The author of the article is Roman Levchenko ( www.rlevchenko.com ), MVP - Cloud and Datacenter Management

Exit Windows Server 2016 closer and closer, and we continue to consider the most important innovations of the next release. Today we will talk about one of the most requested roles - Remote Desktop Services or RDS (Remote Desktop Services).
Before diving into the world of new, I recommend to get acquainted with the list of those features that provide Windows Server 2012/2012 R2 . If everything is in the subject, then we will return to the main point and consider in detail directly WS 2016 RDS.

Multipoint Services

MultiPoint Server (MPS) is a technology and solution based on Windows Server and RDS to provide the basic functionality of remote desktops. Positioned for use in classrooms or institutions where there are no large requirements for load and scalability. The peculiarity is that user stations can consist only of a monitor, keyboard and mouse (“zero” clients) and connect directly to the MPS server via USB hubs, video cables or LAN (RDP-over-LAN, if the client is for example, a laptop or thin client). As a result, the end user receives a low-cost solution for providing desktop functionality with absolutely minimal costs for user endpoints.

The first version of MPS, released in February 2010, was able to connect stations only through specialized USB hubs and video ports.
')
The usual RDP connectivity was added only in the next version of MPS 2011, which was released in March 2011. In addition to RDP-over-LAN, MPS 2011 was updated as follows:

• RemoteFX support
• Virtualization support
• Projecting a desktop from one station to another (for example, the desktop of a trainer or teacher is duplicated on user stations)
• Ability to restrict Internet access based on filters
• Remote launch of applications, blocking peripherals (keyboards, mice) on connected stations

In the following and, for the moment, the latest version of MPS 2012 has been added:

• New console for centralized table management
• Protecting the system partition from unwanted changes
• MPS Connector client for monitoring and controlling stations, including tablets

Licensing is reminiscent of full-featured RDS. It is still required to license each end station and have MPS server licenses, which are different editions:

Revision Name	Standard	Premium
Number of connected stations	To 10	Up to 20
Virtualization	Not	Yes
Number of CPU (Sockets)	one	2
Max. memory	32 GB	Unlimited
Domain Connection	Not	Yes

The main types of stations MultiPoint Services

As mentioned above, MPS not only supports classic RDP, but also allows you to connect "zero" clients (an example is the Wyse 1000 ) in the following ways:

• Direct connection to the head station video card
  
  In the figure, 4 client stations are connected directly to the main station via USB and, for example, VGA ports. It is obvious that this type of connection implies the corresponding requirements for the hardware configuration of the head station and in some scenarios is not applicable (scale, distance, mobility)
  
  
  
  
• USB connection
  
  The figure below shows the interaction of the primary station (a station that is connected directly to the MPS and is used for the primary configuration regardless of the scenario) and two “zero” clients connected via USB hubs (example: Wise 1000 ). Unlike the first method, we do not need to additionally calculate the video subsystem configuration of the MPS server to form the required number of video outputs. But due to the limitation on the distance between stations and MPS (for Dell Wise 1000 ~ 5 meters) it is recommended to use in small rooms with a small number of end users.
  
  
  
  
• Using USB Over-Ethernet
  
  More scalable connection type. Instead of USB-to-USB, USB probros over the LAN are used, thereby providing the possibility of building an MPS system in larger premises (client example: Wise 1003 )
  

What about Windows Server 2016?

The above functionality has been completely migrated to Windows Server 2016 (currently Technical Preview 4 ). MultiPoint Server is now a new type of RDS deployment.

There are no data on licensing of such a deployment scheme for 2016. I mean that the licensing scheme of MPS 2012 will be partially transferred to WS 2016, and the editors of MPS will be abolished.

Deployment process

Experienced engineers or administrators who are already familiar with the RDS configuration procedure as part of a VDI or Session-Based solution will find it easier and faster to configure and use MPS. This is also a plus, given the target audience of MPS.

There are three ways to install MultiPoint Services: via Server Manager (role-based), Powershell and via RDS Installation.

Run through the first two and then move on to the basic MPS setup process.

