Virtual Desktop

Infrastructure

A deployment guide

for education

January 2014

Table of

contents

3

Choosing a VDI deployment scenario

6 Virtual machine–based desktop deployment
10 Session-based desktop deployment
13 Windows MultiPoint Server 2012

15 Preparing the infrastructure for VDI

17 Placing VDI servers

18 Building virtual desktop templates

20 Client licensing for VDI

22 Using Volume Activation

25 Connecting users to VDI sessions

27 Storing user and application settings

30 Running Windows Store and sideloaded apps

31 Managing VDI

33 Group Policy
34 Windows PowerShell
34 SystemCenter2012R2ConfigurationManager
35 Windows Intune

1

VIRTUAL DESKTOP INFRASTRUCTURE

Virtual Desktop

Infrastructure

A deployment guide for education

One of the challenges for educational institutions is
managing the wide diversity of devices and user types.
Given such diversity, establishing and maintaining a
standardized technology learning platform can be difficult.
Although it may be possible to purchase new devices
running the Windows 8.1 operating system or upgrade
existing devices to Windows 8.1, other institution-owned
devices may be unable to run Windows 8.1 (such as
older hardware or devices running Apple iOS or Google
Android).

Inaddition,BringYourOwnDevice(BYOD)initiativesareincreasingly
popular in institutions because they allow faculty to use their devices
toperformadministrativerolesaidwithcurriculum.BYODinitiatives
alsoallowstudentstousetheirdevices(inandoutoftheclassroom)
asapartoftheeducationalprocess.BYODinitiativeshelpinstitutions
byreducingtheup-frontcostofdeviceswhileallowingfacultyand
studentstotakeadvantageoftechnologyforeducation.

However,BYODinitiativescancreateproblemsforITproswho
support the faculty and students. It is almost certain that the
deviceswillhavebroaddiversity.Althoughitmaybepossiblethat
thefacultyorstudentsmayhavedevicesrunningtheWindows8.1
operatingsystem,otherpersonallyowneddevicesmaybeunableto
runWindows8.1(suchasolderhardwareordevicesrunningiOSor
Android).

YoucanaddressthesechallengesbyusingVirtualDesktop
Infrastructure(VDI)poweredbytheWindowsServer2012R2or
WindowsMultiPointServer2012operatingsystem.WithVDIin

NOTE

Althoughmanyofthe
topics discussed in this
guideareapplicable
toVDIinWindows
Server 2012 R2, Windows
Server 2012, or Windows
MultiPoint Server 2012,
thisguidefocusesonVDI
in Windows Server 2012
R2. For more information
about Windows MultiPoint
Server2012planningand
deployment, see the topic
“Windows MultiPoint
Server 2012” at

http://

technet.microsoft.com/
library/jj916259.aspx

and

other Windows MultiPoint
Server 2012 resources
listedinthisguide.

2

VIRTUAL DESKTOP INFRASTRUCTURE

Windows Server 2012 R2 or Windows MultiPoint Server 2012, users can remotely run Windows 8.1
appsasthoughtheywererunningontheirlocaldevice,includingvideoclips,movies,streaming
video,andothergraphicallyintensiveapplications.UserscanalsodirectlyaccessUSBdevices
connectedtotheirdevice(suchassmartcardreaders,USBflashdrives,orscanners)fromwithin
VDI.

Thefollowingisalistofassumptionsabouttheinstitutionally-owneddevicesdescribedinthis
guide:

• Thedevicesmayormaynotbedomain-joined.

• Userslogontotheirdevicebyusinganinstitution-issuedaccount(andpossiblehavean

associatedMicrosoftaccount)insteadofusingtheirownWindowsaccount.

• Windows8.1Enterprisecanbedeployedonthedevices(ifdesired).

• Windows-baseddevicesthatneedtosupportMicrosoftRemoteFXwillberunningWindows

Vistaorlateroperatingsystems.

• DevicesrunningoperatingsystemsotherthanWindows(suchasiOSorAndroid)willrequire

anappthatsupportstheRemoteDesktopProtocol(RDP)andRemoteFX.

Thefollowingisalistofassumptionsaboutthepersonallyowneddevicesdescribedinthisguide:

• Thedevicesarenotdomainjoined.

• UserslogontotheirdevicebyusingtheirownWindowsaccount(andpossibleMicrosoft

account)insteadofaninstitution-issuedaccount.

• NoneofthedeviceswillberunningWindows8.1Enterprise.

• Windows-baseddevicesthatneedtosupportRemoteFXwillberunningWindowsVistaor

later.

• DevicesrunningoperatingsystemsotherthanWindows(suchasiOSorAndroid)willrequire

anappthatsupportstheRDPorRemoteFX.

3

VIRTUAL DESKTOP INFRASTRUCTURE

Choosing a VDI

deployment scenario

WindowsServer2012R2offersthefollowingdeploymentscenarios:

•

Virtual machine (VM)–based

In this scenario, Windows 8.1

VMsruninaHyperVinfrastructure.YouuseRemoteDesktop
Services to provide users remote connectivity to the VMs.
YoucanusetheVM-baseddeploymentscenariowithpooled
or personal VM collections. For more information about the
VM-based deployment scenario and pooled and personal VM
collections, see the section “Virtual machine–based desktop
deployment”onpage6.

•

Session-based

In this scenario, remote users connect to

RemoteDesktopServicesinWindowsServer2012R2andrun
theirapplicationinWindowsServer2012R2sessions.Only
RemoteDesktopServicesisrequiredforthisscenario.Formore
information about the session-based deployment scenario, see
the section “Session-baseddesktopdeployment”onpage10.

Figure1providesahigh-levelcomparisonoftheVDIdeployment
scenariosinWindowsServer2012R2.UsetheinformationinFigure1
toidentifythehigh-leveldifferencesbetweentheVMandsession-
based desktop deployment scenarios.

FIgURE 1

High-level

comparisonofVDI
desktop deployment
scenarios

Personalization

GOOD

BETTER

BEST

Application

compatibility

User density

Image count

Cost

Sessions

Pooled VMs

Personal VMs

4

VIRTUAL DESKTOP INFRASTRUCTURE

Table1provideamoredetailedcomparisonoftheVDIdesktopdeploymentscenariosand
WindowsMultiPointServer2012.Usetheinformationinthistabletochoosetherightcombination
ofVDIdeploymentsolutionsforyourinstitution.Youcanuseanycombinationofthesescenarios
tocreateacomprehensiveVDIdeploymentsolution.

