20 October, 2014

Installing Remote Desktop Services as VDI

I have been saying this in nearly all my posts on Windows Server 2012 that Microsoft is making big efforts to mark its name in cloud computing and Remote Desktop Services in Windows Server 2012 is no exception. It seems that even this component was designed keeping in mind the concept of cloud computing & virtualization.

In my previous post "Installing Remote Desktop Services as Role Based (http://www.adshotgyan.com/2014/10/installing-rds-as-role-based.html)", we talked about on how to install and configure Remote Desktop Services using the old conventional way

In this post, we will go through a new way of installing and configuring the Remote Desktop Services

My Lab

- Domain Controller : DC1
- Member Server : MS1 (On this server we will install the Remote Desktop Services Roles)

To verify that the Roles are not yet installed, click on Tools and you wont find anything named Remote Desktop Services or Terminal Services

To install the Roles, Open Server Manager, Click on "Manage" and Select the option "Add Roles and Features"

Now... Wait...

This time we will select the second option "Remote Desktop Services Installation" as opposed to "Role Bases or Feature Based Installation" which we selected in our earlier post "Installing Remote Desktop Services as Role Based (http://www.adshotgyan.com/2014/10/installing-rds-as-role-based.html)"

Deployment Types

- Standard Deployment
- Quick Start

Standard Deployment

A standard deployment will install the following components:-

- Remote Desktop Connection Broker
- Remote Desktop Web Access
- Remote Desktop Session Host

Quick Start

A quick start deployment will automatically do the following:-

- Install the Remote Desktop Session Host role service on this server
- Install the Remote Desktop Connection Broker role service on the same server
- Install the Remote Desktop Web Access role service on the same server
- Create a Session Collection called QuickSessionCollection
- Add Domain Users security group to the collection to allow that group access to servers in the    collection

We will be using the Standard Deployment

Deployment Scenario

- Virtual Machine Based Desktop Deployment
- Session Based Desktop Deployment

As I said in the beginning on this post that Microsoft is keeping Cloud Computing and Virtualization in mind while designing the new products, this screen and the options mentioned here is a prime example of the same

Cloud Computing and Virtualization are two sides of the same coin, you simply cannot keep them apart. A cloud cannot be built without virtualization

Virtual Machine Based Desktop Deployment

This will use RD Virtualization Host to deliver a Desktop AND/OR RemoteApps on Virtual Machines. This will create virtual desktops (VDI - Virtual Desktop Infrastructure) to be used by the users

Session Based Desktop Deployment

This will use RD Session Host to deliver a Desktop AND/OR RemoteApps on Remote Desktop Session (RDP Sessions)

For now, since we are not creating virtual machines, we will choose the option "Session Based Desktop Deployment"

Once selected, the wizard will list the components (Also known as Role Services where Role here would be the remote Desktop Services and the following will be its services) which will be installed

- Remote Desktop Connection Broker
- Remote Desktop Web Access
- Remote Desktop Session Host

RD Connection Broker Server

Formerly known as Terminal Services Session Broker (TS Session Broker) it has three major functions:-

- Load Balancing
- Re-connection of User`s Session
- Provide access to RemoteApp and Desktop Sessions

Load Balancing : Suppose we have three Remote Desktop Host Servers (Terminal Servers). There are 300 users in my domain who will require remote connections to these servers. When these 300 users will connect to the Remote Desktop Servers, either of these things will happen:-

- All the users are connected to the same Remote Desktop Server... In that case, I have my full sympathy for that poor Remote Desktop Server. Not only he has to bear all the load, at the same time he will die of jealously seeing that two of his counterparts are relaxing and doing nothing...

- All the user`s connections are random. So users are redirected to Remote Desktop Servers randomly.. Again... One thing which will matter the most is "Luck"... What if Saturn is against Remote Desktop Server 1... The same situation will arise which happened above... All connections will be established on the Remote Desktop Server 1 or at least majority of the connections on Remote Desktop Server 1 and the other two servers again enjoying very less work...

(Any resemblance to real persons, living or dead, is purely coincidental.... :) )

- All the connections are evenly distributed... Wow... That`s the ideal situation.. Now this is the job of RD Connection Broker. To allocate user`s connections evenly across all the servers....

