Desktop as a Service – Design Decisions

 

Helpdesk, Self-Service, Billing and Account Management

• ConnectWise
• ManageEngine
• Citrix Cloud Service Portal
• emersion.com.au
• Xero
• https://web.cloudmore.com/

Session Layer

• Microsoft RDP
  • This is a very cost effective options with allot of feature restrictions
• Citrix ICA
  • This is a fully featured option, while its more expensive, the issues that will be faced with a pure RDP options will add to cost for support over time and anything other than the most basic small 10 man organisations will become a burden.

Flexcast Model

• Hosted shared non-persistent

Infrastructure Layer

• Build own Server Rack
  • This is much too cumbersome to build, can use a single server for PoC and Testing/Dev
• AWS
  • Run into Microsoft licensing issues on AWS, but has better advance networking features.
• Azure
  • As Microsoft is the core product for Windows Desktop, this is the ideal voice.
• VMware based IaaS

 

Use DaaS Platforms

• Citrix Workspaces
  • Can you this layer for the VPN / Dashboard access
• VMware Horizon DaaS
  • Too restrictive,, when a complex customer requirement is required, this model wont allow for that..
• 3rd Party DaaS providers
  • No way, i want to have complete ownership and flexibility and to reduce any middle men.

 

Session Isolation and Architecture

• Shared Delivery Group/Shared Delivery site isolation.

  • The Shared Delivery Group/Shared Delivery Site isolation model uses shared Delivery Groups for application and desktop workers between smallest tenants within the same shared delivery site. This model presents the lowest cost of service delivery to the CSP (and as should follow, to the tenants) with least security. (Other types;Private Delivery Site isolation / Private Delivery Group/Shared Delivery Site isolation)

 

Solution Result

• Use Azure to increase End-to-End Partnership with Microsoft.
• Utilise Microsoft products as much as possible and fully managed
• Use Citrix Workspace for entry / Dashboard access.

 

Network Design/Security Groups and vLANS

• DMZ
  • Internet facing (SSL Port 443 only)
  • First hop (Firewall/NetScaller/VPN/Proxy)
  • Second hop (WebServer/Proxy
  • Firewall to Internal
• Shared Session Servers vLAN
• Isolated Private Tenant AD, Site and Network
  • Private AD
  • Private SL
  • Private Exchange
  • Private AppServers
  • Private File Servers
  • Private SharePoint
  • Azure AD Connect
• Application vLAN
• Management vLAN
  • Active Directory
  • ADFS
  • Azure AD
  • DNS/DHCP
  • CERTs
  • SQL
  • CloudPortal Services Manager
  • XenDesktopControllers
  • StoreFront Servers
  • License Servers
  • NTP Server
  • ITSM Server
    • ConnectWise
    • ManageEngine
    • Chat/Ticket
  • Security Applications
    • Session Screen Recording
    • Virus Protect
    • Windows OS Endpoint protection
      • Microsoft Antimalware for Azure Cloud Services.
    • Email and Web Security
      • Trend Micro Cloud Security integrated with ConnectWise
    • MDM
    • SIEM
• Storage vLAN
  • Shared Internal SMB File Server
  • Disk Storage
  • Web Opensource Sharefile
    • http://www.linshare.org/new/en/
    • https://netcrypt.com/product/file-sharing/

Citrix Cloud

• Citrix Cloud is way too early and missing critical features and not secure.
• XenApp Service Only
• Smart Tools
  • https://www.christiaanbrinkhoff.com/2017/09/29/how-to-use-smartscale-reduce-azure-costs-xenapp-and-xendesktop
• NetScaler Gateway Service
• Printing
• Security
  • https://docs.citrix.com/en-us/citrix-cloud/overview/secure-deployment-guide-for-the-citrix-cloud-platform.html
  • https://citrixcloud.uservoice.com/forums/255803-citrix-cloud/category/205519-xenapp-essentials
• 2FA/FMA??
  • https://discussions.citrix.com/topic/387646-multi-factor-authentication/
• Citrix Cloud Services secure integration with Azure
  • https://www.jasonsamuel.com/2018/01/23/how-to-extend-your-on-premises-xenapp-xendesktop-environment-to-citrix-cloud-xa-xd-service-and-microsoft-azure/
  • https://docs.citrix.com/en-us/xenapp-and-xendesktop/service/secure.html
  • ** SSL is not yet supported in Citrix Cloud for the StoreFront or NetScaler traffic, so Citrix recommends configuring firewall rules, VLANs, and/or IPsec tunnels for these services.
  • What firewall rules is require to restrict access to Citrix Cloud IPs and any other secure design information.
  • 
  • 