TABlE 1

DetailedComparisonofVDIDesktopDeployment

Scenarios and Windows MultiPoint Server 2012

S

eSSion

-

baSed

deSktop

deployment

W

indoWS

m

ulti

p

oint

S

erver

2012

vm-

baSed

deSktop

deployment

User operating system

experience

Windows Server 2012 R2 Windows 8.1

Windows 8.1

Support for full-fidelity

video, with coverage for

all media types and highly

synchronized audio, rich

media support, Microsoft

Silverlight, 3D graphics,

and Windows Aero

Microsoft RemoteFX

Requiresdirectvideo–

connectedstations,USB

zero client–connected

stations,USB-over-

Ethernet zero clients,

orRDP–over-LANwith

RemoteFX

RequiresRemoteFX

Directly connect the VDI

session to client USB

devices

• StandardRDP

connection provides

limited support of

USBdevice

• RemoteFXrequired

for broader support

ofUSBdevices

• StandardRDP

connection provides

limited support of

USBdevice

• Directvideo–

connected stations,

USBzeroclient–

connected stations,

USB-over-Ethernet

zero clients, or

RDP-over-LANwith

RemoteFXrequired

for broader support

ofUSBdevices

• StandardRDP

connection provides

limited support of

USBdevice

• RemoteFXrequired

for broader support

ofUSBdevices

5

VIRTUAL DESKTOP INFRASTRUCTURE

S

eSSion

-

baSed

deSktop

deployment

W

indoWS

m

ulti

p

oint

S

erver

2012

vm-

baSed

deSktop

deployment

Supported client devices

Any device that

supportsRDPor

RemoteFX(including

WindowsThinPC)

Supportsthefollowing:

• Directvideo–

connected stations

• USBzeroclient–

connected stations

• USB-over-Ethernet

zero clients

• Any device that

supportsRDPor

RemoteFX

Any device that

supportsRDPor

RemoteFX(including

WindowsThinPC)

Scaling

As many as hundreds

of users for each server,

but multiple servers can

be added to scale to

highernumbers

As many as 20 users

Uptohundredsofusers

for each server, but

multiple servers can be

addedtoscaletohigher

numbers

High availability

Supportsloadbalancing

andclusteringof

resources

Unavailable

Supportsloadbalancing

andclusteringof

resources

Additional resources:

• “HP Client Virtualization SMB Reference Architecture for Windows Server 2012” at

http://

h20195.www2.hp.com/V2/GetDocument.aspx?docname=4AA4-3901ENW&cc=us&lc=en

6

VIRTUAL DESKTOP INFRASTRUCTURE

Virtual machine–based desktop deployment

Figure2illustratesthehigh-levelcomponentsinaVM-baseddesktop
deployment.Youcanrunthesecomponentsallononeserveroron
evenmoreserverstoprovideadditionalscalingandhighavailability.

ThefollowingisadescriptionofthecomponentsinatypicalVM-
based desktop deployment:

•

Remote Desktop Connection Broker

Thisroleservice

managesconnectionsbetweentheclientsandtheVMsrunning
ontheRemoteDesktopVirtualizationHost.

•

Remote Desktop Virtualization Host

Thisroleservice

integrateswithHyperVtoprovideVMs.ItusestheRemote
DesktopConnectionBrokerroleservicetodeterminetheVMto
which the user is redirected.

•

Remote Desktop Web Access

Thisroleserviceenablesusersto

accessVMsthroughawebbrowser.

•

Client

Theclientprovidesaccesstotheremotedesktop.it

canbeatraditionaldevicerunningtheRemoteDesktopClient
inWindows,anappthatsupportsRDPandRemoteFX,athin
orzeroclientthatsupportsRDP(suchasWindowsThinPC),
or a RemoteFX-enabled device. For institution-owned devices,
the client device may or may not be a member of an Active

FIgURE 2

Components

in a VM-based desktop
deployment

CLIENT

REMOTE DESKTOP

VIRTUALIZATION HOST

REMOTE DESKTOP

CONNECTION BROKER

REMOTE DESKTOP

WEB ACCESS

DOMAIN

CONTROLLER

7

VIRTUAL DESKTOP INFRASTRUCTURE

Directorydomain.Forpersonallyowneddevices,theclientwillnotbeamemberoftheActive
DirectoryDomainServices(ADDS)domain.

•

Domain controller and other network infrastructure services

Theseservicesinclude

ADDS,DynamicHostConfigurationProtocol(DHCP),DomainNameSystem(DNS),and
routing.

Windows Server 2012 R2 introduces the concept of virtual desktop collections. A virtual desktop
collectionconsistsofoneormorevirtualdesktopsusedinaVDIdeploymentscenario.Youcan
choosetodeploypooledorpersonalcollectionswiththemethodyouselect,dependingonyour
environment and preferences, as described in Table2.

TABlE 2

ComparisonofPooledandPersonalVirtualDesktopCollections

p

ooled

p

erSonal

Changes are made to

Transientvirtualharddisk

VM virtual hard disk

Changes saved after

session ends

No(exceptforuserprofilechanges)

Yes

VM instances

SingleVMmasterimagethatallusers

in the collection share

Separate VM instances created from a

mater VM for each user

Number of images to

manage

Onemasterimage

Animageforeachuser(aftertheVM

instanceiscreated)

Infrastructure services

• Managednetwork

• RemoteDesktopServices

• HyperV

• Managednetwork

• RemoteDesktopServices

• HyperV

Network connectivity

• SupportstandardRemoteDesktop

Servicesbyusinglow-bandwidth

connections

• RemoteFXconnectionrequires

medium-tohigh-bandwidth

connections(dependingon

contentbeingdisplayed)

• SupportstandardRemoteDesktop

Servicesbyusinglow-bandwidth

connections

• RemoteFXconnectionrequires

medium-tohigh-bandwidth

connections(dependingon

contentbeingdisplayed)

Storage requirements

• Storageformasterimageand

transient virtual hard disks

• StorageforeachUserProfileDisk

(ifused)

RequiresseparateVMstoragefor

eachuser;iftheaveragestoragefor

the master VM is 100 GB and there

are100users,10TBofstoragewillbe

required

8

VIRTUAL DESKTOP INFRASTRUCTURE

p

ooled

p

erSonal

Manageability

Onlyoneimagetomanage,souse

stand-aloneimage-management

tools;changestothemasterimage

arereflectedthenexttimeasessionis

initiated

Managebyusingtechnologies

and products such as Group Policy,

WindowsServerUpdateServices,

or Microsoft System Center 2012 R2

ConfigurationManager

User flexibility

• Userscannotinstallapps

• Userscannotbeanadministrator

on their VM

• Userscaninstallapps

• Userscanbeanadministratoron

their VM

User profile storage

• Transientvirtualharddisk(VHD;

userprofilechangesarelost)

• UserProfileDisk(userprofile

changesareretained)

StoredandretainedintheVMVHDs

User, operating system,

and app configuration

management

• RoamingProfiles

• Folder Redirection

• MicrosoftUserExperience

Virtualization(UE-V)

• Microsoft Application

Virtualization(App-V)

• UserProfileDisk

• RoamingProfiles

• Folder Redirection

• UE-V

• App-V

• LocallystoredonVM

Youcandeploybothpooledandpersonalcollectionsas:

•

Managed

ThisdeploymentoptionletsRemoteDesktopServicesautomaticallymanagethe

virtual desktops within the collection.

•

Unmanaged

Thisdeploymentoptionletsyoumanuallymanagethevirtualdesktopswithin

the collection.

Thehigh-levelstepsfordeployingVM-baseddesktopdeploymentare:

1. DeployWindowsServer2012R2ontheRemoteDesktopConnectionBrokerserver.

2. DeployWindowsServer2012R2ontheRemoteDesktopWebAccessserver.

3. DeployWindowsServer2012R2ontheRemoteDesktopVirtualizationHostserver.

4. EnsurethatallserversaremembersofthesameADDSdomain.

9

VIRTUAL DESKTOP INFRASTRUCTURE

5. OntheRemoteDesktopConnectionBrokerserver,useServer

Managertoaddalltheserverstotheserverpool.

6. OntheRemoteDesktopConnectionBrokerserver,useServer

ManagertoinstallthefollowingroleservicesfortheRemote
DesktopServicesInstallationserverrole:

• RemoteDesktopConnectionBroker

• RemoteDesktopWebAccess

• RemoteDesktopVirtualizationHost

7. AddthevirtualdesktoptemplatetotheRemoteDesktop

Virtualization Host server.

