Remote user experience: Windows Server 2012R2 RDS and Azure RemoteApp
Based on the technical webinar, an overview of Microsoft solutions for remote users was made, the following topics were considered:
• Building a terminal service based on Windows Server 2012R2.
• Building and using a virtual desktop system.
• Build and use a virtual desktop system based on Azure RemoteApp.
')
Decoding and recording a webinar under the cut.
Today, we will talk about such a thing as remote work of users. In Windows Server 2012 there is such a technology RDS, we will talk about it in detail today, and also consider the functionality in Azure RemoteApp.
The plan of our event. We will talk about licensing, about business problems that can be solved with the help of dedicated sessions, let's talk on what basis it all is built, how to manage it all, what RemoteApp is. We will answer the question of how RDS differs from VDI and look live at those technologies that we will talk about.
So, Windows Server 2012 and its server role of RDS. Licensing - RDS is included in 2 editions, both standard and data center. As we know, Microsoft made absolutely identical in functionality, they differ in their work with virtualization.
What do we need for RDS? First of all, Server Standart or Datacenter licenses. Do not forget also that the number of processors is taken into account, now there are 2 physical processors for each license. We also need Call licenses for users, as well as RDS licenses, in order to be able to connect terminal sessions to a terminal server. In addition, I did not specify here, very often I get questions: some people build the terminal server architecture in such a way that one version of the office is put on the terminal server, and the administrator believes that this is enough to connect all users of the organization. In fact, it is not, it is a big mistake. Yes, the office is placed in one copy, but licenses need to buy as many licenses, as many users or devices are planned to connect to our server. RDS is a new generation of terminal servers, in older OS versions, the technology was called “terminal server”, now it is called RDS - Remote Desktop Services.
Business tasks. The basic idea is to prepare a platform, thanks to which access will be provided either to the desktop or to applications for all users of our organization. Most often what it looks like. I have often had to install this server in different organizations - this is most popular in banks and government agencies, because when we, for example, deploy a branch, somewhere in the outback, we establish a branch. That there is no question of maximum power. It is about people performing their task on time and with high quality. And for this, as practice shows, it is enough to have such a device as a thin client. Due to this, users connect to RDS, set up a terminal session, log in to the server and work on its capacity, perform their business tasks. The same applies to state institutions, where we have a branch, outside major cities, there is also no talk about high capacities, therefore this solution is very common.
What is RDS? It allows us to centrally manage resources, centrally and in a controlled manner to provide applications and data to users. In addition, RDS technology implies 2 possible implementations. We will look at an example, when we put, I will show where this role is put.
Type 1 - session-based technology. When a user connects to this server, opens the remote desktop and logs in under his session, under his user.
Type 2 - virtual desktops technology, that is, using VDI technology /
These are 2 parts of one server. In addition, RDS can provide quick access to the workplace. Why? We are not tied to the device. We can connect to the portal, connect to the server and do our work. It is possible to ensure continuous work of the user - no matter where he is: at his workplace in the office, on a business trip, or even on vacation.
What new items do we have? Updated work with technology RomoteFX, that is, in the RDS server 2012 and 2012R2 updated work with graphics. We have streamlined data transfer, in addition, support is provided for DirectX 11. To whom this aspect is important - this is all already working. As we know, these things were negative reviews on previous versions of the system.
Through the use of RDS, we obtain a single entry point. The user has logged in to our domain, and gets access to all our resources. In RDS, USB redirection is implemented, with USB both on the device on which we are conducting the session and to the server.
As we know, Windows Server 2012 and 2012R2 works great with SMB 3.0 protocol. The RDS server is exactly the same, and we can store disks for storing user data on the SMB and RGCDSun protocols. In addition, since this technology is implemented in server 2012 and 2012R2, this service is easy to manage. That is, we have a tab in the manager, we have once considered, thanks to which, the management of the RDS server becomes intuitive, however, like all tools implemented in winserver 2012.
And of course, this service provides high availability options when the work of our users will not depend on the work of only one server.
What is RDS based on? It is built on the basis of several roles, which can be configured on different servers, as well as choose a simple installation at the time of installation, installing most of the roles on one server.
