WS-011 Windows

Server 2019
Administration

© Copyright Microsoft Corporation. All rights reserved.

Module 9: RDS in
Windows Server
Module overview

In this module, you will be introduced to Remote Desktop Services, and learn about the
functionality they provide. You will also learn how to configure an RDS Session-Based Desktop
deployment and about Personal and pooled Virtual Desktops.
 Lessons:
o Overview of RDS

o Configuring a session-based desktop deployment

o Overview of personal and pooled virtual desktops

Lesson 1: Overview of
RDS
Overview of RDS

In this lesson, you will be introduced to Remote Desktop Services (RDS) and how to plan a
deployment. You will learn about the client experience and Remote Desktop features. You will
also learn about RDS licensing, RD Gateway, and RDS in Azure.
 Topics:
o Remote Desktop Services overview and benefits

o Client experience features with RDS

o Remote Desktop Feature and RDS

o Plan RDS deployment

o Access RDS

o Overview of Remote Desktop Gateway

o RDS licensing

o RDS in Azure
Remote Desktop Services overview and benefits (1 of 2)

 RDS is a virtualization technology that provides:

 Session-based desktop deployments
 VM-based desktop deployment
 Remote programs (RemoteApp)

 RDS benefits include:

 Quick deployment of applications
 Ease of application maintenance
 Support for multiple device types
 Good performance across slow connections
 Data protection
Remote Desktop Services overview and benefits (2 of 2)

RD Web RD Session
Access Host

RD Gateway RD RD Virtualization
Connection Host
Broker

AD DS RD Licensing
Client experience features with RDS

Remote Desktop Protocol (RDP) provides an enhanced user experience with the following
features:
 Almost identical to a local experience
 Full desktop or remote application window
 Integrates with the Start screen
 Redirection of local resources
 Multi-monitor support
 Windows media redirection
 Single sign on
 CPU, disk, and network Fair Share
 Automatic reconnect
Remote Desktop Feature and RDS (1 of 4)

What is RemoteFX?
 Enhancement to RDP
 Included in RDS:
 RD Session Host–no additional requirements
 RD Virtualization Host:
o GPU, SLAT-enabled processor

o Add RemoteFX 3D video adapter to virtual desktops

 RemoteFX features:
 RemoteFX for wide-area networks (WAN)
 RemoteFX Adaptive Graphics
 RemoteFX Media Streaming
 RemoteFX Multi-Touch
 RemoteFX USB Redirection
Remote Desktop Feature and RDS (2 of 4)
Remote Desktop Remote Desktop Services

Use both features to observe remote computer

Remote Desktop Feature and RDS (3 of 4)

Feature Remote Desktop Remote Desktop

Services
Windows Server and client
Availability Windows Server only
Windows OS

Additional licenses required No Yes

Number of concurrent
2 (1 on client OS) Unlimited
connections

RemoteApp programs No* Yes

Drives, clipboard, and printers

Yes Yes
redirection
RemoteFX USB redirection, PnP
No* Yes
redirection

Multimedia redirection No* Yes

* Except with Windows Enterprise edition, when run

in VM
Remote Desktop Feature and RDS (4 of 4)

 Desktop app is included in the Windows

OS

Plan RDS deployment (1 of 8)

 Assess Remote Desktop infrastructure requirements

 Plan for RD session host
 Plan for RD connection broker
 Plan for RD web access
 Plan for preserving user state
 Infrastructure testing prior to rollout
Plan RDS deployment (2 of 8)

Assess Remote Desktop infrastructure requirements

 Determine requirements and available resources including:
 Whether RDS is an appropriate solution for your needs
 Select a session-based or VM-based desktop deployment:
o Both methods can be part of an RDS deployment

 Determine how many users and the expected response time

 Estimate server hardware and network requirements
 Determine RDS client types and their requirements
 Determine how clients will access RDS
Plan RDS deployment (3 of 8)

Plan for RD Session Host

 RD Session Host provide desktops and RemoteApp programs
 When you plan for an RD Session Host consider the:
o Number of concurrent user sessions

o Types of applications that users will run

o Major hardware factors, including CPU, memory, disk, and network

 Deploy a pilot project and run load simulations to simulate user activity
 Deploy multiple RD Session Hosts for high availability
Plan RDS deployment (4 of 8)