Network Connectivity

• Private Direct Links and VMware SD-WAN or NetScaler SD-WAN (which ever has NTU)

Active Directory OU Design

• CPSM
  • CSM_MGTM
  • Tenant1(T)
  • Tenant2(2)

Office 365

• Advanced Features
  • Enhance Security
  • Backup
  • Archival
  • Largefile

Azure Componets

https://azure.microsoft.com/en-au/services/#analytics

 

Azure Automation Build

• https://www.loginconsultants.com/en/news/all/item/base-image-script-framework-bis-f
• https://xenappblog.com/2015/automation-framework-3-0/
• https://github.com/citrix
• https://marketplace.visualstudio.com/items?itemName=CitrixDeveloper.CitrixDeveloperVisualStudioExtension
• https://youtu.be/Z52wet-18mA
• https://www.centric.eu/NL/Default/Craft/Blogs/2017/04/03/Deploy-Citrix-infrastructure-in-Azure-using-automation
• https://www.citrix.com/blogs/2018/04/10/citrix-tips-series-deploying-citrix-workloads-on-microsoft-azure/
• https://www.citrix.com/blogs/2018/06/07/automate-the-cloud-citrix-azure-mcs-powershell/
• https://www.christiaanbrinkhoff.com/2018/05/18/how-to-use-azure-quick-deploy-and-workspace-aggregation-for-citrix-cloud-xenapp-and-xendesktop-service-virtual-apps-and-desktops-deployments-in-azure/

Azure CSP, MSPLA and CSP licensing Options

• Microsoft Server VM
  • Azure Subscription per user/per month
• Microsoft RDS
  • Azure Subscription per user/per month
  • BYO RDS MSPLA Server (invisible)
• Azure Citrix XenApp Essentials
  • https://www.citrix.com/global-partners/microsoft/remote-app.html
  • BYO/CSP (invisible)
  • Azure Subscription per user/per month
  • Cost Comparision
    • $12.00 USD per user/month, NetScaler Gateway Service, 1 GB data transfer per user per month, 25 minimum user per month.
    • $6.25 USD RDS
    • Exchange USD = 1.33816 AUD
    • Total $456.25 USD / $610.53 AUD

 

Citrix  XenApp Base	9.21
NetScaler Gateway	2.86
RDS	7.38
Citrix VM	1.59
RDS	1.59
NetScaler Gateway	1.59
	605.5

• Citrix NetScaler
  • BYO/CSP (invisible)
  • Azure Subscription per user/per month
  • Cost Comparison

• Due to the minimum required of $610.53 per month this is not the ideal option to start and its also a service so not configurable So all BYO

Automation Frameworks

 

• Base Image Script Framework – https://www.loginconsultants.com/en/news/all/item/base-image-script-framework-bis-f
• XenApp Automation Framework – http://xenappblog.com/2015/automation-framework-3-0/

Complexity of Application Presentation/Streaming and Distribution

I wanted to highlight and explain the complexity of designing Application Deployment and Management for  Windows Desktops and VDI environments in a single diagram.

(opps, I mean Microsoft 🙂

Update 02/04/16 Adding a few Application Deployment Options

• Click Once Applications
• Container Applications (AppZerto)
• Application Layer (e.g. Citrix AppDisk.)

There are so many options for Application Deployment and they are all very complex and architecturally different and affects the user interaction with the application.

You can also have combination of these application deployment and management technologies. Example Citrix XenApp + AppV + SCCM.