What are the main roles we can highlight?
Remote Desktop Connection Broker. He is engaged in connecting the client device to RemoteApp applications as well as session-based desktops, or virtual desktops, depends on what technology RDS we have built on the basis of.
In addition, we have a role that provides web-based access to remote desktops. Its task is to provide resources through a web browser. In addition, we have a remote desktop session node — this role allows you to host applications on the server, or sessions-based desktops. We have a remote desktop virtualization node. At this site, this is our Hyper-V server, where all virtual machines are deployed to us, access to which will be obtained by all users using VDI technology.
The last is the Remote Desktop Gateway; it is an intermediary between clients from the external network and a collection of sessions in the internal network and applications. Gateway is security, our service is absolutely secure. And thanks to the fact that RDS in 2012 and 2012R2 becomes more flexible, absolutely all the shortcomings that were before are worked out. Now this service is easy to implement for huge, large-scale projects, for large corporations. Previously, there were some questions.
So, when we connect to the user, to our RDS server, we often had several questions. First of all: how to manage it all? I will show you control, it is very simple and intuitive for any user. There are no difficulties here, but it would be possible to single out such parameters that will allow administrators, first of all, to save resources and ensure the quality work of their users.
We can limit, set the end time of the disconnected session. This parameter specifies the time after which the server will end a disconnected session. If the user has disconnected for some reason, most often it is applicable in places where the connection is unstable. If during the specified time the user connects back, he gets into his own session, that is, all the resources with which he works, they are active, he connects and will continue to work. If the time has expired, the server deletes all temporary files of the user and cancels the entire session.
In addition, we can limit the activity, the duration of the session. Why do you need it? Now there is a common trend when companies struggle with the fact that users have been working for too long, “work must be at work”, etc. If this principle is observed, then it can be very easily established by the rules: we set the maximum user time on the RDS server. Most often this time is put a little more.
Restriction of inactive session. If for some time the user has not performed any action, then it is disabled. Useful thing: they very often encounter sessions that hang, the user has forgotten about them, and the server load is on, and other users do not have enough power.
When installing all these settings, you need to remember that users do not like it when their session is terminated . Therefore, it is desirable to analyze, audit, collect all the wishes, and based on this set all these parameters.
RDS server allows you to now provide a separate disk for the user. That is, in the settings of the RDS server, in the parameters you can specify the place where the virtual disk will be stored for each user.
A virtual disk is a new feature that is designed to eliminate the outdated service of remote profiles, relocatable profiles. Here for each user there is an opportunity to create a limited VHDD disk, it will be placed along the path that you specify. This disk will connect to the user using their settings. Using the redirected profile, folder redirection, we can implement for each user his own settings, his profile.
Personally, in all my projects I recommend implementing a file server when deploying an IT infrastructure system. This allows you to create a Home folder for all users, and we can connect this folder as a disk when users log in using group policies. This is like another option of providing a disk for users.
We considered the first possibility when a user logs on as a separate session connecting to his remote desktop and use the server as his working machine. What is on his desktop, he uses only as a device to connect.
The second implementation of the RDS server. Remote applications. This is the portal on which the user enters and sees those applications that are available to him, with which he can work.
Very often I have heard the question: how does RDS differ in VDI?
The question was correct until we have Windows Server 2012 and 2012R2, where VDI is included in RDS. If we are talking about the difference in connections at the session and virtual desktops level, then in the first case we connect devices directly to the server, log in as a remote user to the remote desktop, work on the server simply with its own profile. What are the dangers? In the case of obtaining administrator rights by the user, no one is immune from this, there is the possibility of infecting the server, or causing harm to the entire organization, to all users.
When using VDI - each user works in his virtual machine. Consequently, causing any harm only to a specific virtual machine, using VDI technology, we can quickly lift the “fallen” virtual machine. However, we do not harm our organization, and all users continue to work. RDS is a critical server, so planning your use should be approached very carefully. There are many companies where this is implemented, companies that can give you advice on its implementation.
We will move from local services to what we have now in the clouds.
