Manage VDI
Applies To: Windows 8.1
For a Virtual Desktop Infrastructure (VDI) deployment in education you can use numerous technologies to manage your VDI including Group Policy, Windows PowerShell, System Center 2012 R2 Configuration Manager, and Windows Intune.
Table 10 lists the technologies available for managing your VDI. You can select any combination of these technologies to design a complete VDI management solution. Each technology is discussed in a subsequent section.
Table 10. VDI Management Technology Selection
| Group Policy | Windows PowerShell | System Center 2012 R2 Configuration Manager | Windows Intune | |
|---|---|---|---|---|
Control Windows Store access |
Yes |
No |
Yes |
Yes |
Control installation of apps |
Yes (with AppLocker, which requires Windows 8.1 Enterprise) |
No |
Yes (in conjunction with Group Policy and AppLocker, which requires Windows 8.1 Enterprise) |
No |
Operating system setting management |
Yes |
Yes |
Yes |
Yes |
User setting management |
Yes |
Yes |
Yes |
Yes |
App setting management |
Yes (if registry based) |
App specific |
Yes, but scripting may be required |
Yes, but scripting may be required |
Centralized administration model |
Yes |
No |
Yes |
Yes |
On or off premises |
On premises |
On premises |
On premises |
Off premises |
On-premises infrastructure |
AD DS |
None |
|
None |
VDI sessions must be domain joined |
Yes |
No |
No, but challenges exist for native support; Windows Intune integration is recommended for nondomain-joined VDI sessions |
No |
Supports self-service model for software and updates |
No |
No |
Yes |
Yes |
Supports push model for software and updates |
Yes |
Yes |
Yes |
Yes |
Can be used to create enterprise app store |
No |
No |
Yes |
Yes |
User interaction |
|
IT pro performs all tasks |
|
|
Provided with Windows 8.1 |
No |
Yes |
No |
No |
Provides unified solution for the entire software life cycle, including installation, updates, supersedence, and removal |
No |
No |
Yes |
Yes |
Can be used for operating system deployment |
No |
No |
Yes |
No |
Requires additional cost |
Yes (if AD DS is not already installed) |
No |
Yes (if no System Center Configuration Manager infrastructure is installed) |
Yes (subscription model) |
Manage institution-owned devices |
Yes (if domain joined) |
Yes |
Yes |
Yes |
Manage personally owned devices |
No (as are typically not domain joined) |
Yes |
Yes (through Microsoft Exchange ActiveSync connector or Windows Intune integration) |
Yes |
Note
You can manage Windows Store apps and desktop applications in VDI by using any technology used to manage Windows Store apps and desktop applications on physical devices. For more information about Windows Store app and desktop application management, see Windows Store Apps: A Deployment Guide for Education and Plan for Windows 8.1 Deployment: A Guide for Education.
Group policy
You can use Group Policy to manage user, Windows operating system, and application settings for the VDI infrastructure and VDI sessions. Ultimately, you can use Group Policy to manage any configuration settings stored in the Windows registry. Microsoft provides built-in Group Policy templates for most common configuration settings. In addition, you can create custom Group Policy templates that allow you to manage configuration settings that the built-in templates do not provide. You can also use Group Policy to control Windows Store access and the installation and running of apps on devices (when used in conjunction with AppLocker). You can also use Group Policy to manage Remote Desktop Services, Remote Desktop Client, and RemoteFX configuration.
Note
Personally owned devices are typically not domain joined and as such cannot be managed through Group Policy. Institution-owned devices that are domain joined can be managed by using Group Policy.
Additional resources
Windows PowerShell
You can perform many common Windows 8.1 administrative tasks by using Windows PowerShell cmdlets, including Windows Store app management and operating system configuration. You can also use Windows PowerShell to manage the Windows Server 2012 R2 server roles and role services. You can use Windows PowerShell interactively or to create scripts that can be run to perform more complex tasks for the VDI infrastructure and sessions.
Additional resources
System Center 2012 R2 Configuration Manager
System Center 2012 R2 Configuration Manager automates the ongoing management of the VMs, the Windows Server 2012 R2 server roles and role service, client devices, and the other infrastructure services (such as AD DS or DHCP). You can use System Center 2012 R2 Configuration Manager to automate the following management tasks for the VDI infrastructure and VDI sessions:
Deploy Windows Store app and desktop applications
Deploy software updates and hotfixes
Help ensure compliance with established configuration baselines
Provide virus and malware protection
Inventory hardware and software assets
Provide remote helpdesk support for users
Provide comprehensive reporting on the current status of all hardware assets, software assets, software deployment status, compliance status, software update status, and other reports
System Center 2012 R2 Configuration Manager provides a unified console for managing VDI and can optionally integrate with Windows Intune to help you manage devices that are not connected to the educational institution’s intranet. Institution-owned devices can be managed by using System Center 2012 R2 Configuration Manager. Personally owned devices are typically not domain joined and cannot be managed by using System Center 2012 R2 Configuration Manager only, but personally owned devices can be managed by using System Center 2012 R2 Configuration Manager with the Exchange ActiveSync Connector or Windows Intune integration.
Additional resources
Windows Intune
Windows Intune is an off-premises, cloud-based management solution that provides device management, software installation, and software update management. Windows Intune can integrate with System Center 2012 R2 Configuration Manager to provide a unified management solution for the VDI infrastructure and sessions. You can use Windows Intune to manage institution-owned or personally owned devices.
Additional resources