The core problems is Usability, when you design such complex solutions its almost impossible to guarantee the same level of usability as a locally installed application which is what the end user is expecting.. (Example of usability – Copy/Pase, Print, Content sharing,etc) 

Combining this with the complexity of User State and profile management options, it is no wonder many VDI projects fail and cause major frustrations for end users.

The key is to provide the same user functionality as locally installed application when using different technologies to deliver and manage applications and user environments. (Click here to find out how to solve this problem.)

Overview of Application Deployment and Management options

• Citrix XenApp Published Application (HDX Stream) + FlexCast Models
• Citrix VDI-in-a-BOX
• VMware ThinApp
• Microsoft RemoteApp (RDS Stream)
• App-V Application
• App-V and SCCM (App-V Local Interaction feature, Virtual Environment and Connection Groups)
• Application Deployment (Kace, LanDesk, Altris, SCCM)
• Locally Installed Application

[Update 07.11.2014] – I saw information on Cloudvolumes,com, when it was released, but, they didn’t release any information. Until VMware acquired them. I think this is the future of Application Deployment – VMWare AppVolumes. This essentially can solve this complexity. Al thought, how it handles, upgrades, conflicts,etc Needs to be tested. I can’t wait for Microsoft to come up with a similar solution. –

Since writing this article and doing some more research on VMWare AppVolumes and UniDesk. http://www.unidesk.com/software, could solve the problem of delivering applications and maintaining Microsoft and Application updates.

[youtube=https://www.youtube.com/watch?v=EwKHP4RQpNM]

User State Profile Management

• Microsoft UE-V
• Citrix Profile Management
• AppSense Profile Management
• MANProfiles, FlexKit, Folder Re-Direction,etc
• Citrix Personal vDisk

User/Application Interactions

• Copy/Paste
• Print
• Application Content Sharing
• mailto: and hyperlinks,etc
• File Sharing
• Application Plug-ins

FlexCast Models

1. Hosted VDI- Assigned VDI Server OS (Windows Experience) (Persistent)
2. Hosted Shared – Pooled VDI Server OS (Windows Experience) (Non-persistent)
3. Streamed Desktops
4. Hosted Blade PCs (VDI)
5. Hosted VM-Based Desktops (VDI)
6. Shared Published Desktop
7. Remote PC

and of course Persistent vs Non- Persistent Desktops, Pooled vs Static,etc..  add to the complication and that is another topic. 

I thought this was a relevant diagram on the subject.

Be careful Will Robinson, most Citrix pre-sales guru’s don’t understand this complexity. (yeah you!)

But, dont worry, I am building a DaaS platform to solve all of this..

Alternative Application Deployment options in order of preference:-

1. UniDesk
2. Microsoft App-V
3. AppZero
4. FsLogix
5. cloudhouse.com
6. VMware AppVolumes
7. Microsoft Docker (Beta only)
8. VMware ThinApp
9. AppDNA
10. http://www.cloudhouse.com/how-we-do-it/cloudhouse-applications-anywhere

Organizations with growing VDI environments find the tools used to deliver applications and updates to physical computers create significant issues when used for VDI. This research compares alternative approaches to software delivery to help organizations make the best choice for their environment. https://www.gartner.com/doc/2870717/selecting-right-application-delivery-model

So, now that we understand the issues, how do we solve the problem. Here is some technology that is absolutely required for any VDI deployment.

DaaS Build Phase

1. Setup Proliant Server
2. Install XenServer
   1. Setup XenServer GUI Appliance and Configure it to Autostart

   2. [source language=”bash”]</li>
      <li>Setup a Autostart vApp
      Create a Autstart vApp and add VMS
      Get uuid of vApp: xe appliance-list name-label="autostart"
      edit rc.local:
      echo "xe appliance-start uuid=869aabc7-5b30-b0bf-79cf-ca5acbb162be" >> /etc/rc.loca
      xe vm-param-set uuid=29025d12-5148-9ed3-9e21-78c1fc35a44a other-config:auto_poweron=true
      29025d12-5148-9ed3-9e21-78c1fc35a44a</li>
      <li>[/source]

