Microsoft Office and the death of RDSH.

Thanks to the announcement at Ignite of Windows Virtual Desktops (WVD) and the information or more details that followed, specifically regarding Microsoft Office on the platform, several people in the industry are now announcing the death of Remote Desktop Services Session Host (RDSH).

Before proceeding with what I think, let me clarify that I do not think RDSH is the silver bullet. It is, like anything else, another tool for delivering applications to your users. That said, what we know as of today is very simple to summarize:

  • RDSH is heavily used to deliver Line of Business (LOB) applications and many, if not the vast majority, have ties to Microsoft Office and/or interact with it.
  • RDSH has been around since 1998 when it was officially announced at the New York Expo. That means we have been dealing with it for over 20 years now. We know how it works, how it behaves and its weaknesses and strengths.
  • As we know it, we learned over the years how to deal with applications that do not like RDSH as a delivery platform. And by we, I mean thousands of people on the internet. You have an issue with RDSH, someone can probably fix it within a day or two.
  • We clearly understand its scalability, performance and for many companies out there, the most important thing, its cost.

Now, looking at WVD, recently announced, all the above is completely unknown. How does it perform at scale? How does it work with all the LOBs out there, that as of today live in a happy RDSH world? And how much does it cost per user per month to deliver the same performance, scalability and availability as all these RDSH environments out there? Yes, we have no answers to that. Yet.

Then Microsoft announced that Windows Server 2019 and its RDS incarnation, does not run Office 365 but does run Office 2019 perpetual. Once people read that, the death sentence for RDSH was issued.

But does it make sense that to be the case? IMHO, no. And a big NO. And actually, quite the opposite.

What we know is simple: Office 365, like its Windows 10 counterpart, is or will become a nightmare with its almost daily release cycles. Yes, the same Office 365 you are running on your PC is not the one that was there last week or a month ago. It may even have new features.

Imagine that with critical LOB apps that interact with Office. If one thing changes on the Microsoft Office stack, everything may break on all these apps that rely on it. Reason why LOB apps are treated in a very strict way regarding patches and upgrades. For most businesses these are critical. If they go down, revenue could be directly affected (like one customer I have where one hour with their main LOB down means USD 1M in revenue lost). They do not like insane release cycles. They do not change their hosting environment on a weekly basis.

The other key point is, what are the exact differences between Office 2019 perpetual and Office 365, other than fast release cycles? What exactly is lost, functionality wise, when I run Office 2019, compared to Office 365? And the key question here, do these features are required by all the LOB applications that interface/interact with Office? Based on my experience, the vast majority of these LOB apps could not care less about whatever collaboration or online features Office 365 brings to the table.

For new deployments, mostly Office apps based, I do and clearly see the reason to go for Office 365. These are new deployments, not having to support mission critical LOB apps. Online features and collaboration are appealing to these use cases. Awesome.

With all that said the reality is, all the LOB apps will not be fixed overnight to work with Office 365. Even if they work, testing and certifying these apps with it may take ages and potentially may never happen for several companies. They will simply stick to what is known to work and to work well. This on itself may provide RDSH the fuel it needs to keep running, and existing, for many years to come.

And if the company all the sudden needs everything Office 365 has to offer, simple. Use WVD to handle that and keep RDSH for the mission critical LOB apps with Office 2019. Note that I did not mention cloud or on-premises anywhere and for one simple reason: RDSH does run anywhere, including the cloud. And unlike WVD, it runs on ANY cloud. Azure, AWS, Google, you name it.

The flexibility anyone expects from a mature solution. And in case you were going to the RDSH funeral, turn back and go home. 

And by the way, 2019 is not the year of VDI.


1,532 total views, 9 views today

Is UPD now FSLogix? Taking a look at the FSLogix acquisition by Microsoft.

Perfect timing I guess. A couple weeks after I released the whitepaper I wrote showing how UPD compared to FSLogix, Microsoft decides to open its wallet and acquires FSLogix. I am sure someone at Microsoft did read the whitepaper and understood that UPD needed a revamp and that it would probably take them a long time to fix it than opening their wallet. Very happy to see this happening. With that in mind, let’s take a look at what this potentially means to everyone in the industry.

I am not going to discuss the existing UPD limitations and how FSLogix can be used to complement it or to fully replace it. You can read all about that on this blog post.

The question now that many are asking themselves is simple: will this be part of a cloud-only offering, like Windows Virtual Desktops is as of today? The answer, no one really knows for sure. Probably, not even Microsoft.

