Install Remote Desktop Services on Virtual machine

Prepare your virtual machines for Remote Desktop

• Article
• 07/29/2021
• 2 minutes to read
• 4 contributors

Is this page helpful?

Yes No

Any additional feedback?

Feedback will be sent to Microsoft: By pressing the submit button, your feedback will be used to improve Microsoft products and services. Privacy policy.

Submit

Thank you.

In this article

Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016

You can install Remote Desktop Services components on physical servers or on virtual machines.

The first step is to create Windows Server virtual machines in Azure. You'll want to create three VMs: one for the RD Session Host, one for the Connection Broker, and one for the RD Web and RD Gateway. To ensure the availability of your RDS deployment, create an availability set [under High availablility in the VM creation process] and group multiple VMs in that availability set.

After you create your VMs, use the following steps to prepare them for RDS.

1. Connect to the virtual machine using the Remote Desktop Connection [RDC] client:
   1. In the Azure portal open the Resource groups view, and then click the resource group to use for the deployment.
   2. Select the new RDSH virtual machine [for example, Contoso-Sh2].
   3. Click Connect > Open to open the Remote Desktop client.
   4. In the client, click Connect, and then click Use another user account. Enter the user name and password for the local administrator account.
   5. Click Yes when warned about the certificate.
2. Enable remote management:
   1. In Server Manager, click Local Server > Remote management current setting [disabled].
   2. Select Enable remote management for this server.
   3. Click OK.
3. Optional: You can temporarily set Windows Update to not automatically download and install updates. This helps prevent changes and system restarts while you deploy the RDSH server.
   1. In Server Manager, click Local Server > Windows Update current setting.
   2. Select Advanced options > Defer upgrades.
4. Add the server to the domain:
   1. In Server Manager, click Local Server > Workgroup current setting.
   2. Click Change > Domain, and then enter the domain name [for example, Contoso.com].
   3. Enter the domain administrator credentials.
   4. Restart the virtual machine.
5. Repeat steps 1 through 4 for the RD Web and GW virtual machine.
6. Repeat steps 1 through 4 for the RD Connection Broker virtual machine.
7. Initialize and format the attached disk on the RD Connection Broker virtual machine:
   1. Connect to the RD Connection Broker virtual machine [step 1 above].
   2. In Server Manager, click Tools > Computer Management.
   3. Click Disk Management.
   4. Select the attached disk, then MBR [Master Boot Record], and then click OK.
   5. Right-click the new disk [marked as Unallocated] and click New Simple Volume.
   6. In the New Simple Volume wizard, accept the default values but provide a applicable name for the Volume label [like Shares].
8. On the RD Connection Broker virtual machine create file shares for the user profile disks and certificates:
   1. Open File Explorer, click This PC, and open the disk that you added for file shares.
   2. Click Home and New Folder.
   3. Enter a name for the user disks folder, for example, UserDisks.
   4. Right-click the new folder and click Properties > Sharing > Advanced Sharing.
   5. Select Share this folder and click Permissions.
   6. Select Everyone, and then click Remove. Now click Add, enter Domain Admins, and click OK.
   7. Select Allow Full Control, and then click OK > OK > Close.
   8. Repeat steps c. to g. to create a shared folder for certificates.

Create virtual machines for Remote Desktop

• Article
• 07/29/2021
• 4 minutes to read
• 7 contributors

Is this page helpful?

Yes No

Any additional feedback?

Feedback will be sent to Microsoft: By pressing the submit button, your feedback will be used to improve Microsoft products and services. Privacy policy.

Submit

Thank you.

In this article

Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016

Use the following steps to create the virtual machines in the tenant's environment that will be used to run the Windows Server 2016 roles, services, and features required for a desktop hosting deployment.

For this example of a basic deployment, the minimum of 3 virtual machines will be created. One virtual machine will host the Remote Desktop [RD] Connection Broker and License Server role services and a file share for the deployment. A second virtual machine will host the RD Gateway and Web Access role services. A third virtual machine host the RD Session Host role service. For very small deployments, you can reduce VM costs by using AAD App Proxy to eliminate all public endpoints from the deployment and combining all the role services onto a single VM. For larger deployments, you can install the various role services on individual virtual machines to allow better scaling.

This section outlines the steps necessary to deploy virtual machines for each role based on Windows Server images in the Microsoft Azure Marketplace. If you need to create virtual machines from a custom image, which requires PowerShell, check out Create a Windows VM with Resource Manager and PowerShell. Then return here to attach Azure data disks for the file share and enter an external URL for your deployment.

1. Create Windows virtual machines to host the RD Connection Broker, RD License Server, and File server.

   For our purpose, we used the following naming conventions:

   • RD Connection Broker, License Server, and File Server:

     • VM: Contoso-Cb1
     • Availability set: CbAvSet

   • RD Web Access and RD Gateway Server:

     • VM: Contoso-WebGw1
     • Availability set: WebGwAvSet

   • RD Session Host:

     • VM: Contoso-Sh2
     • Availability set: ShAvSet

   Each VM uses the same resource group.