3. Create Windows 2012 R2 DataCenter Template
4. Install DC
5. Install Management Server
6. Install SQL Server in HA
   1. http://jeromequief.wordpress.com/2014/05/12/sql-2012-ha-groups-unattended/
7. Install KMS and activate
   1. Install Windows Activation Tool – http://www.microsoft.com/en-au/download/details.aspx?id=11936
8. Install Citrix Server
9. Install Citrix License Server
10. Install RDS Licenses

    1. Install RDS License Role

    2. Run RD licensingManager

    3. Active Server Wizard

    4. Install Licenses / Service Provider License Agreement / Windows 2012 / RDS Per User CAL /

    5. User Corporate Enrolment Number

    6. Setup RDS License GPO – Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing

11. Install SQL Server 2012
12. Build SCCM
    1. ConfigMgr 2012 R2 Prerequisites Installation Tool 1.3.0 – http://gallery.technet.microsoft.com/ConfigMgr-2012-R2-e52919cd
    2. Install SQL Server 2012 SP2 on the same server as SCCM, as SQL is free. SQLConfiguration.ini
    3. Pre-requisits
       1. Servers Accounts must be in Local Administrator Group
       2. Create a SQLAdmin Group and add it as the SQL Administrators
    4. Check Pre-requisites – start \E:\SMSSETUP\BIN\X64\prereqchk.exe /LOCAL
    5. Test Schema Extension .\ADSchemaExtensionConflictAnalyzer.ps1 –inputfile E:\SMSSETUP\BIN\X64\ConfigMgr_ad_schema.ldf –outputfile results.ldf
    6. http://technet.microsoft.com/en-us/library/gg712264.aspx
    7. Install WSUS via Windows Features
    8. Extend Schema *.ldf / \SMSSETUP\BIN\X64\extadsch.exe
    9. AD schema has now be extended, AD must be configured to allow
       each ConfigMgr Site security rights to publish in each of their domains.
    10. Create  System Manager Container and give the SCCM computer object full permissions
        1. DSA.msc
        2. View Advanced Features
        3. Create new Container under System called System Manager
        4. Create a Group and add all SCCM Computer names it and add Full Permissions to this container
        5. Select Advanced and select this group Edit and Allow / This object and all descendant objects (Select All)
    11. Server Roles
        1. NET Framework 4.0
        2. Windows Server Features:
        3. .NET Framework 3.5.1 Features
        4. .NET Framework 3.5.1
        5. Background Intelligent Transfer Service (BITS)
        6. Add Required Role Services
        7. Remote Differential Compression
        8. Windows Role Services
        9. Web Server
        10. Common HTTP Features
        11. WebDAV publishing
        12. Application Development
        13. ASP.NET
        14. “Add Required Role Services”
        15. ASP
        16. Security
        17. Windows Authentication
        18. Management Tools
        19. IIS 6 WMI Compatibility
    12. Install Remote Differential Compression – Install-WindowsFeature Rdc
    13. Change the SQL Server(MSSQLSERVER) Logon with Domain Service Account
    14. Install Bits – install-windowsfeature BITS
    15. Create a Firewall Group Policy and Allow inbound rules for SQL Replication ports 1433 and 4022 (http://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-84-45-metablogapi/5305.clip_5F00_image010_5F00_46C83E62.png)
    16. Install Windows ADK for Windows 8.1 – http://www.microsoft.com/en-us/download/details.aspx?id=39982
    17. NOT Installed – In Server Manager select Features, Add Features, Select .NET Framework 3.5, also select WCF Activation and when prompted answer Add Required Role Services click next and next again. (Make sure the BIT and IIS service is running/restart after install).
    18. Not installed – Set SQL Server Properties/General/Server Colation/SQL_Latin1_General_CP1_CI_AS
        1. http://technet.microsoft.com/en-us/library/ms175835.aspx
        2. http://msdn.microsoft.com/en-us/library/ms180175.aspx
    19. Not installed – Enable Bits – http://technet.microsoft.com/en-us/library/cc753227.aspx
    20. Download prerequisites – SMSSETUP\BIN\X64\SetupDL.exe <target dir>
    21. Add the SCCM Server domain computer account to local Administrators group of the SQL Server