The main thing is, UPD, even though it is a much better solution than traditional roaming profiles, still suffers from many issues, no matter if you are hosting your solution in the cloud or not. At the end of the day, you are still accessing a Windows OS and given how it works, a profile is always required (even if it is a local one).

If UPD 2.0 (that is how I will call the FSLogix offering, now under the Microsoft umbrella) does become what FSLogix is and more, it makes no sense to tie it to a cloud-only offering. The reason for that is simple. First of all, having to deal with two different solutions for on-premises and cloud based deployments. Considering many are still fully on-premises and some are in a transition mode (one that may take years), forcing customers to have to deal with two completely different solutions, especially when in a hybrid deployment, could lead to a terrible end-user experience, where things do not work smoothly regardless of its location.

And that is something that Microsoft is trying to avoid at all costs at this stage. If the plan is to turn Microsoft into an utility company, where you pay your monthly bill exactly the same way you do with your cable, natural gas and hydro, it has to behave exactly the same way as everyone is used today. To the point that no one can tell the difference where it runs or how it behaves. Once that is the case, almost certainly a transition to the cloud will be just a natural evolution of an on-premises environment. Simple, effortless and more than that, painless.

Making such solution a cloud-0nly offering creates this gap between what is there right now and what will be there in the future, simply creating push back from customers, instead of promoting adoption. Reason why I do believe that Microsoft will do something regarding WVD, making it available on-premises. To simply make the transition to a cloud-hosted WVD simple for anyone using WVD on-premises.

Yes, luring customers, instead of forcing them.

Now it is worth mentioning that Office 365 is far from being a Windows only offering. Many use it from mobile devices running iOS and Android and of course from non-Windows desktops. With that in mind, to make the Office 365 experience the same no matter where/how you use it, Microsoft has to fix more than profiles. As per my twitter, the main one that comes to mind is printing. I do remember a session I attended during the first ever BriForum, in 2005. Yes, thirteen years ago. And guess what? The printing landscape is as bad as it was back in that day.

So Microsoft, please keep your wallet open and get Tricerat as well. That will give us, Office 365 users, a true world class experience, no matter where we are and what we use.

You know, like a true utility company, that does not care if I have a Vizio or a Samsung TV.

It just works.


541 total views, 2 views today

UPD? FSLogix? Both? Which one is better?

If I could ask for $1 every time someone asks me what I think about User Profile Disks (UPDs), I would be retired by now. Some time ago (maybe a long time ago), Eric (from XenApp Blog) and I were having a chat about how to deal with large user profiles due to some testing he was doing with Turbo Containers (by the way, a great tool for many use cases).

Interested on knowing what Microsoft was doing under the hood when UPDs were enabled within an RDS Session Collection, Toby Phipps, a Microsoft MVP for RDS, pointed me to Technet and showed me which commands could enable UPDs using the CLI. With that, Eric tested enabling UPDs within other platforms (i.e. Citrix Virtual Apps) and as expected, everything worked.

Fast forward to today, many people still do not understand what can and cannot be achieved with UPDs and how it compares to other similar technologies on the market. More than that, many still think this is a Microsoft-only technology/feature.

After having a chat with Kevin at FSLogix, it was clear it would be great for everyone if someone could explain exactly what UPD is, where it can be used and how it compares (or maybe complements) to FSLogix.

The result is this whitepaper. It covers everything about UPDs, showing you how to enable it on RDS, Citrix Virtual Apps/Desktops and even VMware Horizon. It then shows you how FSLogix can be used to complement UPDs or even replace it completely.

Of course the idea of using the right tool for the job is always present. Depending on your needs and use cases, UPDs may be all you will ever need. But we felt it was important to show where UPD falls short and for which use cases FSLogix may be the right way to go.

So do yourself a favor and download this whitepaper here.

And if you have any questions, I am sure you know where to find me.


1,053 total views, 1 views today

RDS – The Complete Guide book. Present and Future.

