Windows Virtual Desktop enables secure remote work. It provides end-users with the familiarity and compatibility of Windows 10 that they can run on their own device, meaning a scalable, multi-session experience without procuring new Windows licenses. At ServiceScaler, we manage end-to-end Windows Virtual Desktop deployment alongside other Azure services within the Azure portal. In this webinar, we broke down a few concepts to help you get your head around Windows Virtual Desktop and why it could be useful for your firm.
Keep an eye out on our LinkedIn events page for upcoming webinars. They are interactive, free & CPD accreddited.
Facebook - https://www.facebook.com/ServiceScaler/
Instagram - https://www.instagram.com/servicescaler/
Pinterest - https://www.pinterest.com.au/servicescaler/
Everyone Rob here from ServiceScaler. Thank you to those of us who joined us today for our Windows Virtual Desktop Web and R. So we’re going to be running through everything your firm needs to know about Windows virtual desktop. So in our agenda, little bit of an introduction, we call it WBD, which is obviously an acronym. Being an IT company. Of course, we use acronyms for everything, but how does WBD work? Being Windows virtual desktop? Why do you need it? Or what’s the value of using Windows Virtual Desktop Twitter case study? So something that we’ve done for another client of ours just to give you a bit of insight into how you might actually apply it within your firm. And obviously what the results are. So the first thing is what is Windows virtual desktop? So Windows Virtual desktop enables secure remote work by the news with familiarity and compatibility of Windows 10. So it’s basically a Windows 10 session that you remote into. It’s contained within. Microsoft assure that I can run on their own device, so it’s infinitely scalable. Multi session experience means you don’t have to get on procuring new Windows licenses or do any of that, so it’s just attached to a Microsoft 365 license and service color. We manage the end to end deployment. All those services alongside Microsoft 365 and anything else you might need in the Microsoft Azure stack. So when we’re talking about WBD and how it works, basically a user can bring your own device repair company issued device. They initiate a terminal server session into the Windows virtual desktop and it’s just a Windows 10 computer. Basically that they’re remoting too, so it feels exactly the same as what they use on their desktop everyday at the moment, except it’s hosted off in Microsoft Azure. Now what I’d like to do is just go through some. Break requisite knowledge that you may need to have to understand how this architecture works. So the first thing that you need to understand is that Microsoft 365 and Microsoft Azure are two completely different things. So often their intertwined in terms of the service offering and how they cook together, and they deliver things back and forward to one another, but they’re actually two completely different services, so Microsoft 365 is software as a service. And Microsoft Azure is infrastructure as a service now to sort of define what those two things are. Microsoft 365 is your software applications. So if you have a traditional network where you have servers and computers contained within a single computer network, when we’re talking about software as a service, we’re talking about the software applications. So we might be talking about something like Microsoft Word which you have on on your computer or Microsoft Outlook. Microsoft Outlook will connect to an Exchange Server, or your email server, which you might have on premises. Now it’s being delivered through Microsoft 365 as a as a software or an application as a service, and your outlook client will obviously connect directly to that service over the Internet. So software as a service as you’re on the other hand, is service and network, so we used to have an Exchange Server on premises and your clients would connect to that. Server now that the applications off somewhere else, the server infrastructure itself and the network that you use to connect to it from your desktop client. That’s infrastructure so that sort of network infrastructure and so that’s what Microsoft Azure is, its servers and networking hosted in the cloud. The other term that might be relevant in all of this is the term tenant, so you may have heard I take people refer to the term tenant before. So when we’re talking about a tenant, we’re talking about your little your little box or your little part. Your space on either the Microsoft 365 or the Azure service. So that’s exclusive to you. That’s your little portion of that service offering and is completely separate. Obviously locked out from everybody else except to you. But you have complete control over that environment within either of those services. So the next thing is, why might you consider using infrastructure as a service? Why might you consider pushing stuff into Microsoft Azure? There’s a few key reasons why I might do it, and with some of those out now, firstly bandwidth. So if you have a network on premises and you have users connecting into that network remotely, so they might be using something like terminal services at currently you have to rely on your Internet connection that you’re paying for, so you might be constrained by only having access to NBN. You might not have a. Why the service there into the Azure network? On the other hand, they have a huge big data pipe so that you’ll never run into bandwidth challenges while you’re