Windows 2008 R2 Remote Desktop Service
Windows 2008 R2 Remote Desktop Service
The Remote Desktop Service (RDS) on windows 2008 server R2 were tested and implemented successfully;
Required Parameters: Priority Host Farm requires xx numbers of windows 2008 R2 64bit server. If the Server are installing on ESX Host, Host must support 64bit OS, All HOST Farm Servers are in Same Subnet Networking. All the host Farm servers are belongs to Domain with Admin access policies Users Groups are defined for HOST FARM to access App from Intranet & Internet
The Windows Server 2008 R2 Remote Desktop Services (RDS) architecture consists of the following components:
Active Directory Domain controller
RD Session Host (RDSH) Server
RD Connection Broker (RDCB) Server
RD Web Access server
RD Gateway server
RD Licensing
Active Directory Domain Deployment Scenario: On deploying windows 2008 R2 RDS, we need integrated with the active directory that include the groups policy setting and all the Remote Desktop users Roles will be resolving with the DNS. For Example: I have created a domain called Happy.com and SG-RDS-01 is the group were having 100 users and the DNS should resolving with all the Remote desktop roles were installed on windows 2008 R2 servers.
Virtualized RD Session Host (RDSH) Server Deployment:•
RDSH server based on windows 2008 R2 ENT version Operating system.
First, the RD Session Host role service must be installed (this is the basic “terminal server” system role)
Next, the applications that are to be hosted by the RD Session Host server must be installed on the RD Session Host system.
Finally, you must grant users or groups the required privileges to connect to the RD Session Host server and configure RD Licensing
RDCB Server
RDCB server based on windows 2008 R2 ENT version Operating system.
The computer on which you install the RD Connection Broker role service must be a member of an Active Directory domain.
RD Connection Broker extends the TS Session Broker capabilities included in Windows Server 2008 by creating a unified administrative experience for traditional session-based remote desktops and virtual machine-based remote desktops.
RD Connection Broker supports load balancing and reconnection to existing sessions on virtual desktops, Remote Desktop sessions, and Remote App programs accessed by using Remote App and Desktop Connection.
RD Gateway Server:
Remote Desktop Gateway (RD Gateway) is a role service in the Remote Desktop Services server role included with Windows Server 2008 R2 that enables authorized remote users to connect to resources on an internal corporate or private network, from any Internet-connected device that can run the Remote Desktop Connection (RDC) client.
The network resources can be Remote Desktop Session Host (RD Session Host) servers, RD Session Host servers running Remote App programs, or computers and virtual desktops with Remote Desktop enabled. RD Gateway uses the Remote Desktop Protocol (RDP) over HTTPS to establish a secure, encrypted connection between remote users on the Internet and internal network resources.
An idle timeout provides the ability to reclaim resources used by inactive user sessions without affecting the user’s session or data. This helps free up resources on the RD Gateway server. After being disconnected, the user will be able to re-establish the session by using RDC.
A session timeout provides the capability to periodically enforce new policies on active user connections. This ensures that any system changes to user properties, such as domain accounts, RD CAP changes, or RD RAP changes, are enforced on existing sessions.
Forefront Unified Access Gateway (UAG) allows you to provide access to published Remote Apps and Remote Desktops by integrating a Remote Desktop Gateway (RD Gateway) to provide an application-level gateway for RDS services and applications
RD Web Access server:
The RD Web Access is a role service of the Remote Desktop Services role.
The RD Web Access needs to be a Windows Server 2008 R2 machine, but does not need to have the RD Sessions Host role service installed.
To run the RD Web Access role service, Microsoft Internet Information Services (IIS) 7.5 must/will be installed. Clients must meet the requirements for RD Web Access
RD Licensing server:
Remote Desktop Licensing (RD Licensing), is a role service in the Remote Desktop Services server role included with Windows Server 2008 R2.
RD Licensing manages the Remote Desktop Services client access licenses (RDS CALs) that are required for each device or user to connect to a Remote Desktop Session Host (RD Session Host) server.
You use Remote Desktop Licensing Manager (RD Licensing Manager) to install, issue, and track the availability of RDS CALs on a Remote Desktop license server
The Manage RDS CALs Wizard
In Windows Server 2008 R2, a new wizard is available in Remote Desktop Licensing Manager (RD Licensing Manager) that allows you to do the following:
Migrate RDS CALs from one license server to another license server.