1. Using the Server Manager and role installation, select MultiPoint Services, agree to install additional components and proceed to the next step.
   
   
   
   
2. You can read again what MPS is. It should be noted that RD Licensing will need to be activated after the MPS configuration.
   
   
   
   
3. Together with the main MPS service, Print and Document Services are additionally deployed, the purpose of which is, I hope, known to everyone. Nothing interesting, we go further.
   
   
   
   
4. We leave everything by default.
   
   
   • Print Server - needed to manage multiple printers
   • Distributed Scan Server - manage and provide access to scanners that support Distributed Scan Management
   • Internet Printing - web access to printer jobs with the ability to send print documents via Internet Printing Protocol
   • LPD Service - the Line Printer Daemon service allows UNIX clients, using the Line Printer Remote service, to send print tasks to available printers.
   
   
   
   
   
5. We do not need a full-fledged RDS, so we leave the suggested default values.
   
   
   
   
6. After confirmation, the server will go to reboot and, using the primary station, you will need to produce the required configuration when you first start the MPS. At the time of launch, you will be prompted to identify the primary station (by pressing the “B” key), after which the server will switch to the RDS / MPS services configuration mode.
   
   
   
   MPS will add a WmsShell account to support work in multi-station mode and will create a WmsOperators group to create access to the control console (Dashboard).
   

All 6 points can be “compressed” to 1 command in PowerShell:



Go to the MPS Manager (MPS Manager)



From my remote station, I want to configure access to the MPS via RDP-over-LAN. To do this, add a new user account MPS



From the point of view of the MPS, there are 3 types of users: a standard user for accessing the MPS, a user for managing user sessions, and an administrator. In fact, this is an imitation of a full-fledged RBAC (Role Based Access Control).



So, the user is added. Check the connection. Using MSTSC and RDP features, I connect to the MPS server using the above account. When each user connects to the MPS for the first time, the following message will be displayed: “To assist in using this computer, your actions will be monitored by the system administrator.”



After confirmation, a new terminal session will be created for the user, while the administrator will be able to manage the user session interactively using the MPS Dashboard.

Let's go to the MPS Dashboard (a separate console). The main part of the console will be occupied by dynamically changing mini-screens of user sessions. This reminds me of a security service screen for monitoring video signals from cameras, but MPS allows us not only to observe what is happening in user sessions, but also really manage and change them (take control, block stations or initiate log off, send IM to selected users, block USB devices or remotely start / close applications).



For example, with each user station and its session we can do the following:

• unlock / lock a station and display a message on a specific station;
  
  
  
  
• restrict web access by defining a list of allowed or denied URLs;
  
  
  
  
• project your desktop to client stations;
  
  
  
  

If you go back to the MPS Manager, you can see that the connected station is displayed in the Stations tab, where you can additionally manage the selected stations.



The settings of the MPS itself are located on the Home Home entry. We can, for example, disable notifications that the session is not private, so that users do not have additional questions :)



Multi-Session mode carries some security risks, so it is possible to protect the system disk from unwanted changes. One click and confirmation is enough to enable Disk Protection.



If there is an application that requires a client environment, in some cases isolated, then this is achieved in MPS by including Virtual Desktops. The principle of operation is similar to the pooled-collection in a full VDI. Each “virtualized station” will be created from a template and roll back changes after each user logout. As you can see, the full functionality of VDI is not achieved, but still the very existence of such a possibility expands the scope of MPS.

FAQ

How to remove MPS services correctly?

Remove the role through Server Manager, restart the server and run the script .




What about the PowerShell module for MPS?

At the moment, there is no separate module. In my opinion, the already existing module for RDS will be updated to support the management of the MPS.

findings

Moving the MultiPoint Server functionality to Windows Server 2016 is quite an interesting and useful solution that should revitalize the applicability of MPS in exactly the scenarios in which it is recommended to use. In addition to standard training classes, MPS can also be used by partners to provide demo stands or showrooms, independent coaches and other professionals whose goal is to convey information to listeners or customers competently.

Thanks for attention!