Plan for RD Connection Broker

 The entrance point to an RDS deployment:
o Distributes a session among RD Session Hosts
o Reconnects users to existing sessions
o Publishes the RD Web feed of available RDS resources
o Configures the RDS servers in the same collection
 RD Connection Brokers use an internal database for tracking connections
 Use SQL Server and multiple brokers for high availability
RD Web
Access RD Virtualization
Host

RD
Connection
Broker
RD Session
Host
Plan RDS deployment (5 of 8)

Plan for RD Web Access

 RD Web Access is part of any RDS deployment
 Provides a web portal with available RDS resources:
o Personalized, shows only available RDS resources

o RD Web feed can integrate with the Start screen

o Clients can launch connections from a portal

 RD Web Access requires secure (HTTPS) connections:

o SSL certificate can be self-issued (for testing only)

o Internal CA or non-Microsoft SSL certificate should be used

 Use multiple servers and NLB for high availability

Plan RDS deployment (6 of 8)

RD Web portal
Plan RDS deployment (7 of 8)

Plan for preserving user state:

 Use user state virtualization for preserving user state
 Roaming user profiles and Folder Redirection makes the same user state on any domain
computer possible
 When you plan user profile disks, you must:
o Store a user profile in a separate .vhdx file

o Create a separate .vhdx file for each user

o Configure which profile folders are included or excluded

o Store user profile disks on a network share

o User profile disks are only available to collections

o User profile disks cannot be shared between collections

 Ensure that enough storage is available for user state

Plan RDS deployment (8 of 8)

Infrastructure testing prior to rollout:

 Testing is critical for successful RDS deployment
 During testing consider the following questions:
o Did the testing environment meet expectations?

o Can users transparently access the RDS deployment?

o Did the application consume system resources as expected?

o Are all user environment scenarios being tested?

o Is infrastructure hardware running as expected?

o Is RDS responsive, and can it support the expected users?

o Were there any unexpected changes during testing?

 Errors are much easier to resolve during testing than during deployment
Access RDS (1 of 3)

 RD Web Access portal lists available RDS resources:

 Connection is initiated in RDC
 RD Web feed for RemoteApp and Desktop Connections
 RDC client connects to a full remote desktop only if it is started manually
RemoteAp
p and
Desktop
Connection
s

RD Web
RDS deployment Access

RDC client
Access RDS (2 of 2)

What Is RemoteApp and Desktop Connections?

 Adds available RDS resources on the Start screen
 Can be configured manually or by Group Policy
 Connection specified by URL or email address
 Uses RD Web Access feed from RD Web Access:
o RD Web Access server must have a trusted certificate

 Benefits:
o Only RDS resources that the user can access are added

o List of available RDS resources updates automatically

o File type associations apply to RemoteApp programs

o Search works with RDS resources

o Can be added regardless of domain membership

Overview of Remote Desktop Gateway (1 of 3)

Remote users can connect to an RDS deployment

from a public network through RD Gateway

Public Internal
network network
Strips off HTTPS Passes
RDP traffic RD Session Host
Home HTTPS / to RDS
443

Hotel RD Gateway
RD Virtualization
NPS
Host

Partner or client
Other RDP
AD DS hosts
Overview of Remote Desktop Gateway (2 of 3)

Why Is Remote Access Important for RDS?

 RDS provides a consistent user environment
 Users need access to RDS from anywhere, regardless of whether they are connected to
the organization’s network
 Challenges with remote access to RDS:
o Access must be secure and encrypted

o Standard protocol should be used

o Minimal firewall reconfiguration

o Control who can connect remotely

o Control which RDS resources can be accessed

o Monitor and manage established connections

o Provide high availability

o Require additional authentication (optional)

Overview of Remote Desktop Gateway (3 of 3)

Control access to RDS via Remote Desktop Gateway

 RD authorization policies control access in two ways:
o Remote Desktop connection authorization policies (RD CAPs) control who can
establish a connection to an RD Gateway server
o Remote Desktop resource authorization policies (RD RAPs) control to which
computers connections can be established through an RD Gateway server
 Authorization policies provide additional limitations such as:
o Redirection, session timeouts, and allowed ports

 User must match RD CAP and RD RAP to access resources through an RD Gateway server
 The default policies allow Domain User groups full network access
 Authorization policies are stored locally by default
RDS licensing
RD Session Host RDS CAL is required on each
connection, including:
• RDS Per User CAL
• RDS Per Device CAL
• RDS External Connector License

RD
Virtualization
You must license OSs on VMs:
Host
• Windows VDA required if a client is
not covered by Software Assurance
(SA)

