virtual desktop infrastructure - a deployment guide for education.pdf

Virtual Desktop InfrastructureA deployment guide for education

January 2014

Table of contents

3 Choosing a VDI deployment scenario6 Virtual machinebased desktop deployment10 Session-based desktop deployment13 Windows MultiPoint Server 2012

15 Preparing the infrastructure for VDI

17 Placing VDI servers

18 Building virtual desktop templates

20 Client licensing for VDI

22 Using Volume Activation

25 Connecting users to VDI sessions

27 Storing user and application settings

30 Running Windows Store and sideloaded apps

31 Managing VDI33 Group Policy34 Windows PowerShell34 SystemCenter2012R2ConfigurationManager

35 Windows Intune

1VIRTUAL DESKTOP INFRASTRUCTURE

Virtual Desktop InfrastructureA deployment guide for education

One of the challenges for educational institutions is managing the wide diversity of devices and user types. Given such diversity, establishing and maintaining a standardized technology learning platform can be difficult. Although it may be possible to purchase new devices running the Windows 8.1 operating system or upgrade existing devices to Windows 8.1, other institution-owned devices may be unable to run Windows 8.1 (such as older hardware or devices running Apple iOS or Google Android).

Inaddition,BringYourOwnDevice(BYOD)initiativesareincreasinglypopular in institutions because they allow faculty to use their devices toperformadministrativerolesaidwithcurriculum.BYODinitiativesalsoallowstudentstousetheirdevices(inandoutoftheclassroom)asapartoftheeducationalprocess.BYODinitiativeshelpinstitutionsbyreducingtheup-frontcostofdeviceswhileallowingfacultyandstudentstotakeadvantageoftechnologyforeducation.

However,BYODinitiativescancreateproblemsforITproswhosupport the faculty and students. It is almost certain that the deviceswillhavebroaddiversity.AlthoughitmaybepossiblethatthefacultyorstudentsmayhavedevicesrunningtheWindows8.1operatingsystem,otherpersonallyowneddevicesmaybeunabletorunWindows8.1(suchasolderhardwareordevicesrunningiOSorAndroid).

YoucanaddressthesechallengesbyusingVirtualDesktopInfrastructure(VDI)poweredbytheWindowsServer2012R2orWindowsMultiPointServer2012operatingsystem.WithVDIin

NOTE

Althoughmanyofthetopics discussed in this guideareapplicabletoVDIinWindowsServer 2012 R2, Windows Server 2012, or Windows MultiPoint Server 2012, thisguidefocusesonVDIin Windows Server 2012 R2. For more information about Windows MultiPoint Server2012planninganddeployment, see the topic Windows MultiPoint Server 2012 at http://technet.microsoft.com/library/jj916259.aspx and other Windows MultiPoint Server 2012 resources listedinthisguide.


Windows Server 2012 R2 or Windows MultiPoint Server 2012, users can remotely run Windows 8.1 appsasthoughtheywererunningontheirlocaldevice,includingvideoclips,movies,streamingvideo,andothergraphicallyintensiveapplications.UserscanalsodirectlyaccessUSBdevicesconnectedtotheirdevice(suchassmartcardreaders,USBflashdrives,orscanners)fromwithinVDI.

Thefollowingisalistofassumptionsabouttheinstitutionally-owneddevicesdescribedinthisguide:

Thedevicesmayormaynotbedomain-joined.

Userslogontotheirdevicebyusinganinstitution-issuedaccount(andpossiblehaveanassociatedMicrosoftaccount)insteadofusingtheirownWindowsaccount.

Windows8.1Enterprisecanbedeployedonthedevices(ifdesired).

Windows-baseddevicesthatneedtosupportMicrosoftRemoteFXwillberunningWindowsVistaorlateroperatingsystems.

DevicesrunningoperatingsystemsotherthanWindows(suchasiOSorAndroid)willrequireanappthatsupportstheRemoteDesktopProtocol(RDP)andRemoteFX.

Thefollowingisalistofassumptionsaboutthepersonallyowneddevicesdescribedinthisguide:

Thedevicesarenotdomainjoined.

UserslogontotheirdevicebyusingtheirownWindowsaccount(andpossibleMicrosoftaccount)insteadofaninstitution-issuedaccount.

NoneofthedeviceswillberunningWindows8.1Enterprise.

Windows-baseddevicesthatneedtosupportRemoteFXwillberunningWindowsVistaorlater.

DevicesrunningoperatingsystemsotherthanWindows(suchasiOSorAndroid)willrequireanappthatsupportstheRDPorRemoteFX.


Choosing a VDI deployment scenarioWindowsServer2012R2offersthefollowingdeploymentscenarios:

Virtual machine (VM)based In this scenario, Windows 8.1 VMsruninaHyperVinfrastructure.YouuseRemoteDesktopServices to provide users remote connectivity to the VMs. YoucanusetheVM-baseddeploymentscenariowithpooledor personal VM collections. For more information about the VM-based deployment scenario and pooled and personal VM collections, see the section Virtual machinebased desktop deploymentonpage6.

Session-based In this scenario, remote users connect to RemoteDesktopServicesinWindowsServer2012R2andruntheirapplicationinWindowsServer2012R2sessions.OnlyRemoteDesktopServicesisrequiredforthisscenario.Formoreinformation about the session-based deployment scenario, see the section Session-baseddesktopdeploymentonpage10.

Figure1providesahigh-levelcomparisonoftheVDIdeploymentscenariosinWindowsServer2012R2.UsetheinformationinFigure1 toidentifythehigh-leveldifferencesbetweentheVMandsession-based desktop deployment scenarios.

FIgURE 1 High-levelcomparisonofVDIdesktop deployment scenarios

Personalization

GOOD BETTER BEST

Applicationcompatibility

User density

Image count

Cost

Sessions Pooled VMs Personal VMs


Table1provideamoredetailedcomparisonoftheVDIdesktopdeploymentscenariosandWindowsMultiPointServer2012.UsetheinformationinthistabletochoosetherightcombinationofVDIdeploymentsolutionsforyourinstitution.YoucanuseanycombinationofthesescenariostocreateacomprehensiveVDIdeploymentsolution.