trying to connect to your infrastructure. So if you moved all your on premises servers into Azure, the ability to connect to them, you will obviously be able to connect over a really, really fast network scalability. So scalability is really important. You might find there’s a scenario where you will need extra resources to process stuff on demand, so let’s say for example you have a database server on premises. I’m on a physical server and you go wow. I really wish I had more memory or faster disk speed to be able to process stuff on this server. Obviously you can’t do that with a physical server on premises. Now in something like Microsoft as you are, it’s just a matter of going into the configuration, adding more resources to it from the data center so you draw down on the data center, hardware resources and allocate them to your virtual servers that you have with that infrastructure. So it’s infinitely scalable, so you can just continue to keep throwing resources at things. The other thing that happens is it’s very flexible, so provisioning and decommissioning servers and infrastructure that you may or may not need as the business changes and you move is very, very simple. It’s just a matter of picking things on and off, which sure beats running out and installing physical servers and bits of equipment into your environment. Not that I don’t like coming to visit you, but it is much easier to do it if we can do a chicken flick from our office remotely. Simplicity is another thing. And I know that the things that we talk about, the concepts we talk about here are quite complex, but the simplicity and the management overhead of having everything consolidated into a single place and we’ll get into the WV bits of the virtual desktop. But having all of your desktops or servers or infrastructure or network or consolidated into a single stack makes the management overhead really, really simple. So bringing people in making sure all of your data is contained within their backups and security, all of those bits and pieces being able to be managed from one stack. Super super simple. Reliability so that we know business interruption in the event of a failure if something happens in the data center, it automatically replicates. It will automatically allocate other hardware. All of those automations and followers behind the scenes will cause 0 business impact to you now if that same thing occurred in your office on physical hardware. Of course you would have business interruption, so that’s another consideration for that and the final thing in terms of why you might consider moving your stuff up, there is security, so backups and disaster recovery is super super simple. It’s all contained still within. That data center stack through Microsoft issue are replicated to other sites, of course, so if anything was to happen, there’s fail over there and there’s a whole bunch of information management controls in place as well. So basically the ingress or egress data, so data coming into and going out of that service, you can put a series of limitations for people connecting to that service. What they can and can’t pull out, so that’s one of the advantages of using something like Windows Virtual desktop is that you can configure it so that. They can’t remove data from that from that network. All inversely pushed out into it. Why that might be valuable, as you might say, have sent everybody home to go and work from home while covered was happening and you couldn’t come to the office and he went OK. Everyone go and use your home computer to connect to our corporate network. You don’t know what people are doing on their home computers. You know their kids are using it, that downloading all sorts of stuff. It’s a shared device. It’s got no security on it, got no controls, it’s just you know, it’s a home user environment. You might want to block their ability to upload anything which could be malicious, particularly into that environment to secure out. Basically your corporate network, so really powerful there. So the next thing is why you might consider using Windows virtual desktop. So if you move all of your infrastructure into something like Microsoft, is your your ability to connect to it changes so often is, as is often the case when we have a server on. Premises there was a particular requirement for a software application to have what is called a client server connection. So on the same network, a computer with a piece of software will need to connect to the server and that needs to be on the same network. Now for most of our customers who have on criminal had historically on premises infrastructure, they would have a terminal server to allow people to remote in so that they can access those applications. Windows Virtual desktop is to replace terminal server. With something that is more familiar and more compatible by using Windows 10 so Windows Virtual Desktop is a Windows 10 desktop that is being virtualized, it is contained within the Microsoft Azure tenant, and what that means is because it’s part of that tenant or part of that virtual network that’s contained within Microsoft Azure. It has the ability to connect directly to the other services or other servers that are contained within that network. The same as it would have done on premises so but from a Windows 10 perspective. So instead of having to have Windows Server with terminal services and complex licensing and all of those things, you get Windows 10. So or also Windows 7 is still supported as well. For legacy systems one of the only places that