Azure RemoteApp with Remote Data
Azure RemoteApp allows you to run Line of Business (LOB) applications from Remote Desktop Session (RDS) hosts being run from Azure. The RDS hosts only offer RemoteApp – where the application that the user is running is shown on the user’s device – it does not offer Remote Desktops for users.
This week I’ve been doing a RemoteApp PoC for an international media company where the data they require users to access are located in datacenters all over the world. Currently the organization doesn’t have Azure ExpressRoute deployed and they have Firewall devices that only support Static VPN Gateways in Azure so connectivity is limited.
The diagram below shows the configuration of the RemoteApp PoC:
The VPN was configured to only allow access to the subnets available in the datacenter the VPN was connected to, although the datacenter was connected to others via separate WAN links.
The data required for the RemoteApp applications is located in the on premises datacenters. This lead to some problems as it was discoverd the applications needed data from two datacenter locations. The internal network team updated the datacenter routing and after some communication with the development team (and local IT administrators) the application documentation was updated to reflect the application touch points. After this the application required some changes to ACLs on folders in gold image to function correctly.
What if ExpressRoute was available?
The customer is looking to deploy ExpressRoute to get around these problems. How would it help?
Deploying a MPLS based ExpressRoute, and having it connected to all of the customer’s datacenters, would have allowed the Virtual Network in Azure to access all of the application touch points. This could be achieved with multiple VPN connections however their firewalls do not support Dynamic Routing.
Get your Apps Documented
To make deployment of Azure RemoteApp easier it is crucial to have the applications that you want to use documented. If you don’t have the applications documented I would suggest using the Sysinternals tools to monitor what the application is trying to connect to. Process Explorer and TCPView would be of benefit here.