Categories
Cloud Cyber security

Microsoft Windows Virtual Desktop

A secure, cloud-native solution for remote working

Supporting the needs of your workforce during periods of disruption can present several challenges. Decision makers, IT leaders and technical staff are under pressure to provide solutions that help staff remain productive when working away from the office.

Existing solutions that provide remote desktop functionality may not have been designed with scalability in mind. And when you need to tackle ever-present cybersecurity risks, it may seem like solving these challenges will require significant planning, as well as sizeable investment in technology and resources.

The Jisc cloud team can help to solve these challenges. Microsoft Windows Virtual Desktop (WVD) is a desktop and application virtualisation service that runs on the Microsoft cloud. It provides a secure and agile means to deliver Windows 10 desktops and applications to users, wherever they are.

We are Jisc

For more than 30 years we have been developing digital solutions for the UK’s education and research sectors. We operate the Janet Network, the world-class network that keeps education and research organisations connected.

We work with research organisations, universities, and colleges to develop digital products and shared services that they rely on to work efficiently, securely, and cost-effectively. And we have a growing number of customers among public bodies, businesses that carry out cutting-edge research, and non-profit organisations.

We are committed to cloud computing and we are trusted partners and resellers for public cloud providers. Our cloud solutions team includes certified consultants, solution architects and engineers who are recognised as experts and can help you to deliver your business goals.

Better security

WVD makes use of a service called Reverse Connect which means you don’t need to open inbound ports to your environment. Outbound connections are established from the WVD session hosts to a broker and gateway service within Microsoft Azure. WVD servers are completely segregated from remote users – they connect to a gateway using a secure connection over HTTPS.

Authentication is based on Azure Active Directory, commonly with synchronised identity from Active Directory Domain Services. Azure Active Directory has numerous services to protect user identities and to provide secure access to the Windows Virtual Desktop service, notably multi-factor authentication and conditional access. Combined with identity protection, privileged identity management and advanced reporting and monitoring, you have a number of tools available which help reduce the risk of external authentication-based attacks.

WVD can be integrated into Azure Defender to benefit from continuous vulnerability scanning, application control policy, behaviour analytics and further XDR functionality offered by Microsoft Defender.

Reduced management overhead

There’s no need to manage any physical server infrastructure with WVD. You just manage your gold images and virtual machines running in the cloud.

If you are already familiar with the Microsoft Azure portal, WVD is fully integrated, simplifying operations.  You can also utilise PowerShell and Azure APIs to manage your remote desktop using automation.

Agile and scalable

At the moment, we all know that things are uncertain. This is where the scalability of WVD comes into its own. You only pay for what you need, and this can be tailored to suit your working patterns.

You can take advantage of WVD’s capabilities in new and agile ways. If you are expecting a quiet period, there’s no need to allocate resources you don’t require – and, unlike on-premise solutions, you won’t have invested capital in hardware that’s going unused.

Scaling up and down is easy and can be performed when needed. This gives you the ability to rapidly match your resources with the demands of the organisation.

Save on licensing and other costs

Where you have users licensed to use Microsoft Windows 10 or Microsoft 365 (E3, E5, A3 or A5), they are eligible to access virtual desktops at no extra cost.

WVD supports multi-session functionality and pooling, so you can serve multiple users the resources they need, whilst optimising the compute capacity needed behind the scenes.

Flexible user experience

Windows Virtual Desktop offers a lot of flexibility to suit the remote working experience that your users require. For example, WVD can be configured to deliver fully-fledged remote desktops. You can choose from Windows 10 Enterprise, Windows 7 Enterprise (with inclusive Extended Security Updates) or Windows Server 2012 R2, 2016, or 2019.

Then again, a fully featured operating system running in the cloud might not be what your remote workers need.  WVD also lets you stream individual applications. Your users get an icon on their local desktop. When they click the icon, it is presented like any other Windows application. However, the application is actually running in Microsoft Azure. This is a great way to serve up specialist or resource-intensive applications securely and remotely.

WVD supports full integrations with Microsoft 365 products and collaboration platforms like Teams.

Continuous development

If you are familiar with software-as-a-service productivity solutions, you’ll know that new features get rolled out on a constant basis. This is handled by the software vendor, and there’s usually very little need to manage the rollouts of those incremental upgrades.

With WVD, you benefit from a similar model. Unlike a self-managed RDS environment, the underlying platform that powers WVD is maintained by Microsoft on your behalf. As a result, this means less time scheduling, planning and downtime, as well as faster rollouts of security updates.

Next steps

At Jisc we have a wealth of experience implementing Windows Virtual Desktop, as well as other cloud-based desktop and application streaming solutions.  Get in touch via customer.support@jisc.ac.uk if you’d like to know more.

Leave a Reply

Your email address will not be published. Required fields are marked *