Remote Desktop Services in Azure or Azure RemoteApp?

As IT Professionals, we often have a lot of projects on our plates, as do the people we support in our businesses.  These days, remote access to work resources isn't a bonus, it's a requirement.  How do you make sure employees have access to the work resources they need while keeping them secure?

One common solution that's been used for a while now is Remote Desktop Services.  Formerly known as Terminal Services, RDS provides a rich desktop or application experience and has evolved a lot since its debut in NT 4.0.  One of the most useful features of RDS in recent years has been RemoteApp. RemoteApp enables you to make programs that are accessed remotely through Remote Desktop Services appear as if they are running on the end user's local computer. Instead of being presented to the user in the desktop of the Remote Desktop Session Host (RD Session Host) server, the RemoteApp program is integrated with the client's desktop.

When it comes to implementing Remote Desktop Services within Azure, you have two choices:

1. Implement a full infrastructure like you would do on-prem, with a Session Host, Web Access and Broker server roles. This gives you full control from the OS up and is a potential option if you are looking to lift-and-shift your existing RDS infrastructure into the cloud.
2. Customize an image to use with Azure RemoteApp.

For that first option, simply lifting and shifting the RDS servers to Azure can give you some quick benefits. In many cases your RDS users are coming from outside your corporate network, thus moving those servers to Azure would relieve your on-prem network connect of that traffic load.  Plus Azure gives you the ability to scale up or scale out with ease - allowing you to adjust to any change in workload without incurring additional CAPEX costs for hardware.

For a great step-by-step guidance on building you own RDS infrastructure in Azure, I encourage you to read Keith Mayer's comprehensive posts Part I and Part 2 of RDS on Azure.

Now for that second option, customize an image to use with Azure RemoteApp, I suggest considering using a customized image because chances are you use more applications than just the Microsoft Office Suite. (If you happen to use just Office 365, there is an image for that already!)  You also have two choices to make within Azure RemoteApp - cloud only or hybrid.  With a cloud collection the data and applications are held in Azure, with no connection to your on-prem network.  With a hybrid collection the data and applications are still hosted in Azure, but also lets users access data and resources stored on your local network. 

With either customized option, you are responsible for the management and maintenance of that image, however that is still less maintenance than managing and maintaining all the servers required for a traditional RDS infrastructure. Plus, Azure Remote app handles all the scaling needs based on the number of subscribers you authorize.

Combine that with the fact that Azure RemoteApp is supported on Windows, Windows RT, as well as on the Remote Desktop apps for Mac, iOS, and Android, and you've got a robust way to let users access resources from any device.

To get started with RemoteApp on Azure, you will need an image which isn't trivial.  If you want to do the hybrid collection you will also need to consider how to sync your on-prem directory to Azure AD, this roadmap can help.  There is also an easy to implement trial that just includes 30 days of Office 2013 Professional Plus, but that trial can't be converted to a production RemoteApp installation after the trial ends.

So what is right for your organization? Only you can say.  But I have my short list of things I'd move to Azure and RDS would be right up there with SharePoint deployments. Hybrid collections provide the most complete experience since user will be able to access on-premises resources like they can with RDS you provide on-prem now.  But cloud collections provide an easy way to isolate your deployment, which could meet at audit requirement or limit access for a specific set of workers.

If you already have a VNET in place with Azure, lifting and shifting RDS might be what you are most comfortable with.  At this writing, RemoteApp can't use an existing VNET, but you can connect the RemoteApp VNET to an existing one if need be.  For more information about Azure RemoteApp, I highly recommend starting with the online documentation.