Deploying Remote Desktop Services (RDS) for your customer’s remote workers is a great way to improve their productivity. RDS in a cloud or hybrid environment will give them secure access to the business applications and resources they’ve been making do without at home.
RDS is highly flexible and easy to set up on both Azure and Sherweb Performance Cloud. Sherweb’s Performance Cloud and Azure support secure connections from virtually any home worker’s computer or mobile device with a reliable network connection. You can run multiple desktop environments from a single RDS installation. Management is simple and efficient.
Get everything you need to set up your remote workforce in our hub
Deploying RDS can seem tricky, but it’s a fairly straightforward process in either an Azure or Performance Cloud tenant. Here are some tips to keep in mind at each step to help get you through the RDS deployment process smoothly.
Deploying virtual servers for RDS
If you’re using Azure, keep in mind that each subscription has a maximum number of networks, VMs, and Cloud Services that can be provisioned. If you’re rolling out a new service for many clients at once, you may need multiple subscriptions to have enough RDS connections available.
A minimal RDS installation requires an RD Session Host and a Connection Broker. On top of that, each client will need either a Gateway server with SSL authentication or a secure tunnel.
Since Remote Desktop servers are valuable targets for attackers, make especially sure that all Administrator passwords meet the necessary complexity requirements, or ideally, randomly generate them for increased security. Set a change schedule for these passwords and make sure they’re only documented in a secure central location that can be accessed only by your trusted administrators.
Lastly, since many Partners are deploying multiple new RDS platforms for different clients right now, don’t forget to change administrator passwords if you’re replicating new tenant environments. It’s an easy thing to overlook when working quickly.
While configuring Remote Desktop Services
While working on an RDS deployment, you may want to temporarily disable Windows Updates so restarts don’t accidentally delay the process. Many clients are looking for rapid deployment right now, so deferring Windows Updates to run outside business hours can be a good way to balance availability with security.
Setting up user accounts
Your customers may have teams of workers with very different desktop application needs. For example, an engineering firm may have one set of administrative staff that only need basic office apps and then another set of engineers who do a lot of CAD modeling that is very graphics intensive.
If your client has distinct sets of staff like this, you should create user groups that will have access to different collections of RDS resources. In AD DS Tools, go to Active Directory Users and Computers. There, you can create those different groups and populate them with different user accounts.
Activating Remote Desktop Service licenses
RDS will assign client access licenses (CALs or SALs) to each user that connects to the Session Host. You’ll need to install the Licensing role and activate the Licensing server on the Session Host VM before your users can connect.
Once they’re installed, CALs will be handed out automatically when users connect. If you need assistance procuring licenses quickly, feel free to contact Sherweb for assistance.
Establishing secure connections
As mentioned earlier, you can either get SSL certificates to work with an RD Gateway or configure VPN tunnels to secure your clients’ remote desktop connections.
Installing certificates
You can use self-signed certificates for RDS, but you’ll need to distribute them to each user device, which is not ideal for the fast rollout that your customers will likely want. But if needed, Microsoft has detailed documentation for creating and distributing self-signed certificates for RDS.
Configuring secure tunnels
Performance Cloud* and Azure support a variety of different network models, which should allow you to accommodate any arrangement your customers might need. For example, you can set up a site-to-site tunnel through your customer’s VPN from their on-premise network to their RDS servers. Then configure point-to-site connections for your customer’s users to the RDS Gateway.
Guidance for configuring other secure connections on Azure is available in Microsoft’s documentation.
* Optional components may be required
Need help with more than Remote Desktop Service? Check out everything Sherweb can do for you!
Creating apps in a session collection
RDS can support either fully-fledged virtual personal desktops or more resource-efficient pooled desktop sessions. In either case, you’ll create RemoteApps that users can access. Name your pooled session collections according to the particular set of apps you’re providing and assign them to your Session Host VM.
The best way to provision personal desktop collections is with a PowerShell cmdlet: New-RDSessionCollection. There are a few different session parameters you can assign that are detailed at length in the full RDS documentation.
Note that your app collections won’t be available to users until you publish them in the Session Host Server Manager.
Helping your customers stay productive
These tips should help you get your customers connected more quickly, efficiently, and securely. Once your customers are stabilized and working remotely, there are many ways you can tune and customize RDS installations to help them get the most from their new environments.
Sherweb engineers are available to assist our Partners in getting their clients working remotely whenever they need help.