Consider how RDS technology is implemented now in cloud infrastructures. Of course, we'll talk about Microsoft Azure - this is the Microsoft cloud. One of its functions is to provide access to remote applications. Azure is a business designer. You put a deposit on the portal, on a personal account, and when using this or that technology, whether you need it or not - you decide, and money is withdrawn from your account for using services. As you remember, there is a calculator there - it will show the cost of all the resources used, and you can estimate the budget before using it.
In addition, it is possible to use the trial version. You can already use the services, see how they work, even before they are purchased. You can look at all the features absolutely free.
We now look at Microsoft Azure RemoteApp. Provides universal access to all applications, secure access, and, most interestingly, it will be access from anywhere in the world.
This technology allows you to use as templates that already exist - this is the most frequent application that we use through the terminal session: office applications + some things that we have on the server, maybe a calculator, image editor, etc.
What does this look like?
That RDS server with which we will work is in the virtual infrastructure. This is the question of whether it is possible to implement an RDS server in a virtual infrastructure? - yes you can. Connect to the RDS server. The server manager has a very simple control.
My server is implemented on the basis of sessions. Everything is very simple here, I can see the configuration of all my roles: how they are implemented, what they are implemented on the basis of, what server is responsible for each role, etc. I can add with the help of 1-2 clicks a new server, if I need it. I have a session-based collection. I have openly published several applications.
I can provide access to a collection of applications to specific groups of users. Here there are those management parameters that we talked about, here they are easily configured: the path to the disk, the delays in disconnecting sessions, the conditions for disconnecting sessions, etc. I can publish those applications that I need by selecting their checkmarks.
Now the demonstration (from 24 minutes in the record )
Let's see the option with the sessions. If I connect to this session, with the help of different users, then I can configure these users with their rights, how they will see the server itself, the settings of the server itself for them, the applications with which they will work. I can configure security the way I need it. All parameters: the default application, the desktop, we can all do it. We also see the second user, who, for example, does not even have the right to see the start menu, if, for example, he has such a restriction in rights. By this I wanted to show that the administrator has the ability to flexibly configure terminal sessions for different users. Make it easy and as safe as possible so that the user uses only what he needs to work.
Let's see the implementation of RemoteApp. I enter a string for web access, we can take it either by name or by IP address. We get to the portal, it looks standard for all. It contains the applications that the user can run on his local workstation. After we open the list of applications installed on the server, we can select the ones we want to publish for the user. Thus, we can publish different groups of applications for different users, for different groups of users: for different departments, for example. And do not bother installing any local applications. Once deployed - and all users get access. This practice is very widely used especially in international companies, when offices located in different countries log in via VPN, gain access to the main office, the main data center, and work with the necessary programs through terminal servers.
Now look at Azure . Go to the portal azure.microsoft.com. Benefits of using RemoteApp through Azure. We do not spend resources on the publication, on support of work of our applications: everything is implemented in a cloud. Access from everywhere, the main thing that was the Internet. When entering the portal, you see all the services that are there. Today we need a RemoteAPP service. In the lower left corner there is a “create” button and here it is easy and simple to create a collection, just enter the name of our collection and select the type of template that we have. By default, we have 2 types of templates: office and applications that we have on the server. But besides, we have the opportunity to upload our templates here to deploy our own applications - for this you need to connect azure to your network.
By management. I have 2 collections deployed: office and windows. Their access to users can be configured through the appropriate tab, where I need to specify just the user name. Just like in the local RDS server, we have the ability to publish applications, or you can remove the publication that is. Everything works the same as in the local RDS server.
In relation to the work with this service. To use it you need to install an agent. It will allow us to connect to the Azure RemoteApp service and use those programs that we already have. On the portal, opposite each of my collections, my templates, there will be a link to the portal, where I will be asked to download an agent in order to use Azure RemoteApp in my local infrastructure.
Azure RemoteApp – . , .
, Azure – -.
. . :
— ,
— .
, , .
– , . . , .
Windows Server 2012 2012R2 – , . – .
Azure RemoteApp . , , , , .
, . , , .
.
29 , : «Office 365. . SharepointOnline. Yammer» . 09.30 11.00 ( ). training@muk.com.ua.