TABlE 1 DetailedComparisonofVDIDesktopDeployment Scenarios and Windows MultiPoint Server 2012

SeSSion-baSed deSktop deployment

WindoWS multipoint Server 2012

vm-baSed deSktop deployment

User operating system experience

Windows Server 2012 R2 Windows 8.1 Windows 8.1

Support for full-fidelity video, with coverage for all media types and highly synchronized audio, rich media support, Microsoft Silverlight, 3D graphics, and Windows Aero

Microsoft RemoteFX Requiresdirectvideoconnectedstations,USBzero clientconnected stations,USB-over-Ethernet zero clients, orRDPover-LANwithRemoteFX

RequiresRemoteFX

Directly connect the VDI session to client USB devices

StandardRDPconnection provides limited support of USBdevice

RemoteFXrequiredfor broader support ofUSBdevices


Directvideoconnected stations, USBzeroclientconnected stations, USB-over-Ethernetzero clients, or RDP-over-LANwithRemoteFXrequiredfor broader support ofUSBdevices


RemoteFXrequiredfor broader support ofUSBdevices


SeSSion-baSed deSktop deployment

WindoWS multipoint Server 2012

vm-baSed deSktop deployment

Supported client devices Any device that supportsRDPorRemoteFX(includingWindowsThinPC)

Supportsthefollowing:

Directvideoconnected stations

USBzeroclientconnected stations

USB-over-Ethernetzero clients

Any device that supportsRDPorRemoteFX

Any device that supportsRDPorRemoteFX(includingWindowsThinPC)

Scaling As many as hundreds of users for each server, but multiple servers can be added to scale to highernumbers

As many as 20 users Uptohundredsofusersfor each server, but multiple servers can be addedtoscaletohighernumbers

High availability Supportsloadbalancingandclusteringofresources

Unavailable Supportsloadbalancingandclusteringofresources

Additional resources:

HP Client Virtualization SMB Reference Architecture for Windows Server 2012 at http://h20195.www2.hp.com/V2/GetDocument.aspx?docname=4AA4-3901ENW&cc=us&lc=en


Virtual machinebased desktop deployment

Figure2illustratesthehigh-levelcomponentsinaVM-baseddesktopdeployment.Youcanrunthesecomponentsallononeserveroronevenmoreserverstoprovideadditionalscalingandhighavailability.

ThefollowingisadescriptionofthecomponentsinatypicalVM-based desktop deployment:

Remote Desktop Connection Broker ThisroleservicemanagesconnectionsbetweentheclientsandtheVMsrunningontheRemoteDesktopVirtualizationHost.

Remote Desktop Virtualization Host ThisroleserviceintegrateswithHyperVtoprovideVMs.ItusestheRemoteDesktopConnectionBrokerroleservicetodeterminetheVMtowhich the user is redirected.

Remote Desktop Web Access ThisroleserviceenablesuserstoaccessVMsthroughawebbrowser.

Client Theclientprovidesaccesstotheremotedesktop.itcanbeatraditionaldevicerunningtheRemoteDesktopClientinWindows,anappthatsupportsRDPandRemoteFX,athinorzeroclientthatsupportsRDP(suchasWindowsThinPC),or a RemoteFX-enabled device. For institution-owned devices, the client device may or may not be a member of an Active

FIgURE 2 Components in a VM-based desktop deployment

CLIENT

REMOTE DESKTOPVIRTUALIZATION HOST

REMOTE DESKTOPCONNECTION BROKER

REMOTE DESKTOPWEB ACCESS

DOMAINCONTROLLER


Directorydomain.Forpersonallyowneddevices,theclientwillnotbeamemberoftheActiveDirectoryDomainServices(ADDS)domain.

Domain controller and other network infrastructure services TheseservicesincludeADDS,DynamicHostConfigurationProtocol(DHCP),DomainNameSystem(DNS),androuting.

Windows Server 2012 R2 introduces the concept of virtual desktop collections. A virtual desktop collectionconsistsofoneormorevirtualdesktopsusedinaVDIdeploymentscenario.Youcanchoosetodeploypooledorpersonalcollectionswiththemethodyouselect,dependingonyourenvironment and preferences, as described in Table2.

TABlE 2 ComparisonofPooledandPersonalVirtualDesktopCollections

pooled perSonal

Changes are made to Transientvirtualharddisk VM virtual hard disk

Changes saved after session ends

No(exceptforuserprofilechanges) Yes

VM instances SingleVMmasterimagethatallusersin the collection share

Separate VM instances created from a mater VM for each user

Number of images to manage

Onemasterimage Animageforeachuser(aftertheVMinstanceiscreated)

Infrastructure services Managednetwork

RemoteDesktopServices

HyperV

Managednetwork

RemoteDesktopServices

HyperV

Network connectivity SupportstandardRemoteDesktopServicesbyusinglow-bandwidthconnections

RemoteFXconnectionrequiresmedium-tohigh-bandwidthconnections(dependingoncontentbeingdisplayed)

SupportstandardRemoteDesktopServicesbyusinglow-bandwidthconnections

RemoteFXconnectionrequiresmedium-tohigh-bandwidthconnections(dependingoncontentbeingdisplayed)

Storage requirements Storageformasterimageandtransient virtual hard disks

StorageforeachUserProfileDisk(ifused)

RequiresseparateVMstorageforeachuser;iftheaveragestorageforthe master VM is 100 GB and there are100users,10TBofstoragewillberequired


pooled perSonal

Manageability Onlyoneimagetomanage,sousestand-aloneimage-managementtools;changestothemasterimagearereflectedthenexttimeasessionisinitiated

Managebyusingtechnologiesand products such as Group Policy, WindowsServerUpdateServices,or Microsoft System Center 2012 R2 ConfigurationManager

User flexibility Userscannotinstallapps

Userscannotbeanadministratoron their VM

Userscaninstallapps

Userscanbeanadministratorontheir VM

User profile storage Transientvirtualharddisk(VHD;userprofilechangesarelost)

UserProfileDisk(userprofilechangesareretained)

StoredandretainedintheVMVHDs

User, operating system, and app configuration management

RoamingProfiles

Folder Redirection

MicrosoftUserExperienceVirtualization(UE-V)

Microsoft Application Virtualization(App-V)

UserProfileDisk

RoamingProfiles

Folder Redirection

UE-V

App-V

LocallystoredonVM

Youcandeploybothpooledandpersonalcollectionsas:

Managed ThisdeploymentoptionletsRemoteDesktopServicesautomaticallymanagethevirtual desktops within the collection.

Unmanaged Thisdeploymentoptionletsyoumanuallymanagethevirtualdesktopswithinthe collection.

Thehigh-levelstepsfordeployingVM-baseddesktopdeploymentare:

1. DeployWindowsServer2012R2ontheRemoteDesktopConnectionBrokerserver.

2. DeployWindowsServer2012R2ontheRemoteDesktopWebAccessserver.

3. DeployWindowsServer2012R2ontheRemoteDesktopVirtualizationHostserver.

4. EnsurethatallserversaremembersofthesameADDSdomain.


5. OntheRemoteDesktopConnectionBrokerserver,useServerManagertoaddalltheserverstotheserverpool.

6. OntheRemoteDesktopConnectionBrokerserver,useServerManagertoinstallthefollowingroleservicesfortheRemoteDesktopServicesInstallationserverrole:

RemoteDesktopConnectionBroker

RemoteDesktopWebAccess

RemoteDesktopVirtualizationHost

7. AddthevirtualdesktoptemplatetotheRemoteDesktopVirtualization Host server.

8. Ifdeployingapooledcollection,createanetworksharedfolderinwhichtostoretheUserProfileDisk(typicallyontheRemoteDesktopConnectionBrokerserver).