8. Ifdeployingapooledcollection,createanetworksharedfolder

inwhichtostoretheUserProfileDisk(typicallyontheRemote
DesktopConnectionBrokerserver).

9. Createthecollection(pooledforapooledcollectionor

personalforapersonalcollection).

10. Verify that the virtual desktop collection works correctly.

Additional resources:

• “TestLabGuide:VirtualDesktopInfrastructureStandard

Deployment”at

http://technet.microsoft.com/en-us/library/

hh831541.aspx

• “TestLabGuide:ManagedPooledVirtualDesktopCollections”

at

http://technet.microsoft.com/en-us/library/hh831663.aspx

• “TestLabGuide:UnmanagedPooledVirtualDesktop

Collections” at

http://technet.microsoft.com/en-us/library/

hh831618.aspx

• “Windows8/WindowsServer2012:PooledVirtualDesktop

Infrastructure” at

http://blogs.technet.com/b/askperf/

archive/2012/10/31/windows-8-windows-server-2012-pooled-
virtual-desktop-infrastructure.aspx

NOTE

Althoughyouarerunning
ServerManageron
theRemoteDesktop
Connection Broker server,
ServerManagerprompts
you for the names of the
serversrunningtheother
RemoteDesktopServices
role services.

10

VIRTUAL DESKTOP INFRASTRUCTURE

Session-based desktop deployment

Figure3illustratesthehigh-levelcomponentsinasession-based
desktopdeployment.Youcanrunallofthesecomponentsonone
serveroronevenmoreserverstoprovideadditionalscalingandhigh
availability.

Thefollowinglistprovidesadescriptionofthecomponentsina
typical session-based desktop deployment:

•

Remote Desktop Connection Broker

Thisroleservice

managesconnectionsbetweentheclientsandtheremote
desktopsessionsrunningontheRemoteDesktopSessionHost.

•

Remote Desktop Session Host

Thisroleserviceruns

RemoteAppprogramsorsession-basedvirtualdesktops.
Thisroleserversisultimatelywheretheusersconnecttorun
programs,savefiles,anduseotherresources.ItusestheRemote
DesktopConnectionBrokerroleservicetodeterminethe
remote desktop session to which the user is redirected.

•

Remote Desktop Web Access

Thisroleserviceenablesusersto

accesstheremotedesktopsessionsthroughawebbrowser.

•

Client

Theclientprovidesaccesstotheremotedesktop.itcan

beatraditionaldevicerunningtheRemoteDesktopClientin
Windows,anappthatsupportsRDPandRemoteFX,athinor
zeroclientthatsupportsRDP(suchasWindowsThinPC),ora
RemoteFX-enabled device. For institution-owned devices, the

FIgURE 3

Components in

a session-based desktop
deployment

CLIENT

REMOTE DESKTOP

SESSION HOST

REMOTE DESKTOP

CONNECTION BROKER

REMOTE DESKTOP

WEB ACCESS

DOMAIN

CONTROLLER

11

VIRTUAL DESKTOP INFRASTRUCTURE

clientdevicemayormaynotbeamemberofanADDSdomain.
For personally owned devices, the client will not be a member of
anADDSdomain.

•

Domain controller and other network infrastructure
services

TheseservicesincludeADDS,DHCP,DNS,and

routing.

Thehigh-levelstepsfordeployingsession-
based desktop deployment are:

1. DeployWindowsServer2012R2ontheRemoteDesktop

Connection Broker server.

2. DeployWindowsServer2012R2ontheRemoteDesktopWeb

Access server.

3. DeployWindowsServer2012R2ontheRemoteDesktop

Session Host server.

4. EnsurethatallserversaremembersofthesameADDSdomain.

5. OntheRemoteDesktopConnectionBrokerserver,useServer

Managertoaddalloftheserverstotheserverpool.

6. OntheRemoteDesktopConnectionBrokerserver,useServer

ManagertoinstallthefollowingroleservicesfortheRemote
DesktopServicesInstallationserverrole:

• RemoteDesktopConnectionBroker

• RemoteDesktopWebAccess

• RemoteDesktopSessionHost

7. CreateanetworksharedfolderinwhichtostoretheUser

ProfileDisk(typicallyontheRemoteDesktopConnection
Brokerserver).

8. Create the session collection.

9. Verify that the session collection works correctly.

NOTE

Althoughyouarerunning
ServerManageron
theRemoteDesktop
Connection Broker server,
ServerManagerprompts
you for the names of the
serversrunningtheother
RemoteDesktopServices
role services.

12

VIRTUAL DESKTOP INFRASTRUCTURE

Additional resources:

• “TestLabGuide:RemoteDesktopServicesSessionVirtualizationStandardDeployment”at

http://technet.microsoft.com/en-us/library/hh831610.aspx

• “TestLabGuide:RemoteDesktopServicesSessionVirtualizationQuickStart”at

http://

technet.microsoft.com/en-us/library/hh831754.aspx

• “Windows8/WindowsServer2012:RemoteDesktopManagementServer”at

http://blogs.

technet.com/b/askperf/archive/2012/10/30/windows-8-windows-server-2012-remote-
desktop-management-server.aspx

• “Virtualization:VDImadeeasy”at

http://technet.microsoft.com/en-us/magazine/jj992579.

aspx

13

VIRTUAL DESKTOP INFRASTRUCTURE

Windows MultiPoint Server 2012

Windows MultiPoint Server 2012 enables multiple users to share
one computer and provides a low-cost alternative to traditional
computingscenariosinwhicheachuserhastheirowncomputer.
WindowsMultiPointServer2012alsoprovidesaneasymanagement
solution for Windows MultiPoint Server 2012 system administration
called MultiPoint Managerandaneasymanagementsolutionfor
day-to-day administration called MultiPoint Dashboard.

Windows MultiPoint Server 2012 is available in Standard and
Premiumversions.UsetheinformationinTable3 to select the
appropriate versions for your educational institution.

S

tandard

p

remium

Number of

simultaneously connected

stations

10

20

Can be joined to a

domain?

No

Yes

Virtualization support as

a host or guest operating

system?

No

Yes

WindowsMultiPointServer2012canonlybedeployonasingle
computer.YoucanscaleWindowsMultiPointServer2012only
throughtheadditionofWindowsMultiPointServer2012instances:It
hasnoinherenthighavailability.However,youcouldrunvirtualized
instancesofWindowsMultiPointServer2012onhighlyavailable
HyperV clusters.

TheuserendpointsthatconnecttothecomputerrunningWindows
MultiPoint Server 2012 are called stations. Windows MultiPoint
Server2012supportsthefollowingstationtypes:

•

Direct video–connected stations

Thecomputerrunning

Windows MultiPoint Server 2012 can contain multiple video
cards,eachofwhichcanhaveoneormorevideoports.This
allowsyoutoplugmonitorsformultiplestationsdirectlyinto

TABlE 3

Comparison

of Windows MultiPoint
Server 2012 Standard and
Premium

14

VIRTUAL DESKTOP INFRASTRUCTURE

the computer. Keyboards and mouse devices are connected
throughUSBhubsassociatedwitheachmonitor.Usea
combinationofallofthesetechnologiestocreateadirect
video–connected station.