Ladies and Gentlemen,

As you realized, the book I wrote with Freek Berson (awesome guy, great Microsoft MVP for RDS) is now out on Amazon, in both e-book and paperback versions. It is available here. Before you ask us or mention anything about the book, there are a few things I do want to explain the reason behind. So let’s take a look at some of these:

  • Book sucks as it is about Windows Server 2012 RDS. Well if you noticed, RDS on 2016 is pretty much identical to RDS 2012 R2. Very few differences. Same for Windows Server 2019, now in technical preview. Add to that there is way more production RDS environments based on 2012 R2 than 2016. Finally, the book provides a solid foundation that applies to RDS in general, not tied to a particular release. Learn all that is in there and you will certainly be able to deliver a solid RDS solution regardless of the version in question.
  • Certain chapters were sponsored what means you are biased. Well if you know me well from all the conferences I participated over the years, or as an MVP, you are probably aware of the fact when something sucks, I will be the first one to let you know. Over the years I told Microsoft everything I thought was horrible with RDS. Same with Citrix and its products. Did not matter the fact I was a Microsoft MVP for 17 years or a Citrix CTP for 9. For the book, after trying many products to address the RDS shortcomings (and there are indeed several), we truly believe the ones in the book are some of the best out there. And more than that, these are products we use on a daily basis. That is the only reason we reached out to these sponsors in the first place. It was not just about money to allow us to focus in the book but more like bringing to the public what we think are the top tools out there to make your RDS deployment much better.

With that in mind, so what about RDS 2016 and 2019? We are covering these indeed but as companion books. The idea is all the foundation you need is in the RDS 2012 book. The first one. Then, based on what your target platform is, 2016 or 2019, you just get the companion book to complement all that you learned from the main book. Simple. Also this allows us to release these smaller companion books at a much faster pace than what took us to get the RDS 2012 one done. The companion books to be released are:

  • RDS 2016.
  • RDS 2019.
  • VDI using Microsoft RDS.
  • Deploying GPU-based solutions with RDS.

These four should then cover RDS end-to-end, no matter the version and the scenario you have in mind.

I hope this clarifies a bit about the book and the plans we have for it down the road.



899 total views, no views today

Nutanix acquires Frame – What do I think?

As you have seen on the EUC news, Nutanix is acquiring Frame and soon will start their DaaS offering within their Xi Cloud Services. This is indeed quite an interesting move and one that can, and certainly will, affect several players within the EUC/DaaS market. You can bet that includes Citrix, VMware and Workspot.

That said, there are several things that Nutanix will have to address, according to my own personal take on this. Let’s take a look at some:

  • On-premises offering. Sure, the Cloud may seem great. It does have its use cases and is another tool on the toolbox. And that is the issue here. Another tool ON THE TOOLBOX. Ideally, and again, IMHO, a solution to be complete, has to address both use cases, providing a clear Hybrid model. That addresses current needs for an on-premises delivery model while providing a clear path to the off-premises one, the Cloud. Being a Cloud only solution could pose a huge problem for many companies out there. The solution here? Should not be hard to bring that on-premises and pave the way so both offerings work seamless together. If Nutanix can pull this off, you can bet this will definitely affect Citrix and VMware. Guaranteed.
  • Toolbox. As we all know and learned over the years, a desktop solution, no matter where it runs, requires way more than just providing a desktop. User personalization, application packaging and delivery to the desktops, robust monitoring, it all ties together to compose a full solution. And again, regardless of where it is running. Nutanix has nothing in that space. Same for Frame. Solution? Keep the wallet open and acquire a couple more companies that are still relatively small but greatly fill these gaps. Examples? FSLogix, Liquidware Labs and UberAgent (Vast Limits). The end result of these potential acquisitions would be a platform that would be years ahead of both Citrix and VMware in many levels.

The great thing here, many may not see. If Nutanix does address the above, they will be going the other way around. That means coming from a native cloud offering (Frame) to an on-premises one to address current needs but already addressing future ones. This is completely different than having to build a cloud solution off something that was built from the ground up without the cloud in mind (Citrix is an example of that, and their struggles to bring their stack to the cloud is something everyone knows – VMware does suffer, maybe to a lesser extent, from the same issue).

Also acquiring extra talent to address these needs (by the way, needs that we all know must be addressed – reason for these products to exist) will potentially cause further damage on the market as all the customers out there now using these products could be converted to the Nutanix offering, leaving the Citrix/VMware train behind.

I would love to hear from Workspot what they have to say about this, given the many differences between their offering and what Nutanix is cooking. As I said many times, good enough may be all that many customers need. But now, if Nutanix offers a similar solution, cheaper and potentially with a better stack (Frame’s protocol is indeed better than RDP, that is a fact) all at a cheaper price, the ‘good-enough’ bar gets raised. In such cases, why would customers stick with a less capable protocol and potentially more expensive solution? This can create a problem for players like Workspot for sure. And the simple fact Nutanix does have more money in the bank to acquire whatever it takes to polish its desktop offering, amplifies the impact of all this on them.

Resuming: I do like to see this. I like companies with balls and Nutanix is certainly one of them. Ballsy acquisition indeed and if they play the right game here, they can certainly create a very compelling stack that will address current and future needs. All this, coming from the future :-).