Re-connection of User`s Session : Imagine, I was going to Shimla (India) in a toy train (See you got some additional info beside knowing about Remote Desktop Services, now you know that there is a train to Shimla (India))

I was connected to a Remote Desktop Server and had opened some applications. Now all of a sudden the train passed through a tunnel (btw there are 103 tunnels on that route... wow you got to know more, I think you might be able to get all the info about that train by the time this post will be over :) )

Now this is not news to you that while the train will pass through the tunnel, network connectivity will / may be lost. Untill and unless I happened to be a very close relative of Sunil Mittal who might have got a special tower installed for me on that tunnel, I will also lose the internet connection and the session with the Remote Desktop Server as well.

When the train came out of the tunnel, the signal will be restored. But wait... What happened... Where are the applications on which I was working... hmm... You know what.. I think this time I got connected to Remote Desktop Server 2 and previously I was connected to the Remote Desktop Server 1... :(

So does it mean that I have to start over again... And what if before I complete my work the next tunnel comes and the signal is lost again.... Poor me...

Anyways... To help me with this situation, we have the RD Connection Broker Role which "Remembers" the user name and the name of the server to which the user was connected at the last disconnected session so that when the session is restored, the user will be connected back to the same old server... Cool na... (I think Microsoft fed Almonds and walnuts to its Remote Desktop Connection Broker Role that why his/her (I don't wanna be biased and use "his" everywhere else the females reading this post will feel offended :P ) memory retention is so strong)

In the screen below, you have to select the Server Name for the RD Connection Broker Role and then click on the Arrow so that this server will be selected

RD Web Access Server

Formerly known as Terminal Services Web Access (TS Web Access)

A user connects to a RD Web Access Server which in turn connects to the RD Connection Broker. The RD Connection Broker returns all the applications which a user will have access to and then the RD Web Access Server will make those applications available to the end user either on a web page or on the start menu (Windows 7) or RemoteApps Desktop Connections (RADC) (Windows 8)

In the screen below, you have to select the Server Name for the RD Web Access Server Role and then click on the Arrow so that this server will be selected

RD Session Host Servers

Formerly known as Terminal Services Configuration

The RD Session Host Server host all the applications which a user uses. These applications are installed and run on this server.

You can use these application by using a full remote session on the server using RDP or these applications can be published using RemoteApp

In the screen below, you have to select the Server Name for the RD Session Host Server Role and then click on the Arrow so that this server will be selected

Now the server is selected for all the roles

Select "Restart the destination server automatically if required". This is not mandatory but if you are like me who need a coffee shot after every few minutes then you can select this option so that while the server reboots, you can get a cup of "Black Coffee" :)

In Progress.....

And here all the roles are installed

Now, In the Server Manager, In left pane, you will get a new option "Remote Desktop Services"

When you click on Remote Desktop Services in the left pane, you get three options on the right pane:-

- Overview
- Servers
- Collections

Click on "Overview" and you will see a very neat diagram

This diagram consist of six components of Remote Desktop Services

 (Also known as Role Services where Role here would be the remote Desktop Services and the following will be its services)

- RD Web Server
- RD Gateway
- RD Licensing
- RD Connection Broker
- RD Virtualization Host
- RD Session Host

Now if you look at the diagram, you will find that out of six icons listed (one for each role feature of Remote Desktop Services), two are GREEN in color. Why? (oh no no... these roles are not environmental friendly)

It because they are not add in this "Deployment"... A new word in Windows 2012 Server...

Click on this Green Icon for "RD Gateway"

And this will open this wizard

Click on the right arrow key to Install RD Gateway Role on this Server

A certificate is required to be installed on the RD Gateway.. This is because the job of RD Gateway is to allow connections from internet to its RD Host Servers. Now if these connections are not secure then it can harm your internal domain. So a certificate is required on this server

The wizard will create a self signed certificate



Do the same for RD Licensing... (Remember, it is NOT mandatory to install RD Gateway and RD Licensing Role... It depends on your requirement)

If you look at the diagram, you will now notice that all the six role services are grey in color.. So does it mean that all of these services are installed.. ?

