Recently I have had the opportunity to do a Proof Of Concept (POC) for Azure Remote App. The client I was working with was currently using Citrix to deliver applications to users in the U.S. as well as overseas to users in the Pacific Rim. The users were complaining about slow login times as well as slow processing times. The client had move the processing servers themselves into Azure to try and relieve some of the burden, but this just didn’t garner the increase in speed they were looking for. This is were I decided to recommend utilizing Azure Remote App (ARA) to replace the Citrix delivery system. I was excited to see the improvements and customer experience by implementing ARA –vs- Citrix, if this is something that proves out well, it’s a great win for Microsoft.
The first step in the process I to vet the application itself against the requirements for Remote App in Azure. Below is the link for the application requirements. Be sure to check out the Certification requirements for Windows Desktop Apps link to fully validate your application.
Before we create anything in ARA let’s first take a look at the account requirements for creating collections, images, and publishing applications with ARA. When creating an image and adding it to the domain and creating your ARA collection, you will need permissions to add objects to Active Directory. Below are the requirements for Azure Active Directory and Active Directory.
One thing to make sure of and a good practice for ARA is to create a new empty OU with no GPO inheritance. I ran into an issue with a client where they were blocking RDP to all servers, and this caused some errors not before seen by the likes of Microsoft. We kept getting the error unable to open Azure RemoteApp. Error is "We're getting you set up. Try again in 10 minutes". Well the user session was stuck at logging in, never got logged in and the application never spun up, ever after the 10 minutes. After much testing, we created a new OU, re-created the ARA collection in the new OU and blocked all inheritance. Once this was done everything worked like a champ!
Before creating a collection another thing you need to consider is your Azure VNET and if you can use an existing VNET or create a new VNET for ARA. Here are some considerations when creating and getting your VNET ready for ARA.
The next step in the process is to determine what kind of collection do you need for Azure RemoteApp? If you are going to create an application that will be utilized by users in your local AD and / or the server requires it to be domain joined, then you are probably going to want to choose a Hybrid Remote App Collection. Otherwise if you just want to test out an application without utilizing a domain membership, you can choose to create a Cloud Collection. At the bottom of the page below are two links to create either a Cloud Collection or a Hybrid Collection. My preference is to use a domain admin account when creating the collection, but if you have strict security, you can add the permissions as described above.
Once your collection is created and added to the correct OU in AD you will need to begin planning for your image creation. The easiest way to accomplish this is to utilize the Remote App image in the gallery and install your applications on the VM. The reason I suggest this method is that Microsoft has already configured this image to have everything that you need installed on the machine, as well as a PowerShell script on the desktop that will run multiple checks on your image and then sysprep and shutdown the VM. How does it get any easier than that?
Here is a screenshot of the image in the gallery that you should use when creating the image in Azure, as opposed to on premise and uploading the image:
Once the image is capture, you will need to install your application on the VM image as required. Make sure that you can connect to the main server and perform all tasks from this VM image. I would recommend placing any icons / programs that you would like to publish in the C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ folder so that when publishing you can use the Start Menu option instead of using a path option. If you are using the path option you will need to use the format of %SYSTEMDRIVE%\Program Files\ etc.. as needed.
if you are following the Create a Azure RemoteApp image based on an Azure virtual machine link above, you can now sysprep via the provided script on the desktop, capture the image and import the image into the Azure RemoteApp image library. This step will take a while as it captures, imports and then scales up the image(s) in your tenant and in AD. It will probably create about 9 new machine objects in AD under the new OU that you have created for ARA.
Once completed, after about an hour or so, you are ready to publish you applications. As I stated before if you placed your icons in the stated location, you can simply use the Publish Start Menu Programs option, select your programs to publish and then we can setup the user access.
At this point you should be ready to fire up an application and test it against your current offering. We noticed quite an increase in performance over Citrix, both locally in the US as well as in the Pacific Rim region. Another option that we are looking into is to create the collection and ARA images in the Southeast Asia region to further increase performance times.
I hope this has been helpful and you are able to get ARA up and running and tested vs other application delivery systems. Let me know if you have any questions. I have included at the bottom some helpful Azure Remote App links in case you need more information or support.
Thanks Again – Ryan O.