So, Dheeraj please keep the wallet open. What is another couple bucks when you already spent big money? And please keep kicking ass. The asses in question do need it.



3,040 total views, 1 views today

The rise of VHD-Based Profiles. And the marketeers.

I decided to write this post due to the fact I am getting tired of marketing people in general, always attempting to sell you something you may not need and worse than that, trying to spread fear all over the industry about other solutions. Before going ahead, let me make one thing clear: I truly believe every product out there in the EUC does have a reason to exist, beyond making money. They do address a particular need and certainly have their value and merit.

Now, leaving the marketing bullshit behind, that does not mean any of these products are the silver bullet, the one solution that will solve all your problems, with zero side effects. If you ask any vendor what the drawbacks are with their product and they have no answer to that, please, do yourself a favor and run away. Every single product has drawbacks and issues. Period. The key thing is understand these and how you can minimize or eliminate them (with potentially another product to complement the first one).

With that in mind, let’s have a quick chat about VHD-Based profiles, what seems to be the hotcake these days. If you are not aware of, Microsoft introduced User Profile Disks (UPDs) back in 2012 with Windows Server 2012. Yes, not even R2. That means whatever this is, it is SIX DAMN YEARS OLD. Got that? Six years in computer years is like 120 human years. Just to put in perspective (I do know you talk about dog years at home, so let me help you making things simpler) how damn old this is.

The idea behind UPD is very simple. The C:\Users\%USERNAME% folder gets pointed to a Virtual Hard Disk (VHD), a single file, sitting somewhere. How big can it be? No idea on the limits but I have used them set at 20, 40 GB without issues. That means every user will get a file that can grow up to whatever it was set to (i.e. 20GB) and that file will get mounted and linked to the user’s own C:\Users\%USERNAME% folder.

Right off the bat you can see that if you have let’s say 40 users connected to your RDS Session Host (XenApp for Citrix people), each user will have a profile folder with 20GB. That means 800GB for user data. Note the C: drive on the server is usually 60-100GB in size. This is possible as it is just a mount point. You are not using disk space off the C: drive but you are still able to have users with profiles that could be potentially bigger than the server drive itself. Nothing magical here and more than that and one more time, SIX years old. But marketing people want to make you believe they are now selling magical software that can magically make your local drive grow like Godzilla. Nope.

As it is a single file, when the user logs in, there is no need to download anything to the server drive. The mount point is established and you are done. Does not matter if the UPD has 2GB or 200GB. Logon time will be the same and as it is just a mount, it will be much quicker than using traditional solutions (i.e. roaming profiles). Here we have the marketing geniuses again, trying to make you believe you are buying an amazing technology that makes your logons much faster now that you are riding on Unicorns. I can make logons faster too and I do not even work at marketing, or have unicorns, just for the record.

Back in December I presented at the Citrix User Group in Israel, exactly about this topic. I showed it live on stage, two completely different solutions (Citrix XenApp and Parallels RAS) up and running, where the same user had UPD enabled. When he logged in to Citrix and did whatever he wanted and logged off, once he logged back in but now through Parallels, all the stuff he had done on XenApp was there on RAS. To add a nice twist to the whole thing, I had the Parallels environment on Azure. That means I was replicating UPDs ON THE FLY, LIVE, between an on-premises solution running Citrix and a cloud-based one running Parallels, for all my users. As you guessed, yes, a completely agnostic solution that does NOT care which product you have and where it is running. And the best part of all this, FREE. Yes, this is part of the Windows Server feature set. No matter if using VMware Horizon, Citrix XenApp or XenDesktop, Microsoft RDS or Parallels RAS, this works out-of-the-box and with all of them.

That said, is UPD perfect? Not at all. It has its limitations (i.e. cannot be mounted twice) like anything else. But it is certainly a powerful solution that is worth investigating and testing. Thing is, many companies realized that a long time ago and now sell their own solutions that in a nutshell use the EXACT same principle. Mount the user profile to a VHD and name it profile container, profile disk or whatever they want to call it. Are they better than UPD? For certain use cases, of course they are! FSLogix for example allows you to mount the VHD multiple times and does use its own filter drive that allows apps like OneDrive for Business to work under RDS. If you do need something like that, sure, take a look at FSLogix (as far as I know, Liquidware Labs does have a similar product, that addresses similar issues – may not address the SAME issues).