No... Look again...

The Role Service "RD Virtualization Host" has a dotted line instead of a solid line... Which means that this service was not required... And why was it not required.. Because we have not selected the virtual machine based desktop deployment and instead selected the session based desktop deployment

Servers: - It will list the name of the server(s) on which the Remote Desktop Services Role is Installed

Collections :- And here comes the most exciting new feature of Remote Desktop Services in Windows Server 2012

What is a collection..? A Collection is a collection of Remote Desktop Services roles service (RD Web Server, RD Gateway, RD Licensing, RD Connection Broker, RD Virtualization Host, RD Session Host) on a particular server. Simple.. :)

What used to be a "Farm" in Windows 2008 is a "Collection" in Windows Server 2012

One RD Host Server can be added to only one collection

Currently there is no collection created by default... Remember, Installing the Role Services (RD Web Server, RD Gateway, RD Licensing, RD Connection Broker, RD Virtualization Host, RD Session Host) will NOT create a collection.

Click on the Overview Tab and then click on "Create Session Collections"

Else, click on "Collections" tab on left pane and then click on "Tasks" on right pane and then choose the option "Create Session Collection"

Create Collection Wizard....

Give it a Name...

Select the name of the "RD Host Server" and then click on the right arrow...

Now once you have added this server in this collection and you create another collection, then on this page for the new collection, this server will not be listed as this has already been added in a collection

Who all can have access to this collection (Or the RD Host Server)

Enable User Profile Disk (UPD)....

I really wanted to move on to the next slide but since its UPD, I cant stop myself from saying few words on it

Without discussing the difficulties that you might get while working with UPD, the key point to discuss here is, what exactly is UPD...

UPD or the User Profile Disk is configured on a Remote Desktop Session. It is a replacement for Remote Desktop User Profiles. It creates a disk (VHD) for every user in which user data / profile is stored

For now, I will disable UPD

In progress...


We now have a new "Collection"

The new collection will have the following options in the right pane

- Properties
- Connections
- RemoteApp Programs
- Host Servers

Lets have a look into the properties of this collection

Collection Properties :-

- General
- User Groups
- Session
- Security
- Load Balancing
- Client Settings
- User Profile Disks

User Groups

Users / Groups who are added here will be able to connect to the RD Host Servers


List the session settings for the RD Host Server


List the security settings for the connection to the RD Host Server

Load Balancing

Controlling how many sessions can be created on a RD Host Server when there are more then one server. So you can specify the relative weight and the session limit for each RD Host Server. So if I specify the session limit to 10, then only 10 active connections can be established on this server

Also, the relative weight will govern the priority to be given to a RD Host Server

Client Settings

Just the redirection settings for the connections on the RD Host Server

User Profile Disks

During the wizard if you have disabled the User Profile Disk option then you can enable it from this window. Also, if you have enabled the User Profile Disk in the wizard then also you have to do the configuration for the User Profile Disk from here

Now, lets go back to the Collections option

The above all properties were for any collection which you have created. here, you have the properties for the whole deployment which you can change

Edit Deployment Properties

- RD Gateway
- RD Licensing
- RD Web Access
- Certificates

RD Gateway

Do you want to use RD Gateway or not and if yes then would you like it to be detected automatically or you want to manually configure it

RD Licensing

Licensing Mode : Per User or Per Device
Specify a license server

RD Web Access


You can create / configure certificates for RD Connection Broker / RD Web Access and RD Gateway

Once all this is done, now lets have a look at the different snap-ins available for different Remote Desktop Services

Unfortunately, only three span-ins are available

- RD Licensing Diagnoser
- Remote Desktop Gateway Manager
- Remote Desktop Licensing Manager

RD Licensing Diagnoser

This is the same as what is used to happen in Windows 2008

It list any warning / errors on the RD Licensing Server or if the RD Host Server is able to find and connect to the RD Licensing Server

Remote Desktop Licensing Manager

I guess the only snap-in in relation to Remote Desktop Services which hasn't changed since Windows 2003... :)