9. Createthecollection(pooledforapooledcollectionorpersonalforapersonalcollection).

10. Verify that the virtual desktop collection works correctly.


TestLabGuide:VirtualDesktopInfrastructureStandardDeploymentathttp://technet.microsoft.com/en-us/library/hh831541.aspx

TestLabGuide:ManagedPooledVirtualDesktopCollectionsat http://technet.microsoft.com/en-us/library/hh831663.aspx

TestLabGuide:UnmanagedPooledVirtualDesktopCollections at http://technet.microsoft.com/en-us/library/hh831618.aspx

Windows8/WindowsServer2012:PooledVirtualDesktopInfrastructure at http://blogs.technet.com/b/askperf/archive/2012/10/31/windows-8-windows-server-2012-pooled-virtual-desktop-infrastructure.aspx

NOTE

AlthoughyouarerunningServerManagerontheRemoteDesktopConnection Broker server, ServerManagerpromptsyou for the names of the serversrunningtheotherRemoteDesktopServicesrole services.


Session-based desktop deployment

Figure3illustratesthehigh-levelcomponentsinasession-baseddesktopdeployment.Youcanrunallofthesecomponentsononeserveroronevenmoreserverstoprovideadditionalscalingandhighavailability.

Thefollowinglistprovidesadescriptionofthecomponentsinatypical session-based desktop deployment:

Remote Desktop Connection Broker ThisroleservicemanagesconnectionsbetweentheclientsandtheremotedesktopsessionsrunningontheRemoteDesktopSessionHost.

Remote Desktop Session Host ThisroleservicerunsRemoteAppprogramsorsession-basedvirtualdesktops.Thisroleserversisultimatelywheretheusersconnecttorunprograms,savefiles,anduseotherresources.ItusestheRemoteDesktopConnectionBrokerroleservicetodeterminetheremote desktop session to which the user is redirected.

Remote Desktop Web Access Thisroleserviceenablesuserstoaccesstheremotedesktopsessionsthroughawebbrowser.

Client Theclientprovidesaccesstotheremotedesktop.itcanbeatraditionaldevicerunningtheRemoteDesktopClientinWindows,anappthatsupportsRDPandRemoteFX,athinorzeroclientthatsupportsRDP(suchasWindowsThinPC),oraRemoteFX-enabled device. For institution-owned devices, the

FIgURE 3 Components in a session-based desktop deployment

CLIENT

REMOTE DESKTOPSESSION HOST

REMOTE DESKTOPCONNECTION BROKER

REMOTE DESKTOPWEB ACCESS

DOMAINCONTROLLER


clientdevicemayormaynotbeamemberofanADDSdomain.For personally owned devices, the client will not be a member of anADDSdomain.

Domain controller and other network infrastructure services TheseservicesincludeADDS,DHCP,DNS,androuting.

Thehigh-levelstepsfordeployingsession-based desktop deployment are:

1. DeployWindowsServer2012R2ontheRemoteDesktopConnection Broker server.

2. DeployWindowsServer2012R2ontheRemoteDesktopWebAccess server.

3. DeployWindowsServer2012R2ontheRemoteDesktopSession Host server.

4. EnsurethatallserversaremembersofthesameADDSdomain.

5. OntheRemoteDesktopConnectionBrokerserver,useServerManagertoaddalloftheserverstotheserverpool.

6. OntheRemoteDesktopConnectionBrokerserver,useServerManagertoinstallthefollowingroleservicesfortheRemoteDesktopServicesInstallationserverrole:

RemoteDesktopConnectionBroker

RemoteDesktopWebAccess

RemoteDesktopSessionHost

7. CreateanetworksharedfolderinwhichtostoretheUserProfileDisk(typicallyontheRemoteDesktopConnectionBrokerserver).

8. Create the session collection.

9. Verify that the session collection works correctly.

NOTE

AlthoughyouarerunningServerManagerontheRemoteDesktopConnection Broker server, ServerManagerpromptsyou for the names of the serversrunningtheotherRemoteDesktopServicesrole services.



TestLabGuide:RemoteDesktopServicesSessionVirtualizationStandardDeploymentathttp://technet.microsoft.com/en-us/library/hh831610.aspx

TestLabGuide:RemoteDesktopServicesSessionVirtualizationQuickStartathttp://technet.microsoft.com/en-us/library/hh831754.aspx

Windows8/WindowsServer2012:RemoteDesktopManagementServerathttp://blogs.technet.com/b/askperf/archive/2012/10/30/windows-8-windows-server-2012-remote-desktop-management-server.aspx

Virtualization:VDImadeeasyathttp://technet.microsoft.com/en-us/magazine/jj992579.aspx


Windows MultiPoint Server 2012

Windows MultiPoint Server 2012 enables multiple users to share one computer and provides a low-cost alternative to traditional computingscenariosinwhicheachuserhastheirowncomputer.WindowsMultiPointServer2012alsoprovidesaneasymanagementsolution for Windows MultiPoint Server 2012 system administration called MultiPoint Managerandaneasymanagementsolutionforday-to-day administration called MultiPoint Dashboard.

Windows MultiPoint Server 2012 is available in Standard and Premiumversions.UsetheinformationinTable3 to select the appropriate versions for your educational institution.

Standard premium

Number of simultaneously connected

stations10 20

Can be joined to a domain? No Yes

Virtualization support as a host or guest operating

system?No Yes

WindowsMultiPointServer2012canonlybedeployonasinglecomputer.YoucanscaleWindowsMultiPointServer2012onlythroughtheadditionofWindowsMultiPointServer2012instances:Ithasnoinherenthighavailability.However,youcouldrunvirtualizedinstancesofWindowsMultiPointServer2012onhighlyavailableHyperV clusters.

TheuserendpointsthatconnecttothecomputerrunningWindowsMultiPoint Server 2012 are called stations. Windows MultiPoint Server2012supportsthefollowingstationtypes:

Direct videoconnected stations ThecomputerrunningWindows MultiPoint Server 2012 can contain multiple video cards,eachofwhichcanhaveoneormorevideoports.Thisallowsyoutoplugmonitorsformultiplestationsdirectlyinto

TABlE 3 Comparison of Windows MultiPoint Server 2012 Standard and Premium


the computer. Keyboards and mouse devices are connected throughUSBhubsassociatedwitheachmonitor.Useacombinationofallofthesetechnologiestocreateadirectvideoconnected station.

USB zero clientconnected stations USBzeroclientconnectedstationsusetheUSBzeroclientasastationUSBhub(alsoreferredtoasamultifunction USB hub with video).Thesestations connect to the Windows MultiPoint Server 2012 instance throughaUSBcableandtypicallysupportavideomonitor,amouse,akeyboard(PS/2orUSB),audio,andadditionalUSBdevices.