Applications are licensed separately from RDS

RDS in Azure

You have the following options for running RDS in Azure:

 RDS running on virtual machines in Azure
o Use Azure Marketplace offering to install a complete RDS environment

o Use Azure QuickStart template to create customized RDS environment

 Use Windows Virtual Desktops

o Is a Platform as a service (PaaS) offering in Azure with all management roles

o Supports pooled and personal desktops

o Requires licenses

 Microsoft 365 E3, E5, A3, A5, F3

 Windows 10 Enterprise E3, E5, A3, A5
o Uses Windows 10 Enterprise multi-session

o Azure resources cost

Lesson 2: Configuring a
session-based desktop
deployment
Configuring a session-based desktop deployment

In this lesson you will be introduced to session-based desktop deployments, including

collections and collection settings. You will learn how to install RDS, create, and configure
collections. You will also learn about high availability options for RDS and get an overview of
RemoteApp.
 Topics:
o Overview of the session-based desktop deployment process

o Demonstration: Install RDS

o What is a collection?

o Configure session collection settings

o Demonstration: Create and configure a session collection

o High availability options for RDS

o Overview of remote app

Overview of the session-based desktop deployment process

 Before the deployment, add servers to Server Manager

 Avoid installing individual RDS role services because you can only manage RDS
deployment
 Session-based desktop deployment steps:
1. Select Remote Desktop Services Installation option

2. Choose Standard or Quick Start deployment

3. Choose virtual machine-based or session-based deployment

4. Choose where to install RDS role services

 After RDS installs you can:
o Add more servers to the RDS deployment

o Perform configuration of the RDS deployment

Demonstration:
Install RDS
 Install RDS using Server Manager
 Install RDS using PowerShell
What is a collection?

 A collection is a logical grouping of servers or virtual machines including:

o Session collections
o Virtual desktop collections

 Manage collections as a unit to:

o Simplify and centralize administration
o Apply the same settings to all servers in a collection
o Manage collections not individual collection members

 Servers can only be in one collection:

o Multiple collections are required if servers must be configured differently
o A collection can provide high availability because client requests can be directed to
any collection member
Configure session collection settings
Demonstration:
Create and
configure a
session collection
 Create and configure a session collection
using Server Manager
 Create and configure a session collection
using PowerShell
 Connect to RD Session Host from client
High availability options for RDS
Multiple servers in Hyper-V
an RDS deployment failover cluster

RD
Connection
Broker
Broker
RD Virtualization
RD Web Access RD Host
Connection Host
RD Web Access
Broker WID

SQL Server
failover cluster
failover cluster

Additional RD Session
servers in Host
RD Session
RD Gateway
an RDS Host
RD Gateway deployment Multiple servers
RD Licensing in
RD Licensing
a collection
Overview of RemoteApp Programs

 RemoteApp programs run remotely and integrate with a local desktop

 RemoteApp programs are especially useful in several scenarios:
o Remote users
o Line-of-business application deployments

o Roaming users

 RemoteApp program features:

o Start programs with no additional prompts

o Run in its own resizable window

o Use file type associations to start a program

o Window content is shown during move and resize

o Live thumbnails and application switching

o Similar icons as locally installed applications

o Notifications and icon overlay

Lesson 3: Overview of
personal and pooled
virtual desktops
Overview of personal and pooled virtual desktops

Always On VPN is the next generation VPN solution for Windows 10 devices. It provides very
secure access to the internal data and applications and the VPN connection is fully
automated.
 Topics:
o Overview of VM-based desktop deployments of Virtual Desktop Infrastructure (VDI)

o Overview of pooled virtual desktops

o Overview of personal virtual desktops

o Compare VDI options

o High availability for personal and pooled desktops

o Prepare a virtual desktop template

Overview of VDI VM-based desktop deployments

A virtual machine (VM)-based desktop deployment of VDI provides:

 An automated infrastructure for creating VMs
 Dedicated resources to each VM user

RD Web RD Connection RD Virtualization

Access Broker Host
Overview of pooled virtual desktops

Pooled virtual desktops:

 Are identically configured VMs
 Are not assigned to a specific user
 Do not retain user state information
 Are created from a virtual desktop image
Overview of personal virtual desktops

 Personal virtual desktops are:

o Assigned to specific users
o Can be customized

 Create personal virtual desktops:

o Based on a virtual desktop image
o From an existing VM
Compare VDI options

Session- Pooled virtual Personal

based desktops virtual
desktop desktops
deployment
of VDI
Personalization Good Good Best