The lesson here is simple. UPD, profile containers, VHD-based profiles or whatever you want to call this, is not a new thing. It has been around for a long time. It is not something new or magical as many of these vendors try to make you believe. And what pisses me off the most is the simple fact they try to make you and the industry believe that UPD should never be used, that it sucks and so on, what goes completely against what I think that is always to use the RIGHT TOOL for the RIGHT JOB. Some vendors like FSLogix even got pissed at me with the whole UPD story. Seriously.

For the companies out there, stick to honest marketing and sales and educate your customers and the industry properly, clearly showing what can be achieved with the out-of-the-box solutions and what you bring on top of that.

For you, readers, at the end of the day, it is up to you to decide which tool you need and if you feel like using a screwdriver to put down some nails, go for it. After all, as my wife says, “Why do you have a Lamborghini to do your groceries?” and to that, I have no answer. But do not make the same mistake as I made and make sure you get a hammer to handle some nails.



693 total views, 1 views today

EUC Fellowship Retreat. What is this?

Beautiful Okinawa


If you follow me on Twitter you probably saw a tweet about the EUC Fellowship Retreat, planned for early November in Okinawa, Japan. With that in mind, I can bet you have a couple questions in your mind like:

  • What is this EUC Fellowship Retreat?
  • Is this a competitor or something like PubForum/E2EVC?
  • Why the hell is this happening in Okinawa, Japan?

Probably you have other questions (costs?) and I will try to answer all these the best I can and of course give you a brief history of why this Fellowship Retreat came to the picture.

Back in the day, you do remember we had the now defunct BriForum conference (I still remember the very first one in DC, in a movie theater, 2005). Over the years many people became regulars, going to almost, if not all, BriForums. These include people like myself (missed two or three at the most), Benny Tritsch, Shawn Bass, Tim Mangan and so on. The list is indeed long. After many years of seeing each other not only at BriForum but at other conferences, we decided we should have a nice get together with the families at a nice place. I still remember suggesting somewhere crazy but exciting like the French Polynesia. We talked and talked about doing it in Europe or other exotic places. Making a long story short, we could not agree on a place and such gathering ended up happening in a small place in the Boston area. As I was tied up with other things and did think Boston was indeed lame, for something that had the potential to happen in Fiji, I simply decided not to go.

Now with the death of BriForum, the only remaining conference by the community for the community is indeed the Master Ghetto, a.k.a. PubForum or to make it sound more professional, E2EVC. Do not let it fool you though. It is still the same, with horrible coffee, bad food and an agenda that changes almost every hour. The problem I have with PubForum is just the fact it grew to a point it became a real conference. Interaction with your peers becomes an issue and more than that, attending a session is an issue as well due to different tracks, conflicts with your own sessions and so on. Sure Alex will tell you to watch the videos later. Let me tell you if a conference has bad coffee and horrible food, almost certainly the videos were not produced by Peter Jackson. Seriously, watching a video is not the same as being there, asking questions, interacting or just ruining the whole thing like Alex usually does with his dumb questions.

In a rare moment of intelligence, I thought it would be awesome to have some sort of very small conference at a great place (like I suggested for the BriForum Retirement Home Vacation), in ways similar to what Steve Greenberg from got going last year. Before you say this is a copy of what he created, let me tell you this is not the case at all. To prove my point, let’s take a look at the main differences between his retreat and the EUC one I am proposing:

  • So far this is Arizona only. Our plan is to have the EUC one move around the globe, always in November (for a reason I will explain, what makes it a lot of fun) and again, always in a great, unforgettable location. For 2019 as an example, plans point to Moo’rea, French Polynesia.
  • EUC is three days, with a post conference trip where all attendees get together and spend time together. Plan for this year is to arrive in Okinawa on November 2nd and fly to Tokyo on the 7th, to spend three days together there.
  • EUC is a closed event in ways and limited to 15 people, period. Moving forward it may even become an invite only event.
  • Idea is to keep most of the sessions with some hands-on, almost like having all sessions as workshops.

As you can see, there are many differences indeed. So, now, why November? This is an interesting decision and I will explain it. The idea is by November, all major conferences from all relevant vendors in this industry are done. Citrix Synergy, Microsoft Ignite, VMWorld, and so on. With a high degree of accuracy I can almost bet all the ‘good stuff’ these vendors wanted to show over the year was already shown. More than that, just looking at the acquisitions that happened in the past, these almost never happen in November/December. As examples:

  • Unidesk: acquired January (Citrix)
  • Norskale: acquired September (Citrix)
  • Immidio: acquired February (VMware)
  • CloudVolumes: acquired August (VMware)

“Ok, we get it. So WHY NOVEMBER?”. Simple. The idea is at the last day of the EUC Master Retreat, this group of attendees will review everything that happened in the EUC industry for that year, and produce a report with our findings and thoughts. What was good, what was bad, what was nasty. With suggestions to all the vendors on how to improve their products. An end-of-the-year report about the EUC with all you need to know that was relevant and more than that, good and bad. This will be done every year and published for all the vendors (and our peers) to see. That is the reason behind the November’s decision.