Windows 7 is still supported, so you have the familiarity and compatibility of that Windows 10 environment. There’s a few different ways you can configure it as well. So when we’re talking about virtualization, we’re talking bout emulation of hardware, so the hardware that you have in your computer. If you had a whole cluster of them, say thousands of them like you have in a data center, the ability for the data center to deliver that hardware through to a virtual desktop. So it’s not it uses physical hardware, but the physical hardware is saying, oh, here’s some pretend resources, so here’s some CPU and some memory and some disk space, and you can install Windows 10 onto that. And then you can use it so you can either do it in one of two ways. You can either do or one to one. So basically you have a dedicated device virtual device that sits in Microsoft assure, which would be your own personal computer that you set up there the other way you can do is have multi session hosts, which I actually think is a better way of doing it, so one to one is 1 virtual computer per user and you said one virtual computer up for everybody. Or you can use a a shared service or multi. Session service on a single host so and so my the terminal services works but with Windows 10, so a better way of doing it. From there you can then go into the next step with Windows Virtual desktop which is host clustering. So you basically have multiple hosts host servers that host all of the individual desktops and what will happen is you can apply load balancer over the top of that. So essentially when you connect it’ll go OK. Well which server is under the least amount of load right now? And you’ll be routed across to a device or they virtual hosts that has the resource availability for you to be able to connect and to work on that platform most effectively and efficiently. The other byproduct of that is that you have fall over as well, so if something was to fail and one of those devices or something went pear shaped, it would automatically just route you to one of the other devices. Another thing you can do is in low demand scenarios you can actually shut these other devices off these other hosts. So the way that Microsoft is your billing works. Is it based on consumption of service? So if you’re not consuming that services that server that hosts that virtual desktop host isn’t on, you can switch it off, which is uniquely advantageous. Particular periods like Christmas where nobody is working. You can shut down those virtual desktop hosts and just leave one going on the odd chance that somebody may want to log in so advantageous there. You can also do session configuration so different configuration sets for different users and groups so when they hit the interface to log in, it will identify who they are, so their identity comes from Microsoft 365, which is where we set them up. We replicate that across their identities across into the Microsoft Azure tenant. It’ll work out who they are and then it will apply the policies when they try and authenticate and login. So you may have some different policies with people you may have policies that say hey this user can’t print. Or copy any data out of the virtual desktop, because it’s all about corporate information. We don’t want to do that. And as we can see on the screen here, where the red X is on the virtual desktop after the users own device, we can block that. We can also block coming other way so data ingress. So being able to bring data into that environment, we can block that as well. So there’s different configurations that we can apply for different users and groups and it will automatically assign that on user login. A session broker configuration, so again, that’s just coming back to limiting what can and can’t be taken out of that environment and that session broker configuration is great as well, because if you say have an employee exit the business, it’s just a matter of disabling their account at 365 level that synchronize across into Azure and they won’t be able to log into that environment anymore. So really powerful tool to have there as you can see from our little diagram here we have users own device. And there’s a little X on their ability to bypass Windows virtual desktop to access those stack of applications that sit behind it. That’s something else that we can do is. We also provide limitations there, so the only way that they’ll be able to get access to any of those applications is buying the virtual desktop, and if their user account gets disabled and they can’t log in anymore, they literally don’t have access to anything, and we’ve limited their ability to take any data out of that environment as well. So there’s no possible way for your data to be deleted out of that environment because they. Packing services can only be connected to by the virtual desktop, and that’s the only way that the user can get access and they can’t push anything. You know, bring anything out of that environment, so really powerful security there. So the single gateway to the Internet. So on the back of the virtual desktop we have a single gateway to the Internet, which means you can secure things. So if you have SAS applications that sit in the cloud, so as an example, we might be talking about things like practice management systems leave an action step and clearence pokeball and many of those other software as a service applications. You’ll be able to restrict or constrain log into only coming from the virtual desktop based on that user’s authentication. So they can’t log