Application Good Best Best

compatibility
Ease of Best Good Fair
management
Cost effectivenes Best Good Fair
s
High availability for personal and pooled desktops (1 of 2)

Server role High availability method

RD Connection Broker Domain name system (DNS) round robin
and Microsoft SQL Server configured to
store RD Connection Broker configuration

RD Web Access Load balancing

RD Virtualization Host Multiple RD Virtualization Hosts
High availability for personal and pooled desktops (2 of 2)

 Failover clustering makes personal virtual desktops highly available:

o There is no downtime with Live Migration
o There is brief downtime after RD Virtualization Host failure

 Failover clustering requires:

o Shared storage

o Multiple networks
Prepare a virtual desktop template

A virtual desktop template:

 Is a VM that functions as a starting point for personal or pooled virtual desktops
 Must be configured appropriately
 Automate the process using a script or Microsoft Endpoint Configuration Manager

Optimize
Create a VM
applications

Install the OS Optimize the OS

Install
Run Sysprep
applications
Instructor-led
labs:
Implementing
RDS in Windows
Server
 Implementing RDS
 Configuring Session Collection Settings
and using RDS
 Configuring a virtual desktop template
Lab: Implementing RDS in Windows Server

 Exercise 1: Implementing RDS

 Exercise 2: Configuring Session Collection Settings and using RDS
 Exercise 3: Configuring a virtual desktop template

Sign in information for the exercise(s):

 Virtual machines:
o WS-011T00A-SEA-DC1

o WS-011T00A-SEA-RDS1

o WS-011T00A-SEA-CL1

 Username: Contoso\Administrator
 Password: Pa55w.rd

 Sign in to WS-011T00A-SEA-CL1 as Contoso\Jane using same password as above.

Lab scenario

You have been asked to configure a basic RDS environment as the starting point for the new
infrastructure that will host the sales application. You would like to deploy RDS services,
perform initial configuration, and demonstrate to the delivery team how to connect to an RDS
deployment.
You are evaluating whether or not to use user profile disks for storing user profiles and
making the user profile disks available on all servers in the collection. A coworker reminded
you that users often store unnecessary files in their profiles, and you need to explore how to
exclude such data from the profile and set a limit on the profile size.
As the sales application will publish on the RD Web Access site, you have to learn how to
configure and access RemoteApp Programs from the RD Web Access portal.
Module-review questions (1 of 2)

1. Which RDS role service tracks user sessions across multiple RD Session Host servers and
virtual desktops?
 RD Session Host
 Remote Desktop Virtualization Host
 RD connection Broker
 Remote Desktop Web Access
 Remote Desktop Gateway

2. Can you connect to RDS only from a Windows-based computer?

3. In which tool can you publish RemoteApp programs on an RD Session Host server?
4. You are creating a new virtual desktop template for a group of users. You have created and
configured the VM. You have optimized the VM appropriately for use as a virtual desktop.
What is the final step in preparing a virtual desktop template?
Module-review questions (2 of 2)

5. Which port must you allow on your firewall to enable external clients to use RD Gateway to
connect to internal RDS resources?
Module-review answers (1 of 2)

1. Which RDS role service tracks user sessions across multiple RD Session Host servers and
virtual desktops?
RD connection Broker
2. Can you connect to RDS only from a Windows-based computer?
No. You can connect to RDS from any device that has a Remote Desktop Protocol
(RDP) client, regardless of whether it is running Windows or any other operating
system (OS), or if the device is a domain member or not.
3. In which tool can you publish RemoteApp programs on an RD Session Host server?
You cannot publish RemoteApp programs on an individual RD Session Host server.
You can only publish them per session collection, which means that they will publish
for all RD Session Host servers in that collection. You can publish RemoteApp
programs by using Server Manager or Windows PowerShell.
Module-review answers (2 of 2)

4. You are creating a new virtual desktop template for a group of users. You have created
and configured the VM. You have optimized the VM appropriately for use as a virtual
desktop. What is the final step in preparing a virtual desktop template?
The final step in preparing a virtual desktop template is to run Sysprep and shut
down the VM.

5. Which port must you allow on your firewall to enable external clients to use RD Gateway
to connect to internal RDS resources?
Clients connect to RD Gateway by using the HTTPS protocol, which uses TCP port
443 by default.
Thank you.

© Copyright Microsoft Corporation. All rights reserved.