One of the improved areas in Windows Server 2008 R2
is Remote Desktop Services (RDS). RDS is not fundamentally new; in prior
versions of Windows, RDS was known as Terminal Services. Table 1
shows the Terminal Services features from Windows Server 2008 with the
newly named equivalent services in Windows Server 2008 R2.
Table 1. Remote Desktop Services
| Windows 2008 Terminal Services | Windows Server 2008 R2 RDS |
|---|
| Terminal Server | Remote Desktop Session Host |
| Terminal Services Licensing | Remote Desktop Licensing |
| Terminal Services Session Broker | Remote Desktop Connection Broker |
| Terminal Services Gateway | Remote Desktop Gateway |
| Terminal Services Web Access | Remote Desktop Web Access |
In addition to these new role
services in Windows Server 2008 R2 RDS, Windows Server 2008 R2 also has
a new service called Remote Desktop Virtualization Host. This service
provides your organization with the ability to create a Virtual Desktop
Infrastructure (VDI). VDI is an architectural model where a desktop OS
runs in a server-based virtual machine environment. This allows you to
connect to the desktop using the Remote Desktop Protocol (RDP) and work
with the desktop as if the desktop were locally on the user's physical
machine.
1. Understand the Remote Desktop Services Role Services Requirements
After you have determined
which RDS role services you want to use on your server, you need to
install appropriate prerequisite services for the roles. Table 2 lists which RDS role services require additional services.
Table 2. Role Services Prerequisites
| RDS Role Service | Prerequisites |
|---|
| Remote Desktop Virtualization Host | This
new role to Windows Server 2008 R2 requires you have, the Hyper-V role
installed on your server. In combination with other RDS role services,
this service is key to providing your network with a VDI. |
| Remote Desktop Connection Broker | This
role service requires your server be a member of a domain before you
can install the service. If the Windows Server 2008 R2 server is not a
member of a domain, you will see a message similar to Figure 1. |
| Remote Desktop Gateway | This
role service requires the Web Server role, which includes IIS 6
management compatibility for the metabase. Also, this will install IIS
security including basic Windows authentication, and client certificate
mapping authentication. Additionally, it requires the Network Policy
Server and the RPC over HTTP Proxy feature. |
| Remote Desktop Web Access | This
role service requires the Web Server role, which includes common HTTP
features (HTTP Redirection) and Windows authentication for security.
Additionally, some IIS 6 management compatibilities for the metabase are
required. |
2. Install Additional Role Services and Prerequisites for Remote Desktop Services
The installation for Remote
Desktop Servers can be easy if you are just installing the core Remote
Desktop Session Host or can be complicated if you choose to install all
the role services. In this section, you will see some
of the additional choices you will have when you install other RDS role
services.
To open Server Manager, select Start => Administrative Tools => Server Manager.
Click Roles in the tree menu on the left.
Click Add Roles in the details pane on the right to begin installing Remote Desktop Services.
On
the Add Roles Wizard welcome page, click Next. You can also select
"Skip this page by default" to ignore the page for future role
installations.
On the Select Server Roles page, select Remote Desktop Services. Then click Next.
Read the welcome screen, and then click Next.
On the Select Roles Services page, select which role services you need to install.
Depending on what role
services you have selected, you may see additional choices during your
installation. If you choose to install these roles after you have
already installed the core Remote Desktop Services, you will need to add
role services via Server Manager. Whether you add the role services
during your initial install of RDS or after you have installed RDS, the
process is similar.
2.1. Install Remote Desktop Gateway
Remote Desktop Gateway
provides an access mechanism for your Windows Server 2008 R2 Remote
Desktop Services via the Internet. The RD Gateway allows your users who
are outside your network to securely connect to the RDS server with the
SSL protocol over the Internet without having to use a VPN.
When you make the choice to install Remote Desktop Gateway, you may see a screen similar to Figure 2 prompting you to install the prerequisite services.
To add the Remote Desktop Gateway service after you have installed RDS, follow these steps:
To open Server Manager, select Start => Administrative Tools => Server Manager.
Expand Roles by clicking the + sign, and click Remote Desktop Services.
Right-click Remote Desktop Services, and select Add Role Services.
On the Add Role Services screen, select Remote Desktop Gateway.
Click Add Required Role Services (if prompted).
Click Next in the Add Role Services screen.
Select
your server certificate required for the SSL communication between
clients and the Remote Desktop Gateway server, and click Next.
Select
Now if you want to configure your connection authorization policy
(CAP). The RD Gateway server requires a CAP allowing you to determine
which users are allowed to use the gateway. You can configure these
later by selecting Later. Select Now, and then click Next.
Click
Add if you want to add groups allowed to use your RD Gateway server. By
default administrators are the only group allowed to connect. After you
have added your groups, click Next.
Provide
a name for your CAP, and you can also choose which authentication
mechanism you want to use; by default you will see password and smart
card. You can choose one or the other or both. After you have made your
selection, click Next.
A
part of your CAP is also the Resource Authorization Policy (RAP). The
RAP allows you to control which computers a user may access via the
gateway. You can choose a preconfigured group of computers, or you can
choose all computers on the network. Choosing the All option will allow
users through the gateway to connect any computer they have permissions
to on your network, so you want to use this option with caution. If
someone compromises the gateway, they will be able to access any
computer on your network. After you have made your selection, click
Next.
If you have installed
the prerequisites prior to installing the Remote Desktop Gateway role,
you may not see the following steps.
On the Introduction to Network Policy and Access Services page, review the information, and then click Next.
Review the installed role services, and click Next.
On the Introduction to Web Server (IIS) page, review the information, and then click Next.
Review the installed role services, and click Next.
Review the confirmation screen, and then click Install.
Review the summary screen, and click Close.
2.2. Install Remote Desktop Web Access
Remote Desktop Web Access
provides a way for your users to access your RDS applications via a
website on your network. This allows your users to use a browser to
connect and leverage RDS.
When you make the choice to install Remote Desktop Web Access, you may see a screen similar to Figure 3 prompting you to install the prerequisite services.
To add the Remote Desktop Gateway service after you have installed RDS, follow these steps:
To open Server Manager, select Start => Administrative Tools => Server Manager.
Expand Roles by clicking the + sign, and click Remote Desktop Services.
Right-click Remote Desktop Services, and select Add Role Services.
On the Add Role Services screen, select Remote Desktop Web Access.
Click Add Required Role Services (If Prompted).
Click Next in the Add Role Services screen.
If you installed the prerequisites prior to installing the RD Web Access, you may not see the following steps.
Review the installed role services, and click Next.
On the Introduction to Web Server (IIS) page, review the information, and then click Next.
Review the installed role services, and click Next.
Review the confirmation screen, and then click Install.
Review the summary screen, and click Close.