Microsoft
Microsoft
MUK-Service - all types of IT repair: warranty, non-warranty repair, sale of spare parts, contract service
• Building a terminal service based on Windows Server 2012R2.
• Building and using a virtual desktop system.
• Build and use a virtual desktop system based on Azure RemoteApp.
')
Decoding and recording a webinar under the cut.
Today, we will talk about such a thing as remote work of users. In Windows Server 2012 there is such a technology RDS, we will talk about it in detail today, and also consider the functionality in Azure RemoteApp.
The plan of our event. We will talk about licensing, about business problems that can be solved with the help of dedicated sessions, let's talk on what basis it all is built, how to manage it all, what RemoteApp is. We will answer the question of how RDS differs from VDI and look live at those technologies that we will talk about.
So, Windows Server 2012 and its server role of RDS. Licensing - RDS is included in 2 editions, both standard and data center. As we know, Microsoft made absolutely identical in functionality, they differ in their work with virtualization.
What do we need for RDS? First of all, Server Standart or Datacenter licenses. Do not forget also that the number of processors is taken into account, now there are 2 physical processors for each license. We also need Call licenses for users, as well as RDS licenses, in order to be able to connect terminal sessions to a terminal server. In addition, I did not specify here, very often I get questions: some people build the terminal server architecture in such a way that one version of the office is put on the terminal server, and the administrator believes that this is enough to connect all users of the organization. In fact, it is not, it is a big mistake. Yes, the office is placed in one copy, but licenses need to buy as many licenses, as many users or devices are planned to connect to our server. RDS is a new generation of terminal servers, in older OS versions, the technology was called “terminal server”, now it is called RDS - Remote Desktop Services.
Business tasks. The basic idea is to prepare a platform, thanks to which access will be provided either to the desktop or to applications for all users of our organization. Most often what it looks like. I have often had to install this server in different organizations - this is most popular in banks and government agencies, because when we, for example, deploy a branch, somewhere in the outback, we establish a branch. That there is no question of maximum power. It is about people performing their task on time and with high quality. And for this, as practice shows, it is enough to have such a device as a thin client. Due to this, users connect to RDS, set up a terminal session, log in to the server and work on its capacity, perform their business tasks. The same applies to state institutions, where we have a branch, outside major cities, there is also no talk about high capacities, therefore this solution is very common.
What is RDS? It allows us to centrally manage resources, centrally and in a controlled manner to provide applications and data to users. In addition, RDS technology implies 2 possible implementations. We will look at an example, when we put, I will show where this role is put.
Type 1 - session-based technology. When a user connects to this server, opens the remote desktop and logs in under his session, under his user.
Type 2 - virtual desktops technology, that is, using VDI technology /
These are 2 parts of one server. In addition, RDS can provide quick access to the workplace. Why? We are not tied to the device. We can connect to the portal, connect to the server and do our work. It is possible to ensure continuous work of the user - no matter where he is: at his workplace in the office, on a business trip, or even on vacation.
What new items do we have? Updated work with technology RomoteFX, that is, in the RDS server 2012 and 2012R2 updated work with graphics. We have streamlined data transfer, in addition, support is provided for DirectX 11. To whom this aspect is important - this is all already working. As we know, these things were negative reviews on previous versions of the system.
Through the use of RDS, we obtain a single entry point. The user has logged in to our domain, and gets access to all our resources. In RDS, USB redirection is implemented, with USB both on the device on which we are conducting the session and to the server.
As we know, Windows Server 2012 and 2012R2 works great with SMB 3.0 protocol. The RDS server is exactly the same, and we can store disks for storing user data on the SMB and RGCDSun protocols. In addition, since this technology is implemented in server 2012 and 2012R2, this service is easy to manage. That is, we have a tab in the manager, we have once considered, thanks to which, the management of the RDS server becomes intuitive, however, like all tools implemented in winserver 2012.
And of course, this service provides high availability options when the work of our users will not depend on the work of only one server.
What is RDS based on? It is built on the basis of several roles, which can be configured on different servers, as well as choose a simple installation at the time of installation, installing most of the roles on one server.
What are the main roles we can highlight?