•

USB zero client–connected stations

USBzeroclient–

connectedstationsusetheUSBzeroclientasastationUSBhub
(alsoreferredtoasamultifunction USB hub with video).These
stations connect to the Windows MultiPoint Server 2012 instance
throughaUSBcableandtypicallysupportavideomonitor,a
mouse,akeyboard(PS/2orUSB),audio,andadditionalUSB
devices.

•

USB-over-Ethernet zero client–connected stations

USB-

over-EthernetzeroclientsareavariationofUSBzeroclient–
connectedstationsthatsendUSBoverLANtotheWindows
MultiPointServer2012instance.Theseclientsfunctionsimilarly
toUSBzeroclient–connectedstationsbutarenotlimitedbyUSB
cablelengthmaximums.USB-over-Ethernetzeroclientsarenot
traditionalthinclients,andtheyappearasvirtualUSBdeviceson
the Windows MultiPoint Server 2012 system.

•

RDP-over-lAN–connected stations

Thesestationsinclude

traditionalthinclientsorotherdevicesrunningafulloperating
systemthatsupportRDP.

Additional resources:

• “DeployingWindowsMultiPointServer2012”at

http://technet.

microsoft.com/en-us/library/jj916399.aspx

• “PlanningaWindowsMultiPointServer2012Deployment”at

http://technet.microsoft.com/en-us/library/jj916408.aspx

• “DifferencesbetweenProductVersions:Standardversus

Premium” at

http://technet.microsoft.com/en-us/library/

jj916405.aspx

• “MultiPoint Server Stations” at

http://technet.microsoft.com/en-

us/library/jj916411.aspx

NOTE

Personally owned devices
canonlyuseRDP-over-
LANconnectedstation
types. Institution-
owned devices can use
any stationed type as
applicable.

15

VIRTUAL DESKTOP INFRASTRUCTURE

Preparing the infrastructure for VDI

BeforeyoudeployVDIinyourinstitution,youmustpreparetheappropriateinfrastructure.Table4
liststheVDIinfrastructurecomponentsandprovidesanoverviewofthepreparationthatmaybe
necessary for each component. In some instances, no infrastructure remediation may be necessary.

TABlE 4

VDIInfrastructureComponentsandPreparationSteps

C

omponent

p

reparation

StepS

Network

Thefollowingfactorsaffectwhetherthenetworkinfrastructureisableto

supporttheVDIsessiontrafficbetweenVDIclientsandtheVDIservers:

• PlacementoftheVDIserverscandirectlyaffecttheavailablenetwork

requirements(asdescribedinthesection“PlacingVDIservers”onpage

17).

• ThelargerthenumberofVDIclientssimultaneouslyaccessingtheVDI

infrastructure,thegreaterthenetworkbandwidththatisrequired.

• Typeofclienttraffic—forexample,graphicallyintensiveVDIsessionsrequire

morenetworkbandwidththanlessgraphicallyintensivesessions.

Storage

Theprimaryconsiderationforplanningstorageare:

• Pooledcollectionsrequiresufficientstorageforthetransitionalharddisks

andtheUserProfileDiskforeachVDIsession.

• PersonalcollectionsrequiresufficientstorageforeachVHDforeachVDI

session.

16

VIRTUAL DESKTOP INFRASTRUCTURE

C

omponent

p

reparation

StepS

Client devices

EachuserwhoaccessestheVDIinfrastructurerequiresadevicethatsupports

theappropriateclients.Userswhowillaccess:

• VM-orsession-baseddesktopdeploymentscenariosrequiredevicesthat

supportRDPorRemoteFX

• WindowsMultiPointServer2012requireoneofthesupportedWindows

MultiPoint Server 2012 stations

Someofthesedevicescanbesoftware-basedclients(suchastheRemote

DesktopClientinWindowsoperatingsystemsorappsforotheroperating

systems)orhardware-basedclients(suchasRemoteFXdevices,thinclients,or

zeroclients).

FormoreinformationabouttheclientdevicesthatcanbeusedintheseVDI

solutions,seethefollowingsectionsinthisguide:

• “WindowsMultiPointServer2012”onpage13

• “ConnectinguserstoVDIsessions”onpage25

YoucanapproximatetheactualrequirementsforeachcomponentinTable4onpage15 by
verifyingtheresourcerequirementsinalabenvironment.Forexample,youcouldapproximatethe
networkbandwidthrequirementbyconfiguringatestenvironmentandmeasuringthenetwork
trafficalimitednumberofVDIsessionsperformingtypicaltasksgenerate.Then,youcould
extrapolatetheactualrequirementbymultiplyingthemeasurednetworktrafficinthelabbythe
numberofsimultaneousVDIsessions.

17

VIRTUAL DESKTOP INFRASTRUCTURE

Placing VDI servers

Table5comparesthecentralizedanddecentralizedplacementstrategiesforVDIservers.Youcan
useanycombinationofthesestrategiestoplaceyourVDIservers.

TABlE 5

ComparisonofCentralizedandDecentralizedPlacementofVDIServers

C

entralized

d

eCentralized

Scenario

CentralizedITdatacenter.

Placement in classrooms, labs, or near

VDIclientlocations.

Management

Requireslesseffortbecausethereare

fewerserverstomanage.

Requiresmoreeffortbecausethere

aremoreserverstomanage.

High availability

HigherconcentrationofuserVDI

sessionsmakesimplementinghigh-

availabilitytechnologies(suchas

loadbalancingorWindowsfailover

clustering)morecost-effective.

LowerconcentrationofuserVDI

sessionsmakesimplementinghigh-

availabilitytechnologieslesseffective.

Scaling

HigherconcentrationofuserVDI

sessionscanoffsetthecostsrequired

forscaling.Youcanaddserversor

systemresourcestoincreasescaling

capability.

LowerconcentrationofuserVDI

sessions may not be able to offset

costsrequiredforscaling.For

example,addingaservertoa

classroomwithanexistingserver

would effectively double the costs.

Efficient use of system

resources

UserVDIsessionscanbedistributed

(loadbalanced)acrossmultiple

servers, which results in the servers

beingmoreequallyutilized.

SomeVDIserversmaybe

underutilized, while others are

overutilized, with no way to share

resourcesamongservers.

Network traffic

Higheravailablenetworkbandwidth

isrequiredontheinstitution’s

networkbackbonetosupportVDI

sessions.

Trafficismorelocalizedandhasless

impactontheinstitution’snetwork

backbone.

18

VIRTUAL DESKTOP INFRASTRUCTURE

Building virtual desktop templates

VDIVM-baseddesktopdeploymentscenariosrequireavirtual desktop template. A virtual desktop
templatehasallthenormalsettingsofaVM(suchasmemory,networking,andVHDsettings).
WhenanewuserconnectstotheVDI,theVDIcreatesavirtualdesktopVMbasedonthevirtual
desktop template.

Tocreateyourvirtualdesktoptemplate,useHyperVManagerwiththerecommendationslistedin
Table6.

TABlE 6

VirtualDesktopTemplateConfigurationSettingRecommendations

S

etting

d

eSCription

Memory

Dependingontheappsyouruserswillberunning,youmayneedtoincrease

thisvalue.Measurethememoryusersrequirebydeterminingthememory

consumedonaphysicaldevicewhilerunningtheapps.Youcanconfigure

the virtual desktop template to use static or dynamic memory. Microsoft

recommendsthatyouconfigurethevirtualdesktoptemplatetouseatleast

1,024 MB.