into it from their own device and do anything so. Alpha security tools there. If you needed them. It also makes all of the data sovereignty requirements, so if data sovereignty applies to you depending on what area of practice you work in or what area of business you work in more broadly, in fact, this stuff is all based on Australian servers as well, and so that means all of the data will stay here. So you can be confident that it is going to meet any data sovereignty requirements that you have. The other thing that’s really cool is that Microsoft Teams is supported. So one of the challenges with using some of the other managed desktop environments and terminal services is that the full functionality of Microsoft Teams isn’t supported. But in Windows virtual desktop through Azure it is. So that’s voice and video calling, chat and all of the other bits and pieces that obviously come through into Microsoft Teams. So I consideration there. Yeah, it all sounds great, but there are obviously some limitations to virtual desktop as well. One of the biggest limitations, and it’s it’s always everyone’s biggest fear is if you don’t have an Internet connection you don’t have access to your corporate environment, so there is no offline synchronization capability of any of the data, so that could be seen as a potential constraint. We’re pretty fortunate here. We tend to have access to the Internet everywhere. Which is really great, but if you didn’t have access to the Internet, it would limit your ability to be able to access your corporate information and applications. You’ll still need a computer or laptop to access it, so it doesn’t defer the requirement or offset the requirement to get a physical desktop for you to be able to connect to that session. That being said, in terms of the processing resources required because that’s all contained with my end within Microsoft Azure, within the data center, it will actually use Microsoft Azure’s hardware to be able to process the transactions and the advantage of that is that you don’t need a highly specced machine for you to be able to connect to that, and essentially. Process the transaction, so I’m going to very low spec machine just so you can connect to that service to be able to complete what you need to do, which are cheap to replace their weekly check to procure up front, and you can essentially buy them from anywhere. So the requirement for things like professional operating system and all of those bits and pieces get taken out of the mix. You don’t need to worry about any of that, you just need the ability to initiate a via the app, a connection to. The Windows virtual desktop. I’m. It’s just someone else’s computer and I love this about cloud and I love explaining it this way. Is that you used to have for Once Upon a time. Probably had servers on premises and all infrastructure as a service on moving all of your stuff to Microsoft to juries is taking it out of your office and essentially putting it in. There’s so. It might not make sense to everyone, so if you’re a single office environment, you’ve got no one connecting from home. You don’t have satellite offices, you’re not worried about, you know the ingress or egress of data or data walking out of your environment when summer comes or leaves the business, then this might not make sense to you. You know, as something that you would want to procure for your business. And the other thing is that it can be expensive on TCO, total, cost of ownership. If you assess the total cost of ownership. Of putting everything in there by some of the total cost of ownership calculations doesn’t make sense for you to do that, and is the reward. Does the rewards outweigh the costs? So there is obviously some key advantages to being in Microsoft Azure and having all of your stuff there, but you need to assess whether that outweighs what the potential costs of that is going to be. For some clients, depending on what their requirements are. Sometimes the total cost of ownership of being in Microsoft Azure is actually cheaper. Am I over I terms? I’d be at three years is often what we run with their total cost of ownership. Sometimes can be actually lower. Being in Microsoft assure that it is having on premises infrastructure, particularly if there are multi site, Multi site office and it’s particularly complicated network. But it is something that would need to be considered as part of your approach to looking at taking something like this on now, but other things that I want to do is I actually want to draw this out in a more elaborate diagram on. Blackboard, so for those of you who know me, know that I love doing whiteboarding. And I whiteboard stuff all the time. I’m going to use my digital whiteboard today, so bear with me while I work through with drawing with my finger because I didn’t bring my pants, but we’ll see how we we get on with this. So the reason I actually want to draw this out is to give you an idea of where Windows virtual desktops it’s in regards to assure where your other services settle your other service it, and then where Microsoft 365. So that’s the software applications. Think of your exchange your emails in SharePoint where your documents and data, your OneDrive, your teams, and all those other applications in the Microsoft 365 stack, and hopefully the graphical drawing will help you wrap your head around it. I do appreciate that it can be quite complex. Come to understand some of the things that we talk about. So the first thing that we’re going to draw is we’re going to draw your endpoint