- Updated 12/27/2013 for how to Setup a Windows Server 2012 R2 Domain Controller in Windows Azure: IP Addressing and Creating a Virtual Network from the Petri IT Knowledgebase
- Updated 12/25/2013 for new Windows Azure Desktop Hosting - Reference Architecture and Deployment Guides updated 10/31/2013 from the MSDN Library
- Updated 12/24/2013 for links to the Remote Desktop Services Blog, which offers useful articles and links to related RDS resources, and the Windows 8.1 ITPro Forum
- Updated 12/23/2013 for an updated Remote Desktop Client for Windows 8 and 8.1, which you can download and install from the Windows Store
- Updated 12/22/2013 for Microsoft Hosting’s announcement of an Updated SPLA Program Guide and New program: Server Cloud Enrollment in a 12/20/2013 message
- Updated 12/21/2013 with links to Remote Desktop Services Overview from TechNet updated for Windows Server 2012 R2 and Keith Mayer’s RDS on Window Azure tutorial
- Updated 10/27/2013 for SPLAMan’s New 2013 SPLA Agreement analysis of 10/22/2013
- Updated 10/23/2013 for Rod Trent’s The Coming of HDI article of 10/22/2013 for the Windows IT Pro blog
- Updated 10/20/2013 for my Using Microsoft’s Remote Desktop App with a Tronsmart MK908 MiniPC tutorial for the new Remote Desktop Client for Android
- Updated 10/16/2013 for changes in RDS for Windows Azure Virtual Machines coming in 2014 and new Remote Desktop Apps for Windows Server 2012 R2
- Posted 7/15/2013 for Luis Panzano reported Remote Desktop Services are now allowed on Windows Azure in a 7/15/2013 post to his MSDN blog
Updated 12/27/2013 for how to Setup a Windows Server 2012 R2 Domain Controller in Windows Azure: IP Addressing and Creating a Virtual Network from the Petri IT Knowledgebase:
Russell Smith’s (@smithrussell) tutorial supplements with screen captures parts of the RDS tutorials by Microsoft senior technical evangelist Keith Mayer (@KeithMayer) described here. From the beginning of Smith’s article:
While it’s easy to get a virtual machine (VM) up and running on Windows Azure, you need to take some extra steps before configuring a VM if it’s going to host an Active Directory domain controller or any application that requires a static IP address. In the first[*] of a two-part series on building and installing a Windows Server 2012 R2 domain controller in Windows Azure, I’ll look at how IP addressing works in Windows Azure and how to create a virtual network for your domain computers.
IP Address Assignment in Windows Azure
When you configure a new VM in Windows Azure, it receives an IP address automatically and keeps it until the end of the current session, i.e. until the VM is shutdown, restarted or deallocated. Configuring a network adapter with a static IP address is not supported in Azure VMs, but it is possible to ensure that a VM receives the same IP address every time it is started.
Server applications, such as Active Directory domain controllers (DCs), rely on having a static IP address, so the default method for assigning IP addresses in Azure is a problem if you want to install Active Directory in a VM. The solution to the problem is to create a virtual network in Azure and provision VMs that would require a static IP address in a physical environment to acquire a persistent IP address in Azure.
When you create a virtual network, you need to specify which IP address will be used for AD integrated DNS. In the example that follows, that will be the first and only DC in the forest. The IP address for the integrated AD DNS server must be specified to ensure that VMs are assigned a DNS server address from DHCP, otherwise they won’t be able to locate each other because Azure virtual networks don’t support name resolution. [Emphasis added.]
No DHCP reservations are required or can be made. When Windows Azure assigns a persistent IP address to a VM from a virtual network’s address space, the IP address is guaranteed for the lifetime of the VM. The VM can be restarted infinitely, and the IP address will persist until the VM is physically deleted or deallocated (shut down from the Azure management portal). Therefore, it’s important to understand that if you use the shutdown command in the Azure management portal, the VM will be deallocated and its IP address will not persist. If you want to shut down the VM, you must issue a shutdown command in the OS itself. …
Smith continues with instructions for registering a DNS server for and setting up a Windows Azure Virtual Network with a fixed IP address.
* I’ll update this article when Smith posts his second part.