Network

Configurethevirtualnetworkadaptertoconnectto:

• AvirtualswitchinHyperVontheRemoteDesktopVirtualizationHost.The

HyperVvirtualswitchmustconnecttoyourinstitution’sintranetsothatthe

VDIsessionscanconnecttoresourcesonyourintranetandtheInternet.

• Thedomainspecifiedduringtheconfigurationprocess.Thisisrequired

because the instances of the VM template are automatically joined to the

domain when they are created.

VHDs

OnlyoneVHDissupported.TheVHD:

• MustcontainaWindows8.1imagethatyouhaveconfiguredtoa

generalizedstatebyusingtheWindowsSystemPreparationTool(Sysprep)

• Canbeconfiguredasadifferencingdisk

• CancontainmorethanonepartitionbutonlyoneWindowsoperating

systemimage

Snapshots

Thevirtualdesktoptemplatecanhaveoneormoresnapshotsbutthecurrent

(Now)stateofthevirtualdesktoptemplate.Thisallowsyoutomanagethe

templatemoreefficiently.Youcantakesnapshotofthetemplatejustpriorto

runningSysprepsothatitiseasytorestorethetemplatetoabeginningstate,

changetheconfiguration,takeanothersnapshot,andthenrunSysprepagain

on the updated version of the template.

19

VIRTUAL DESKTOP INFRASTRUCTURE

RemoteDesktopServicesexportsthevirtualdesktoptemplateduring
thevirtualdesktopcollectioncreationprocess.Theexportprocess
createsacopyofthevirtualdesktoptemplate,includingallofthe
configurationsettingsmadeinTable6onpage18.Thisallowsyou
managethevirtualdesktoptemplatewhileusersareconnectedto
theirVDIsessions.

Additional resources:

• “SingleImageManagementforVirtualDesktopCollections

in Windows Server 2012” at

http://blogs.msdn.com/b/rds/

archive/2012/10/29/single-image-management-for-virtual-
desktop-collections-in-windows-server-2012.aspx

• “TestLabGuide:ManagedPooledVirtualDesktopCollections”

at

http://technet.microsoft.com/en-us/library/hh831663.aspx

• “TestLabGuide:UnmanagedPooledVirtualDesktop

Collections” at

http://technet.microsoft.com/en-us/library/

hh831618.aspx

• “SettingupanewRemoteDesktopServicesdeployment

usingWindowsPowerShell”at

http://blogs.msdn.com/b/rds/

archive/2012/07/18/setting-up-a-new-remote-desktop-services-
deployment-using-windows-powershell.aspx

NOTE

Twoormorevirtual
desktop collections can
share the same virtual
desktop template.

20

VIRTUAL DESKTOP INFRASTRUCTURE

Client licensing for VDI

MicrosoftlicensesclientaccesstoVDIsessionsthroughWindows
VirtualDesktopAccess(VDA).WindowsVDAisadevice-based
subscription that licenses Windows 8.1 for virtual desktops by access
device:

•

Devices covered by Microsoft Software Assurance

Virtual

desktopaccessrightsareabenefitofSoftwareAssurance.
DevicescoveredunderSoftwareAssurancehaveaccesstoaVDI
desktopatnoadditionalcharge.

Table7listtheWindows8.1VDIlicensingoptionsbasedonthe
operatingsystemrunningonthedeviceusedasaVDIclient.

•

Devices not covered by Software Assurance

Thesedevices

(suchasthinclients)mustpurchaseaWindowsVDAlicensefor
eachdevicetoaccessaVDIdesktop,regardlessoftheoperating
systemrunningonthedevice.Thisincludespersonallyowned
devices.

C

lient

oS

vda

liCenSe

optionS

Windows 8.1 Pro

WindowsVDAlicenseandfreeupgradeto

Windows 8.1 Enterprise included

Windows RT

WindowsVDAlicenseincludedwhenthedevice

is associated with a primary device covered by

SoftwareAssurance(forexample,theprimarydevice

isrunningWindows8.1Enterpriseandiscoveredby

SoftwareAssurance)

Windows 7

WindowsVDAlicenseandfreeupgradeto

Windows 8.1 Enterprise

Windows Vista

WindowsVDAlicenseincluded;licensedtouse

WindowsThinPCasanRDPandRemoteFXclienton

these devices

Windows XP

WindowsVDAlicenseincluded;licensedtouse

WindowsThinPCasanRDPandRemoteFXclienton

these devices

Android

MustpurchaseaWindowsVDAlicenseforeach

device

INFO

Thelicensinglistedin
this table applies only to
institution-owned devices.
All personally owned
devicesrequireaWindows
VDAsubscription.

TABlE 7

WindowsVDA

LicensingOptions

21

VIRTUAL DESKTOP INFRASTRUCTURE

C

lient

oS

vda

liCenSe

optionS

iOS

MustpurchaseaWindowsVDAlicenseforeach

device

Additional resources:

• “MicrosoftVDIandWindowsVDAFrequentlyAskedQuestions”at

http://download.microsoft.

com/download/1/1/4/114A45DD-A1F7-4910-81FD-6CAF401077D0/Microsoft%20VDI%20
and%20VDA%20FAQ%20v3%200.pdf

• “VolumeLicensing—MicrosoftSoftwareAssurance“at

http://www.microsoft.com/licensing/

software-assurance/default.aspx

• “MicrosoftLicensingfortheConsumerizationofIT”at

http://www.microsoft.com/licensing/

about-licensing/briefs/consumerization-it.aspx

• “MicrosoftLicensingfortheConsumerizationofIT—AcademicLicensingScenarios”at

http://

www.microsoft.com/licensing/about-licensing/briefs/consumerization-it-academic.aspx

• “LicensingWindowsdesktopoperatingsystemforusewithvirtualmachines”at

http://

download.microsoft.com/download/3/D/4/3D42BDC2-6725-4B29-B75A-A5B04179958B/
Licensing_Windows_Desktop_OS_for_Virtual_Machines.pdf

22

VIRTUAL DESKTOP INFRASTRUCTURE

Using Volume Activation

YoumustprovideWindows8.1licenseactivationfortheVMsused
inVDIscenarios.ThefollowingisalistoftheMicrosoftVolume
ActivationtechnologiesavailableforWindows8.1andabrief
description of each:

•

Active Directory-Based Activation (ADBA)

ADBAisarole

servicethatallowsyoutouseADDStostoreactivationobjects,
whichcanfurthersimplifythetaskofmaintainingVolume
Activationservicesforanetwork.WithADBA,noadditionalhost
serverisneeded,andactivationrequestsareprocessedduring
computerstartup.ADBAworksonlyfordomain-joineddevices
runningWindows8.1.

•

Key Management Service (KMS)

TheKMSroleserviceallows

organizationstoactivatesystemswithintheirnetworkfroma
server on which a KMS host has been installed. With KMS, you
cancompleteactivationsonyourlocalnetwork,eliminating
the need for individual computers to connect to Microsoft for
productactivation.KMSdoesnotrequireadedicatedsystem,
and it can be cohosted on a system that provides other services.
By default, volume editions of Windows 8.1 connect to a system
thathoststheKMSservicetorequestactivation.Noactionis
requiredfromtheuser.

Table8liststheVolumeActivationtechnologiesandtheinformation
necessaryforselectingtheappropriatetechnologiesforyour
institution.Youcanuseanycombinationofthesetechnologiesto
designacompleteVolumeActivationsolution.