devices so your end point devices will be these. These little ex is over here. Now these endpoint devices can be anywhere, it doesn’t matter. They don’t need to be in a corporate network. They don’t even need to be a corporate issued device. It doesn’t particularly matter, they just need to have the ability to install a Windows Desktop client app so that they can connect to. The Windows Virtual desktop session broke. The next thing that we’re going to draw on here, if I can click the right thing is we’re going to draw. What is going to be? As you are now, I also appreciate that I pronounce it Azure, which I’m sure much of the disgust of Microsoft to call it Azure, but I feel like that’s the American way of pronouncing it. So if you think I’m wrong, that’s cool. You can let me know. I don’t mind. I say lots of things wrong. So here we have a Azure as a data set. Another green represents your tenant, so that’s your space and adjacent to your space and that there will be another tenant that will set up there and there will be another tenant that will set up here and you’ll all draw on those data center resources which will be delivered through into your tenant, so that you have things that you can use. So in this tenant we have. The. WBD host or it could be multiple hosts that sit in there that these endpoint users. We’re connecting to. They will be displayed to that end user as a Windows 10 computer, so it will fill the whole screen and support multiple screens. It’ll just feel like you’re using your normal computer, but you’ll just be connected into this remote session. So also contained within your Azure tenant will be your other servers, so if you are a law firm, for example an you have an on premises application and there’s quite a few of them are some examples I can rattle off the top of my head. I know that LEXIS affinity, Infinity law, practice evolve. There’s a whole bunch filepro I practice. There’s a whole bunch of practice management systems which are on premises applications now. Those on premises applications work from there. Client server so they are expected that the server will be in the same network as the computers when you were in Microsoft Azure. If you were to put your practice management server, we practice management system on a server contained within Microsoft. As you are this. Is the same network. So they are on the same network. There is an Internet connection that will connect this tenant to the Internet. So if I can get the right. Color here, so this will be your Internet connection, your Internet gateway? That’s also where the session broker sets and everything will come in and out of that. And that is a virtual network that essentially replicates what a physical network would be in your office. So same thing, which means that these virtual desktop hosts directly connected to that practice management system and work exactly the same way that they did in the office. Now you might have some other bits and pieces there as well. You might have a database server. You might have a file server. You might have your legacy application server sitting there as well. You can have as many servers as you want and we can allocate based on the configuration within. Sure, we can allocate as many resources hardware resources to that as we like, so it doesn’t need many. We don’t allocate money if it needs a lot then we can allocate a lot. Also contained were also connected to that tenant is the ability to do backups and disaster recovery. So we will snapshot the servers in. Here will snapshot these servers, these servers and these servers so that in the event of a failure remembering they still are a Windows computer. Updates and problems happen. We know that updates and problems happen with applications as well, but within the issuer stack it will give us the ability to point in time, restore that as well. So we snapshot those along the way. Something goes pear shaped we go hey recover it from 5 minutes ago. And drop it back in. And because of the essentially unlimited hardware that we have available to us to be able to do that from that data center, that process is really, really fast. So we’re not waiting on the speed of the Internet connection, which we can see here. We’re not waiting on the speed of that, it’s all contained within that stack. So really, really powerful, and in terms of offsite backup. Still contained within the issue of STACK, it will do data center replication so it’ll replicate to other data centers, so our offsite replication piece is actually occurring as a byproduct of that as well. We can also do backups of the data that sits in there, so if we just need to do data restore instead of doing a complete server restore, there’s the ability to do that, so that’s all super super simple when it contained within there, there’s no plugging hard drives in Beijing for backup software to load. Being able to bring that stuff back in, you can do that stuff almost instantly. Super Super Quick really, really powerful. So we talked about the network that that’s basically a consolidated network replication of what you would have on site. Some of the distinct advantages to having your infrastructure in there, and the power of that, and what you can do with it, which is obviously going to keep things on an even keel and so you don’t have any business interruption. And when there is in the unlikely event it’s really quick to restore that so that business interruption is kept to a minimum, we know that people can access that from anywhere. The ability to scale up and scale it