USB-over-Ethernet zero clientconnected stations USB-over-EthernetzeroclientsareavariationofUSBzeroclientconnectedstationsthatsendUSBoverLANtotheWindowsMultiPointServer2012instance.TheseclientsfunctionsimilarlytoUSBzeroclientconnectedstationsbutarenotlimitedbyUSBcablelengthmaximums.USB-over-Ethernetzeroclientsarenottraditionalthinclients,andtheyappearasvirtualUSBdevicesonthe Windows MultiPoint Server 2012 system.

RDP-over-lANconnected stations ThesestationsincludetraditionalthinclientsorotherdevicesrunningafulloperatingsystemthatsupportRDP.


DeployingWindowsMultiPointServer2012athttp://technet.microsoft.com/en-us/library/jj916399.aspx

PlanningaWindowsMultiPointServer2012Deploymentathttp://technet.microsoft.com/en-us/library/jj916408.aspx

DifferencesbetweenProductVersions:StandardversusPremium at http://technet.microsoft.com/en-us/library/jj916405.aspx

MultiPoint Server Stations at http://technet.microsoft.com/en-us/library/jj916411.aspx

NOTE

Personally owned devices canonlyuseRDP-over-LANconnectedstationtypes. Institution-owned devices can use any stationed type as applicable.


Preparing the infrastructure for VDIBeforeyoudeployVDIinyourinstitution,youmustpreparetheappropriateinfrastructure.Table4 liststheVDIinfrastructurecomponentsandprovidesanoverviewofthepreparationthatmaybenecessary for each component. In some instances, no infrastructure remediation may be necessary.

TABlE 4 VDIInfrastructureComponentsandPreparationSteps

Component preparation StepS

Network ThefollowingfactorsaffectwhetherthenetworkinfrastructureisabletosupporttheVDIsessiontrafficbetweenVDIclientsandtheVDIservers:

PlacementoftheVDIserverscandirectlyaffecttheavailablenetworkrequirements(asdescribedinthesectionPlacingVDIserversonpage17).

ThelargerthenumberofVDIclientssimultaneouslyaccessingtheVDIinfrastructure,thegreaterthenetworkbandwidththatisrequired.

Typeofclienttrafficforexample,graphicallyintensiveVDIsessionsrequiremorenetworkbandwidththanlessgraphicallyintensivesessions.

Storage Theprimaryconsiderationforplanningstorageare:

PooledcollectionsrequiresufficientstorageforthetransitionalharddisksandtheUserProfileDiskforeachVDIsession.

PersonalcollectionsrequiresufficientstorageforeachVHDforeachVDIsession.


Component preparation StepS

Client devices EachuserwhoaccessestheVDIinfrastructurerequiresadevicethatsupportstheappropriateclients.Userswhowillaccess:

VM-orsession-baseddesktopdeploymentscenariosrequiredevicesthatsupportRDPorRemoteFX

WindowsMultiPointServer2012requireoneofthesupportedWindowsMultiPoint Server 2012 stations

Someofthesedevicescanbesoftware-basedclients(suchastheRemoteDesktopClientinWindowsoperatingsystemsorappsforotheroperatingsystems)orhardware-basedclients(suchasRemoteFXdevices,thinclients,orzeroclients).

FormoreinformationabouttheclientdevicesthatcanbeusedintheseVDIsolutions,seethefollowingsectionsinthisguide:

WindowsMultiPointServer2012onpage13

ConnectinguserstoVDIsessionsonpage25

YoucanapproximatetheactualrequirementsforeachcomponentinTable4onpage15 by verifyingtheresourcerequirementsinalabenvironment.Forexample,youcouldapproximatethenetworkbandwidthrequirementbyconfiguringatestenvironmentandmeasuringthenetworktrafficalimitednumberofVDIsessionsperformingtypicaltasksgenerate.Then,youcouldextrapolatetheactualrequirementbymultiplyingthemeasurednetworktrafficinthelabbythenumberofsimultaneousVDIsessions.


Placing VDI serversTable5comparesthecentralizedanddecentralizedplacementstrategiesforVDIservers.YoucanuseanycombinationofthesestrategiestoplaceyourVDIservers.

TABlE 5 ComparisonofCentralizedandDecentralizedPlacementofVDIServers

Centralized deCentralized

Scenario CentralizedITdatacenter. Placement in classrooms, labs, or near VDIclientlocations.

Management Requireslesseffortbecausetherearefewerserverstomanage.

Requiresmoreeffortbecausetherearemoreserverstomanage.

High availability HigherconcentrationofuserVDIsessionsmakesimplementinghigh-availabilitytechnologies(suchasloadbalancingorWindowsfailoverclustering)morecost-effective.

LowerconcentrationofuserVDIsessionsmakesimplementinghigh-availabilitytechnologieslesseffective.

Scaling HigherconcentrationofuserVDIsessionscanoffsetthecostsrequiredforscaling.Youcanaddserversorsystemresourcestoincreasescalingcapability.

LowerconcentrationofuserVDIsessions may not be able to offset costsrequiredforscaling.Forexample,addingaservertoaclassroomwithanexistingserverwould effectively double the costs.

Efficient use of system resources

UserVDIsessionscanbedistributed(loadbalanced)acrossmultipleservers, which results in the servers beingmoreequallyutilized.

SomeVDIserversmaybeunderutilized, while others are overutilized, with no way to share resourcesamongservers.

Network traffic HigheravailablenetworkbandwidthisrequiredontheinstitutionsnetworkbackbonetosupportVDIsessions.

Trafficismorelocalizedandhaslessimpactontheinstitutionsnetworkbackbone.


Building virtual desktop templatesVDIVM-baseddesktopdeploymentscenariosrequireavirtual desktop template. A virtual desktop templatehasallthenormalsettingsofaVM(suchasmemory,networking,andVHDsettings).WhenanewuserconnectstotheVDI,theVDIcreatesavirtualdesktopVMbasedonthevirtualdesktop template.

Tocreateyourvirtualdesktoptemplate,useHyperVManagerwiththerecommendationslistedinTable6.

TABlE 6 VirtualDesktopTemplateConfigurationSettingRecommendations

Setting deSCription

Memory Dependingontheappsyouruserswillberunning,youmayneedtoincreasethisvalue.Measurethememoryusersrequirebydeterminingthememoryconsumedonaphysicaldevicewhilerunningtheapps.Youcanconfigurethe virtual desktop template to use static or dynamic memory. Microsoft recommendsthatyouconfigurethevirtualdesktoptemplatetouseatleast1,024 MB.

Network Configurethevirtualnetworkadaptertoconnectto:

AvirtualswitchinHyperVontheRemoteDesktopVirtualizationHost.TheHyperVvirtualswitchmustconnecttoyourinstitutionsintranetsothattheVDIsessionscanconnecttoresourcesonyourintranetandtheInternet.

Thedomainspecifiedduringtheconfigurationprocess.Thisisrequiredbecause the instances of the VM template are automatically joined to the domain when they are created.

VHDs OnlyoneVHDissupported.TheVHD:

MustcontainaWindows8.1imagethatyouhaveconfiguredtoageneralizedstatebyusingtheWindowsSystemPreparationTool(Sysprep)

Canbeconfiguredasadifferencingdisk

CancontainmorethanonepartitionbutonlyoneWindowsoperatingsystemimage

Snapshots Thevirtualdesktoptemplatecanhaveoneormoresnapshotsbutthecurrent(Now)stateofthevirtualdesktoptemplate.Thisallowsyoutomanagethetemplatemoreefficiently.YoucantakesnapshotofthetemplatejustpriortorunningSysprepsothatitiseasytorestorethetemplatetoabeginningstate,changetheconfiguration,takeanothersnapshot,andthenrunSysprepagainon the updated version of the template.


RemoteDesktopServicesexportsthevirtualdesktoptemplateduringthevirtualdesktopcollectioncreationprocess.Theexportprocesscreatesacopyofthevirtualdesktoptemplate,includingalloftheconfigurationsettingsmadeinTable6onpage18.ThisallowsyoumanagethevirtualdesktoptemplatewhileusersareconnectedtotheirVDIsessions.


SingleImageManagementforVirtualDesktopCollectionsin Windows Server 2012 at http://blogs.msdn.com/b/rds/archive/2012/10/29/single-image-management-for-virtual-desktop-collections-in-windows-server-2012.aspx

TestLabGuide:ManagedPooledVirtualDesktopCollectionsat http://technet.microsoft.com/en-us/library/hh831663.aspx

TestLabGuide:UnmanagedPooledVirtualDesktopCollections at http://technet.microsoft.com/en-us/library/hh831618.aspx

SettingupanewRemoteDesktopServicesdeploymentusingWindowsPowerShellathttp://blogs.msdn.com/b/rds/archive/2012/07/18/setting-up-a-new-remote-desktop-services-deployment-using-windows-powershell.aspx

NOTE

Twoormorevirtualdesktop collections can share the same virtual desktop template.


Client licensing for VDIMicrosoftlicensesclientaccesstoVDIsessionsthroughWindowsVirtualDesktopAccess(VDA).WindowsVDAisadevice-basedsubscription that licenses Windows 8.1 for virtual desktops by access device:

Devices covered by Microsoft Software Assurance Virtual desktopaccessrightsareabenefitofSoftwareAssurance.DevicescoveredunderSoftwareAssurancehaveaccesstoaVDIdesktopatnoadditionalcharge.

Table7listtheWindows8.1VDIlicensingoptionsbasedontheoperatingsystemrunningonthedeviceusedasaVDIclient.

Devices not covered by Software Assurance Thesedevices(suchasthinclients)mustpurchaseaWindowsVDAlicenseforeachdevicetoaccessaVDIdesktop,regardlessoftheoperatingsystemrunningonthedevice.Thisincludespersonallyowneddevices.

Client oS vda liCenSe optionS

Windows 8.1 Pro WindowsVDAlicenseandfreeupgradetoWindows 8.1 Enterprise included

Windows RT WindowsVDAlicenseincludedwhenthedeviceis associated with a primary device covered by SoftwareAssurance(forexample,theprimarydeviceisrunningWindows8.1EnterpriseandiscoveredbySoftwareAssurance)

Windows 7 WindowsVDAlicenseandfreeupgradetoWindows 8.1 Enterprise

Windows Vista WindowsVDAlicenseincluded;licensedtouseWindowsThinPCasanRDPandRemoteFXclientonthese devices

Windows XP WindowsVDAlicenseincluded;licensedtouseWindowsThinPCasanRDPandRemoteFXclientonthese devices

Android MustpurchaseaWindowsVDAlicenseforeachdevice

INFO

Thelicensinglistedinthis table applies only to institution-owned devices. All personally owned devicesrequireaWindowsVDAsubscription.

TABlE 7 WindowsVDALicensingOptions


Client oS vda liCenSe optionS

iOS MustpurchaseaWindowsVDAlicenseforeachdevice


MicrosoftVDIandWindowsVDAFrequentlyAskedQuestionsathttp://download.microsoft.com/download/1/1/4/114A45DD-A1F7-4910-81FD-6CAF401077D0/Microsoft%20VDI%20and%20VDA%20FAQ%20v3%200.pdf

VolumeLicensingMicrosoftSoftwareAssuranceathttp://www.microsoft.com/licensing/software-assurance/default.aspx

MicrosoftLicensingfortheConsumerizationofITathttp://www.microsoft.com/licensing/about-licensing/briefs/consumerization-it.aspx

MicrosoftLicensingfortheConsumerizationofITAcademicLicensingScenariosathttp://www.microsoft.com/licensing/about-licensing/briefs/consumerization-it-academic.aspx

LicensingWindowsdesktopoperatingsystemforusewithvirtualmachinesathttp://download.microsoft.com/download/3/D/4/3D42BDC2-6725-4B29-B75A-A5B04179958B/Licensing_Windows_Desktop_OS_for_Virtual_Machines.pdf


Using Volume ActivationYoumustprovideWindows8.1licenseactivationfortheVMsusedinVDIscenarios.ThefollowingisalistoftheMicrosoftVolumeActivationtechnologiesavailableforWindows8.1andabriefdescription of each:

Active Directory-Based Activation (ADBA) ADBAisaroleservicethatallowsyoutouseADDStostoreactivationobjects,whichcanfurthersimplifythetaskofmaintainingVolumeActivationservicesforanetwork.WithADBA,noadditionalhostserverisneeded,andactivationrequestsareprocessedduringcomputerstartup.ADBAworksonlyfordomain-joineddevicesrunningWindows8.1.

Key Management Service (KMS) TheKMSroleserviceallowsorganizationstoactivatesystemswithintheirnetworkfromaserver on which a KMS host has been installed. With KMS, you cancompleteactivationsonyourlocalnetwork,eliminatingthe need for individual computers to connect to Microsoft for productactivation.KMSdoesnotrequireadedicatedsystem,and it can be cohosted on a system that provides other services. By default, volume editions of Windows 8.1 connect to a system thathoststheKMSservicetorequestactivation.Noactionisrequiredfromtheuser.

Table8liststheVolumeActivationtechnologiesandtheinformationnecessaryforselectingtheappropriatetechnologiesforyourinstitution.YoucanuseanycombinationofthesetechnologiestodesignacompleteVolumeActivationsolution.

TABlE 8 VolumeActivationTechnologySelection

adba kmS

Domain joined Yes Yes

Devices must connect to the network at least once every

180 daysYes Yes

INFO

For information about licensingtheclientsusedtoaccessyourVDI,seethesection ClientlicensingforVDIonpage20.