TABlE 8

VolumeActivationTechnologySelection

adba

kmS

Domain joined

Yes

Yes

Devices must connect to the

network at least once every

180 days

Yes

Yes

INFO

For information about
licensingtheclientsused
toaccessyourVDI,seethe
section “Clientlicensing
forVDI”onpage20.

NOTE

Althoughyoucanperform
Volume Activation by
usingMultipleActivation
Keys(MAKs),Microsoft
does not recommend
MAKsforVDIbecausethey
cannot be dynamically
applied to VMs based on
VDIdemands.UseADBA
or KMS, instead.

23

VIRTUAL DESKTOP INFRASTRUCTURE

adba

kmS

Supports Volume Activation

of Microsoft Office

Yes(Microsoft

Office2013only,

not Microsoft

Office365or

previous versions of

Office)

Yes

Requires Volume Activation

services in Windows

Server 2012 R2

Yes

No

Microsoft Volume licensing

information is stored in

AD DS

Yes

No

Infrastructure

ADDS

ADDS

KMS server

ADBAandKMSarebothroleservicesintheVolumeActivation
Services server role in Windows Server 2012 R2. KMS is also available
inpriorversionsofWindowsServer.YoucanuseServerManager
orWindowsPowerShellcmdletstoinstallandconfiguretheserole
services.

YoucancentrallymanageWindows,Office,andotherMicrosoft
products’volumeandretailactivationprocessesbyusingtheVolume
ActivationManagementTool(VAMT),whichisincludedinthe
WindowsAssessmentandDeploymentKit.

NOTE

Youcanusethesame
Volume Activation
infrastructuretomanage
VDIactivationand
activation for your other
Windows 8.1, Windows 7,
Windows Server 2012
R2, and Windows
Server2008R2operating
systems.

24

VIRTUAL DESKTOP INFRASTRUCTURE

Additional resources:

• “VolumeActivationOverview”at

http://technet.microsoft.com/library/hh831612.aspx

• “InstallingVolumeActivationServicesRoleinWindowsServer2012tosetupaKMSHost”

at

http://blogs.technet.com/b/askcore/archive/2013/03/14/installing-volume-activation-

services-role-in-windows-server-2012-to-setup-a-kms-host.aspx

• “TestLabGuide:DemonstrateVolumeActivationServices”at

http://technet.microsoft.com/

library/hh831794.aspx

• “Volume Activation” in Windows 8 deployment planning: A guide for education at

http://www.

microsoft.com/download/details.aspx?id=39682

• “VolumeActivationManagementTool(VAMT)Overview”at

http://technet.microsoft.com/

library/hh824953.aspx

• “VolumeLicensing”at

http://www.microsoft.com/licensing/about-licensing/windows8.aspx

• “IntroductiontoVAMT”at

http://technet.microsoft.com/library/hh825141.aspx

• Volume Licensing Guide for Windows 8.1 and Windows RT 8.1 at

http://download.microsoft.

com/download/9/4/3/9439A928-A0D1-44C2-A099-26A59AE0543B/Windows_8-1_
Licensing_Guide.pdf

• “MicrosoftLicensingfortheConsumerizationofIT—AcademicLicensingScenarios”at

http://

www.microsoft.com/licensing/about-licensing/briefs/consumerization-it-academic.aspx

• “VolumeactivationmethodsinOffice2013”at

http://technet.microsoft.com/library/jj219430.

aspx

25

VIRTUAL DESKTOP INFRASTRUCTURE

Connecting users to VDI sessions

UsersneedaccesstotheirVDIsessionsthroughtheirinstitution-
owneddevices.ConnectionsforVDIsessionsgo:

•

Directly to Windows MultiPoint Server 2012 for all Windows
MultiPoint Server 2012 clients

Windows Multipoint

Server 2012 supports four types of connections:

• Directvideo–connectedstations

• USBzeroclient–connectedstations

• USB-over-Ethernetzeroclient–connectedstations

• RDP-enableddevices

Oftheseconnections,onlyRDP-enableddevicesareableto
connectoverremoteaccessconnections(suchasavirtual
privatenetwork[VPN]orMicrosoftDirectAccess).Theother
connection types will not function properly over WAN-speed
connections.

Institution-owned devices can use any combination of
connection types as appropriate. Personally owned devices can
onlyactasRDP-enableddevices.

FormoreinformationabouthowtoselecttherightWindows
MultiPoint Server 2012 client, see the topic “MultiPoint Server
Stations” at

http://technet.microsoft.com/en-us/library/jj916411.

aspx

.

•

Through Remote Desktop Session Broker for all session-based
and VM-based VDI sessions

TheRemoteDesktopSession

BrokersupportsthefollowingRDPclients:

• Remote Desktop Client ThisRDPclientisincludedin

fullWindowsoperatingsystems(suchasWindows8.1,
Windows7,orWindowsVista).Selectthisclientwhenthe
client device runs Windows 8.1, Windows 8, Windows 7, or
Windows Vista.

NOTE

RemoteFX is only
supported on Windows
Vistaandlateroperating
systems.TheWindowsXP
operatingsystemsupports
onlyastandardRDPclient
connection and does not
support the enhanced
features in RemoteFX.

26

VIRTUAL DESKTOP INFRASTRUCTURE

• Remote Desktop Web Access ThisclientallowsuserstoestablishVDIconnections

throughawebbrowser(suchasInternetExplorer).Noclientsoftwareneedbeinstalled
onthetargetdevice.SelectthisRDPclientwhenyoucannotinstalltheRemoteDesktop
Clientontheclientdeviceortheclientdeviceisrunninganoperatingsystemotherthan
Windows 8 .1, Windows 8, Windows 7, or Windows Vista.

• Window Thin PC ThisoperatingsystemincludestheRemoteDesktopClientand

can be installed on older devices that are unable to support Windows 8 .1, Windows
8,Windows7,orWindowsVista.Forexample,youcouldinstallWindowsThinPCon
adevicethathassufficientresourcestosupportWindowsXPonly.WindowsThinPC
is provided as a part of Software Assurance. Select this method when the client device
hasinsufficientsystemresourcestorunWindows8.1,Windows8,Windows7,or
Windows Vista.

• Thin client devices ThesetypesofdevicesareprovidedbyMicrosoftpartnersand

havetheRDPimbeddedintheirfirmware.Thesedevicestypicallyhavelittleorno
capabilitytoperformanylocalprocessingbutdosupportUSBdevices.Selectthese
typesofdeviceswhenusersneedaccesstoVDIsessionsonlyanddonotneedto
performanylocalprocessing.

• RemoteFX devices ThesedevicesareprovidedbyMicrosoftpartnersandruna

supersetoftheRDPthatalsoincludessupportforRemoteFX.Selectthesedeviceswhen
you need to support enhanced multimedia.

• Partner products ManyMicrosoftpartnersandsoftwarevendorscreateRDPclients

forotherclientdevices(suchasiOSorAndroiddevices).Theseproductsenablethese
devicestoconnecttoVDIbyusingRDPorRemoteFX.Selectthismethodwhenyouneed
tosupportspecifictypesofclientdevices.

AllclientsthatsupportRPDandRemoteFXcanfunctionoverremoteaccessconnections(suchas
aVPNorDirectAccess),butRemoteFXconnectionstypicallyrequirehigheravailablebandwidth
thanastandardRDPconnection.

