1. Overview of Remote Desktop Services
Remote Desktop Services is another key component of
Microsoft’s virtualization strategy. While Hyper-V delivers server
virtualization, Remote Desktop Services delivers presentation
virtualization and virtual desktop infrastructure (VDI) technologies.
Remote Desktop Services provides server-hosted access to Windows-based
applications and desktops. This removes the need for applications to be
installed and run locally on individual workstations. Remote Desktop
Services allows organizations to centrally manage and control access to
applications as well as allows access from low-end PCs or thin clients.
Remote Desktop Services, which was first
introduced as Terminal Services in Windows NT 4.0, allows organizations
to provide better management of applications and access in unique
situations where a user might not have access to a corporate PC. For
example, many organizations, such as hospitals, may deploy thin clients
in patient rooms. These machines are light weight, inexpensive, and
easy to maintain. Remote Desktop Services can provide doctors and
nurses with access to important applications or even fully featured
Windows-based desktops from these thin clients. Since all the
application processing is done centrally on a server, the thin clients
need very little resources to provide adequate computing power to the
end user. There are several situations where Terminal Services make
sense such as providing access to applications from branch offices with
slow connectivity,
or give users secure access to corporate applications from their home
PCs.
2. What is New in Remote Desktop Services
With the release of Windows Server 2008 R2, Terminal
Services has been renamed Remote Desktop Services. If you have
experience administering Terminal Server in previous operating systems,
you should be aware of the new Windows Server 2008 R2 names of various
Terminal Server technologies. Table 1 lists the old versus new name for common Remote Desktop Services and admin tools.
Table 1. Remote Desktop Services Name Changes
| Windows Server 2008 and Prior Name | Windows Server 2008 R2 Name |
|---|
| Terminal Services | Remote Desktop Services |
| Terminal Services Manager | Remote Desktop Services Manager |
| Terminal Server | Remote Desktop Session Host |
| Terminal Services Configuration | Remote Desktop Session Host Configuration |
| Terminal Services Licensing | Remote Desktop Licensing |
| Terminal Services Licensing Manager | Remote Desktop Licensing Manager |
| Terminal Services Gateway | Remote Desktop Gateway |
| Terminal Services Gateway Manager | Remote Desktop Gateway Manager |
| Terminal Services Session Broker | Remote Desktop Connection Broker |
| Terminal Services RemoteApp Manager | RemoteApp Manager |
| Terminal Services Web Access | Remote Desktop Web Access |
Along with a new name, Microsoft has also added
several new features to further enhance Remote Desktop Services. In
this section we will explore some of the feature changes to the various
components of Remote Desktop Services.
Remote Desktop Session Host
The Remote Desktop Session Host role includes
several new features to provide a better administration experience as
well as increased security for Remote Desktop Services deployments.
Changes to Remote Desktop Session Host include:
Client experience configuration —You can now centrally manage Remote Desktop audio/video redirection and Windows Aero interface
options for Remote Desktop clients. These client experience features
can be configured when adding the Remote Desktop Session Host role.
Roaming user profile cache management
—Larger Remote Desktop Services deployments may have hundreds or even
thousands of users logging into Remote Desktop Servers. It is common to
see cached copies of profiles using a lot of storage space on Remote
Desktop Servers. To help control the disk space usage of cached
profiles, a GPO can be applied to Remote Desktop Servers placing a
quota on the amount of disk space that can be used by cached profiles.
If the quota is reached, the server will delete profiles of users with
the oldest last logon until the profile cache falls below the quota.
Remote Desktop IP Virtualization
—Remote Desktop IP Virtualization allows administrators to create a
pool of IP addresses allowing each Remote Desktop Session to have a
unique IP address. This feature is useful for applications that may
require each instance to have a unique IP or when troubleshooting and
you need to track the IP of a particular session on a Remote Desktop
Server.
Enhanced CPU scheduling
—Remote Desktop Services now includes a processor scheduling feature
known as Fair Share Scheduling. This feature distributes CPU resources
evenly across each Remote Desktop Session, ensuring that one user
session does not impact on the performance of another user’s session.
This scheduling is done automatically by the Remote Desktop Server and
does not require configuration.
Remote Desktop Virtualization Host
The Remote Desktop Virtualization Host is a new role
included in Windows Server 2008 R2 Remote Desktop Services and provides
a fully featured VDI solution for Windows. Remote Desktop
Virtualization Host allows administrators to set up pools of Hyper-V
virtual machines that can be logged onto by users. Users can be
assigned unique machines or assigned the next available machine in the
pool. This gives users fully featured desktop computers accessible via
a remote connection.
RemoteApp and Desktop Connection
Windows Server 2008 R2 further extends the features
of RemoteApp to VDI-based virtual desktops. Windows Server 2008 R1
allows administrators to use RemoteApp to make access to Terminal
Services-based applications seamless to end users. Users can launch an
application shortcut from their local computer or terminal, and that
application appears to launch locally instead of displaying a Remote Desktop Session to the Terminal Server.
Windows Server 2008 R2 in conjunction with Windows 7
publishes available RemoteApp applications and Desktop Virtualization
Host-based VMs to the Start Menu of Windows 7 clients. This allows end
users to easily access applications and virtual desktops they have
access to by simply opening them from the Start Menu on their local
computer.
