XenDesktop Essentials and XenApp Essentials have hit the Azure Marketplace, and they are catching on.
For those of you that remember Azure RemoteApp, XenApp Essentials is the replacement for that. And for those of you that want to give Windows Client desktops to your user-base, XenDesktop Essentials is for that.
And, for those that want it all, There is XenApp and XenDesktop Service. Which offers it all.
Now, the reason for my post. Active Directory and Azure Active Directory.
There is a requirement of all of these solutions that the provisioned machines are joined to a domain. This is where I see many folks getting confused between all of the various Active Directory options.
In reality, there are only two models that will work today (at the date of this post). Let me describe them in terms of what you need to accomplish.
In both models, you have the user side running in Azure. Whether that be XenApp Servers (Terminal Servers for you really old folks) or Desktops (Windows Client or Windows Server desktops).
Your answer to this next question defines the path that you need to head down.
Do your Azure based user sessions need to access resources in some other cloud / datacenter?
A different way to ask this - do you need a VPN between your users in Azure and whatever other resources they need to access in some other cloud / datacenter.
If your answer was no;
Then I am calling you 'cloud born' or 'Azure based'.
Knowing this you can use Azure AD plus Azure Active Directory Domain Service.
AD Sync is built in, and most likely Azure AD is your source for users. But you need the additional service to support domain join, group policy, and those traditional things that Active Directory provides.
I personally love the following guide for getting AADDS all up and running: Azure Active Directory Domain Services for Beginners
The trick here is that you need to use FQDNs for domain joins and domain references. If you customize your Azure AD domain, use that. If you don't it is YourDomain.onmicrosoft.com.
When you need to add Group Policy to lock things down; https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-admin-guide-administer-group-policy
If your answer was yes;
Then you are more of a 'traditional' enterprise that is in some hybrid deployment model.
Knowing this you need to use Azure AD plus Active Directory.
You will need to enable AD Sync, you will need to establish a replica domain controller in Azure, and you (probably) already have a VPN between your datacenter and Azure virtual network.
The replica domain controller in Azure: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-install-replica-active-directory-domain-controller
Active Directory Sync / Connect to Azure AD: https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect
(It does not matter where you install / run that, just that you do).
In both cases; Don't forget to update the DNS settings of your Virtual Network with these new machine IP addresses.
No comments:
Post a Comment