Additional resources:

• “RemoteDesktopProtocol”at

http://msdn.microsoft.com/en-us/library/windows/desktop/

aa383015(v=vs.85).aspx

27

VIRTUAL DESKTOP INFRASTRUCTURE

Storing user and

application settings

WhenusersconnecttoVDI,theyneedtohavethesameuser
experiencetheywouldiftheywereusingaphysicaldevice.Usersalso
requireaccesstoWindowsStoreappsanddesktopapplicationsthat
they use for administration or curriculum.

Onechallengeisthatinmanyinstances,usershaveaphysicaldevice
runningWindowsinadditiontotheirVDIsession.Thismeansthey
need their user experience and apps to follow them between their
physicaldevicesrunningWindowsandtheirVDIsessions.

AfterauserendstheirVDIsession,bydefault,userandapplication
settingsintheirVDIsessionis:

•

Saved for personal collections in VM-based desktop
deployment

Althoughuserandapplicationsettingsaresaved

forthistypeofVDIsession,theyaresavedonlyontheVHDs
associatedwiththeVDIsession.Thiscancreateproblemsifthe
useralsousesaphysicaldeviceoraseparateVDIinfrastructure
withintheeducationalinstitution(forexample,astudent
accessesoneVDIinfrastructureforaphysicsclassandanother,
separateVDIinfrastructureforacomputergraphicsclass).

•

Saved for pooled collections in VM-based desktop
deployment with a User Profile Disk

ThistypeofVDIsession

hasthesameproblemsaspersonalcollectionsessions.Userand
applicationsettingsaresavedontheUserProfileDisk,whichis
uniquetoaspecificVDIinfrastructureandwillnotbeavailable
tootherVDIinfrastructuresorphysicaldevices.

•

Saved for session-based deployment with a User Profile
Disk

ThistypeofVDIsessionhasthesameproblemsas

personalandpooledcollectionsessions.Userandapplication
settingsaresavedontheUserProfileDisk,whichisuniquetoa
specificVDIinfrastructureandwillnotbeavailabletootherVDI
infrastructures or physical devices.

NOTE

Userandapplication
settingscannotfollow
physical devices that are
not domain joined, that
runaWindowsoperating
system prior to Windows
7, or that run another
operatingsystem(suchas
iOSorAndroid).

28

VIRTUAL DESKTOP INFRASTRUCTURE

•

lost for all other types of VDI sessions

ThesetypesofVDIsessionsincludesession-based

VDIwithoutaUserProfileDisk,personalcollectionsinVM-baseddesktopdeployment
withoutaUserProfileDisk,andWindowsMultiPointServer2012sessions.Whentheuserends
theVDIsession,allthechangestheymadetotheiruserprofileandapplicationsarediscarded.

Youcanuseanycombinationofthefollowingtechnologiestohelpensurethatuserexperience
andappsfollowusersbetweentheirVDIsessionsandphysicaldevices(ifthedevicesaredomain
joinedandtheuserlogsonbyusingtheirinstitution-issuedcredentials):

•

Windows Folder Redirection

TheFolderRedirectionfeatureinWindows8.1redirectsthe

pathofaknownfolder(suchastheDocuments,Pictures,orVideofolderinauserprofile)toa
newlocationmanuallyorbyusingGroupPolicy.Thenewlocationcanbeafolderonthelocal
deviceoradirectoryonafileshare.Usersinteractwithfilesintheredirectedfolderasifthey
still existed on the local drive.

•

Windows Roaming User Profiles

TheRoamingUserProfilesfeatureinWindows8.1

redirectsuserprofilestoafilesharesothatusersreceivethesameoperatingsystemand
applicationsettingsonmultiplecomputers.Whenauserlogsontoacomputerbyusingan
accountthatissetupwithafileshareastheprofilepath,theuser’sprofileisdownloadedto
thelocalcomputerandmergedwiththelocalprofile(ifpresent).Whentheuserlogsoutof
thecomputer,thelocalcopyoftheirprofile,includinganychanges,ismergedwiththeserver
copyoftheprofile.

•

UE-V

UE-Visanenterprise-scaleuserstatevirtualizationsolutionthatkeepsusers’

experiencewiththem.UE-Vprovidesusersthechoiceofchangingtheirdeviceandkeeping
theirexperiencesothattheydonothavetoreconfigureapplicationseachtimetheylogon
todifferentWindows8.1VDIsessions.UE-VintegrateswiththeFolderRedirectionfeaturein
Windows 8.1 to help make user folders accessible from multiple physical or virtual devices.
UE-Vsupportsdesktopapplicationsthataredeployedusingdifferentmethods(suchas
locallyinstalledapps,App-Vsequencedapplications,orRemoteDesktopapplications).

•

App-V

App-Vvirtualizesdesktopapplicationssothattheybecomecentrallymanaged

servicesdeployedtoavirtualizeddesktopapplicationenvironmentondeviceswithoutusing
traditionalinstallationmethods(knownasapplication sequencing).Thesequenceddesktop
applications run in their own self-contained virtual environment and are isolated from each
other,whicheliminatesapplicationconflictsbutallowsdesktopapplicationstointeractwith
the VM.

RememberthatuserexperienceandappsfollowusersforVDIsessionsandnottotheirinstitution-
ownedorpersonallyowneddevices(unlessaninstitution-owneddeviceisdomainjoinedandthe
userlogsonbyusingtheirinstitution-issuedcredentials).

29

VIRTUAL DESKTOP INFRASTRUCTURE

Additional resources:

• “Deviceroaming”inWindows 8.1 deployment planning: A guide for education at

http://www.

microsoft.com/download/details.aspx?id=39682

30

VIRTUAL DESKTOP INFRASTRUCTURE

Running Windows Store

and sideloaded apps

OnebenefitofrunningWindows8.1inVDIistheabilitytorun
Windows Store apps. Table9 lists the support for Windows Store and
sideloadedappsinVDI.

S

Cenario

S

upport

Personal VM-based

desktop deployment

Windows Store and sideloaded apps are

installed and run as they would be on a

physical device.

Pooled VM-based

desktop deployment

• Sideloadedappsrequirethatuserstatebe

persistedbyusinganycombinationofthe

followingmethods:

• UserProfileDisk

• Folder Redirection

• UE-V

• Windows Store apps are unsupported.

Session-based desktop

deployment

• Sideloadedappsrequirethatuserstatebe

persistedbyusinganycombinationofthe

followingmethods:

• UserProfileDisk

• Folder Redirection

• UE-V

• Windows Store apps are unsupported.

RemoteApp

Windows Store and sideloaded apps are

unsupported.

Additional resources:

• Windows Store apps: A deployment guide for education at

http://

www.microsoft.com/download/details.aspx?id=39685

TABlE 9

Support for

Windows Store and
SideloadedAppsinVDI

31

VIRTUAL DESKTOP INFRASTRUCTURE

Managing VDI

Table10liststhetechnologiesavailableformanagingyourVDI.Youcanselectanycombinationof
thesetechnologiestodesignacompleteVDImanagementsolution.Eachtechnologyisdiscussed
inasubsequentsection.

