Working with Microsoft Azure RemoteApp
Terminal Server
Don't Forget Updates
The VM does not need to be a member of your domain but should have a connection to the Internet or a local WSUS server so that you update it. Using an unpatched server would cause problems. The background is that Azure expects a specific version of the RDP Shell rdpinit.exe
. The upload process will complain if this is not up to date.
Microsoft may provide the private Hotfix KB2977219, which updates the file, on request. However, the hotfix requires the patch collection KB2919355 from April 2014, which in turn depends on the patch package KB2919442. This will be a lot easier if you use automatic updates. The update rollup package KB2984006 from September 2014 comes up automatically and makes the image fit for the cloud.
Uploading the VHD File
Finally, you can disable filesystem encryption using the command
Fsutil behavior set disableencryption 1
and generalize the image using:
C:\Windows\System32\sysprep\sysprep.exe \ /generalize /oobe /shutdown
Proceed to the apps overview in the Azure front end to view the apps and then go to the Template Images page. Upload your VHD file there. The wizard gets you to download the Azure PowerShell module [7], which you need to install on your host. You can then download a PowerShell script and run it in any directory. The script connects to the cloud and opens a graphical explorer window in which you can select your image and upload it.
If you now create a new collection, you can select your own image and then publish your applications. A user who is assigned two collections will see the apps from both collections in the client together.
Connecting Networks
You will need to configure a hybrid deployment to use resources on your local network from RemoteApp (Figure 4). The wizard and the Azure help [8], which is also easy to understand in this respect, will guide you through the necessary steps. First, configure a VPN in the RemoteApp overview. You will then receive a script either for multiple firewall or router types from Cisco and Juniper or the Microsoft RRAS service. In this way, you can set up the tunnel to the cloud; however, for this to work, you need a publicly accessible static IPv4 address. Then, you need to specify an account that has the right to add computers to your local AD domain to join with the virtual Terminal Server.
The final step is to synchronize your domains with Azure AD [9] so that users can also log in to the cloud with their internal accounts. For this, you will need a publicly known DNS domain in whose namespace you need to add an MX or TXT record to verify the domain against Microsoft. The Azure help explains how this works for various providers.
If your internal AD does not use this DNS namespace but instead uses a private domain ending in .local or .intern , you need to add the externally known domain to AD as an alternative. You can then log your users onto the Azure RemoteApp with their AD accounts instead of the Microsoft accounts.
Buy this article as PDF
(incl. VAT)