itopia Cloud Automation Stack (CAS) supports provisioning and managing Cloud VDI deployments running Windows 10 Session Hosts. Cloud VDI running on Windows 10 has several important distinctions from Cloud VDI running on Remote Desktop Services (RDS), however both VDI types can be used within the same deployment. This article will provide an overview of Windows 10 support in itopia CAS.
Deployment Types for Windows 10
For new deployments created in CAS, itopia CAS offers two distinct deployment types:
- Cloud VDI using Windows 10 Only - Deployments that are created to support Windows 10 Only will provision custom services for itopia's Windows 10 desktop delivery. Only Windows 10 Collection Pools may be created in this deployment type.
- Cloud VDI using Remote Desktop Services and Windows 10 - Deployments that are created to support both Remote Desktop Services (RDS) and Windows 10 will provision the necessary infrastructure for RDS as well as custom services for itopia's Windows 10 desktop delivery. Collection Pools may be created using either RDS Session Hosts or Windows 10 Session Hosts.
It is important to note that new deployments created with Windows 10 Only support cannot be converted to Remote Desktop Services and Windows 10 deployments at this time; thus, if you are unsure whether your deployment will require RDS support in the future, it is recommended to create the deployment with support for both RDS and Windows 10.
Existing CAS deployments are considered Cloud VDI using Remote Desktop Services and Windows 10; as such, Windows 10 Collection Pools can be created in most existing CAS deployments, provided that the additional requirements described below are fulfilled.
Remote Desktop Services and Windows 10 Deployments
Deployments created with Remote Desktop Services (RDS) and Windows 10 support include RDS infrastructure such as the RD Broker, RD Web, and RD Licensing roles. This allows for the creation of multi-session Collection Pools using the RD Session Host role on Windows Server, in addition to single-session Collection Pools running Windows 10.
Windows 10 Only Deployments
Deployments created with Windows 10 Only support do not include Remote Desktop Services (RDS) infrastructure such as the RD Broker, RD Web, or RD Licensing roles. As such, it is not possible to provision multi-session Collection Pools using the RD Session Host role on Windows Server.
Windows 10 Only deployments do include the Remote Desktop Gateway role, which is used to provide secure end-user connectivity to their Cloud VDI sessions using HTTPS. In a Windows 10 Only deployment, this role is installed on one or more servers in a standalone configuration, independent of RDS infrastructure.
Requirements for Windows 10 Support
Due to licensing restrictions from Microsoft, Google Cloud supports GCE VM instances running Windows 10 only when used with sole-tenant nodes (STNs). A sole-tenant node is a hypervisor host server that is reserved only for your GCP project, effectively providing your project with dedicated usage of the server. STNs can be beneficial for regulatory and compliance needs where shared workloads are not permitted, as well as for fixed budgeting purposes, as STNs are billed at a constant price regardless of the number of VMs running on the nodes. Additional information about sole-tenant nodes is available from Google.
STNs also facilitate the use of bring-your-own-license (BYOL) for Microsoft operating systems and certain applications. BYOL allows GCP customers to leverage their existing Microsoft licenses (with appropriate usage rights) for VMs running in Google Cloud. This licensing typically requires licensing of "all CPU processors and/or cores" on the physical server; STNs facilitate this requirement by providing a fixed number of CPUs on which the VMs can run, thus allowing the license to be applied to all of them.
Using the BYOL framework, Microsoft allows running properly licensed versions of Window 10 Enterprise in Google Cloud. Therefore, itopia CAS deployments that deliver Windows 10 desktops must meet the following requirements:
- The GCP project must have sole-tenant nodes in each region to which CAS will deploy desktops
- CAS must be configured to leverage the sole-tenant nodes
- Proper OS images that are configured for BYOL must be used for all Windows 10 desktops. Additional information on BYOL in Google Cloud is available from Google.
