Remote Desktop Services is a collection of roles that enable secure remote desktop access. This solution combined with cloud services empowers organizations to create true work from anywhere experience for their users. RDS is an excellent way to deliver a remote work experience for your users. It provides the flexibility to provide full desktop sessions or published apps. For the purpose of this article, we will cover a single site deployment of the RDS infrastructure. Further considerations need to be taken if your application requires High Availability, DRaaS for RDS, Geo-redundancy, or User Profile Management.
Roles Required
|
Dependencies
|
RDS Considerations
There is no one size fits all recommendation for RDS deployments. There are many factors that must be considered for a successful deployment of Remote Desktop Services. Below is a list of some of the considerations when deploying RDS.
Question | Potential Answers |
How many users will the system need to handle? |
|
What types of users will make up the base? |
|
What types of applications will need to run on the system? |
|
How will User Profile Data be stored? |
|
How will user security be ensured? |
|
What are the users’ networking needs? |
|
Network Topology
It’s recommended to deploy the public facing roles into a DMZ. Only open the necessary ports to allow communication from the Internet to the RD Gateway and/or RD Web server. And only open the necessary ports to enable the RD Gateway and/or RD Web servers to communicate with the internal resources on the LAN.
NOTE: Additional ports may need to be open based on client specific requirements. Always take the principal of least privilege when considering opening ports from the Internet to the DMZ and the DMZ to the LAN.
Internet to DMZ
RD Gateway Server (Internet → In) |
|
RD Web Svr (Internet → In) |
|
DMZ to Internal (LAN)
RD Gateway/Web Svr to AD Svr (User Authentication) |
|
RD Gateway/Web Svr to RD Connection Broker Svr |
|
RD Gateway Svr to RD Session Host |
|
Network Diagram
Cloud Infrastructure
It is possible to combine roles to reduce the number of servers and save on cost. For the purpose of this document, roles will be installed on dedicated servers.
Active Directory Server
The domain controller will run the FSMO roles, handle authentication requests and manage DNS for the network. It is recommended that this server have enough resources to properly run these roles.
Licensing Server
The RD licensing role is one that is often consolidated onto another server such as the Active Directory server. This role requires minimal resources to distribute licenses to RDS users/devices.
RD Gateway Server
The gateway server role handles access requests to the RDS environment from users on public networks. This role is can be consolidated with another role server such as the RD Web role server. Since this server is Internet facing, it should be placed in a DMZ. Communication between the server and client is secured with SSL.
Next to the session hosts, the gateway server is often the busiest. The number of connections the gateway server can handle depends on the types of users in your environment. Processing the connection requests and SSL encryption can put a high demand on the vCPU as the number of connection requests increase.
RD Connection Broker
The connection broker server manages incoming remote desktop connections to RD Session Host server collections. It will also reconnect disconnected sessions for users. This role can be consolidated with another role. This server needs to be sized properly for peak usage or logon storms.
The connection broker is often one of the busiest servers in the deployment. The number of connections the broker can process depends on the configuration of the system. This server needs to be sized properly for peak usage or logon storms. In your sizing, be sure to factor in the OS requirements.
RD Web Server
The RD Web Server is an optional role that enables users to access their desktops and/or applications through a web portal. It requires the IIS role to function properly. Since this server is Internet facing, it should be placed in a DMZ. For smaller deployments, this role can be consolidated with the RD Gateway server.
RD Session Host
The session host will handle the user sessions. These servers will be the most resource intensive in the RDS deployment. Green Cloud IaaS has a maximum of 8vCPU and 128GB of RAM per VM. The number of users you can allocate per server all depends on the types of users in your environment. Storage should also be considered when deploying your session host. Ensure you have fast storage as well as enough capacity for your user and application needs. In your sizing, be sure to factor in the OS requirements.
Resource Recommendations
Server Name | vCPU | RAM | Storage |
Active Directory Server | 1 (min) | 4GB (min) | 48GB Standard (min) |
Licensing Server | 1 (min) | 2GB (min) | 48GB Standard (min) |
RD Gateway Server | 2 (min) – 8 (max) | 4GB (min) | 48GB Standard (min) |
RD Connection Broker | 2 (min) – 8 (max) | 4GB (min) | 48GB Standard (min) |
RD Web Server | 2 (min) – 8 (max) | 4GB (min) | 48GB Standard (min) |
RD Session Host | 1-4 users per vCPU (8vCPU max) | 2-8 GB per user (128GB max) | Premium Storage (Make sure there is enough storage to accommodate the number of users and your profile management methods) |