    22. Setup SQL Properties/Memoy/ 50% of the Maximum memory and set MIN and MAX to same/static
    23. Add IIS 6 Management Compatibility Role
    24. IIS Configuration
        1. IIS \ Server \ Authentication \ Windows Authentication – Enable
        2. IIS \ Sites \ Default Web Site\ Add Authoring Rule – All content | All Users | Read | Local
        3. IIS \ Sites \ Default Web Site\ WebDAV Settings ????
    25. Reporting Services Configuration ???
    26. Change Server Collation SQL_Latin1_General_CP1_CI_AS (Run CMD as Administrator)
    27. 1. Setup.exe /QUIET /ACTION=REBUILDDATABASE /SQLCOLLATION=SQL_Latin1_General_CP1_CI_AS /INSTANCENAME=MSSQLSERVER /SQLSYSADMINACCOUNTS=BUILTIN
           \Administrators
        2. http://technet.microsoft.com/en-us/library/ms179254(v=SQL.100).aspx
        3. Reattach existing database
    28. Reference:
        1. http://sccmentor.wordpress.com/2014/01/08/sccm-2012-r2-step-by-step-installation-guide/
        2. http://www.david-obrien.net/2013/06/25/configmgr-2012-r2-step-by-step-installation/
        3. http://blogs.technet.com/b/uktechnet/archive/2013/04/10/guest-post-a-step-by-step-guide-to-system-center-2012-configuration-manager-with-sp1.aspx
    29. Checklist for Required Post Setup Configuration Tasks
        1. Checklist for Required Post Setup Configuration Tasks – http://technet.microsoft.com/en-au/library/bb633240.aspx
        2. Configure Sites and the Hierarchy in Configuration Manager – http://technet.microsoft.com/library/gg712682.aspx
        3. System Center Updates Publisher 2011 – Install – http://www.microsoft.com/en-us/download/details.aspx?id=11940
        4. Clients for Additional OS – http://www.microsoft.com/en-us/download/details.aspx?id=39360
        5. Install SP1
        6. Install App-V Integration and Clients
        7. Install Update Publisher
        8. Install WSUS
        9. Setup download schedule
        10. Desired Configuration Management (DCM)
        11. OSD + Integration with the Microsoft Deployment Toolkit (MDT)
        12. Configure Application Packages
        13. Tools
            1. Install RightClick Tools
            2. Client Center for Configuration Manager – https://sccmclictr.codeplex.com/
            3. Install System Center 2012 R2 Confiugration manager Toolkit – http://www.microsoft.com/en-au/download/details.aspx?id=36213
            4. Install System Center 2012 Configuration Manager Support Center – http://www.microsoft.com/en-us/download/details.aspx?id=42645
            5. Configuration Manager Trace Log Tool
            6. Install System Center Dashboard – http://www.microsoft.com/en-us/download/details.aspx?id=2753
               1. http://www.signatureconsultancy.com/smtrak.html
               2. Microsoft SQL Report Builder – http://www.microsoft.com/en-au/download/details.aspx?id=29072
13. Install App-V Standalone
    1. http://stealthpuppy.com/app-v-faq-4-where-can-i-download-app-v/
    2. http://www.virtualizationadmin.com/articles-tutorials/application-virtualization-articles/app-v-basics-installing-and-configuring-app-v-5-infrastructure-part1.html
    3. https://www.youtube.com/watch?v=7MgFSv0P71s
    4. Setup Citrix Integration
       1. http://support.citrix.com/article/CTX126082
       2. https://www.youtube.com/watch?v=q_JpUP_fqYQ
       3.  Components
          1. App V Report Server
             1. Run the Installed and install the Reporting Services on the SQL Server.
          2. App-V Management Server
             1. Download the software Microsoft Desktop Optimisation -E:\App-V\Installers\5.0\Server
             2. Prerequisites – http://technet.microsoft.com/en-us/library/jj713458.aspx
             3. Install Silverlight on the management Server
             4. http://www.netdavidic.com/2013/01/implementing-app-v-50-full.html
             5. Install the Web Server ISS Role on the Management Server
             6. Install Application Services Role and Net.3.5
          3. App-V Sequence Server
          4. SQL Server
          5. Client
14. Build App-V and App-V Sequence
    1. Install App-V Remote Application Packager – http://www.microsoft.com/en-us/download/details.aspx?id=36216.
