
close
close
Microsoft recently announced that Azure RemoteApp can be used with Azure AD Domain Services (still in preview) for domain authentication, without running domain controllers as virtual machines in Azure. I’ll explain what this means in this post.
Many services that customers want to migrate or run in the cloud still depend on thick client applications. For example, a business might want to go all in on the cloud, deploy Office 365, and still need to run Office Pro Plus. This business could use Remote Desktop Services (RDS) in Azure to deploy Office Pro Plus and publish the applications to the users. Or in another example, an organization might use Azure Site Recovery (ASR) as a disaster recovery (DR) solution. In the event of a fire, they might need to failover. The services and data are safe in Azure, but they’re useless without end-user access. RDS comes in handy because it can provide near instant access to Mac, iOS, Android, and Windows devices.
On the downside, RDS requires:
advertisment
RemoteApp is licensed per-user (based on the service being deployed and the number of users assigned to the deployment). You don’t need RDS CALs or software assurance, and RDS takes care of all of the RDS infrastructure. All RDS asks you for is:
In just about every scenario that I’ve been involved with, customers have opted for a RemoteApp deployment that uses Active Directory in conjunction with Azure AD:
And here is the catch: You need to run domain controllers (ideally, at least two) as virtual machines in Azure for the above configuration. Although they are probably lightweight machines, adding cost is bad – especially when the customer asks why they have to use two Active Directories (Azure AD and Domain Controllers).
Microsoft realized that many customers are looking to deploy services, new or old, into Azure that rely on Domain Services, such as Group Policy, LDAP, and so on. These are things that Azure AD just cannot do. So Microsoft launched a preview of Azure AD Domain Services that provides many of the services that legacy AD offers. The goal here is to let us have a domain in Azure without deploying DCs in Azure (note I said, “in Azure”).
When you deploy Azure AD Domain Services you will:
advertisment
A RemoteApp collection can reside on the same VNet as virtual machines [Image Credit: Aidan Finn]
Before you read any further, remember that Azure AD Domain Services is in preview. There are going to be issues, so be prepared for them. In this solution you will:
Authenticating RemoteApp users with Azure AD Domain Services [Image credit: Microsoft]
There are lots more notes from Microsoft for this preview scenario. For example:
This is definitely an interesting design option for those that are considering a deployment in Azure that will have no backwards integration into the on-premises network, such as a complete migration or a DR scenario. It will reduce labour requirements and reduce costs, and those are good things.
advertisment
More from Aidan Finn
advertisment
Petri Newsletters
Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.
advertisment
More in Cloud Computing
Use Azure ExpressRoute Private Peering & Azure Virtual WAN to Connect Privately to Microsoft 365
Apr 21, 2022 | Flo Fox
Microsoft to Make Changes to Cloud Licensing Restrictions after Customer Complaints
Apr 18, 2022 | Rabia Noureen
Most popular on petri
Log in to save content to your profile.
Article saved!
Access saved content from your profile page. View Saved
Join The Conversation
Create a free account today to participate in forum conversations, comment on posts and more.
Copyright ©2019 BWW Media Group