Updated 12/25/2013 for new Windows Azure Desktop Hosting - Reference Architecture and Deployment Guides updated 10/31/2013 from the MSDN Library:
Windows Azure Desktop Hosting Reference Architecture Guide
Summary: This document defines a set of architectural blocks for using Windows Azure Virtual Machines to create multitenant, hosted Windows desktop and application services, referred to in this document as “desktop hosting.” The primary goal is to enable hosting providers to create secure, scalable, and reliable desktop hosting solution offers for small- and medium-sized organizations with up to 1,500 users. The intended audience for this reference architecture is hosting providers who want to leverage Windows Azure infrastructure services to deliver desktop hosting services and Subscriber Access Licenses (SALs) to multiple tenants via the Microsoft Service Provider Licensing Agreement (SPLA) program. To deliver a desktop hosting solution via Microsoft’s SPLA program, hosting partners leverage Windows Server and the Windows Desktop Experience feature to deliver Windows users an application experience that is familiar to business users and consumers. Although Windows 8, Windows 7, and earlier Windows client versions are not licensed for SPLA, the Desktop Experience feature in Windows Server 2012 provides a similar user experience and application support.
- Author: Microsoft Corporation
- Published: September 2013
- Revision: 1.0
- Download: To review the document, download it now.
Windows Azure: Desktop Hosting Deployment Guide
Summary: This document provides procedural guidance for deploying a basic desktop hosting solution based on the Windows Azure Desktop Hosting Reference Architecture Guide. This document provides you with a starting point for implementing a Desktop Hosting service on Windows Azure virtual machines. You’ll have to perform additional deployment steps in a production environment to provide advanced features such as high availability, customized desktop experience, RemoteApp collections, etc.
- Author: Microsoft Corporation
- Published: October 2013
- Revision: 1.0
- Download: To review the document, download it now.
- RemoteApp improvements in Windows Server 2012 R2
- Remote Desktop Services Web Forum
- Remote Desktop Services TechNet home page
- Remote Desktop Services Wiki
- Microsoft Answers for Remote Desktop Services
With the Remote Desktop app, you can connect to a remote PC and your work resources from almost anywhere. Experience rich interactivity with RemoteFX in a Remote Desktop client designed to help you get your work done wherever you are.
- See all your remote connections in the home screen and open them with a single touch.
- Access and manage work resources published via RemoteApp and Desktop Connections.
- Connect to multiple remote desktops at the same time. Keep an eye on different sessions while you multitask.
- Navigate applications in your remote session easily using the touch keyboard, the Touch Pointer, Rotation and Zoom.
- Automatically detect and optimize your connection quality with RemoteFX WAN Transport enhancements.
- Customize settings for all remote connections at once or individually.
This version includes the following updates:
- Improved performance and reliability
- Addition of a new command bar button to easily display the on-screen keyboard
- Ability to manage RemoteApp and Desktop Connections resources directly from the app
x86, x64, ARM
When you launch the RDS app, users choose to:
- Connect to a remote PC
- Access RemoteApp and Desktop Connections
- Use a Remote Desktop Gateway server
In this screen (edited for clarity):
Microsoft updated the SPLA program guide to help service providers understand the latest version of the SPLA contract. Service Providers who renew their SPLA in CY 2014 can get SPLA 2013 from their channel partner. Recent changes to SPLA clarify service providers may use data center providers for infrastructure services. SPLA now provides a multi-tier channel amendment for partners who sell software services through a distributor to reach more end users. For more details download the SPLA program guide from Microsoft.com.
New program: Server Cloud Enrollment
Microsoft’s newest Volume Licensing program, the Server Cloud Enrollment, allows service providers to acquire Azure services from Microsoft for hosting purposes. Partners are not required to make an enterprise desktop commitment to leverage Microsoft as a data center provider. Changes to the October 2013 Online Services Use Rights allow partners to host SPLA application software on Azure VMs running Windows Server (subject to conditions). To learn more about this new enrollment under the Enterprise Agreement program please visit our EA page on Microsoft.com. Download the use rights on Microsoft.com for all VL programs (select Online Services PUR or SPUR in the document type category).
Server Cloud Enrollment (SCE) appears to be the next step in the “other licensing options” Luis Panzano mentioned in his 7/16/2013 tweet.
- What's New in Remote Desktop Services in Windows Server 2012 R2
- What's New in Remote Desktop Services in Windows Server 2012
- Test Lab Guide: Virtual Desktop Infrastructure Quick Start
- Test Lab Guide: Virtual Desktop Infrastructure Standard Deployment
- Test Lab Guide: Managed Pooled Virtual Desktop Collections
- Test Lab Guide: Unmanaged Pooled Virtual Desktop Collections
- Test Lab Guide: Remote Desktop Services Session Virtualization Quick Start
- Test Lab Guide: Remote Desktop Services Session Virtualization Standard Deployment
- Test Lab Guide: Remote Desktop Services Publishing
- Test Lab Guide: Remote Desktop Services Licensing
- Microsoft Remote Desktop Clients
Microsoft senior technical evangelist Keith Mayer (@KeithMayer) posted the following detailed tutorials:
UPDATE: With the upcoming release of Windows Server 2012 R2, we've announced several changes to RDS CAL licensing. One of these changes is that, by next year, customers with Software Assurance (SA) will be able to leverage their existing RDS CALs with license mobility to apply to either an on-premises Remote Desktop Services installation or a deployment of Remote Desktop Services on Windows Azure. This new RDS licensing option, when available, will provide an additional choice for licensing RDS on Windows Azure, as an alternative to using RDS Subscriber Access Licenses (SALs) noted below in this article.
For more details on the RDS licensing changes in Windows Server 2012 R2, please see the Windows Server 2012 R2 RDS Licensing FAQ on the Microsoft Download Center.
In talking with IT Pros about potential cloud use cases, Desktop as a Service ( DaaS ) has been a popular discussion topic for being able to deliver end-user Windows desktop and Windows applications from a cloud service. Some IT Pros are interested in taking this approach to deliver Windows desktops cost-effectively to their “road warriors” in the field. Others are evaluating it as a disaster recovery option in the event that physical access to primary work facilities is interrupted.
Desktop as a Service ( DaaS ) is most often associated with cloud-based delivery of a virtual desktop infrastructure ( VDI ) solution, where each user is provided with their own discrete virtual machine to host their personal desktop experience. Based on typical DaaS designs, the infrastructure requirements to host, manage and deliver a consistent desktop experience from all these VM’s can be large and costly.
In this article, I’ll review a cost-effective alternative that the Windows Azure cloud platform provides for delivering remote end-user Windows desktops and applications via cloud-hosted Remote Desktop Services Session Hosts, previously known as "Terminal Services" hosts. I’ll also provide resources that you can leverage to get started when building your Remote Desktop Services lab in the cloud.
In this article, we’ll step through the provisioning process for configuring a Remote Desktop Session Virtualization lab environment on the Windows Azure pay-as-you-go cloud platform. Our lab environment will consist of two VMs: one VM configured as an Active Directory Domain Controller and DNS server, and a second VM configured as a Remote Desktop Session Host, Web Access gateway, and Connection Broker.
You might have heard Microsoft has a new SPLA agreement coming out this month. With Microsoft, the changes only take effect when you sign a new SPLA. If your agreement has a 2010 version, you must adhere to the 2010 agreement terms, not the new agreement terms. There’s a lot of misinformation regarding this in the blog world. Remember the SQL 2008 use rights…in which you could license SQL by processor up until you sign a new agreement? These changes work the same way.
I wrote about this earlier, but here’s the biggest change in the 2013 terms
- Install SPLA licenses on customer owned hardware. The service provider can install SPLA on customer owned hardware — As long as the server is MANAGED and CONTROLLED by the service provider. You CANNOT take a customer owned hardware that is already licensed under their own internal volume license agreement and install SPLA licenses on the same server. In other words, if a server is covered with the customer’s Enterprise Agreement for Windows, you cannot install SPLA licenses on the same server. Be careful!
- $100 (US) monthly reporting minimum. If you have a signed 2013 version of the SPLA, you must report a minimum of $100. Microsoft has a 6 month rule of zero usage, on the 7th month you must start reporting $100 a month. So….what happens if you only have $50 dollars worth of usage and sign a 2013 SPLA? You have to report $100 regardless. In my opinion, if you report less than $100 a month, use a third-party to host the software and use their SPLA. Please remember when you signed your SPLA. SPLA is a 3 year agreement.
- Azure - Just like using any other 3rd party as a data center, the SPLA customer can use Microsoft. In the event of termination, the SPLA customer is responsible for removing the software from their Azure servers. [Emphasis added.]
- Hosting Community – in the past, SPLA customers would be required to join the hosting community as part of their agreement. As of 2013, this is no longer a requirement. I would still recommend joining, it does provide program updates. Just because it is no longer a requirement, does not mean Microsoft discontinued this resource.
That’s the main point(s) I wanted to review. Always good to understand timing. When you sign a new SPLA, you have to follow the new rules.
You've probably heard of VDI or Virtual Desktop Infrastructure, which allows IT to create virtualized user desktops that run on remote servers in the datacenter. But, have you heard about the coming of HDI or Hosted Desktop Infrastructure?
VDI sits within the confines of the corporate datacenter while HDI provides the same type of technology except that it is hosted in the public Cloud. Working through research for some upcoming Cloud events here at Windows IT Pro, I am hearing more and more about HDI becoming a near term reality. And, this is even before HDI has a proper definition assigned on Wikipedia.
In May 2013, Mary Jo Foley talked about a Windows Azure solution, codenamed 'Mohoro,' which is a desktop as a service (DaaS) technology that Microsoft is currently working on in hopes of a release at the end of 2014. Later, in July 2013, she covered a similar topic just after Microsoft's Worldwide Partner Conference (WPC) where Microsoft modified its licensing structure for Windows Azure to allow Remote Desktop Services (RDS) in the Cloud. But, since then, HDI is getting scary-close to reality.
Microsoft isn't the only vendor working on a publicly hosted desktop solution, though, and there are several offerings that may reveal long before Microsoft rolls out similar technology. Microsoft is steadily moving to a subscription model for everything they produce. A Microsoft HDI would definitely fall under a similar [or the] same licensing model as Office 365.
There are definite benefits to using HDI. OS deployments and upgrades, and patching, would be a thing of the past. A hosted solution would mean that upgrades and patches are just part of the service. Users utilizing a hosted desktop would always be running the latest and most secure OS instance. An HDI solution would mean that hardware costs could be drastically minimized. An Internet-enabled monitor or tablet, with or without a keyboard and mouse, would be all that any employee would need to be productive – from anywhere.* A hosted desktop solution also means that mobile users, using only smartphones, would be afforded the same industrious experience, all without having to worry about connectivity back to the corporate network.
I'm sure most will not opt for an all or nothing situation where they replace every desktop in the company with a hosted solution, but I'm sure many will find value in providing the solution where it makes sense.
HDI is coming, but is it something that businesses will use or want to use?
* A US$70 high-end Android MiniPC, a $150 to $200 HDMI-equipped HDTV set, and $30 wireless keyboard/trackpad is all you need to enable users to run Citrix Receiver with XenApp/XenDesktop or Microsoft’s new Remote Desktop app for Windows Server 2012 R2 (see the next section) running on Windows Azure today. See my Using Citrix’s Receiver for Android with a Tronsmart MK908 MiniPC for more about the Citrix approach.
Updated 10/20/2013 for my Using Microsoft’s Remote Desktop App with a Tronsmart MK908 MiniPC tutorial for the new Remote Desktop Client for Android:
Microsoft released Android, MacOS and iOS versions of its Remote Desktop Client app along with the downloadable Windows 8.1 bits on 10/17/2013. TheNextWeb blog reported on 10/18/2013 that Microsoft confirms it is working on a Remote Desktop app for Windows Phone. I’ll add another post with results for a Nokia Lumia 520 when that version becomes available.
I installed the Remote Desktop Client from the Google Play store on my quad-core Tronsmart MK908:
Here’s a 720p image captured from the Tronsmart MK908 MiniPC’s HDMI output from remote access to my SurfacePro tablet, both on the office WiFi network:
Later Tronsmart MK908ii MiniPCs, which GeekBuying.com sells for US$69.99 with free air mail shipping from Shenzhen, China, have 1080p HDMI outputs.
Update 12/25/2013: The Using Microsoft’s Remote Desktop App with a Tronsmart MK908 MiniPC tutorial has been updated for RDWeb access to designated resources on a Windows Azure Virtual Machine.
Updated 10/16/2013 for changes in RDS for Windows Azure Virtual Machines coming in 2014 and new Remote Desktop Apps for Windows Server 2012 R2. From the Windows Server 2012 R2 Remote Desktop Services FAQ (PDF) of 8/7/2013:
Q1. What pricing and licensing changes are there with the Windows Server 2012 R2 release of Remote Desktop Services (RDS)?
I. With the release of Windows Server 2012 R2, you will be able to purchase a RDS Device CAL for US$102 and a RDS User CAL for US$118. The pricing represents Open No Level (NL) ERP. For your specific pricing, contact your Microsoft reseller.
II. Windows Server 2012 RDS CALs can be used with Windows Server 2012 R2, i.e. there will not be any new Windows Server 2012 R2 RDS CALs required.
III. By next year, RDS CALs with active SA (Software Assurance) will permit access to Windows Azure or an Authorized Mobility Partner’s shared Windows server software running in a dedicated operating system environment (virtual machine) using RDS functionality or other technology, without acquisition of a separate RDS SAL (Subscriber Access Licenses). More details will be released during the Windows Server 2012 R2 release. (Emphasis added.)
- To learn more about Microsoft VDI, please visit:
- To learn more about the product enhancements, please visit:
- To learn more about the SA program please visit:
- To find a list of Authorized Mobility Partners, please visit:
The above appears to be what Luis Panzano meant by his “We may offer other licensing options in the future” tweet copied below.
From the Server and Cloud Enrollment (SCE) data sheet published 10/1/2013:
The Server and Cloud Enrollment (SCE) is a new enrollment under the Microsoft Enterprise Agreement. The SCE provides a new option for highly committed customers that enables them to standardize broadly on one or more key Server and Cloud technologies from Microsoft. …
Key Benefits Include:
- 15% discount for new license and Software Assurance purchases
- 5% discount on Software Assurance renewals
- Management of Windows Azure resources with System Center is included for CIS commitments*
- Best terms, conditions and predictability for SCE products
- New subscription option available
- Full Software Assurance benefits for all deployed licenses including new version rights
- Unlimited Problem Resolution Support for qualifying customers
From the Microsoft unleashes fall wave of enterprise cloud solutions press release of 10/7/2013:
Further, with Windows Server 2012 R2 Microsoft is introducing the Microsoft Remote Desktop app, available for download in application stores later this month, to provide easy access to PCs and virtual desktops on a variety of devices and platforms, including Windows, Windows RT, iOS, OS X and Android. [Emphasis added.]
Stay tuned for updates when Windows Server 2012 R2 releases later this week.
Luis Panzano (@luispanzano) reported Remote Desktop Services are now allowed on Windows Azure in a 7/15/2013 post to his MSDN blog:
I’ve not seen a lot of news about this so I thought it was worth writing a short post just to remember everyone that on July 1st, Microsoft has officially changed Windows Azure licensing terms (PUR) to allow the use of Remote Desktop Services (RDS) on Windows Azure Virtual Machines. Previously this scenario was not allowed in Windows Azure. Before July 1st you could only access an Azure Windows Server VM for purpose of server administration or maintenance (up to 2 simultaneous sessions are authorized for this service).
To enable more than 2 simultaneous sessions you will need to purchase RDS Subscriber Access Licenses (SALs) through the Microsoft Services Provider Licensing Agreement (SPLA) for each user or device that will access your solution on Windows Azure. SPLA is separate from an Azure agreement and is contracted through an authorized SPLA reseller. Click here for more information about SPLA benefits and requirements.
RDS Client Access Licenses (CALs) purchased from Microsoft VL programs such as EA, do not get license mobility to shared cloud platforms, hence they cannot be used on Azure.
Windows ‘Client’ OS (e.g. Windows 8) virtual desktops, or VDI deployments, will continue to not be allowed on Azure, because Windows client OS product use rights prohibit such use on multi-tenant/shared cloud environments.
Customers can use 3rd party application hosting products that require RDS sessions functionality (e.g. Citrix XenDesktop), subject to product use terms set by those 3rd party providers, and provided these products leverage only RDS session-hosting (Terminal Services) functionality. Note that RDS SALs are still required when using these 3rd party products.
So if you are a service provider with a legacy application that needs RDS to work (eg. WinForms based solution), you can now offer it to your customers on Windows Azure.
The licensing requirements are onerous, to be generous. Windows Server RDS CALs are the obvious better choice for Windows Azure users. Instead, my ISV clients must purchase SALs from one of Microsoft’s SPLA Resellers, which include Ingram Micro, HP and a number of lesser known firms. The following was excerpted from Windows Azure Virtual Machines Licensing FAQ:
Remote Desktop Services Questions
Yes, service providers can offer hosted solutions through RDS running on Windows Azure as long as they obtained RDS SALs (Subscriber Access Licenses) through a Microsoft Services Provider License Agreement (SPLA) reseller.
Can customers use RDS CALs (Client Access License) they own as part of their VL (Volume Licensing) agreement to access Windows Server instances running on Windows Azure or other Service Provider environments?
No, Remote Desktop Services CALs purchased through Volume Licensing programs are not eligible for the License Mobility rights under Software Assurance. Currently, only RDS SALs (Subscriber Access Licenses) are allowed on Windows Azure as part of a hosted solution from a Service Provider.
No, multi-tenant hosting is restricted in the Product Use Rights of Windows Client, such as Windows 7 or Windows 8. Windows Client Desktops are not available on either Windows Azure or on any other Service Provider such as Amazon or Rackspace. You can read more about the Microsoft Product Use Rights here.
I’ve received price and availability information for RDS SPLA + SALs from Ingraham Micro’s SPLA Team, making it clear that I had an “ISV client who’s interested in hosting a legacy C# Windows desktop app in Windows Azure Virtual Machines.” The terms and conditions in the form letter that the SPLA Team sent me included the following:
SPLA Hosting Model:
Through SPLA, Ingram would be your reseller as you are seen as the End-user. Server hardware MUST be owned, rented, or leased by the SPLA partner (i.e. your company); your customer cannot own the hardware. Server software does not require a purchase in SPLA.
Service providers can provide software services that interact with Microsoft licensed products to their customers. However, the service provider is the licensee, not the customer. This licensing model is for a partner that wishes to set up their own datacenter and host a solution for their customer. [Emphasis added.]
In response to my query about the above wording, a member of Ingram's SPLA Team offered the following advice:
You can have the Windows Server outsourced for you. That is addressed in the terms and conditions of the agreement paperwork.
Your ISV customer that will be providing this service needs to be the one who will sign the SPLA agreement. In that case they are renting the server from a third party ( Windows Azure). Which is allowed.
The cost of SAL’s is $3.45 per user per month = $41.40 per user per year, which might be subject to sales tax, depending on the user’s location. My clients will need to be a Microsoft partner and have a Windows Azure subscription. The additional paperwork consists of a Microsoft Business and Services Agreement and a Microsoft Service Provider License Agreement (SPLA). My clients also must complete monthly activity reports for each licensed user, even if the user hasn’t connected to the VM during the month.
However, there’s the possibility of forthcoming relief from the preceding licensing debacle, perhaps as a result of the current Microsoft reorg:
Let’s hope …
Earlier in This Ongoing Licensing Saga
My Creating a Windows Azure Virtual Machine with a New Active Directory Forest for Remote Desktop Services of 7/8 and Enabling Remote Desktop Services in a Windows Azure Virtual Machine with Active Directory Installed post of 7/9/2012 described Microsoft’s previous refusal to license use of RDS in virtual environments:
The following Microsoft licensing restrictions, which were conveyed to me in an email message, preclude use of Remote Desktop Services and Remote Web Access with Windows Azure Virtual Machines:
Virtualized Desktop Services fall under the terms of the Windows Server Licensing Agreement. Unless you are an Independent Software Vendor (ISV) using SPLA[*] licensing to provide a SaaS based service, Windows Server does not include License Mobility to Public Clouds, and as a result Virtualized Desktop Services are not licensable on Windows Azure and other Public Clouds because of restrictions under the Windows Server License Agreement. Virtualized Desktop Services include Remote Desktop Services (RDS), Remote Terminal Services, and related third party offerings (example given - Citrix XenDesktop).
Subsequently, I attended several meetings with Microsoft business types about this issue wherein I was promised a solution to the problem would be forthcoming “real soon now,” but its gestation period was about a year. In the interim I lost many consulting opportunities with potential ISV clients.