down. Super super simple. So if we need to. Add more resources we can just throw more visual resources in from the data center because we know we need to scale it up and if we need to add more users into each of these things as well, same process. We can draw down on the data center resources, allocate those to your tenant and be able to grow that up very very quickly without having to replace physical servers and physical infrastructure. Now, the one thing that we didn’t talk about is the way that this environment will interface with other applications or SAS applications. So here we have our Internet connection that we were looking at before. Which sits here now this Internet connection. Is a pipe, you know the one way in one way out it has a static IP so we can see what that is. Now I’m going to actually draw it all replicated over this side will refer to this idea that session brokers come in, but when we’re going out the other side comes from one IP. Now when we have our other applications, so it might be 365, which as we discussed actually sits as a separate application stack. So sits outside of Azure. It’s completely different thing we may be able to configure it to only accept connections from our Azure tenant. So if you don’t want people to have access to all of the stuff in 365 on their mobiles and data and whatever they feel like connecting to it from, we can actually constrain that to only accept connections from as you are. If you have an extra Nora’s application, so practice management system hosted in the cloud, you know this might be your PMS over here and you might go. You know what? I don’t want anybody to access it apart from the tenancy that by control you can do the same thing and you could restrict it to only accept connections from there. So that’s also very powerful. The other thing that happens within Azure is for Windows virtual desktop. It actually relies on licensing delivery from the 365 tenant over here, so the license delivery happens virus synchronization that occurs with your Azure tenant. So these things are integrated after configuration. Of course, where the things from the 365, then it will be made available. The authentication will come through into the. Is your tenant. So I have a very ugly diagram. I hope that makes some more sense, but you always welcome to reach out to me and ask any questions you might have about it at any point in time. So why do you need it? Well, I’m hoping we address that as part of going through, but WV deal allow you to allow your employees to access it remotely. Easy ability to scale up, scale down might cost some cost savings so you know in terms of the devices that they need to access. You may not need to cure very very robust devices and physical hardware to have on site. You can obviously get those things flying machines. You can turn services off when you’re not using them and scale it back down so. Is buying a big server is going down and being stuck with a big server? Can scale it back. You will also strengthen the security of the data. So depending on how far you want to take it, the ability to take it that far is there so it will actually give you the flexibility to do so and you’ll be able to securely bring people in and out of your organization. So if you have a very transient workforce, are we bringing contractors in a short period of time or there are some particular requirements where you need to have your data very, very very very secure? From anyone that gives you the capability to do that and be able to bring people in and out of the business so that they can only have access to things that it’s relevant for them to have access to. So super super important there, so go through very very quickly just a high level case study so actually worked with the business recently to put this infrastructure in place because they had very very particular compliance requirements around their their data and basically on their reporting side what they had to report. To particular industry bodies. So now they have the ability to provision and deprovision users easily so they can just essentially bring them in and out, knowing that none of the data is leaving and nothing malicious is coming into that network as well. So only the data that gets created within that network stays in that network. They run with the operations from a centralized interface to it, so there all around Australia. They’re all around the country, but from their perspective they can just jump in single interface and everything. It is super super simple. And stuff that we don’t need to manage the employees so you know people bring their own device so you bring people in you bring contractors in. We don’t need to worry about their device. Is there any virus, their security, any of their other licenses that is solely their responsibility? All we do is provision them access. We limit their ability to inject or ingest any data within into our tenant or into our environment and that makes that super super simple so. Really cried outcome for that for that client had office based here in Newcastle. So that comes to the end of our virtual desktop web and R. Thank you for everybody who made the time to come along. I hope you found it insightful and interesting. Of course, if you do have any questions about virtual desktop, Microsoft is you are Microsoft 365 or any combination of the above. Feel free to reach out to the team and I at service Kayla. This is our day today and what we do, we’d love to hear from you and we look forward to seeing you at our next webinar. Cheers.