TABlE 10

VDIManagementTechnologySelection

g

roup

p

oliCy

W

indoWS

p

oWer

S

hell

S

yStem

C

enter

2012

r2 C

onfiguration

m

anager

W

indoWS

i

ntune

Control Windows

Store access

Yes

No

Yes

Yes

Control installation

of apps

Yes(with

AppLocker,

whichrequires

Windows 8.1

Enterprise)

No

Yes(inconjunction

with Group Policy

andAppLocker,

whichrequires

Windows 8.1

Enterprise)

No

Operating

system setting

management

Yes

Yes

Yes

Yes

User setting

management

Yes

Yes

Yes

Yes

App setting

management

Yes(ifregistry

based)

Appspecific

Yes,butscripting

mayberequired

Yes,butscripting

mayberequired

Centralized

administration

model

Yes

No

Yes

Yes

On or off premises

Onpremises

Onpremises

Onpremises

Offpremises

On-premises

infrastructure

ADDS

None

Managednetworks

System

Center 2012 R2

Configuration

Manager

None

32

VIRTUAL DESKTOP INFRASTRUCTURE

g

roup

p

oliCy

W

indoWS

p

oWer

S

hell

S

yStem

C

enter

2012

r2 C

onfiguration

m

anager

W

indoWS

i

ntune

VDI sessions must

be domain joined

Yes

No

No,butchallenges

exist for native

support; Windows

Intuneintegration

is recommended

for nondomain-

joinedVDIsessions

No

Supports self-

service model

for software and

updates

No

No

Yes

Yes

Supports push

model for software

and updates

Yes

Yes

Yes

Yes

Can be used to

create enterprise

app store

No

No

Yes

Yes

User interaction

ITprodoesback-

endconfiguration

Userperformsno

actions

ITproperformsall

tasks

ITprodoesback-

endconfiguration

Userhasno

interaction for

push model and

limited interaction

for self-service

model

ITprodoesback-

endconfiguration

Userhasno

interaction for

push model and

limited interaction

for self-service

model

Provided with

Windows 8.1

No

Yes

No

No

Provides unified

solution for the

entire software life

cycle, including

installation,

updates,

supersedence, and

removal

No

No

Yes

Yes

Can be used for

operating system

deployment

No

No

Yes

No

33

VIRTUAL DESKTOP INFRASTRUCTURE

g

roup

p

oliCy

W

indoWS

p

oWer

S

hell

S

yStem

C

enter

2012

r2 C

onfiguration

m

anager

W

indoWS

i

ntune

Requires additional

cost

Yes(ifADDSisnot

alreadyinstalled)

No

Yes(ifno

System Center

Configuration

Manager

infrastructure is

installed)

Yes(subscription

model)

Manage

institution-owned

devices

Yes(ifdomain

joined)

Yes

Yes

Yes

Manage personally

owned devices

No(asaretypically

notdomainjoined)

Yes

Yes(through

Microsoft

Exchange

ActiveSync

connector or

Windows Intune

integration)

Yes

YoucanmanageWindowsStoreappsanddesktopapplicationsin
VDIbyusinganytechnologyusedtomanageWindowsStoreapps
and desktop applications on physical devices. For more information
aboutWindowsStoreappanddesktopapplicationmanagement,see
Windows Store apps: A deployment guide for education at

http://www.

microsoft.com/download/details.aspx?id=39685

and Windows 8.1

deployment planning: A guide for education at

http://www.microsoft.

com/download/details.aspx?id=39682

.

Group Policy

YoucanuseGroupPolicytomanageuser,Windowsoperatingsystem,
andapplicationsettingsfortheVDIinfrastructureandVDIsessions.
Ultimately,youcanuseGroupPolicytomanageanyconfiguration
settingsstoredintheWindowsregistry.Microsoftprovidesbuilt-in
GroupPolicytemplatesformostcommonconfigurationsettings.In
addition, you can create custom Group Policy templates that allow
youtomanageconfigurationsettingsthatthebuilt-intemplatesdo
notprovide.YoucanalsouseGroupPolicytocontrolWindowsStore
accessandtheinstallationandrunningofappsondevices(when

NOTE

Personally owned devices
are typically not domain
joined and as such cannot
bemanagedthrough
Group Policy. Institution-
owned devices that are
domain joined can be
managedbyusingGroup
Policy.

34

VIRTUAL DESKTOP INFRASTRUCTURE

usedinconjunctionwithAppLocker).YoucanalsouseGroupPolicytomanageRemoteDesktop
Services,RemoteDesktopClient,andRemoteFXconfiguration.

Additional resources:

• “Group Policy” at

http://technet.microsoft.com/windowsserver/bb310732.aspx

• “ManagingClientAccesstotheWindowsStore”at

http://technet.microsoft.com/en-us/

library/hh832040.aspx

Windows PowerShell

YoucanperformmanycommonWindows8.1administrativetasksbyusingWindowsPowerShell
cmdlets,includingWindowsStoreappmanagementandoperatingsystemconfiguration.You
canalsouseWindowsPowerShelltomanagetheWindowsServer2012R2serverrolesandrole
services.YoucanuseWindowsPowerShellinteractivelyortocreatescriptsthatcanberunto
performmorecomplextasksfortheVDIinfrastructureandVDIsessions.

Additional resources:

• “Windows PowerShell” at

http://technet.microsoft.com/library/bb978526.aspx

System Center 2012 R2 Configuration Manager

SystemCenter2012R2ConfigurationManagerautomatestheongoingmanagementofthe
VMs, the Windows Server 2012 R2 server roles and role service, client devices, and the other
infrastructureservices(suchasADDSorDHCP).YoucanuseSystemCenter2012R2Configuration
ManagertoautomatethefollowingmanagementtasksfortheVDIinfrastructureandsessions:

• DeployWindowsStoreappanddesktopapplications

• Deploysoftwareupdatesandhotfixes

• Helpensurecompliancewithestablishedconfigurationbaselines.

• Provide virus and malware protection

• Inventory hardware and software assets

• Provide remote helpdesk support for users

35

VIRTUAL DESKTOP INFRASTRUCTURE

• Providecomprehensivereportingonthecurrentstatusofallhardwareassets,softwareassets,

software deployment status, compliance status, software update status, and other reports

SystemCenter2012R2ConfigurationManagerprovidesaunifiedconsoleformanagingVDIand
canoptionallyintegratewithWindowsIntunetohelpyoumanagedevicesthatarenotconnected
totheeducationalinstitution’sintranet.Institution-owneddevicescanbemanagedbyusing
SystemCenter2012R2ConfigurationManager.Personallyowneddevicesaretypicallynotdomain
joinedandcannotbemanagedbyusingSystemCenter2012R2ConfigurationManageronly,
butpersonallyowneddevicescanbemanagedbyusingSystemCenter2012R2Configuration
ManagerwiththeExchangeActiveSyncConnectororWindowsIntuneintegration.

Additional resources:

• “SystemCenter2012R2ConfigurationManager”at

http://www.microsoft.com/en-us/server-

cloud/system-center/configuration-manager-2012.aspx

Windows Intune

WindowsIntuneisanoff-premises,cloud-basedmanagementsolutionthatprovidesdevice
management,softwareinstallation,andsoftwareupdatemanagement.WindowsIntunecan
integratewithSystemCenter2012R2ConfigurationManagertoprovideaunifiedmanagement
solutionfortheVDIinfrastructureandVDI.YoucanuseWindowsIntunetomanageinstitution-
owned or personally owned devices.

Additional resources:

• “Windows Intune” at

http://www.microsoft.com/en-us/windows/windowsintune/pc-

management.aspx

©2014MicrosoftCorporation.Allrightsreserved.

Thisdocumentisforinformationalpurposesonlyand
is provided “as is.” Views expressed in this document,
includingURLandanyotherInternetWebsitereferences,
maychangewithoutnotice.MICROSOFTMAKESNO
WARRANTIES,EXPRESSORIMPLIED,INTHISDOCUMENT.