Rebuild the RD Licensing database
Remote Desktop Connection (RDC) 7.0 client
The Remote Desktop Connection (RDC) 7.0 client update enables you to use the new Remote Desktop Services feature introduced in Windows 7 and in Windows Server 2008 R2. These features are available for clients running Windows XP Service Pack 3 (SP3), Windows Vista Service Pack 1 (SP1), and Windows Vista Service Pack 2 (SP2).
RDC Client Single Sign-On
Single sign-on is an authentication method that allows users with a domain account to log on once to a client computer by using a password, and then gain access to remote servers without being asked for their credentials again.
Single sign-on for remote connections from a computer running Windows 7, Windows Vista, or Windows XP with Service Pack 3 to an RD Session Host server running Windows Server 2008 R2 or Windows Server 2008
Ensure that the user accounts that are used for logging on have appropriate rights to log on to both the RD Session Host server and the client computer.
Both the client computer and the RD Session Host server must be joined to a domain.
Configure authentication on the RD Session Host server.
Configure the client computer to allow default credentials to be used for logging on to the specified RD Session Host servers
Forefront UAG adds single sign-on functionality for RDS. The credentials provided by the user for session login can be used to authenticate to published Remote Apps and Desktop Connections
You can provide access to all Remote Desktops and Remote Apps from a single Forefront UAG portal.
Requirements:
To take advantage of the new Web SSO feature, the client must be running Remote Desktop Connection (RDC) 7.0. In order for Web SSO to work:
The connection in Remote App and Desktop Connections must have an ID. By default, it is set to the Fully Qualified Domain Name (FQDN) of the RD Connection Broker server in case of RD Connection Broker mode. In RD Session mode, it is set to the FQDN of the RD Web Access server.
Remote App programs must be digitally signed using a Server Authentication certificate [Secure Sockets Layer (SSL) certificate]. The certificate Enhanced Key Usage section must contain ‘Server Authentication (1.3.6.1.5.5.7.3.1)’.
Client operating systems must trust the certificate with which the Remote App programs are signed. – (Kerberos certification)
Ports should be open
Kerberos Port - 88
RDP Port - 3389
LDAP port - 389
HTTPS port - 443
RDCB RPC Port - 5504 (Centralized publishing server )
The Remote Desktop Service (RDS) on windows 2008 server R2 were tested and implemented successfully;
Required Parameters: Priority Host Farm requires xx numbers of windows 2008 R2 64bit server. If the Server are installing on ESX Host, Host must support 64bit OS, All HOST Farm Servers are in Same Subnet Networking. All the host Farm servers are belongs to Domain with Admin access policies Users Groups are defined for HOST FARM to access App from Intranet & Internet
The Windows Server 2008 R2 Remote Desktop Services (RDS) architecture consists of the following components:
Active Directory Domain controller
RD Session Host (RDSH) Server
RD Connection Broker (RDCB) Server
RD Web Access server
RD Gateway server
RD Licensing
Active Directory Domain Deployment Scenario: On deploying windows 2008 R2 RDS, we need integrated with the active directory that include the groups policy setting and all the Remote Desktop users Roles will be resolving with the DNS. For Example: I have created a domain called Happy.com and SG-RDS-01 is the group were having 100 users and the DNS should resolving with all the Remote desktop roles were installed on windows 2008 R2 servers.
Virtualized RD Session Host (RDSH) Server Deployment:•
RDSH server based on windows 2008 R2 ENT version Operating system.
First, the RD Session Host role service must be installed (this is the basic “terminal server” system role)
Next, the applications that are to be hosted by the RD Session Host server must be installed on the RD Session Host system.
Finally, you must grant users or groups the required privileges to connect to the RD Session Host server and configure RD Licensing
RDCB Server
RDCB server based on windows 2008 R2 ENT version Operating system.
The computer on which you install the RD Connection Broker role service must be a member of an Active Directory domain.
RD Connection Broker extends the TS Session Broker capabilities included in Windows Server 2008 by creating a unified administrative experience for traditional session-based remote desktops and virtual machine-based remote desktops.
RD Connection Broker supports load balancing and reconnection to existing sessions on virtual desktops, Remote Desktop sessions, and Remote App programs accessed by using Remote App and Desktop Connection.
RD Gateway Server:
Remote Desktop Gateway (RD Gateway) is a role service in the Remote Desktop Services server role included with Windows Server 2008 R2 that enables authorized remote users to connect to resources on an internal corporate or private network, from any Internet-connected device that can run the Remote Desktop Connection (RDC) client.