2. Create and attach an Azure data disk for the user profile disk [UPD] share:

   1. In the Azure portal click Browse > Resource groups, click the resource group for the deployment, and then click the VM created for the RD Connection Broker [for example, Contoso-Cb1].
   2. Click Settings > Disks > Attach new.
   3. Accept the defaults for name and type.
   4. Enter a size [in GB] that is large enough to hold network shares for the tenant's environment, including user profile disks and certificates. You can approximate 5 GB per user you plan to have
   5. Accept the defaults for location and host caching, and then click OK.

3. Create an external load balancer to access the deployment externally:

   1. In the Azure portal click Browse > Load balancers, and then click Add.
   2. Enter a Name, select Public as the Type of load balancer, and select the appropriate Subscription, Resource Group, and Location.
   3. Select Choose a public IP address, Create new, enter a name, and select Ok.
   4. Select Create to create the load balancer.

4. Configure the external load balancer for your deployment

   1. In the Azure portal click Browse > Resource groups, click the resource group for the deployment, and then click the load balancer you created for the deployment.
   2. Add a backend pool for the load balancer to send traffic to:
      1. Select Backend pool and Add.
      2. Enter a Name and select + Add a virtual machine.
      3. Select Availability set and WebGwAvSet.
      4. Select Virtual machines, Contoso-WebGw1, Select, OK, and OK.
   3. Add a probe so the load balancer knows what machines are active:
      1. Select Probes and Add.
      2. Enter a Name [like HTTPS], select TCP, enter Port 443, and select OK.
   4. Enter load balancing rules to balance the incoming traffic:
      1. Select Load balancing rules and Add
      2. Enter a Name [like HTTPS], select TCP, and 443 for both the Port and the Backend port.
         • For a Windows 10 and Windows Server 2016 Deployment, leave Session persistence as None, otherwise select Client IP.
      3. Select OK to accept the HTTPS rule.
      4. Create a new rule by selecting Add.
      5. Enter a Name [like UDP], select UDP, and 3391 for both the port and the **Backend port.
         • For a Windows 10 and Windows Server 2016 deployment, leave Session persistence as None, otherwise select Client IP.
      6. Select OK to accept the UDP rule.
   5. Enter an inbound NAT rule to directly connect to Contoso-WebGw1
      1. Select Inbound NAT rules and Add.
      2. Enter a Name [like RDP-Contoso-WebGw1], select Customm for the service, TCP for the protocol, and enter 14000 for the Port.
      3. Select Choose a virtual machine and Contoso-WebGw1.
      4. Select Custom for the port mapping, enter 3389 for the Target port, and select OK.

5. Enter an external URL/DNS name for your deployment to access it externally:

   1. In the Azure portal, click Browse > Resource groups, click the resource group for the deployment, and then click the public IP address you created for RD Web Access and RD Gateway.
   2. Click Configuration, enter a DNS name label [like contoso], and then click Save. This DNS name label [contoso.westus.cloudapp.azure.com] is the DNS name that you'll use to connect to your RD Web Access and RD Gateway server.

Virtualization and Windows 7

Jorge Orchilles, in Microsoft Windows 7 Administrator's Reference, 2010

Remote Desktop Services

RDS [formerly Terminal Services] is the most commonly used method of application virtualization. This method presents applications to connected users. The application actually runs in a session on the server in the data center while it appears to be running on the local desktop. This is a cost effective and reliable method of deploying applications to an enterprise. Figure 9.39 shows a simplified diagram of how RDS works.

FIGURE 9.39. Remote Desktop Services

Users, whether local or remote, all connect to the RDS server. The application is displayed to the end user while being executed on the RDS server. This gives equal performance to both local and remote users running the application. When the applications need to be upgraded or patched, they are patched only on the RDS servers. When the users next connect and run the application, they receive the updated version. The RDS server is capable of supporting multiple users on a single server, and there are many new enhancements in RDS with Windows Server 7 that allow for a variety of connection methods. Web Services, Session Broker, and Network Load Balancing all work together to provide a seamless application virtualization environment for most users.

If your users do not want to connect to a server or a Web page to run their applications, there is a new feature in Windows Server 2008 RDS called RemoteApp. A published application can be converted to a RemoteApp and generate a Windows Installer File [MSI] that can be deployed through Active Directory, file download, e-mail, or your SCCM environment to all the targeted users. When installed on your Windows 7 desktop, double-clicking on it will launch the application just like it is installed on the end-user desktop. The connection to the RDS server is automatically established and the application is started. The RemoteApp can add items to the desktop Start menu or desktop icon just like a locally installed application.

Using the advanced features of the Remote Desktop Client in Windows 7 allows for mapping of resources to the RDS server, so files and printers can be shared when a user connects. The advanced features also can authenticate a user before a user session is created to relieve the extra burden on the RDS server and allow for more connections and better performance. The drawback to this solution is the fact that a user must be able to connect to the RDS server in some fashion to be able to run an application.

View chapterPurchase book

Read full chapter

URL://www.sciencedirect.com/science/article/pii/B9781597495615000097