Description

This curriculum spans the technical breadth of a multi-phase virtual app delivery rollout, comparable to an enterprise advisory engagement that addresses architecture, packaging, security, and hybrid integration across on-premises and cloud environments.

Module 1: Architecture Design and Sizing for Virtual Application Delivery

Selecting between published applications and full desktop delivery based on user workload profiles and licensing constraints.
Calculating concurrent user density per host based on CPU, memory, and GPU requirements for resource-intensive applications.
Determining optimal hypervisor placement for session hosts considering NUMA topology and storage I/O latency.
Designing network segmentation for RDSH farms to isolate management, user, and file transfer traffic.
Choosing between persistent and non-persistent session hosts based on application compatibility and user personalization needs.
Integrating load balancing algorithms (e.g., least sessions, round-robin) with health checks for RDSH availability.

Module 2: Application Packaging and Compatibility Engineering

Resolving file and registry conflicts during application sequencing in App-V or MSIX by isolating shared dependencies.
Modifying application installers to support silent deployment and system-wide installation on multi-user OS instances.
Handling applications requiring kernel-mode drivers by evaluating virtualization compatibility and fallback to local execution.
Testing Win32 applications for multi-instance stability under Terminal Services User Mode (TSUM).
Implementing version control and rollback procedures for application package revisions in shared delivery environments.
Managing COM and DCOM registration conflicts in shared session hosts using isolation layers or redirection.

Module 3: Delivery Infrastructure Configuration and Optimization

Configuring RDSH role services including Connection Broker, Web Access, and Gateway with high availability using NLB or F5.
Tuning session timeout policies and disconnected session limits to balance resource reuse and user experience.
Implementing GPU passthrough or vGPU profiles for applications requiring DirectX or OpenGL rendering.
Optimizing display protocol settings (e.g., H.264 encoding, frame rate caps) based on WAN bandwidth constraints.
Deploying FSLogix profile containers with exclusion rules to reduce container size and login latency.
Integrating application delivery with identity providers using SAML or OIDC for conditional access enforcement.

Module 4: Security and Access Governance

Restricting application launch based on user group membership using Group Policy or Intune configuration.
Enforcing application control policies via AppLocker or WDAC to prevent unauthorized executable execution on RDSH.
Implementing Just Enough Administration (JEA) for delegated RDSH management without full domain admin rights.
Configuring TLS 1.2+ for all RDS components and disabling legacy protocols like RDP 5.x.
Isolating privileged administrative sessions using Remote Desktop Gateway with MFA enforcement.
Auditing application usage and session access through SIEM integration with Windows Event Forwarding.

Module 5: Storage and Profile Management Strategy

Selecting storage tier (SSD vs. HDD) and IOPS allocation for user profile and application layer repositories.
Designing FSLogix container placement with VHDX on SMB3 shares and configuring host caching policies.
Managing Office 365 caching in virtual environments using OneDrive redirection and exclusion from profile containers.
Implementing deduplication and compression on file servers hosting application layers without impacting performance.
Planning profile migration from legacy roaming profiles to containerized solutions with minimal user disruption.
Monitoring and troubleshooting profile bloat caused by uncontrolled cache or log file accumulation.

Module 6: Monitoring, Performance Tuning, and Troubleshooting

Deploying synthetic transactions to simulate user logon and application launch for performance baselining.
Interpreting RDS-specific performance counters such as sessions per broker and license server availability.
Diagnosing display protocol latency using RDP diagnostics and correlating with network path analysis.
Identifying memory leaks in shared processes by monitoring per-session private bytes and handle counts.
Using ETW traces to isolate application startup delays in virtualized delivery stacks.
Establishing alert thresholds for session host CPU, memory, and page file usage to trigger proactive scaling.

Module 7: Scalability, High Availability, and Disaster Recovery

Designing multi-site RDS deployments with Connection Broker spanning availability zones for failover.
Automating host provisioning and decommissioning using PowerShell or Terraform based on session demand.
Replicating user profile stores across regions using Azure File Sync or DFS-R with conflict resolution policies.
Testing RDS Gateway failover with DNS TTL and client retry behavior under simulated outages.
Validating application license server redundancy and failover procedures to prevent service interruption.
Documenting recovery runbooks for RDS role restoration including certificate and configuration backup locations.

Module 8: Integration with Cloud and Hybrid Delivery Models

Evaluating Azure Virtual Desktop (AVD) migration paths from on-premises RDS based on cost and feature parity.
Extending on-premises App-V infrastructure to Azure using shared content repositories over ExpressRoute.
Configuring hybrid join and conditional access policies for seamless access to virtual apps from unmanaged devices.
Implementing Azure AD Application Proxy for web-based apps alongside RDS-published Win32 applications.
Managing licensing compliance for Windows 10/11 Enterprise and RDS CALs in hybrid cloud scenarios.
Synchronizing on-premises GPOs with Intune policies to maintain consistent application and security settings.