the performance cannot come anywhere close to what you can get from Windows Server 2012 R2 (WS2012 R2). Maybe Amazon want to offer a non-“Metro” user interface to their customers.

Editor’s Note: Amazon’s own Workspaces FAQ says that “WorkSpaces provide users with the Windows 7 Experience, provided by Windows Server 2008 R2 with RDS.” We’d suggest that both the FAQ and Amazon representatives should be more clear on this point.

Sponsored Content

Passwords Haven’t Disappeared Yet

123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?

Build Your Own Workspaces in Microsoft Azure (or any Other Cloud)

If you like the idea of building a hosted RDS farm or even selling DaaS to your customers, but you’d like to get the best performance and features, then you can build your own competitor to Amazon Workspaces in Microsoft Azure, or any other public cloud. I recently built a proof-of-concept in Microsoft Azure.

Deploying a RDS session host farm in Microsoft Azure

My RDS VMs running in Microsoft Azure

I deployed fault tolerant domain controllers, web access/gateway servers, and session hosts (aka Terminal Servers), with a single broker. The result was a highly available RDS session host farm that could be securely and remotely accessed from Windows, Windows Phone, Windows RT, Android, and iOS devices using a Microsoft RDS client. I could have added a file server cluster for storing personal data.

Deploying Remote Desktop Services on Windows Azure

My RDS farm design for Windows Azure

That’s the technical aspect. The more complicated bit is the licensing. Windows Azure provides you with Windows Server licensing and nothing more. If you want to run any Microsoft software, such as SQL Server or use any services that require additional licensing, such RDS, in those virtual machines then you must acquire additional licensing. This is where a licensing specialist comes in handy.

Some products offer mobility via Software Assurance (SA). This means that you can license the product as if you wanted to run it on-premise, attach SA, and gain a benefit to allow you to install the product in a public cloud. Note that some of these benefits explicitly mention Microsoft Azure and do not include third party clouds. Other products require that you sign a SPLA contract, even if you are not a hosting company. For example, in my design, if I wanted to use it for production usage, then I would have needed RDS licensing. In the SPLA world, these licenses are per-user per month Subscriber Access Licenses (SALs). So in summary: I would use the Windows Server license that is included in Windows Azure. I would need to sign a SPAL contract for RDS SALs. And then I would need to get licensing for all the desktop applications that I would intend to share via RDS. As you can see, working with a good licensing specialist would be required.

Related Topics:

Aidan Finn, Microsoft Most Valuable Professional (MVP), has been working in IT since 1996. He has worked as a consultant and administrator for the likes of Innofactor Norway, Amdahl DMR, Fujitsu, Barclays and Hypo Real Estate Bank International where he dealt with large and complex IT infrastructures and MicroWarehouse Ltd. where he worked with Microsoft partners in the small/medium business space.
Don't leave your business open to attack! Come learn how to protect your AD in this FREE masterclass!REGISTER NOW - Thursday, December 2, 2021 @ 1 pm ET

Active Directory (AD) is leveraged by over 90% of enterprises worldwide as the authentication and authorization hub of their IT infrastructure—but its inherent complexity leaves it prone to misconfigurations that can allow attackers to slip into your network and wreak havoc. 

Join this session with Microsoft MVP and MCT Sander Berkouwer, who will explore:

  • Whether you should upgrade your domain controllers to Windows Server
    2019 and beyond
  • Achieving mission impossible: updating DCs within 48 hours
  • How to disable legacy protocols and outdated compatibility options in
    Active Directory

Sponsored by: