WHY CHOOSE AZURE VIRTUAL DESKTOP Which virtual desktop is best

Show video

[Music] from chromecast check it out i'm sam major commercial director of chrome technologies we're enjoying today my first time by mr paul kerry seeing his technical insult yeah thanks for having me sam no problem um today we're talking about the evolution of the modern desktop and specifically around avd azure virtual desktop and obviously that's something i know you've got a lot of experience going back to kind of citrix and obviously now people are kind of this migration to avd uh and we great today to kind of if you talk or audience or i guess um hey what is it let's go through some of the basics you know what is a virtual machine uh some advantages of avd over some of the competition and why people we're seeing this migration away from you know systems like citrix into abd and then i guess some of the more interesting stuff that i've discovered as we work on this the fact that we can now almost you know have a windows desktop on any device should you choose to and i guess there's also some potential security concerns around some of that but if we go into i guess to rewind on all of that and go in at the beginning i guess so you know what is what is abd abd is in a it's an azure virtual desktop environment it's a new environment which microsoft have released and allowing people to connect up to windows 10 machines within their environment uh you'd use it to connect up to resources that are published to you in a secure and controlled manner and that the desktops are created by it the the it department and the the then replication applications available to users can be restricted and limited uh depending on the user's group that they belong to or depending on user access rights and permissions as um secured by default so access is through a hosted uh microsoft hosted platform allowing connections through uh a web application gateway which they look after okay how's that different from you know again treatment is a bit of a luddite on this i know i know a bit but obviously no in there in your realm so we've got kind of a what i'll be used to the fat client environment and kind of the access we have around that with kind of a d and and ous and all that sort of stuff is it a direct replica of that with azure or is there kind of more to it so it's um it's moving the windows workstations with people's with users data on them and applications along out of their physical environment up into the jaws cloud environment the applications will remain the same they're restricted as to what people have access to um it's much more controlled and it's easier to prevent data loss through a visual virtual desktop so that's an interesting point because a lot of things we've talked about especially on recent podcasts have been around kind of ransomware and date loss and strong passwords and all the sort of standard stuff that we know is important so it would be good to understand i guess how by using uh things like avd do we are we able to enhance that security so within avd you can you can stop people from extracting data pulling data out of their connection into the virtual desktop and we can stop people accessing usb drives printers um this local file drive yeah i'm saying because it's quite important because the whole point of them being on the virtual desktop is is to work work from anywhere a piece so obviously if you've got a machine in an office uh there's also a physical control you put over but obviously there's the eyes on it but if i'm working from anywhere yeah you kind of need the extra layer of security yeah of course if you're working from home then you can plug in any computer you can plug in your computer to use it connect up via that and access across a secure connection um with the it being able to restrict the number of resources that you can pull data through to get back to your own computer so just think about that because obviously um kind of pandemic all that sort of stuff we saw a lot of remote work increased exponentially but byod yeah obviously people use their own devices what considerations do we have to think about so if someone is using their own device and also we talked about this kind of off-camera the fact that you could you can use an ipad you could use your mobile phone i'm not sure you want to use a windows desktop but you could um but you know it's giving people this this capability to use that work desktop i guess from anywhere but are there any considerations around the i guess the basic system requirements and that sort of stuff to actually make it work properly or does it not matter because we're leveraging the cloud so yeah microsoft implementation have removed a lot of the infrastructure management service they're required to get a desktop published to you um typically in an rds environment or citrix environment there's no there's a very many infrastructure servers that are required to get this to work microsoft take all that away okay and everything is managed by microsoft they're using the microsoft authenticator app or text messages they can send you conditional based access which is all inherent into the microsoft platform and it's used widely throughout many different services many applications use it that aren't within azure so the authentication because it's part of that natural microsoft ecosystem it is and the the benefits of that are well trodden well used by multiple different applications um both within azure and outside of azure and the authentic authenticator applications is used to secure many different environments mm-hmm yeah we took obviously the security piece again so i assume you thought things like mfa and that sort of thing to actually access the information yeah so mfa can comprise multiple forms with within the authentication process you can receive text messages use authenticator app on your phone and you look at source ip addresses and access tokens based on if you've accessed them in the past or not okay you may or may not get prompted if you're coming from a secure location um depends how you want to configure it okay so it's very flexible and i was about to say that's all part of the i guess the consideration you have to give when you're when you're designing something like this you're configuring something like for a customer that's part of the investigation i guess is looking at where people will work uh i guess the parameters of that the permissions they all need to have they're all considerations we've got to have from day one yeah so some access be can be constrained to how if you'd like it there's very little that would get through it if you configured it in a great way now i guess it's really important if you've got i don't know it could be hr for instance you don't want to look at certain stuff here but not necessarily over there and all that sort of things to having that that ultimate level of control and then i know everything that i was thinking of and again we talked about some of this off camera and it's quite enlightening but it kind of made my brain ping if you like but just the ease of scalability you know we've seen before where we've done obviously some lots of large scale i'll let's call it traditional fat client rollouts uh you know that's quite a bit of literary heavy lifting and there's also a lot of on-site infrastructure to support all of that and it's just i guess the ease of actually spinning stuff up like abd to get that to multiple users you know very rapidly yes it's all infrastructure as code so you can write and develop your solution depending on how you write the the scripts that you can pass up to to visual the machines can be built on on the fly almost uh additional machines added into a pool as you require so you typically build up a golden image and put your applications into that then you place it into a shared image gallery within azure and from that you create the workstations that users would connect onto the workstations can be windows 10 it could be server 2016 2019 as you like yep as in a traditional on-premise environment um multiple users could log on to the same windows 10 enterprise machine if they wanted to and i think that was an interesting point we discussed as well is it in my head kind of the lvdi world it was almost like a one to one this is my virtual desktop my profile and actually with avd it can be quite different you can have that shared resource like estimate commercial perspective that makes sense yeah so you reduce the the cpu and ram overheads and the cost that you'd be incurred by using that and we've had multiple users logging on to the same windows 10 machine yeah do you have to i guess do you have to throttle what people can have or does it allow you to burst if you get someone doing something particularly resource intensive does it allow you to do that or how do we manage that well on a per user basis it's hard to increase cpus and memory on the fly but on then subsequent connections we could divert them onto a higher resource machine so does it allow you to burst and i guess allocate more resources required or we can find or how do we manage that and i think actually specifically thinking about uh intensive applications where people with cad design all that sort of stuff how do we manage that within abd so for users within intensive applications we'd look to provision desktops with a bit more ram more cpu more resource more iops available to them and they would have a richer experience when they come to use that then we can dedicate these machines to specific groups of users and depending on departmental basis so users would be able to access in with the higher a spec desktop for them uh applications installed by it cards could even be used up there if you wanted to the protocol rds protocol is strong enough to allow that to pass through so does that mean i mean again going back to the just thinking about that just seeing the laptops out there makes me think again we're talking about cad and obviously doing this on the cloud so we really can do i guess high intensity sort of stuff on something as simple as a micro pc or or an ipad yeah so is that really feasible you could do yeah so you could run a machine in azure with 32 cpus and ram and have it connected on your phone and you still get the same amounts of resource within the cloud available to you so you can you know it's going to be impossible to use it on a phone yeah someone will try yeah there's something but you could use that on ipad if you want to like ipad pro larger screen you can get keyboards you can get bluetooth mouse available for it so you could theoretically run microsoft applications within azure on ios devices or android devices and is it persistent experience i'm thinking i've got my prior knowledge of things like citrix obviously i could be working on my cad design whatever it is on my ipad you know on the on the train or home where if i come into the office and i've got exactly the same thing going on it is dependent on your your network connection your internet connection um if you're on a train you might get lucky you might be able to use the trains um inbuilt gsm system to connect out 3g 4g um but yeah typically wouldn't be great on the train you'd want if i if i lost my connection let's say and then i come into the office can i look back into that you can do it yesterday system the session stored is on a the desktop that you're connected to within azure and when you come to reconnect to it everything will be exactly where you left it so you'll be able to connect back in and just carry on as you're working so no excuses yeah no tunnels yeah of course um just thinking then obviously you know we can mention smart offenders because people will be aware of the likes of citrix and vmware horizon all this sort of stuff um i'll ask you a direct opinion as to why you know why would you recommend someone goes for for abd over the more traditional citrix et cetera et cetera yeah so avd is a comparable product uh citrix virtual apps and virtual desktop and red desktop services and vmware view so it's doing the same function um the management overheads of all the other applications out there vmware view citrix rds they're all taken on they're all owned by microsoft's service so maintaining those servers maintaining the security around those servers and services is controlled by microsoft yeah so it's one less thing to worry about it's about to say so you kind of you you're outsourcing that so it's the same experience same concept but without that overhead of managing it internally so i guess you're freeing up your internal resource to do let's call it more interesting things yeah so the instead of you know in the past maintaining citrix environments view environments be maintaining the management service more often than the gold dimens we've seen some big citrix environments in the past and we know that how intense they can be just to keep the lights on yeah but moving to avd your focus is more on the the images so what you're providing the gold image and you're able to spend a lot more time crafting that into such a way that it's um that's the best experience let's focus on that because i think it's um again an interesting point around kind of how we is there any difference or not around the packaging part so obviously we have to package applications to publish them in abd um what sort of tool set or tooling did microsoft give us to do that is it any easier than the more traditional route et cetera et cetera yes within um within microsoft's environment you can code everything everything is done by code that they love it it's there it's what they want everyone to use and we can create desktops via powershell into azure we can have applications installed onto them via powershell as well find multiple methods can be group policies it could be chocolatey and repositories it can come from multiple different areas sccm and you'd use these applications to push the applications for users onto the desktop from here that you'd create a gold image you can do all this by all this file code you create gold image the gold image you can then spawn out into host machines that users connect into so that's that i guess the the ease of the preferation so if we have to suddenly push out a hundred a thousand extra desktops yeah it is that easy yeah and users we can set up so users log on to a single machine which they control they can make changes to that machine they can install their own applications onto it and they'll persist each time they log back into it okay typically most people for most users um they log on to machine that gets rebooted each night and all the changes are lost yep um and it's a much more controlled configuration in that fashion i think it like it because users can't go off and destroy things install their own software yep move on um yes uh yeah much more controlled okay yeah and another benefit of windows 10 that microsoft has just released or really recently released that they bought out a company called fslogix okay um this is a free product for use if you have an rds license or microsoft virtual desktop license and with this you it controls multiple things um the greatest benefit is the profile container and it's an office container we're logging on to your virtual machine all your profile data is redirected to a virtual hard drive okay which can be an insured storage or it could be on a file server somewhere an smb share benefit of this is the users would be able to log on immediately um that they're not waiting for profile data to be downloaded from a server and that the vhd file the virtual hard drive file containing their profile is mapped straight into the virtual desktop and any accesses to profile data and immediately over a network connection to the vhd file so very quick logons for yeah he was able to persist much more data than in the past and alternative solutions that citrix and microsoft have attempted yeah um a much nicer overall user experience yeah and it removes an awful lot of profile bloats that you can get yeah and this users prefer that in our experience to the massive amounts of log-on times that would you can say you can't see okay so i guess and i will ask the question because obviously what we're doing here is we're kind of we're back some lyrical about the benefits of abd and yes the answer's panacea to everything um clear that isn't the case there is there is still you know a reason to have a fat client environment but i guess in your opinion you know where is that where do you say you know what if you do this you should definitely be abd and potentially actually if you're doing that you should still be fat client or or am i completely wrong and the world should be abd yes it's um the biggest selling point for everybody is security because it gives you you are able to control all of your data and all of your accesses to that data um in a much more controlled manner than with fat clients so laptops desktops if you if you want to control access to applications that your business provides um avd will allow that large desktops they're they're they're beneficial for the fatter applications than some those applications which are heavily 3d dependent yeah um but it's not it's not to say you can't run just just needed a resource in the cloud to do it yeah okay but yeah the the benefits to local desktops that people are roaming about about you might not have an internet connection so i thought about saying and think about actually i can see that you know the way 5g is pushing out and give it another five years i suspect will all be hive mind connected somehow anyway but you know the problem of actually not having an intake connection anywhere would probably not be a thing i guess at that point that's probably the depth of fact right at that point yeah you could see that yeah yeah and actually going on that obviously all being connected one day but as we are today uh i was thinking about we deal with some very big customers and there's some very big implementations of abd essentially that are global and obviously you have different azure tenants in different regions how does how does that work with avd so there's one entry point into it is your virtual desktop environment from the internet and that entry point is the same no matter where you are so you could be in australia you're still accessing the same url to collect in um as you are in the uk if you access from australia you can be directed onto a desktop within australia or the australian region if you're accessing from the uk you can access the same url and be directed to a desktop in the uk and benefits that is the obviously the lower latency to the connection um which gives a better smoother experience for users but all that is controlled and accessed controlled and directed to the nearest desktop that's all managed by microsoft and we can we can spin up vms in the region wherever we like and it's very easy to to do that um just by changing your code that you're passing up to azure to provision the desktops with and the connections and load balancing across the internet it's also managed by microsoft okay the big thing i'm taking away from this is simplicity it all seems to be the fact we can push this to microsoft to take care of and actually seem to be very very simple um so i kind of i think i know it's gonna come back my way but i'm gonna hit you with anyways often doing podcasts it's kind of the top three things but i guess i'll ask you you know what are your in your opinion kind of the top three reasons why someone should look at avd so easy to scale you can scale out as quickly as you like it slows like as much as you like and you can power off the vms overnight and you can save money that way if not used to power them on to as you need to so scalability's there security is the second most important one um retain your data and retain access to your data you can control who has access to this environment in using microsoft's controls to do that the third one is that it can really control what people do and you can control what people have access to and you can control the user environment experience a lot better to knock down people like me doing silly things and yeah especially all right and on that note i think i'll end it but thank you for it's really interesting and um again i usually learn quite a lot in this podcast but today i've learned quite a bit so thank you okay yeah thank you very much and thank you for joining us on this edition of chromecast uh if there's anything you'd like to cover in future episodes please do leave that in the comment section and leave a like comment and share and join us again on chromecast take it out [Music] you

2021-11-18

Show video