NOTE

AlthoughyoucanperformVolume Activation by usingMultipleActivationKeys(MAKs),Microsoftdoes not recommend MAKsforVDIbecausetheycannot be dynamically applied to VMs based on VDIdemands.UseADBAor KMS, instead.


adba kmS

Supports Volume Activation of Microsoft Office

Yes(MicrosoftOffice2013only,

not Microsoft Office365or

previous versions of Office)

Yes

Requires Volume Activation services in Windows

Server 2012 R2Yes No

Microsoft Volume licensing information is stored in

AD DSYes No

Infrastructure ADDSADDS

KMS server

ADBAandKMSarebothroleservicesintheVolumeActivationServices server role in Windows Server 2012 R2. KMS is also available inpriorversionsofWindowsServer.YoucanuseServerManagerorWindowsPowerShellcmdletstoinstallandconfiguretheseroleservices.

YoucancentrallymanageWindows,Office,andotherMicrosoftproductsvolumeandretailactivationprocessesbyusingtheVolumeActivationManagementTool(VAMT),whichisincludedintheWindowsAssessmentandDeploymentKit.

NOTE

YoucanusethesameVolume Activation infrastructuretomanageVDIactivationandactivation for your other Windows 8.1, Windows 7, Windows Server 2012 R2, and Windows Server2008R2operatingsystems.



VolumeActivationOverviewathttp://technet.microsoft.com/library/hh831612.aspx

InstallingVolumeActivationServicesRoleinWindowsServer2012tosetupaKMSHostat http://blogs.technet.com/b/askcore/archive/2013/03/14/installing-volume-activation-services-role-in-windows-server-2012-to-setup-a-kms-host.aspx

TestLabGuide:DemonstrateVolumeActivationServicesathttp://technet.microsoft.com/library/hh831794.aspx

Volume Activation in Windows 8 deployment planning: A guide for education at http://www.microsoft.com/download/details.aspx?id=39682

VolumeActivationManagementTool(VAMT)Overviewathttp://technet.microsoft.com/library/hh824953.aspx

VolumeLicensingathttp://www.microsoft.com/licensing/about-licensing/windows8.aspx

IntroductiontoVAMTathttp://technet.microsoft.com/library/hh825141.aspx

Volume Licensing Guide for Windows 8.1 and Windows RT 8.1 at http://download.microsoft.com/download/9/4/3/9439A928-A0D1-44C2-A099-26A59AE0543B/Windows_8-1_Licensing_Guide.pdf

MicrosoftLicensingfortheConsumerizationofITAcademicLicensingScenariosathttp://www.microsoft.com/licensing/about-licensing/briefs/consumerization-it-academic.aspx

VolumeactivationmethodsinOffice2013athttp://technet.microsoft.com/library/jj219430.aspx


Connecting users to VDI sessionsUsersneedaccesstotheirVDIsessionsthroughtheirinstitution-owneddevices.ConnectionsforVDIsessionsgo:

Directly to Windows MultiPoint Server 2012 for all Windows MultiPoint Server 2012 clients Windows Multipoint Server 2012 supports four types of connections:

Directvideoconnectedstations

USBzeroclientconnectedstations

USB-over-Ethernetzeroclientconnectedstations

RDP-enableddevices

Oftheseconnections,onlyRDP-enableddevicesareabletoconnectoverremoteaccessconnections(suchasavirtualprivatenetwork[VPN]orMicrosoftDirectAccess).Theotherconnection types will not function properly over WAN-speed connections.

Institution-owned devices can use any combination of connection types as appropriate. Personally owned devices can onlyactasRDP-enableddevices.

FormoreinformationabouthowtoselecttherightWindowsMultiPoint Server 2012 client, see the topic MultiPoint Server Stations at http://technet.microsoft.com/en-us/library/jj916411.aspx.

Through Remote Desktop Session Broker for all session-based and VM-based VDI sessions TheRemoteDesktopSessionBrokersupportsthefollowingRDPclients:

Remote Desktop Client ThisRDPclientisincludedinfullWindowsoperatingsystems(suchasWindows8.1,Windows7,orWindowsVista).Selectthisclientwhentheclient device runs Windows 8.1, Windows 8, Windows 7, or Windows Vista.

NOTE

RemoteFX is only supported on Windows Vistaandlateroperatingsystems.TheWindowsXPoperatingsystemsupportsonlyastandardRDPclientconnection and does not support the enhanced features in RemoteFX.


Remote Desktop Web Access ThisclientallowsuserstoestablishVDIconnectionsthroughawebbrowser(suchasInternetExplorer).Noclientsoftwareneedbeinstalledonthetargetdevice.SelectthisRDPclientwhenyoucannotinstalltheRemoteDesktopClientontheclientdeviceortheclientdeviceisrunninganoperatingsystemotherthanWindows 8 .1, Windows 8, Windows 7, or Windows Vista.

Window Thin PC ThisoperatingsystemincludestheRemoteDesktopClientandcan be installed on older devices that are unable to support Windows 8 .1, Windows 8,Windows7,orWindowsVista.Forexample,youcouldinstallWindowsThinPConadevicethathassufficientresourcestosupportWindowsXPonly.WindowsThinPCis provided as a part of Software Assurance. Select this method when the client device hasinsufficientsystemresourcestorunWindows8.1,Windows8,Windows7,orWindows Vista.

Thin client devices ThesetypesofdevicesareprovidedbyMicrosoftpartnersandhavetheRDPimbeddedintheirfirmware.ThesedevicestypicallyhavelittleornocapabilitytoperformanylocalprocessingbutdosupportUSBdevices.SelectthesetypesofdeviceswhenusersneedaccesstoVDIsessionsonlyanddonotneedtoperformanylocalprocessing.

RemoteFX devices ThesedevicesareprovidedbyMicrosoftpartnersandrunasupersetoftheRDPthatalsoincludessupportforRemoteFX.Selectthesedeviceswhenyou need to support enhanced multimedia.

Partner products ManyMicrosoftpartnersandsoftwarevendorscreateRDPclientsforotherclientdevices(suchasiOSorAndroiddevices).TheseproductsenablethesedevicestoconnecttoVDIbyusingRDPorRemoteFX.Selectthismethodwhenyouneedtosupportspecifictypesofclientdevices.

AllclientsthatsupportRPDandRemoteFXcanfunctionoverremoteaccessconnections(suchasaVPNorDirectAccess),butRemoteFXconnectionstypicallyrequirehigheravailablebandwidththanastandardRDPconnection.


RemoteDesktopProtocolathttp://msdn.microsoft.com/en-us/library/windows/desktop/aa383015(v=vs.85).aspx


Storing user and application settingsWhenusersconnecttoVDI,theyneedtohavethesameuserexperiencetheywouldiftheywereusingaphysicaldevice.UsersalsorequireaccesstoWindowsStoreappsanddesktopapplicationsthatthey use for administration or curriculum.