15. Build XenApp RDS Host Template Server
16. Configure KMS licenses for RDS and OSs
    1. Install Volume Activation Management Tool – http://www.microsoft.com/en-au/download/details.aspx?id=11936
    2. Activiate
    3. Setup DNS for KMS
17. Configure Citrix License Server + Citrix Licensees
18. Setup a Windows 8.1 and Windows 2012 OSD
    1. setup a isolated PXE boot environment and DHCP config – http://support.citrix.com/article/CTX115094
19. MED-V
20. MDOP
21. Microsoft Assessment and Deployment Kit – http://www.microsoft.com/en-gb/download/details.aspx?id=39982[/embed]
22. Citrix Profile Server
23. Setup IPAM
24. Test Federated Access
25. Monitoring
    1. Setup Puppet Server
    2. Setup Nessus
    3. Setup Splunk Server
    4. Setup WireShark
    5. OpenVMS
    6. Snort
    7. Wireshark
    8. HP Isight Manager for Linux – https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPSIM-Linux-7.x
    9. HP Version Control Repository Manager – HP Version Control Repository Manager (VCRM)
    10. HP Service Pack for ProLiant (SPP) Version 2014.02.0 – http://h17007.www1.hp.com/us/en/enterprise/servers/products/service_pack/spp/index.aspx
    11. HP Supplement – ftp://ftp.hp.com/pub/softlib2/software1/supportpack-windows/p1072349968/v79572
    12. ManageEngine Free Monitoring – http://www.manageengine.com/free-xenserver-health-monitor/free-xenserver-health-monitor-index.html
    13. Install Microsoft Best Practice Analyser
    14. Install Microsoft Software Inventory Analyser (MSIA) and Asset Inventory Service
    15. Microsoft Baseline Security Analyser
    16. Citrix License Reporting Tool
    17. Deploy Remote Server Administration Tools on Management Server
    18. Install Windows PowerShell Web Access on Management Server
    19. Windows Assessment Services
    20. Best Pratice Analysers
26. XenServer Backup – http://www.quadricsoftware.com/alike/Free.php#requirements-tab
27. PKI Infrastructure
28. XenServer Orchestra – https://xen-orchestra.com/
29. GPO Configurations
    1. Windows Defender and Active Protection Services – http://technet.microsoft.com/en-us/library/jj618314.aspx
    2. Configure Desktop Experience in Windows Server 2012 R2
30. Setup PVS Server
    1. Configure BSMh
       1. http://blogs.citrix.com/2010/04/13/three-steps-to-a-pxe-free-xendesktop-on-hyper-v/
       2. http://support.citrix.com/proddocs/topic/provisioning-61/pvs-boot-devices-utility.html
31. Setup Sophos Virus Protection
    1. Update exclusions for Citrix, SQL, Clustering
    2. Install Microsoft Malicious Software Removal – http://www.microsoft.com/en-gb/download/malicious-software-removal-tool-details.aspx[/embed]
    3. Microsoft Saftey Scanner – http://www.microsoft.com/security/scanner/en-us/default.aspx[/embed
32. Setup Management Server
33. 1. Window Server Essentials Experience
    2. User Access Logging
    3. Windows Inventory Logging
    4. Windows System Resource Manager
    5. Configure Printer Servers
    6. Application Server
    7. Setup Desktop Template
34. Windows Desktop Experience Configuration
    1. Adds the Desktop Experience and XPS Viewer features to the Windows server configuration
    2. Moves the Citrix folder items in the Start menu to the Administrative Tools folder (including the Citrix AppCenter)
    3. Creates a new Windows Theme file and sets the default wallpaper
    4. Starts the Windows Themes service and configures it to start automatically
35. Configure Citrix CloudPortal and vWorkspaces
    1. http://blogs.citrix.com/2014/06/26/automated-install-of-xendesktop-7-5-on-cloudplatform/#comment-146741
    2. Billing System
    3. Self-Services Website
    4. Manager Engine Self-Services
36. Setup Puppet and Desired State Manager
    1. Setup Desired State Pull/Push – http://foxdeploy.com/2014/03/10/desired-state-configuration-what-it-is-and-why-you-should-care/
37. Active Directory
    1. Enable Active Directory Recycling Bin
       1. http://blogs.technet.com/b/canitpro/archive/2014/05/01/step-by-step-enabling-active-directory-recycle-bin-in-windows-server-2012.aspx
    2. Setup GPO Backup and System State