The network resources can be Remote Desktop Session Host (RD Session Host) servers, RD Session Host servers running Remote App programs, or computers and virtual desktops with Remote Desktop enabled. RD Gateway uses the Remote Desktop Protocol (RDP) over HTTPS to establish a secure, encrypted connection between remote users on the Internet and internal network resources.
An idle timeout provides the ability to reclaim resources used by inactive user sessions without affecting the user’s session or data. This helps free up resources on the RD Gateway server. After being disconnected, the user will be able to re-establish the session by using RDC.
A session timeout provides the capability to periodically enforce new policies on active user connections. This ensures that any system changes to user properties, such as domain accounts, RD CAP changes, or RD RAP changes, are enforced on existing sessions.
Forefront Unified Access Gateway (UAG) allows you to provide access to published Remote Apps and Remote Desktops by integrating a Remote Desktop Gateway (RD Gateway) to provide an application-level gateway for RDS services and applications
RD Web Access server:
The RD Web Access is a role service of the Remote Desktop Services role.
The RD Web Access needs to be a Windows Server 2008 R2 machine, but does not need to have the RD Sessions Host role service installed.
To run the RD Web Access role service, Microsoft Internet Information Services (IIS) 7.5 must/will be installed. Clients must meet the requirements for RD Web Access
RD Licensing server:
Remote Desktop Licensing (RD Licensing), is a role service in the Remote Desktop Services server role included with Windows Server 2008 R2.
RD Licensing manages the Remote Desktop Services client access licenses (RDS CALs) that are required for each device or user to connect to a Remote Desktop Session Host (RD Session Host) server.
You use Remote Desktop Licensing Manager (RD Licensing Manager) to install, issue, and track the availability of RDS CALs on a Remote Desktop license server
The Manage RDS CALs Wizard
In Windows Server 2008 R2, a new wizard is available in Remote Desktop Licensing Manager (RD Licensing Manager) that allows you to do the following:
Migrate RDS CALs from one license server to another license server.
Rebuild the RD Licensing database
Remote Desktop Connection (RDC) 7.0 client
The Remote Desktop Connection (RDC) 7.0 client update enables you to use the new Remote Desktop Services feature introduced in Windows 7 and in Windows Server 2008 R2. These features are available for clients running Windows XP Service Pack 3 (SP3), Windows Vista Service Pack 1 (SP1), and Windows Vista Service Pack 2 (SP2).
RDC Client Single Sign-On
Single sign-on is an authentication method that allows users with a domain account to log on once to a client computer by using a password, and then gain access to remote servers without being asked for their credentials again.
Single sign-on for remote connections from a computer running Windows 7, Windows Vista, or Windows XP with Service Pack 3 to an RD Session Host server running Windows Server 2008 R2 or Windows Server 2008
Ensure that the user accounts that are used for logging on have appropriate rights to log on to both the RD Session Host server and the client computer.
Both the client computer and the RD Session Host server must be joined to a domain.
Configure authentication on the RD Session Host server.
Configure the client computer to allow default credentials to be used for logging on to the specified RD Session Host servers
Forefront UAG adds single sign-on functionality for RDS. The credentials provided by the user for session login can be used to authenticate to published Remote Apps and Desktop Connections
You can provide access to all Remote Desktops and Remote Apps from a single Forefront UAG portal.
Requirements:
To take advantage of the new Web SSO feature, the client must be running Remote Desktop Connection (RDC) 7.0. In order for Web SSO to work:
The connection in Remote App and Desktop Connections must have an ID. By default, it is set to the Fully Qualified Domain Name (FQDN) of the RD Connection Broker server in case of RD Connection Broker mode. In RD Session mode, it is set to the FQDN of the RD Web Access server.
Remote App programs must be digitally signed using a Server Authentication certificate [Secure Sockets Layer (SSL) certificate]. The certificate Enhanced Key Usage section must contain ‘Server Authentication (1.3.6.1.5.5.7.3.1)’.
Client operating systems must trust the certificate with which the Remote App programs are signed. – (Kerberos certification)
Ports should be open
Kerberos Port - 88
RDP Port - 3389
LDAP port - 389
HTTPS port - 443
RDCB RPC Port - 5504 (Centralized publishing server )
Comments
Post a Comment