RDmi, a glance at the new PaaS RDS

Just before Ignite 2017 Microsoft announced the development of Remote Desktop Modern Infrastructure (RDmi hereon after) with a Microsoft Mechanics video. RDmi is an evolved development of RDS 2016 and has a lot of cool new features.
Now, don’t worry. RDmi is not replacing RDS just yet, but after reading this blog you will certainly consider moving from RDS to RDmi quickly. And yes, there will be an easy way of migration available!To start with, the infrastructure roles are now PAAS: platform as a service. That means they will run in the form of Web Applications. The infrastructure roles are no longer part of the domain, to make sure security is covered. The Microsoft RDS development team has made a lot of changes, added features and generally brought some great innovations to the RDMi, this of course includes security features. One of the most appealing features is that only the required ports are open, meaning that communication between infrastructure roles and RDS Hosts is done over port 443.

Communication between RDmi and RDSH

Communication between the infrastructure roles and the RDSH servers, which are in de domain, is done by an agent. This agent will use a bi-directional secure connection (port 443) between the infrastructure roles and the RDS Host servers. Using this SSL connection will greatly enhance security because you no longer need to open up a lot of ports to outside access. If you need access on administrative level to the RDS Hosts you will still need to open up 3389 for RDP access though.

The new Diagnostics role

With the introduction of RDmi a new role has brought to the field; diagnostics. Microsoft hasn’t elaborated on the tool much at the moment, but confirms that this role can be used to track down user information like log-on and activity times. The tool is also able to give more in depth information regarding the connection quality, a highly appreciated addition.

Scalability of RDmi roles

Microsoft makes it possible to easily scale up and down in the infrastructure roles. The scaling technique is based on the scale sets that are available today for Azure websites. The scaling technique can be configured based on parameters like CPU and RAM level. For example you can configure to schedule an extra machine when the server is hitting more than 65% of its capacity.

Azure AD integration

RDmi has total integration with the Azure AD. This means end to end management of your account security and usage in the Azure Security Center and the intelligent Graph API’s.With the addition of this feature you can build your own dashboards based on the output of this API’s

MFA integration

With the new changes RDmi makes Multi Factor Authentication (MFA) integration a lot easier to implement. You can use the Azure MFA configuration tool to configure a single sign on (SSO) experience for your end users. As with all Microsoft MFA options, you can use telephone, SMS or app authentication giving your users the best possible experience.

Store UPD files on PAAS filesharing

RDmi supports saving User Profile Disks (UPD) on a PAAS file share. RDmi is supportin Active Directory Acces Contol Listules on the PAAS share(s), as many companies will be using this in their enviroments.

By adding this feature Microsoft has answered to a much asked question by RDS specialists. In the current setup you need to install a Scale Out File Server on high power Virtual Machines to get ultimate performance.

Multitenancy

Since the infrastructure roles are no longer in the domain and communication between the infrastructure roles and RDS Host servers is done by an agent, the possibility arises to host the PAAS roles in a different tenant then the RDS Hosts. With this set-up you can make sure a customer can use their own AD joined infrastructure, such as ADDS, GPO policies and other domain joined services.You can simply join the RDS host servers of a customer to a RDmi deployment in another tenant. The customer then uses a shared infrastructure that will be operated by experts and have only responsibility for maintaining the image of the RDS Host servers. This will give you a lot of options in running multitenant environments while also keeping the maintenance cost and effort low.

Rich partner eco system

Microsoft encourages you to develop your own tooling to make RDS even better. It is possible to use Microsoft API’s to create your own dashboards and BI graphs. When the entire feature set of this API’s is readily available, I will write a separate blog on it to help you get started.

Log on experience

Because the new infrastructure roles are available through a web application there wil not be a RDWeb logon page any more. Users can access this new web app with the HTML5 RDP client or the new (yet to be released) Remote App Client. After logging on, using the SSO experience, it will show them their specific apps immediately.

Roadmap

The release of RDmi is done following the roadmap below. In this roadmap Microsoft shows an updatecycle in the same way as Windows 10 uses (Spring and Fall). This will most likely be the way they will roll out updates across their products in the future

.

 

As soon as I had the opportunity to check out RDmi i’ll update this post!

Get more info

Official announcement RDmi

RDmi architecture poster