Terminal Services: Windows Server 2008 (R2)
I would like to start a series of articles on using Windows Terminal Server. Here is what I would like to share with the respected community:
What distinguishes this cycle from numerous articles on Windows Terminal Services?
First of all, it is an emphasis on creating fault-tolerant systems (starting with WS2008, everything needed for this is available directly in Windows, without the use of additional equipment and programs). Secondly, it is the integration of the whole set of technologies under the roof of Terminal Services. Third, I will address the issues of daily, periodic, and emergency servicing of Terminal Services roles, as well as monitoring and reporting. And fourthly, this series is based on more than three years of experience with Windows Server 2008 (and more than a year when migrating from WS2008 to R2 and working with a wonderful, excellent WS2008 R2). How is this possible, you ask, because WS2008 was released a year ago, I’ve only released R2? The answer is simple: I work in Microsoft IT and directly dealt with the dog-training of Terminal Services and their subsequent translation into a full-fledged production service. (I want to note in parentheses: many confuse dog food with laboratory testing. These are completely different things: the purpose of testing is to identify bugs and performance on tests; dog food is the deployment of a real service with a slight decrease in planned reliability (for example, instead of 99.9% only 95%) and for a limited, but still quite wide audience (about a few thousand or tens of thousands of users)).
Another caveat before we get to the point: I try to use tracing from English terms as little as possible, and believe that “dogfuding”, “production” and the like was a tough nut for me: I didn’t pick good Russian words, I decided to use simple transliteration. So if you don’t grasp the meaning of these words, or if you want to suggest a Russian analogue - comment, but I still ask for some indulgence - it is very difficult to adequately translate terms like Single sign-on.
So, what did the new WS2008 bring to TS compared to WS2003?
The list of all innovations is very extensive: here is the change in architecture (for example, there is no longer session 0 (aka "console session")), and the introduction of new group policies, and much more. We will touch on some minor improvements further, but for now let's focus on major changes.
In the next article (well, of course, if someone is interested), we will look at the innovations of WS2008R2 (aka Win7 Server) compared to WS2008, and finally get down to business.
')
- Overview of innovations in WS2008 and WS2008R2
- Terminal server
- Install Terminal Server
- Software installation
- Basic monitoring
- Terminal Server Farm
- Planning
- Redirection and Session Broker
- User profiles
- Monitoring and maintenance
- TSWA / RemoteApp
- WS2008 and R2: Differences
- Planning and installation
- application filtering
- TS Gateway
- Principles of operation and conditions required for installation
- Installation and Setup
- Detailed consideration of authorization policies
- TS Gateway Farm
- Maintain, monitor, and collect connection statistics
- TSG / TSWA / TS Integration
- VDI
- General integration
What distinguishes this cycle from numerous articles on Windows Terminal Services?
First of all, it is an emphasis on creating fault-tolerant systems (starting with WS2008, everything needed for this is available directly in Windows, without the use of additional equipment and programs). Secondly, it is the integration of the whole set of technologies under the roof of Terminal Services. Third, I will address the issues of daily, periodic, and emergency servicing of Terminal Services roles, as well as monitoring and reporting. And fourthly, this series is based on more than three years of experience with Windows Server 2008 (and more than a year when migrating from WS2008 to R2 and working with a wonderful, excellent WS2008 R2). How is this possible, you ask, because WS2008 was released a year ago, I’ve only released R2? The answer is simple: I work in Microsoft IT and directly dealt with the dog-training of Terminal Services and their subsequent translation into a full-fledged production service. (I want to note in parentheses: many confuse dog food with laboratory testing. These are completely different things: the purpose of testing is to identify bugs and performance on tests; dog food is the deployment of a real service with a slight decrease in planned reliability (for example, instead of 99.9% only 95%) and for a limited, but still quite wide audience (about a few thousand or tens of thousands of users)).
Another caveat before we get to the point: I try to use tracing from English terms as little as possible, and believe that “dogfuding”, “production” and the like was a tough nut for me: I didn’t pick good Russian words, I decided to use simple transliteration. So if you don’t grasp the meaning of these words, or if you want to suggest a Russian analogue - comment, but I still ask for some indulgence - it is very difficult to adequately translate terms like Single sign-on.
Overview of Terminal Services innovations in Windows Server 2008 and Windows Server 2008 R2.
So, what did the new WS2008 bring to TS compared to WS2003?
The list of all innovations is very extensive: here is the change in architecture (for example, there is no longer session 0 (aka "console session")), and the introduction of new group policies, and much more. We will touch on some minor improvements further, but for now let's focus on major changes.
Terminal server
- New RDP 6.1. Three of the most significant improvements:
- ability to work via SSL (when using TS Gateway)
- Significant improvements in client security (passwords are not stored in RDP files, server certificate verification)
- new mode of operation: RemoteApp applications
- New drainstop mode. It allows you to stop servicing requests for new sessions, but does not affect already created ones, and also plays an important role in VDI and in some fault-tolerant server farm creation scenarios. We will definitely consider its use.
- New authentication mode NLA (Network Level Authentication, not to be confused with Network Location Awareness). Allows you to authenticate the user before showing him the classic login form (logon screen). This mode is in most cases incompatible with TS Gateway, and we will definitely figure out why.
- EasyPrint technology support. In WS2003, in order for a client to print from a server session on a local printer, the drivers for this printer must have been installed on TS. EasyPrint solves this problem.
EasyPrint is available in Vista and Win7 out of the box; to use it on XP, you need to install .net and several updates. - New group policies to manage TS. Some of them will be discussed below.
Session broker
- WS2003 was called “Session Broker”
- Support load balancing based on the number of sessions per TS. Allows you to create fault-tolerant farm terminal servers without the use of additional hardware. We will discuss this in a separate article.
Terminal Services Gateway
Did not exist before WS2008. It allows clients from other networks (for example, from the Internet) to connect to terminal servers and client computers (XP, Vista, Win7) using RDP over an SSL tunnel, and does not connect the networks themselves. (This explanation may seem unnecessarily confusing, but it captures the essence well. We will return to this in the TS Gateway article). For now, I note that this great technology allows in many cases to avoid using RAS / VPN and significantly improve the security of the connection.By the way, the technology won the Security Award at the Engineering Excellence Forum'08, and I am very pleased that I also put some effort into this.
Terminal Services Web Access
Did not exist before WS2008. Allows you to create a website where RemoteApp applications are published and a form for connecting to workstations in your organization. This technology is very often confused with TS Gateway, so I’ll emphasize right away that TSWA doesn’t deal with Access, which is an example of a slightly unsuccessful name. The most interesting application of this technology is in combination with TS Gateway, and we will deal with this in an article on the integration of Terminal Server, TS Gateway and TS Web AccessIn the next article (well, of course, if someone is interested), we will look at the innovations of WS2008R2 (aka Win7 Server) compared to WS2008, and finally get down to business.
')
Separately, I note that the lack of links, pictures and practical recommendations is more than compensated later when we begin to consider technologies in more detail. I hope it won't be boring.
Source: https://habr.com/ru/post/67039/
All Articles