Onechallengeisthatinmanyinstances,usershaveaphysicaldevicerunningWindowsinadditiontotheirVDIsession.Thismeanstheyneed their user experience and apps to follow them between their physicaldevicesrunningWindowsandtheirVDIsessions.

AfterauserendstheirVDIsession,bydefault,userandapplicationsettingsintheirVDIsessionis:

Saved for personal collections in VM-based desktop deployment AlthoughuserandapplicationsettingsaresavedforthistypeofVDIsession,theyaresavedonlyontheVHDsassociatedwiththeVDIsession.ThiscancreateproblemsiftheuseralsousesaphysicaldeviceoraseparateVDIinfrastructurewithintheeducationalinstitution(forexample,astudentaccessesoneVDIinfrastructureforaphysicsclassandanother,separateVDIinfrastructureforacomputergraphicsclass).

Saved for pooled collections in VM-based desktop deployment with a User Profile Disk ThistypeofVDIsessionhasthesameproblemsaspersonalcollectionsessions.UserandapplicationsettingsaresavedontheUserProfileDisk,whichisuniquetoaspecificVDIinfrastructureandwillnotbeavailabletootherVDIinfrastructuresorphysicaldevices.

Saved for session-based deployment with a User Profile Disk ThistypeofVDIsessionhasthesameproblemsaspersonalandpooledcollectionsessions.UserandapplicationsettingsaresavedontheUserProfileDisk,whichisuniquetoaspecificVDIinfrastructureandwillnotbeavailabletootherVDIinfrastructures or physical devices.

NOTE

Userandapplicationsettingscannotfollowphysical devices that are not domain joined, that runaWindowsoperatingsystem prior to Windows 7, or that run another operatingsystem(suchasiOSorAndroid).


lost for all other types of VDI sessions ThesetypesofVDIsessionsincludesession-basedVDIwithoutaUserProfileDisk,personalcollectionsinVM-baseddesktopdeploymentwithoutaUserProfileDisk,andWindowsMultiPointServer2012sessions.WhentheuserendstheVDIsession,allthechangestheymadetotheiruserprofileandapplicationsarediscarded.

YoucanuseanycombinationofthefollowingtechnologiestohelpensurethatuserexperienceandappsfollowusersbetweentheirVDIsessionsandphysicaldevices(ifthedevicesaredomainjoinedandtheuserlogsonbyusingtheirinstitution-issuedcredentials):

Windows Folder Redirection TheFolderRedirectionfeatureinWindows8.1redirectsthepathofaknownfolder(suchastheDocuments,Pictures,orVideofolderinauserprofile)toanewlocationmanuallyorbyusingGroupPolicy.Thenewlocationcanbeafolderonthelocaldeviceoradirectoryonafileshare.Usersinteractwithfilesintheredirectedfolderasiftheystill existed on the local drive.

Windows Roaming User Profiles TheRoamingUserProfilesfeatureinWindows8.1redirectsuserprofilestoafilesharesothatusersreceivethesameoperatingsystemandapplicationsettingsonmultiplecomputers.Whenauserlogsontoacomputerbyusinganaccountthatissetupwithafileshareastheprofilepath,theusersprofileisdownloadedtothelocalcomputerandmergedwiththelocalprofile(ifpresent).Whentheuserlogsoutofthecomputer,thelocalcopyoftheirprofile,includinganychanges,ismergedwiththeservercopyoftheprofile.

UE-V UE-Visanenterprise-scaleuserstatevirtualizationsolutionthatkeepsusersexperiencewiththem.UE-VprovidesusersthechoiceofchangingtheirdeviceandkeepingtheirexperiencesothattheydonothavetoreconfigureapplicationseachtimetheylogontodifferentWindows8.1VDIsessions.UE-VintegrateswiththeFolderRedirectionfeatureinWindows 8.1 to help make user folders accessible from multiple physical or virtual devices. UE-Vsupportsdesktopapplicationsthataredeployedusingdifferentmethods(suchaslocallyinstalledapps,App-Vsequencedapplications,orRemoteDesktopapplications).

App-V App-Vvirtualizesdesktopapplicationssothattheybecomecentrallymanagedservicesdeployedtoavirtualizeddesktopapplicationenvironmentondeviceswithoutusingtraditionalinstallationmethods(knownasapplication sequencing).Thesequenceddesktopapplications run in their own self-contained virtual environment and are isolated from each other,whicheliminatesapplicationconflictsbutallowsdesktopapplicationstointeractwiththe VM.

RememberthatuserexperienceandappsfollowusersforVDIsessionsandnottotheirinstitution-ownedorpersonallyowneddevices(unlessaninstitution-owneddeviceisdomainjoinedandtheuserlogsonbyusingtheirinstitution-issuedcredentials).



DeviceroaminginWindows 8.1 deployment planning: A guide for education at http://www.microsoft.com/download/details.aspx?id=39682


Running Windows Store and sideloaded appsOnebenefitofrunningWindows8.1inVDIistheabilitytorunWindows Store apps. Table9 lists the support for Windows Store and sideloadedappsinVDI.

SCenario Support

Personal VM-based desktop deployment

Windows Store and sideloaded apps are installed and run as they would be on a physical device.

Pooled VM-based desktop deployment

Sideloadedappsrequirethatuserstatebepersistedbyusinganycombinationofthefollowingmethods:

UserProfileDisk Folder Redirection UE-V

Windows Store apps are unsupported.

Session-based desktop deployment

Sideloadedappsrequirethatuserstatebepersistedbyusinganycombinationofthefollowingmethods:

UserProfileDisk Folder Redirection UE-V

Windows Store apps are unsupported.

RemoteApp Windows Store and sideloaded apps are unsupported.


Windows Store apps: A deployment guide for education at http://www.microsoft.com/download/details.aspx?id=39685

TABlE 9 Support for Windows Store and SideloadedAppsinVDI


Managing VDITable10liststhetechnologiesavailableformanagingyourVDI.YoucanselectanycombinationofthesetechnologiestodesignacompleteVDImanagementsolution.Eachtechnologyisdiscussedinasubsequentsection.