With all that in mind (and my apologies for the long post) this is the plan for the first EUC Fellowship Retreat, supposed to happen in November 2018:

  • Location: Okinawa, Japan. If you have no idea where this is, just google it and look at the images. You will understand why we decided on this place.
  • Dates: November 5th, 6th and 7th.
  • Broader Plan: arrive in Okinawa, November 2nd, Friday. Spend the weekend with your EUC peers and on Monday, November 5th we start the retreat. On Thursday November 7th we had back to Tokyo (as you have to fly in through Narita or Haneda) and spend the weekend there, heading back home on Sunday, November 11th. Given the time zone, everyone should be home indeed on Sunday, ready to go back to your normal life on Monday, minus the jet lag of course.
  • Costs: honestly, no idea at this stage as we are still dealing with locals in Okinawa trying to secure a venue. In terms of trip costs, having been to Japan several times I can certainly give you an estimate for the trip itself, minus whatever the venue will end up costing each. You can fly to Tokyo for around USD 1000-1200 (less depending on how long in advance you book, especial deals etc). Flying to Okinawa is cheap (sometimes USD 150). Hotels and food, it depends on where you want to stay. Like any other place you can go for Royalty like treatment or not. But you can certainly get a very decent place in Tokyo for less than USD 200 a night (I always stay at the Royal Park Shiodome – very good and perfect location with great prices – or at the Park Hyatt – this is more like Royalty but I have a huge discount). Food is cheap if you do not plan to go for sushi at Jiro’s every day. If we all decide to AirBnb we can certainly bring the cost down quite a bit.
  • Registration: you can register here. Plan is fifteen (15) people maximum. At the moment, only ten (10) spots available.

Resuming: more than a technical gathering, the EUC Fellowship Retreat is a get together, so we can all spend valuable time as a group in a great location somewhere in this vast world. And as a bonus, we get to produce the yearly report that I am sure will become a reference in this industry.

So Toto, I’ve a feeling we’re not in Arizona anymore.



1,184 total views, 1 views today

RDS Modern Infrastructure. Modern?

As tons of people spend the week at sunny Orlando for Microsoft Ignite, here I am sitting at home, reading all these tweets and posts about what is next for Microsoft’s Remote Desktop Services stack, RDS for short.

If you read any of these, you are probably aware that Microsoft is changing RDS for the better (hopefully) and the new platform is being called as of today, RDSMi, a pretty term for ‘RDS Modern Infrastructure’.

The more I read about it, the more I think Microsoft has very little clue on what they have been doing with RDS since its early days, dating back all the way to 1997’s Hydra beta availability. And after seeing this ‘RDSMi’ acronym, I can also say with a pretty good degree of accuracy that marketing and its army of marketeers, are deeply infiltrated on anything RDS. As usual, I can certainly and clearly explain the reasoning behind my assumptions.

First of all, if you are not aware of that by now, I have been in the RDS business for quite some time. By that I mean I was probably deploying RDS for customers way before you got a degree and left school. ‘You’ does include many people in the RDS team in Redmond. And being an RDS MVP since 2001, I have seen it all at Microsoft for a very long time (16 years straight, yes, that long). Not only me but others like Benny Tritsch and even Alex ‘Bozo’ Cooper have experienced the same.

So what is the issue and why I am writing about this? Simple.

One of the biggest things the marketeers out there are now promoting and saying about this incredible ‘RDSMi’ thing is the fact many components now do not need to be domain joined. On top of that, if I am not mistaken, there is also an agent of sorts that is now on your RDS Session Hosts.

In other words, RDSMi is basically what we have been telling Microsoft that RDS should be in the past 16 years. Yes, that long. After getting tired of seeing nothing being done, back in 2003 we actually wrote AND released to the market an RDS Gateway that, guess what, was NOT domain joined! Probably sorcery and witchcraft but somehow I managed not to be burnt alive as a witch or warlock. If Microsoft is naming this new thing RDSMi, what was WTSGateway back in 2003? RDSFVi (RDS Futuristic and Visionary Infrastructure)? So please, there is nothing new or modern here.

