Azure RemoteApp – Hybrid deployment
I started to introduce Azure RemoteApp to my customers a year ago, it’s very interested topic. Some of them informed me they launched projects to move their desktop applications to Cloud using Azure RemoteApp solution. Discussing with my customers, I understand Azure RemoteApp is great from technical and business perspectives, but it’s new and having a lot of challenges we need to deal with such as
- How to standardize, simplify and automate deploying any application?
- How to optimize upgrading, patching process with minimum downtime?
- How to manage users, user groups easier and more effective?
- How to integrate Azure RemoteApp with existing AD, DNS, Network?
I will work hard to resolve all the questions, and in this post I would like to introduce you how to integrate Azure RemoteApp with existing AD, DNS and Network. Let’s start with real situation first.
- Azure now provide ARM (Azure Resource Management) mode, it’s better for resources grouping, tagging and managing. But Azure RemoteApp just be supported in ASM (Azure Service Management) mode.
- Azure Active Directory is centralized identity system to manage access accounts to Azure RemoteApp collections, in case we want to use similar credential with on-premises applications Azure AD doesn’t support by default.
- Azure RemoteApp collections are accessed from internet, and if integration from them to other application layers (such as application layer or database layer) we need to expose directed connection from these layer to internet, it’s unsecured solution.
- Some application truly required Windows authentication/ authorization and this requirement cannot handled by standalone Azure AD.
How to handle these challenges? Is it easy? No it’s not easy stuff but doable and possible. Let’s discuss about concept now.
- Can ASM VNet and ARM VNet work together? Yes Site to Site VPN can help us. I provided Azure VNet – Site to Site VPN (between VNet and VNet) before so it can help a bit. And of course we can integrate ARM VNet to on-premises network using S2S VPN.
- Can Azure AD and on-premises AD work together? Yes it’s doable with AD Connect. Please refer to Azure Active Directory – 3 simple steps to integrate with on-premises AD for detailed guideline.
- Can we deploy Azure RemoteApp collection into a subnet? Yes Microsoft supports this option.
So quite good now, right? All the concerns will be handled. The follow diagram represent the high-level design for my PoC.
You know all the step accept deploying a new Azure RemoteApp collection into VNet right? Let’s start with missing piece, you’ll surprise because it cannot be easier.
Click on New –> App Services –> RemoteApp –> Create with VNet then choose Virtual Network and Subnet you want to deploy your app collection into. Please make sure Join Local Domain is checked.
In the new app collection dashboard, you can find quick guide to finish configuration.
Before starting with first step, please access to your Domain Controller, create new Organization Unit (my case is RemoteApp) and RemoteApp service account under new OU (my case is firstname.lastname@example.org). The follow image show you simplest way to configure local domain.
In the second step, I link app collection with a template image by selecting a Virtual machine image (for more detailed guideline please refer to Azure RemoteApp – Bring Java app to RemoteApp).
The process can take hours then you can publish and use your app with your on-premises local account.