Remote Desktop Connection Broker
The Remote Desktop Connection Broker in Windows
Server 2008 R2 now extends the broker capabilities to virtual desktops
in a Remote Desktop Virtualization Host. As with the previous versions
of the sessions broker, the Remote Desktop Connection Broker provides
load balancing and ensures users reconnect to existing sessions after a
disconnect. The Remote Desktop Connection Broker connects users to the
new RemoteApp and Desktop Connection feature.
Remote Desktop Gateway
The Remote Desktop Gateway feature includes several
new enhancements over the previous Terminal Services Gateway. The new
Remote Desktop Gateway includes the following new features:
Gateway level idle and session timeouts
Logon and system messages
Pluggable authentication
Network access protection (NAP) remediation
Gateway level idle and session timeouts
This feature allows administrators to configure idle
and session timeouts on the gateway itself. By setting these timeouts,
administrators can ensure that unused sessions are disconnected and
active users are forced to periodically reconnect.
Logon and system messages
Administrators can now configure special message
windows to be displayed to users when connecting to a Remote Desktop
Services Gateway. System messages can be used to provide active users
with important notifications such as information regarding system
outages. The logon message can be used to provide users with important
notifications every time they logon. These can be useful to advertise
new applications or services available via the gateway.
Pluggable authentication
Pluggable
authentication allows developers to write custom authentication modules
for Remote Desktop Gateways. This can be used to further enhance Remote
Desktop Gateway services by providing such features as Two-Token
authentication.
Network access protection remediation
NAP remediation features allow computers connecting
via a Remote Desktop Gateway to remediate any noncompliant security
settings prior to connecting to the network. This ensures that even
computers connecting via Remote Desktop Gateways comply with corporate
NAP policies.
Remote Desktop Web Access
Remote Desktop Web Access was known, as in Windows
Server 2008 R1, as Terminal Server Web Access providing users with a
portal to view and connect to available RemoteApp-based applications
within a Web browser. The new Remote Desktop Web Access feature
includes the following enhancements over Terminal Service Web Access:
Security-trimmed RemoteApp filtering
Forms-based authentication (FBA)
Public and private computer options
Single sign-on
Security-trimmed RemoteApp filtering
Windows Server 2008 R1 Terminal Services Web Access
displays any RemoteApp Web applications available on the system to all
end users. This allows users to see RemoteApps even if they do not have
access to them. Windows Server 2008 R2 Remote Desktop Web Access now
security trims the interface so that users see only RemoteApp shortcuts
they have access to.
Forms-based authentication
Remote Desktop Web Access now offers the ability to
provide FBA. This provides a more user friendly logon page which users
may be used to from other applications such as Outlook Web Access (OWA)
in Microsoft Exchange.
Public and private computer options
Users can now specify what type of computer they are
connecting from when logging into Remote Desktop Web Access. This
provides more strict security settings when logging in from a public
computer such as a kiosk.
Single sign-on
When
using Terminal Server Web Access in Windows Server 2008 R1, users were
prompted twice to logon to RemoteApps via the Web interface. They were
prompted once to access the Web access server and a second time when
launching the application. Remote Desktop Web Access provides single
sign-on so that users need to logon only initially to the Web access
site. Credentials are then passed to the RemoteApp automatically.
Remote Desktop Client Experience
Several new features have been added to further
enhance the Remote Desktop experience for Windows 7 client computers.
Windows 7 clients connecting to a Windows Server 2008 R2 server gain
these additional features:
Multiple monitor support
—Remote Desktop Services now supports multiple monitors for Windows 7
clients. This allows RemoteApps to take advantage of multiple monitors
in the same manner as if they were running as applications on the local
computer.
A/V playback
—Remote Desktop Services now redirects Windows Media Player-based A/V
content to the client computer where it is played locally using the
memory and CPU of the client computer to view the content locally.
Windows 7 Aero —Remote Desktop Services support Windows 7 Aero features when the connecting client is a Windows 7 computer.
Remote Desktop Services PowerShell module and Best Practices Analyzer
Remote Desktop Services now comes with more
management features and options including a PowerShell module and Best
Practices Analyzer (BPA). Using PowerShell, administrators can perform
most Remote Desktop Services administration via a PowerShell command
prompt.
The BPA helps administrators verify that
their Remote Desktop Services configuration is following best practices
and that there are no misconfigurations that could negatively impact on
the deployment.
3. Planning to Deploy Remote Desktop Services
Prior to installing Remote Desktop Services, you should properly plan your deployment. You should consider the following:
What Remote Desktop Services are needed?
Are the applications you want to use over Remote Desktop Services compatible?
Is access from outside the corporate firewall required?
What infrastructure is required to support Remote Desktop Services?
How many concurrent sessions do you need to support?
Do you want to provide Web-based access to RemoteApps?
Will you be using PCs, ThinClients, or a combination of both as clients for Remote Desktop Services?
What are the availability requirements of Remote Desktop Services?
Will Users need access to applications offline?
Will users have access to RemoteApps only or access to full desktops?
These are just a few of the questions that need to
be answered before deploying Remote Desktop Services. For example, if
you need access to Remote Desktop applications from the Internet, you
will want to deploy the Remote Desktop Gateway. If users need the
ability to run an application while “disconnected” from the corporate
network, and the Internet, then Remote Desktop Services is not the
solution for that application. After reading through the following
section on installing and configuring Remote Desktop Services, you
should be in a better position to answer some of these questions for
your deployment planning.
Remote Desktop Services and application licensing
Before deploying an application as a
RemoteApp, you should make sure the software license allows
installation on a Remote Desktop Server. Some software vendors prohibit
the installation of their software on a shared application server,
using technologies like RemoteApp.
