Delivering Web Applications with Hyper-V hosted RD Session Host VMs and Quest Workspace Desktop Virtualization
Today I finished a large RD Session Host deployment using Quest Workspace Desktop Virtualization.
The deployment consisted of 8 Hyper-V Servers, each hosting 7 RD Session Host VMs. The 56 VMs serve up seamless RemoteApps for a few web applications.
One of the requirements was to limit users web browsing to the websites that the customer needed published. There are several ways this could be accomplished, like host files, proxy filtering, web filtering applications and probably some I haven’t thought of.
They way we chose to accomplish this was via Quest Workspace Desktop Virtualization’s URL Redirection feature. In a nutshell we placed the VMs in an OU and linked a GPO to this OU where the Quest URL Redirection ADMX template was loaded. In the template we specified which URL strings were allowed on the RD Session Hosts, and any other URLs that hit the hosted IE Browser got redirected back to the client device’s Internet Browser.
The customer did not mention this as a requirement when they purchased Quest Workspace Desktop Virtualization and Quest Defender to secure their applications for use by remote contractors, but it was very easy to implement. It was nice to be able to meet a customer’s requirements on the fly, without having to scramble to figure out how. It was simply, we can do that….
Updates to the allowed URLs can be made on the fly via GPO, and updates to the VM configuration or installed applications on the RD Session Hosts can be made to all 56 VMs in about 10 minutes by updating the template VM and reprovisioning the 56 child VMs. Quest Workspace Desktop Virtualization automatically and instantly replicates the update VM template to all 8 Hyper-V servers, and using our Hyper-V Catalyst Components, the instant the first block of data from the VM template is replicated to each Hyper-V Server, the VMs can be rebuilt. They will retain their MAC address, IP address, FQDN, Domain Membership, VM configuration (NIC, Memory, CPU, VLAN tags…) and of course any settings from Quest Workspace Desktop Virtualization, like applications being published.
Another thing we did that one cannot do with the in box functionality of Microsoft’s RD Broker is publish different applications on different RD Session Hosts. This is commonly referred to as “Application Siloing”. We had to do this because one application had different security requirements than the others.
Other components of the architecture included a set of 2 Quest Web Access and Secure Gateway VMs that were load balanced by F5 Big IP LTMs and front ended by Microsoft ISA server. ISA Server was not a technical requirement, but the customer’s security team required all access to go thru their ISA servers.
Quest’s brokers not only load balance the RD Session Host connections, but also the placement of the VMs across Hyper-V Servers.
Last year was the first time I missed Briforum since 2006 so I’m pleased to be attending this year. I’m also going to MGX for the first time and hope to be showing some new goodies on Windows 8 Client Hyper-V.
If you haven’t made plans to attend Briforum yet, don’t miss out on the Conference for REAL Desktop Virtualization GEEKS! Be sure to visit the Quest Software demo to see demos of Dell Wyse gear and Quest Workspace Desktop Virtualization, as well as Quest Workspace ChangeBASE!
If you’re in the San Diego area from April 29 to May 2nd don’t miss TEC 2012 Virtualization and Workspace Management Track. Brian Madden is delivering the keynote and the session content is listed here:
I’m on my way to Kansas City (Overland Park) to speak at a Microsoft Education Roadshow.
In this video I demonstrate how vWorkspace seamlessly redirects specific (defined by IT via GPO) URLs from the local IE8 or IE9 Browser to IE6. If a user browses to a the site that does not require IE6, they are redirected back to their local IE browser.
Because IE6 is running in its native operating system (Server 2003 R2 Terminal Server), this is completely legal, in accordance with the Microsoft EULA and supported and endorsed by Microsoft and Quest.
There is no application virtualization going on here, just application presentation. As you know, RemoteApp didn’t exist on 2003 R2 Terminal Server, so the seamless Windows engine here is Quest vWorkspace.
Using this, customers can continue their Win7 migrations and can deal with remediating their IE6 applications on a separate timeline and/or separate project.
In this presentation Kevin Sullivan (Microsoft) and Patrick Rouse (me – Quest) explain how Microsoft and Quest help Education Customers to access and manage their desktops using Desktop Virtualization.
In this presentation I explain how Quest and Microsoft have partnered to offer an IE6 Compatibility Bundle (known as Quest vWorkspace IE6 Compatibility Edition) for customers migrating to Windows 7 who need to support IE6 applications. As you may well know, Windows 7 can’t natively run Internet Explorer 6 (or 7). Many customers are left without a viable solution on how to migrate to Windows 7, when they have mission critical applications that REQUIRE IE6.
Initially Application Virtualization seems like the answer, but virtualizing Internet Explorer is neither compliant with the Microsoft EULA, nor is it supported (just like running any binaries from one Microsoft OS is not supported if the binaries are executed on a different OS). So while it may be technically possible to virtualize IE6 with Microsoft App-V, VMware ThinApp, Symantec SVS, Citrix Application Virtualization, none of these are supported and all violate the Microsoft EULA.
The solution detailed in this presentation is SUPPORTED, COMPLIANT and ENDORSED by Microsoft and Quest. In a nutshell, Quest vWorkspace seamlessly presents IE6 (from 2003 R2 Terminal Server) onto the Windows 7 Desktop (physical or virtual).
This solution for IE6 Delivery to Win7 includes all of the bells and whistles of vWorkspace (when publishing IE6) Enterprise Edition, such as:
- Server and Application Load Balancing
- Seamless Application Presentation
- Desktop & Start Menu Integration
- WAN Acceleration & RDP Compression (via Quest EOP)
- Multimedia Acceleration (Flash)
- Bi-directional audio
- Universal Printing (Client, Network and Remote Relay)
- User Profile Management
- User Environment Configuration
- Single Management Console with Granular Delegated Administration