TABlE 10 VDIManagementTechnologySelection

group poliCy WindoWS poWerShell

SyStem Center 2012 r2 Configuration

manager

WindoWS intune

Control Windows Store access Yes No Yes Yes

Control installation of apps

Yes(withAppLocker,

whichrequiresWindows 8.1 Enterprise)

No

Yes(inconjunctionwith Group Policy andAppLocker,whichrequiresWindows 8.1 Enterprise)

No

Operating system setting

managementYes Yes Yes Yes

User setting management Yes Yes Yes Yes

App setting management

Yes(ifregistrybased) Appspecific

Yes,butscriptingmayberequired

Yes,butscriptingmayberequired

Centralized administration

modelYes No Yes Yes

On or off premises Onpremises Onpremises Onpremises Offpremises

On-premises infrastructure ADDS None

Managednetworks

System Center 2012 R2 Configuration

Manager

None




manager

WindoWS intune

VDI sessions must be domain joined Yes No

No,butchallengesexist for native

support; Windows Intuneintegrationis recommended for nondomain-

joinedVDIsessions

No

Supports self-service model

for software and updates

No No Yes Yes

Supports push model for software

and updatesYes Yes Yes Yes

Can be used to create enterprise

app storeNo No Yes Yes

User interaction

ITprodoesback-endconfiguration

Userperformsnoactions

ITproperformsalltasks


Userhasnointeraction for

push model and limited interaction

for self-service model


Userhasnointeraction for

push model and limited interaction

for self-service model

Provided with Windows 8.1 No Yes No No

Provides unified solution for the

entire software life cycle, including

installation, updates,

supersedence, and removal

No No Yes Yes

Can be used for operating system

deploymentNo No Yes No




manager

WindoWS intune

Requires additional cost

Yes(ifADDSisnotalreadyinstalled)

No

Yes(ifnoSystem Center Configuration

Managerinfrastructure is

installed)

Yes(subscriptionmodel)

Manage institution-owned

devices

Yes(ifdomainjoined) Yes Yes Yes

Manage personally owned devices

No(asaretypicallynotdomainjoined) Yes

Yes(throughMicrosoft Exchange

ActiveSync connector or

Windows Intune integration)

Yes

YoucanmanageWindowsStoreappsanddesktopapplicationsinVDIbyusinganytechnologyusedtomanageWindowsStoreappsand desktop applications on physical devices. For more information aboutWindowsStoreappanddesktopapplicationmanagement,seeWindows Store apps: A deployment guide for education at http://www.microsoft.com/download/details.aspx?id=39685 and Windows 8.1 deployment planning: A guide for education at http://www.microsoft.com/download/details.aspx?id=39682.

Group Policy

YoucanuseGroupPolicytomanageuser,Windowsoperatingsystem,andapplicationsettingsfortheVDIinfrastructureandVDIsessions.Ultimately,youcanuseGroupPolicytomanageanyconfigurationsettingsstoredintheWindowsregistry.Microsoftprovidesbuilt-inGroupPolicytemplatesformostcommonconfigurationsettings.Inaddition, you can create custom Group Policy templates that allow youtomanageconfigurationsettingsthatthebuilt-intemplatesdonotprovide.YoucanalsouseGroupPolicytocontrolWindowsStoreaccessandtheinstallationandrunningofappsondevices(when

NOTE

Personally owned devices are typically not domain joined and as such cannot bemanagedthroughGroup Policy. Institution-owned devices that are domain joined can be managedbyusingGroupPolicy.


usedinconjunctionwithAppLocker).YoucanalsouseGroupPolicytomanageRemoteDesktopServices,RemoteDesktopClient,andRemoteFXconfiguration.


Group Policy at http://technet.microsoft.com/windowsserver/bb310732.aspx

ManagingClientAccesstotheWindowsStoreathttp://technet.microsoft.com/en-us/library/hh832040.aspx

Windows PowerShell

YoucanperformmanycommonWindows8.1administrativetasksbyusingWindowsPowerShellcmdlets,includingWindowsStoreappmanagementandoperatingsystemconfiguration.YoucanalsouseWindowsPowerShelltomanagetheWindowsServer2012R2serverrolesandroleservices.YoucanuseWindowsPowerShellinteractivelyortocreatescriptsthatcanberuntoperformmorecomplextasksfortheVDIinfrastructureandVDIsessions.


Windows PowerShell at http://technet.microsoft.com/library/bb978526.aspx

System Center 2012 R2 Configuration Manager

SystemCenter2012R2ConfigurationManagerautomatestheongoingmanagementoftheVMs, the Windows Server 2012 R2 server roles and role service, client devices, and the other infrastructureservices(suchasADDSorDHCP).YoucanuseSystemCenter2012R2ConfigurationManagertoautomatethefollowingmanagementtasksfortheVDIinfrastructureandsessions:

DeployWindowsStoreappanddesktopapplications

Deploysoftwareupdatesandhotfixes

Helpensurecompliancewithestablishedconfigurationbaselines.

Provide virus and malware protection

Inventory hardware and software assets

Provide remote helpdesk support for users


Providecomprehensivereportingonthecurrentstatusofallhardwareassets,softwareassets,software deployment status, compliance status, software update status, and other reports

SystemCenter2012R2ConfigurationManagerprovidesaunifiedconsoleformanagingVDIandcanoptionallyintegratewithWindowsIntunetohelpyoumanagedevicesthatarenotconnectedtotheeducationalinstitutionsintranet.Institution-owneddevicescanbemanagedbyusingSystemCenter2012R2ConfigurationManager.PersonallyowneddevicesaretypicallynotdomainjoinedandcannotbemanagedbyusingSystemCenter2012R2ConfigurationManageronly,butpersonallyowneddevicescanbemanagedbyusingSystemCenter2012R2ConfigurationManagerwiththeExchangeActiveSyncConnectororWindowsIntuneintegration.


SystemCenter2012R2ConfigurationManagerathttp://www.microsoft.com/en-us/server-cloud/system-center/configuration-manager-2012.aspx

Windows Intune

WindowsIntuneisanoff-premises,cloud-basedmanagementsolutionthatprovidesdevicemanagement,softwareinstallation,andsoftwareupdatemanagement.WindowsIntunecanintegratewithSystemCenter2012R2ConfigurationManagertoprovideaunifiedmanagementsolutionfortheVDIinfrastructureandVDI.YoucanuseWindowsIntunetomanageinstitution-owned or personally owned devices.


Windows Intune at http://www.microsoft.com/en-us/windows/windowsintune/pc-management.aspx

2014MicrosoftCorporation.Allrightsreserved.

Thisdocumentisforinformationalpurposesonlyandis provided as is. Views expressed in this document, includingURLandanyotherInternetWebsitereferences,maychangewithoutnotice.MICROSOFTMAKESNOWARRANTIES,EXPRESSORIMPLIED,INTHISDOCUMENT.

_GoBack_Ref230671979Choosing a VDI deployment scenarioVirtual machinebased desktop deploymentSession-based desktop deploymentWindows MultiPoint Server2012

Preparing the infrastructure for VDIPlacing VDI serversBuilding virtual desktop templatesClient licensing for VDIUsing Volume ActivationConnecting users to VDI sessionsStoring user and application settingsRunning Windows Store and sideloaded appsManaging VDIGroup PolicyWindows PowerShellSystem Center2012 R2 Configuration ManagerWindows Intune

virtual desktop infrastructure - a deployment guide for education.pdf

Documents

windows store

new devices

existing devices

wide diversity of devices

institutionowned devices

vdi servers18

vdi sessions27

user types