Remote Desktop Connection Broker. He is engaged in connecting the client device to RemoteApp applications as well as session-based desktops, or virtual desktops, depends on what technology RDS we have built on the basis of.
In addition, we have a role that provides web-based access to remote desktops. Its task is to provide resources through a web browser. In addition, we have a remote desktop session node — this role allows you to host applications on the server, or sessions-based desktops. We have a remote desktop virtualization node. At this site, this is our Hyper-V server, where all virtual machines are deployed to us, access to which will be obtained by all users using VDI technology.
The last is the Remote Desktop Gateway; it is an intermediary between clients from the external network and a collection of sessions in the internal network and applications. Gateway is security, our service is absolutely secure. And thanks to the fact that RDS in 2012 and 2012R2 becomes more flexible, absolutely all the shortcomings that were before are worked out. Now this service is easy to implement for huge, large-scale projects, for large corporations. Previously, there were some questions.
So, when we connect to the user, to our RDS server, we often had several questions. First of all: how to manage it all? I will show you control, it is very simple and intuitive for any user. There are no difficulties here, but it would be possible to single out such parameters that will allow administrators, first of all, to save resources and ensure the quality work of their users.
We can limit, set the end time of the disconnected session. This parameter specifies the time after which the server will end a disconnected session. If the user has disconnected for some reason, most often it is applicable in places where the connection is unstable. If during the specified time the user connects back, he gets into his own session, that is, all the resources with which he works, they are active, he connects and will continue to work. If the time has expired, the server deletes all temporary files of the user and cancels the entire session.
In addition, we can limit the activity, the duration of the session. Why do you need it? Now there is a common trend when companies struggle with the fact that users have been working for too long, “work must be at work”, etc. If this principle is observed, then it can be very easily established by the rules: we set the maximum user time on the RDS server. Most often this time is put a little more.
Restriction of inactive session. If for some time the user has not performed any action, then it is disabled. Useful thing: they very often encounter sessions that hang, the user has forgotten about them, and the server load is on, and other users do not have enough power.
When installing all these settings, you need to remember that users do not like it when their session is terminated . Therefore, it is desirable to analyze, audit, collect all the wishes, and based on this set all these parameters.
RDS server allows you to now provide a separate disk for the user. That is, in the settings of the RDS server, in the parameters you can specify the place where the virtual disk will be stored for each user.
A virtual disk is a new feature that is designed to eliminate the outdated service of remote profiles, relocatable profiles. Here for each user there is an opportunity to create a limited VHDD disk, it will be placed along the path that you specify. This disk will connect to the user using their settings. Using the redirected profile, folder redirection, we can implement for each user his own settings, his profile.
Personally, in all my projects I recommend implementing a file server when deploying an IT infrastructure system. This allows you to create a Home folder for all users, and we can connect this folder as a disk when users log in using group policies. This is like another option of providing a disk for users.
We considered the first possibility when a user logs on as a separate session connecting to his remote desktop and use the server as his working machine. What is on his desktop, he uses only as a device to connect.
The second implementation of the RDS server. Remote applications. This is the portal on which the user enters and sees those applications that are available to him, with which he can work.
Very often I have heard the question: how does RDS differ in VDI?
The question was correct until we have Windows Server 2012 and 2012R2, where VDI is included in RDS. If we are talking about the difference in connections at the session and virtual desktops level, then in the first case we connect devices directly to the server, log in as a remote user to the remote desktop, work on the server simply with its own profile. What are the dangers? In the case of obtaining administrator rights by the user, no one is immune from this, there is the possibility of infecting the server, or causing harm to the entire organization, to all users.
When using VDI - each user works in his virtual machine. Consequently, causing any harm only to a specific virtual machine, using VDI technology, we can quickly lift the “fallen” virtual machine. However, we do not harm our organization, and all users continue to work. RDS is a critical server, so planning your use should be approached very carefully. There are many companies where this is implemented, companies that can give you advice on its implementation.
We will move from local services to what we have now in the clouds.
Consider how RDS technology is implemented now in cloud infrastructures. Of course, we'll talk about Microsoft Azure - this is the Microsoft cloud. One of its functions is to provide access to remote applications. Azure is a business designer. You put a deposit on the portal, on a personal account, and when using this or that technology, whether you need it or not - you decide, and money is withdrawn from your account for using services. As you remember, there is a calculator there - it will show the cost of all the resources used, and you can estimate the budget before using it.
