Virtual Desktop Infrastructure in Windows Server 2008 R2
Improvements to Hyper-V in Microsoft Windows Server 2008 Release 2 include not only better performance and new functionality, but also integration with Remote Desktop Services (formerly Terminal Services) to provide a basic Virtual Desktop Infrastructure solution that connects users to Hyper-V hosted virtual desktops.
Microsoft’s VDI solution provides an intelligent way of managing remote access to VMs hosted on Hyper-V, centralized administration and desktop integration in Windows 7. Additional benefits will let you:
- automatically start or resume virtual desktops when a remote user tries to connect, so VMs don’t have to be permanently powered on for users to make a remote connection;
- reconnect users to disconnected sessions on VMs in virtual desktop pools;
- set VMs in virtual desktop pools to roll back to the previous state when a user logs off or to save the current state; and
- assign personal virtual desktops to users in Active Directory.
VDI and Remote Desktop Services
The Terminal Server role service in R2 is now called Remote Desktop Session Host. All the other related role services have been renamed as follows:
New role service names for Remote Desktop Services in Windows Server 2008 R2
|Windows Server 2008
role service name was:
Windows Server 2008 R2
Remote Desktop Session Host
TS Session Broker
Remote Desktop Connection Broker
Remote Desktop Virtualization Host
Remote Desktop Licensing
Remote Desktop Gateway
TS Web Access
Remote Desktop Web Access
Remote Desktop Session Host works with Remote Desktop Connection Broker to provide Remote Desktop clients with an IP address for a virtual desktop. When RD Session Host is configured to provide remote access to virtual desktops (redirection mode), it cannot be used to connect users to standard terminal server desktop sessions.
Remote Desktop Connection Broker provides the brains of the VDI solution, sending requests to the Remote Desktop Virtualization Host to resume VMs and manage user sessions in virtual desktop pools.
Remote Desktop Virtualization Host is new to R2 and installs on the Hyper-V box, monitoring and preparing VMs as directed by the RD Connection Broker. When you install Remote Desktop Virtualization Host on a server, Hyper-V will be installed if not already present.
Remote Desktop Web Access provides a web interface with which users connect to remote virtual desktops. Users cannot connect to virtual desktops negotiated on their behalf by the RD Connection Broker without using RD Web Access. Once a user has selected their personal virtual desktop or a virtual desktop pool, the request is passed to the Remote Desktop Gateway, which establishes a secure connection to RD Session Host.
Connecting to Virtual Desktops
To take advantage of RD Connection Broker and the intelligence it brings to managing the VDI, users must connect to virtual desktops via the RD Web Access service (Figure 1). The RemoteApp and Desktop Connection (RAD) control panel applet (not to be confused with the Remote Desktop Connection client) is new in Windows 7 and enumerates the available personal virtual desktops, RemoteApps and Remote Desktops via an RSS feed on the RD Web Access server and publishes the connections on the Start menu. Pre-Windows 7 clients must access personal virtual desktops directly from the RD Web Access web page.
VDI Installation Overview
To take advantage of VDI in R2, the Active Directory domain functional level must be set to Windows Server 2008. The RD role services must be installed on machines that are joined to your Active Directory domain, and the RD Virtualization Host server must meet the necessary hardware requirements for Hyper-V, such as support for Intel Virtualization Technology (Intel VT). Look here for detailed system requirements.
While it is not recommended, all of the RD role services can be installed on one machine; however, in a production environment, it would be best to dedicate a separate physical box for the RD Virtualization Host role service at a minimum.
Log in as a domain administrator and install the role services using PowerShell, which can be launched from the taskbar or by typing PowerShell into the Search programs and files box on the Start menu. Before running the following commands, you’ll need to import the Server Manager module into PowerShell by typing Import-Module servermanager and pressing ENTER. First, add the RDVirtualization Host role service:
Then install the following roles:
Once the necessary roles are installed, open Server Manager on the box where the RD Session Host (RDS-RD-Server) role service is installed, and finish the configuration by expanding Roles, Remote Desktop Services, then clicking Remote Desktop Connection Manager (see Figure 2).
In the Actions pane, click Configure Virtual Desktops and use the wizard to specify the name of your RD Virtualization Host server. The RD Session Host server can be automatically configured for redirection mode, which is required for VDI, by unchecking the Do not automatically configure box (see Figure 3).
To provide authenticated users access to virtual desktop pools or their assigned personal virtual desktops, RD Web Access must be configured manually to use an RD Connection Broker. From Administrative Tools on the Start menu, open Remote Desktop Web Access Configuration in the Remote Desktop Services folder. Internet Explorer will open. Sign in using a domain administrator user name and password. On the Configuration tab, check An RD Connection Broker server and type its full DNS name in the Source name box before clicking OK. You can then sign out (see Figure 4).
Continue clicking through the Configure Virtual Desktops Wizard until you reach the summary on the last page (see Figure 5).
You can assign users a personal virtual desktop by checking the box before clicking Finish, or you can do this at a later stage in the Active Directory Users and Computers (ADUC) console (see Figure 6).
In a production environment, a certification authority (CA) needs to be in place to provide certificates for securing communications between Remote Desktop Connection clients, RD Web Access, RD Gateway and VMs hosted by Hyper-V. In a lab, self-signed certificates can be used.
Though the RSS feed for the RemoteApp And Desktop Connection control panel applet can’t be set using Group Policy, sysadmins can generate a workspace configuration file (.wcx) on the RD Connection Broker server and distribute it using a Group Policy logon script. The RD Web Access site must have a digital certificate that is trusted by client computers.
Preparing a VM for VDI
Hyper-V VMs used as virtual desktops must be configured to participate in a VDI. The setup required on the operating system inside the VM is quite involved, so you may want to create a script or image to automate the process. The requirements include joining the domain, importing the RD Web Access server certificate and granting the RD Virtualization Host permissions to the RDP Protocol. Look here for more-detailed instructions.
Microsoft has pitched its new VDI solution to provide users with an additional desktop (rather than replacing the underlying fat client OS) for situations where a user might need more flexibility than is permitted with the standard corporate image. Limitations of VDI in R2 include the inability to provision new virtual machines should all VMs in a pool be busy; and loss of access to standard terminal server remote desktops if the RD Session Host is configured for VDI (redirection mode).
More established VDI products, such as VMware View, are intended to replace the client OS altogether, centralizing desktop management in the data center and providing better scalability and features for large organizations. For medium-size businesses that won’t rely on VDI to provide users with a primary desktop operating system, Microsoft’s VDI solution is a welcome new feature.
Personal virtual desktops can be associated with only one AD user object at a time. Any changes a user makes to their personal virtual desktop are saved and available the next time they log in. Virtual desktop pools are sets of identically configured VMs and are assigned to users on a temporary basis. VMs can belong to only one virtual desktop pool.