Microsoft SPLA licensing for Windows 8

update – http://www.itnews.com.au/News/397582,microsoft-allows-per-user-volume-licensing-of-windows.aspx#ixzz3IG3TsLeT

This is a subject that is always a discussion in almost all DaaS opportunities. Can a Microsoft MSP provide Windows 8 OS. The quick Answer is NO. Microsoft MSP/ SPLA licensing only covers Windows SERVER Operating Systems. (I won’t go into the all the different FlexCast models here and stick with providing a dedicated OS for users.)

However, there is a way a Microsoft MSP can provide Windows 8. Here is a quick guide:

1. Customer and Microsoft MSP must sign up for License Mobility Through Software Assurance. Volume Licensing customers can license their server applications on-premises and in the cloud on a qualified service provider’s shared hardware environment for specific applications. https://www.microsoft.com/licensing/software-assurance/license-mobility.aspx
2. Customer must purchase all Windows 8 OS Licenses.
3. Customer must purchase all Virtual Desktop Access licenses. (If the client devices aren’t PCs covered by [Software Assurance].
   • Windows Virtual Desktop Access (VDA) is an authorization strategy that requires each device seeking access to a Windows virtual desktop in a virtual desktop infrastructure (VDI) to be licensed.
   • Windows Virtual Desktop Access (Windows VDA): A standard benefit of Software Assurance and a stand-alone subscription-based license which allows roaming access to Windows virtual machines (VMs) from thin clients, third party, and non-Windows-based devices.
   • The goal of Windows Virtual Desktop Access is to simplify licensing requirements in a virtual environment by licensing the devices that seek access to virtual desktops, instead of licensing the virtual desktops themselves.
   • Because VDA is included as a feature of Software Assurance (SA), primary users of devices covered by SA can access their virtual desktops at no extra charge. Microsoft defines a primary user as someone who has used the computing device for more than 50% of the time in a 90 day period.
   • If the user wishes to access a Microsoft VDI from a device that is not covered by Software Assurance, however, a separate Windows VDA license is required. Such devices include thin clients, zero clients and third-party devices such as contractor-owned PCs. As of this writing, a separate VDA license costs $100 per year, per device.
   • Licensing_Windows_Desktop_OS_for_Virtual_Machines
   • Providing Microsoft Desktop as a Service licensing guide
   • More info :- http://splalicensing.com/tag/rds/
4. Transfer these licenses to the Service Provider: [Detailed steps]
5. The Microsoft MSP must provide the Windows 8 OS on DEDICATED hardware and not shared infrastructure with any other customer.  Which cannot be used to provide any kind of service to any other customer of the service provider. Microsoft advise the dedicated-hardware requirement applied to all of the hardware utilised to provide the solution to the customer: servers, storage and, presumably, switching infrastructure as well.
6. Windows 8 can be used for Rental Desktops can not be used either. Remote access. Rental Rights do not allow for remote access to software. Microsoft Rental Rights are a simple way for companies to rent, lease, or outsource desktop PCs with Windows desktop operating system and Microsoft Office licenses to third parties (such as Internet cafés, hotel and airport kiosks, business service centers, and office equipment leasing companies) through a one-time license transaction valid for the term of the underlying software license or life of the PC. Solidify your role as trusted advisor by helping your customers be in compliance, by using an additive license that fits their business model—without requiring special tools, processes, reporting, or paperwork.
   • https://mspartner.microsoft.com/en/us/pages/licensing/rental-rights.aspx
   • https://www.microsoft.com/licensing/about-licensing/rental-rights.aspx