In addition, it is possible to use the trial version. You can already use the services, see how they work, even before they are purchased. You can look at all the features absolutely free.
We now look at Microsoft Azure RemoteApp. Provides universal access to all applications, secure access, and, most interestingly, it will be access from anywhere in the world.
This technology allows you to use as templates that already exist - this is the most frequent application that we use through the terminal session: office applications + some things that we have on the server, maybe a calculator, image editor, etc.
What does this look like?
That RDS server with which we will work is in the virtual infrastructure. This is the question of whether it is possible to implement an RDS server in a virtual infrastructure? - yes you can. Connect to the RDS server. The server manager has a very simple control.
My server is implemented on the basis of sessions. Everything is very simple here, I can see the configuration of all my roles: how they are implemented, what they are implemented on the basis of, what server is responsible for each role, etc. I can add with the help of 1-2 clicks a new server, if I need it. I have a session-based collection. I have openly published several applications.
I can provide access to a collection of applications to specific groups of users. Here there are those management parameters that we talked about, here they are easily configured: the path to the disk, the delays in disconnecting sessions, the conditions for disconnecting sessions, etc. I can publish those applications that I need by selecting their checkmarks.
Now the demonstration (from 24 minutes in the record )
Let's see the option with the sessions. If I connect to this session, with the help of different users, then I can configure these users with their rights, how they will see the server itself, the settings of the server itself for them, the applications with which they will work. I can configure security the way I need it. All parameters: the default application, the desktop, we can all do it. We also see the second user, who, for example, does not even have the right to see the start menu, if, for example, he has such a restriction in rights. By this I wanted to show that the administrator has the ability to flexibly configure terminal sessions for different users. Make it easy and as safe as possible so that the user uses only what he needs to work.
Let's see the implementation of RemoteApp. I enter a string for web access, we can take it either by name or by IP address. We get to the portal, it looks standard for all. It contains the applications that the user can run on his local workstation. After we open the list of applications installed on the server, we can select the ones we want to publish for the user. Thus, we can publish different groups of applications for different users, for different groups of users: for different departments, for example. And do not bother installing any local applications. Once deployed - and all users get access. This practice is very widely used especially in international companies, when offices located in different countries log in via VPN, gain access to the main office, the main data center, and work with the necessary programs through terminal servers.
Now look at Azure . Go to the portal azure.microsoft.com. Benefits of using RemoteApp through Azure. We do not spend resources on the publication, on support of work of our applications: everything is implemented in a cloud. Access from everywhere, the main thing that was the Internet. When entering the portal, you see all the services that are there. Today we need a RemoteAPP service. In the lower left corner there is a “create” button and here it is easy and simple to create a collection, just enter the name of our collection and select the type of template that we have. By default, we have 2 types of templates: office and applications that we have on the server. But besides, we have the opportunity to upload our templates here to deploy our own applications - for this you need to connect azure to your network.
By management. I have 2 collections deployed: office and windows. Their access to users can be configured through the appropriate tab, where I need to specify just the user name. Just like in the local RDS server, we have the ability to publish applications, or you can remove the publication that is. Everything works the same as in the local RDS server.
In relation to the work with this service. To use it you need to install an agent. It will allow us to connect to the Azure RemoteApp service and use those programs that we already have. On the portal, opposite each of my collections, my templates, there will be a link to the portal, where I will be asked to download an agent in order to use Azure RemoteApp in my local infrastructure.
Azure RemoteApp – . , .
, Azure – -.
. . :
— ,
— .
, , .
– , . . , .
Windows Server 2012 2012R2 – , . – .
Azure RemoteApp . , , , , .
, . , , .
.
29 , : «Office 365. . SharepointOnline. Yammer» . 09.30 11.00 ( ). training@muk.com.ua.
Microsoft
Microsoft
MUK-Service - all types of IT repair: warranty, non-warranty repair, sale of spare parts, contract service
Source: https://habr.com/ru/post/258719/
All Articles