- Customers must provide valid licensing for their Windows 10 Enterprise desktops
Provisioning Windows 10 Session Hosts
Windows 10 Session Hosts are provided as two new types of Collection Pools in itopia CAS:
- Windows 10 - Pooled Desktops - In a Pooled Desktop Collection Pool, users can connect to any available Windows 10 Session Host instance in the Collection Pool. When a user authenticates to the Cloud VDI Portal (described below), CAS will assign them to any Windows 10 Session Host that is powered on and unassigned; if no unassigned Session Hosts are available, CAS will power on an unallocated Session Host and assign the user once the Session Host is available. If there are neither unassigned not unallocated VMs available (due to Custom Collection Sizing), the user will be unable to connect to a Cloud VDI desktop
- Windows 10 - Dedicated Desktops - In a Dedicated Desktop Collection Pool, each user is permanently assigned to a specific Windows 10 Session Host. When a user authenticates to the Cloud VDI Portal (described below), CAS will show them the status of their assigned Windows 10 Session Host; if the Session Host is powered off (unallocated), the user may power on the VM and, once it is available, can connect to their Cloud VDI session.
These Collection Pool types are enabled once sole-tenant node (STN) support is configured in the CAS deployment. More information on sole-tenant nodes in itopia CAS is available in Support for Sole-Tenant Nodes.
In addition to the operating system, Windows 10 Collection Pools differ from RDS Collection Pools in several important ways:
- Windows 10 Collection Pools can only be created in a single region. Because of the dependency on sole-tenant nodes and the 1:1 assignment of users to Session Hosts, it is not practical to maintain multiple instances of Session Hosts in different regions.
- Windows 10 Session Hosts are single-session only; that is, each Session Host only supports a single concurrent user session regardless of whether it is a pooled or dedicated Collection Pool. Customers interested in multi-session desktops should continue to use RDS-based Collection Pools.
- Windows 10 Session Hosts cannot be accessed using the RD Web portal or the RD Web Client, if the deployment is configured with RDS support; in Windows 10 Only deployments, these components are not deployed at all. End-users can only access their Windows 10 Session Hosts using the Cloud VDI Portal (described below).
Windows 10 OS Images
itopia maintains a Windows 10 Enterprise OS image that can be deployed to Windows 10 Collection Pools on sole-tenant nodes. This image is considered a "vanilla" image and contains no customization or optimization for VDI environments; it only contains the drivers and components necessary to run on Google Cloud.
Administrators may prepare a custom image based on this vanilla image, or they may import their own Windows 10 Enterprise images that have been prepared in accordance with the bring your own license guidance provided by Google.
When using the itopia-provided image, it is important to note that OS licensing is not configured for the image; any VMs provisioned using this image must still be configured with the proper licensing using your organization's Windows 10 licenses. CAS allows you to configure the VMs with your licensing information in the sole-tenant node configuration settings, or you may use an alternate method such as a Group Policy Object (GPO) to configure your licensing.
Connecting to Windows 10 Session Hosts
When users wish to connect to their Windows 10 VMs, they will use the Cloud VDI Portal to view available Cloud VDI resources, including their Windows 10 VMs. When they select a resource, the portal will provide a customized RDP file that will open with the native RDP client on the user's local device.
itopia provides a custom RDP client that enables single sign-on (SSO) support for the Cloud VDI portal. If the end-user has the itopia RDP Client installed, they may enable SSO support in the Portal. This will use a different method to launch their Cloud VDI session and will securely send their Portal credentials to the itopia RDP client, which can then perform SSO into their desktop session without the need to log in to the Windows 10 VM.
If the itopia RDP Client is not used, itopia recommends Microsoft's first-party Remote Desktop client, available for Windows, MacOS, Android, and iOS/iPadOS. With these clients (or any RDP-compliant client), the Cloud VDI portal will download a RDP file to the user's local machine, which can be opened by their RDP client to connect to their Windows 10 VM. The user may be prompted to provide their credentials to log in to their VM, as the Portal credentials cannot be securely stored in the RDP file.
If a multi-factor authentication (MFA) solution is configured, the user will be presented with the Windows 10 login screen and the Custom Windows Credential Provider; when the user completes their MFA challenge, the Windows 10 desktop will appear.
When their session is complete, the user may log off or simply close the Remote Desktop window; CAS will automatically terminate the user's session after approximately a minute and, in a Pooled Collection, make the VM available for other users.