What is even worse is the simple fact all this shows how Microsoft (and several other vendors in this industry, Citrix included) ask for feedback from MVPs, CTPs and so on and refuse to take it. Taking it 16 years later, at least for me, does not mean you took my feedback. They simply ignore the fact that people like you and me not only have been in this industry for probably way longer than most of the people in these teams but also that we are the ones architecting AND deploying such solutions in the real world. The hands-on people. Very different than saying ‘we listen to our customers and partners’ when what that really means is ‘we pay third party companies to do some research for us and this is what we got from them’. WITHOUT EVER DEPLOYING YOUR SOLUTION IN PRODUCTION, AT SCALE. Funny.

Resuming, and not to ruin your week at Ignite, Microsoft, especially in the RDS space, is just doing what many people told them over a decade ago. Nothing new here. I have to say I am not that easy to impress. But this, seriously? Good try. Maybe on the next Ignite.

For that reason, I am renaming ‘RDSMi’ to ‘RDS Meh Infrastructure’.

And marketeers out there, I am available in case you need some better marketing work.


2,092 total views, no views today

Application Containers, and more, in an RDS based world.

I was supposed to write about this yesterday but if any of you follow the news in this particular little industry, yesterday Citrix changed its CEO for the fourth time since 2015 and thanks to that, I had to delay this post a bit (before you ask, I will write a dedicated post about the CEO change and why I do believe this changes nothing regarding their downhill trend but more on that later).

At the same time, exactly on the same day, Parallels just announced their latest release, RAS v16 and with it, some impressive goodies IMHO. To the point that in this ‘me-too’ space that EUC has become, I think this is one of the most refreshing ideas in quite some time.

And before any of you say this has been around for long, the reality is no vendor took matters in their own hands and integrated something like this to their stack. Customers want to buy things that work out-of-the-box and that do not require several third party add-ons and money to work. This is the case here.

Parallels and Turbo decided to join forces and the result is now available to anyone. Containerized applications built-in to the RAS product. This gives administrators instant access to thousands of applications readily available and more than that, at zero cost, while severely reducing application installs, siloing and so on.

For example you can build a server for management purposes with vSphere clients, Citrix XenCenter, Putty, WinSCP, Chrome, etc in a matter of seconds, without installing a single application and all running within their own containers.

This video shows how this is done on the server side:

The next step is to get the client configured to simply connect to this particular farm I created for this demo:

As you can see, it does not get easier than that. Dead simple and as I mentioned, all built-in.

Thinking about the future, what else should be possible?

  • Access to the Turbo repository using your own subscription so you get access to all the apps you packaged yourself.
  • Access to TurboServer, the on-premises product.
  • Ability to flag containerized applications as ‘Available Offline’. In this case, if the endpoint is a PC, these containers could be easily copied locally and users would launch these using the locally installed Turbo runtime. If it is a Mac, remember that Parallels owns Parallels Desktop so this could be easily integrated so the containers show up on your Mac as apps coming from your Parallels Desktop VM!
  • Using UPD to store the containers. I am not 100% sure about this one. As of today, if you also have not noticed, Parallels RAS is the first product on the market to also support Microsoft User Profile Disks (UPDs) out of the box. It is right there on their console:

UPD Support – Parallels RAS v16

  • With UPDs, I wonder if you would be able to attach these to VDI VMs and RDSHs… Interesting idea…

The bottom line for me is simple. I do see these little things as great and as mentioned, refreshing. At the end of the day we all benefit from simplicity.

Now to that post about the CEO. Hopefully the new one is still there by the time I click ‘Publish’.




5,156 total views, no views today

How-to: RD Gateway behind a NetScaler

Before jumping in on how to get this done, let’s take a step back and review what the problem is and why this makes sense.

The Issue

If you are cheap and like to run your labs (or parts of it) at home, that probably means you have a single IP address available and exposed to the outside world and either no way to get a second one or no money for it. Basically you are like me.

That poses a problem when you want to have in your lab everything you can throw at it and still make sure it is all accessible from the outside, over that single IP address. That may include things like a fully functional RDS environment (with RD Web Access, RD Gateway, etc), a XenApp/XenDesktop one and even VMware Horizon. Problem is as soon as one is up, you will have to point your firewall to the internal resource that is doing whatever role (i.e. RD Gateway) and now port 443 is gone. Sure you could then start doing other services on different ports but that creates a mess. Not only not everything allows you to use different ports but having to open several ports to the outside creates a problem. This is the problem in a nutshell.

The Solution

Well the solution is relatively simple and if I could do it (sure thing, with the help of Master of All NetScaler things and Citrix Technology Advocate, Dave Brett,, even a blind turtle can do it.

So what do you need? Here is your list:

  • NetScaler VPX. You can get the free version. It is limited bandwidth wise but hey, remember you are cheap and cheap people do not have more than 5Mbits down at home for sure. Also you will need a MyCitrix account.
  • One external IP address available (if you only have one, that is ok. After all this is the reason for this post).
  • Ports 443 and 3391 available (TCP 443, UDP 3391).
  • One Content Switch created on the NetScaler.
  • Policies and Actions that will tell the NetScaler where to send requests once it sees things like RD Web Access and RD Gateway traffic.
  • Couple internal IP addresses available.
  • The real FQDNs that people will use from the outside to reach whatever environment. For example, for the RD Web Access I normally use and for the RD Gateway, Also it does not matter if both roles are on the same server or not. I tested both cases and both work just fine and it is done the exact same way.
  • A wildcard certificate. Unless you want to spend more time managing certificates, I highly recommend you get a wildcard one. If you are really cheap, you can even issue your own certificates by setting up a CA on Windows Server (not part of this article). No matter what you decide to do, remember you need the certificate, Root CAs (if issuing your own certs), etc all on the NetScaler.

Doing it

Ok this is not a step-by-step post in any way. But will give you a very good idea/understanding on how to do it. If you have no idea what a NetScaler is, I highly recommend you take a look at my BriForum session ‘NetScaler for Dummies’. That will get you up and running and ready to create what you will need.

First thing you need, two Content Switch virtual servers (same IP is ok but on different ports). Mine are shown below:


This is where you will send your firewall to. Port 443 TCP and 3391 UDP will go to the internal IP address you used.

Next is to get three Load Balancing VIPs. One that will be the VIP to your backend RD Web Access servers (SSL) and the other two (same IP but two different ports) that will be the VIP to the RD Gateway servers. So basically in this example I am assuming you have two or more RD Web Access and two or more RD Gateways (for redundancy). You will end up  with something like this:

Load Balancing VIPs

Next you will need some Content Switch actions. This basically tells the NetScaler what to do when someone hits the Content Switch IP. Note that these are not the policies. The policies are the actual rules like ‘if anyone tries to reach, take action ACTION-WA.COMPANY.COM’. It seems odd to create actions first but once you understand the flow, you will see it makes a lot of sense.

So your actions will look like this (I have three, one to deal with the actual NetScaler Gateway – ICA Proxy, to my XenApp/XenDesktop environment and the other two, to deal with the RDS environment):

Content Switch Actions

If you open them you will see all they do is to send the connection to a VIP. The one for the XenApp/XenDesktop sends the connection to the NetScaler Gateway VIP. The other two, to the RD Gateway VIP you created above.

CS Action - ICA Proxy
CS Action – ICA Proxy

CS Action - RDWA
CS Action – RDWA

CS Action - RDGW
CS Action – RDGW

Next step is the policies. As I said, this is where the magic happens. Simple stuff as well. What you need is this:

Content Switch Policies
Content Switch Policies

Let’s take a look at the details of what is going on here: this policy checks if someone is trying to hit and if that is the case, it uses the that is tied (as seen above) to the NetScaler Gateway VIP. Basically it will send people to that VIP. this policy checks if someone is trying to hit the RD Web Access at and if that is the case, it uses the that is tied (as seen above) to the Load Balancing VIP for all your RD Web Access servers.

For the RD Gateway, things are a bit more complicated, due to what the RDP Client tries to do. That is why you need three policies. The idea is still the same. If the client attempts to reach anything that matches these three policies, they are sent to the Load Balancing VIP for all your RD Gateway servers.

The final step is to bind these policies to the Content Switch VIPs you created at the beginning. For the SSL traffic, as we need to check where the connection is going, we do need to bind these policies:

CS VIP SSL - Bindings
CS VIP SSL – Bindings

For the UDP one, there is no policy as all you want to do is to send all traffic to the Load Balancing VIP of the RD Gateway (UDP 3391):

CS VIP UDP - Bindings
CS VIP UDP – Bindings

That is it! Once you do this, you will be able to access your RDS environment from the outside through your RD Gateways, all load balanced. Not bad at all. And all this without losing the capability to reach your XenApp/XenDesktop through the same external IP address and port.

If you have any questions, just shout. As I said, this does work and works great.


9,456 total views, 2 views today