You are here

Virtual Desktop Infrastructure in Windows Server 2008 R2

Here's how to connect users to remote virtual machines with Hyper-V and Remote Desktop Services.

Improvements to Hyper-V in Microsoft Windows Server 2008 Release 2 include not only better performance and new functionality, but also integration with Remote Desktop Services (formerly Terminal Services) to provide a basic Virtual Desktop Infrastructure solution that connects users to Hyper-V hosted virtual desktops.

Microsoft’s VDI solution provides an intelligent way of managing remote access to VMs hosted on Hyper-V, centralized administration and desktop integration in Windows 7. Additional benefits will let you:

  • automatically start or resume virtual desktops when a remote user tries to connect, so VMs don’t have to be permanently powered on for users to make a remote connection;
  • reconnect users to disconnected sessions on VMs in virtual desktop pools;
  • set VMs in virtual desktop pools to roll back to the previous state when a user logs off or to save the current state; and
  • assign personal virtual desktops to users in Active Directory.

VDI and Remote Desktop Services

The Terminal Server role service in R2 is now called Remote Desktop Session Host. All the other related role services have been renamed as follows:

New role service names for Remote Desktop Services in Windows Server 2008 R2

Windows Server 2008 
role service name was:

Windows Server 2008 R2
role service name is now:

Terminal Server

Remote Desktop Session Host

TS Session Broker

Remote Desktop Connection Broker

n/a

Remote Desktop Virtualization Host

TS Licensing

Remote Desktop Licensing

TS Gateway

Remote Desktop Gateway

TS Web Access

Remote Desktop Web Access

Remote Desktop Session Host works with Remote Desktop Connection Broker to provide Remote Desktop clients with an IP address for a virtual desktop. When RD Session Host is configured to provide remote access to virtual desktops (redirection mode), it cannot be used to connect users to standard terminal server desktop sessions.

Remote Desktop Connection Broker provides the brains of the VDI solution, sending requests to the Remote Desktop Virtualization Host to resume VMs and manage user sessions in virtual desktop pools.

Remote Desktop Virtualization Host is new to R2 and installs on the Hyper-V box, monitoring and preparing VMs as directed by the RD Connection Broker. When you install Remote Desktop Virtualization Host on a server, Hyper-V will be installed if not already present.

Remote Desktop Web Access provides a web interface with which users connect to remote virtual desktops. Users cannot connect to virtual desktops negotiated on their behalf by the RD Connection Broker without using RD Web Access. Once a user has selected their personal virtual desktop or a virtual desktop pool, the request is passed to the Remote Desktop Gateway, which establishes a secure connection to RD Session Host.

Connecting to Virtual Desktops

To take advantage of RD Connection Broker and the intelligence it brings to managing the VDI, users must connect to virtual desktops via the RD Web Access service (Figure 1). The RemoteApp and Desktop Connection (RAD) control panel applet (not to be confused with the Remote Desktop Connection client) is new in Windows 7 and enumerates the available personal virtual desktops, RemoteApps and Remote Desktops via an RSS feed on the RD Web Access server and publishes the connections on the Start menu. Pre-Windows 7 clients must access personal virtual desktops directly from the RD Web Access web page.

LEAD Technologies Inc. V1.01
Figure 1

VDI Installation Overview

To take advantage of VDI in R2, the Active Directory domain functional level must be set to Windows Server 2008. The RD role services must be installed on machines that are joined to your Active Directory domain, and the RD Virtualization Host server must meet the necessary hardware requirements for Hyper-V, such as support for Intel Virtualization Technology (Intel VT). Look here for detailed system requirements.

While it is not recommended, all of the RD role services can be installed on one machine; however, in a production environment, it would be best to dedicate a separate physical box for the RD Virtualization Host role service at a minimum.

Log in as a domain administrator and install the role services using PowerShell, which can be launched from the taskbar or by typing PowerShell into the Search programs and files box on the Start menu. Before running the following commands, you’ll need to import the Server Manager module into PowerShell by typing Import-Module servermanager and pressing ENTER. First, add the RDVirtualization Host role service:

Add-WindowsFeature RDS-Virtualization

Then install the following roles:

Add-WindowsFeature RDS-RD-Server
Add-WindowsFeature RDS-Connection-Broker
Add-WindowsFeature RDS-Web-Access
Add-WindowsFeature RDS-Gateway

Once the necessary roles are installed, open Server Manager on the box where the RD Session Host (RDS-RD-Server) role service is installed, and finish the configuration by expanding Roles, Remote Desktop Services, then clicking Remote Desktop Connection Manager (see Figure 2).

LEAD Technologies Inc. V1.01
Figure 2

In the Actions pane, click Configure Virtual Desktops and use the wizard to specify the name of your RD Virtualization Host server. The RD Session Host server can be automatically configured for redirection mode, which is required for VDI, by unchecking the Do not automatically configure box (see Figure 3).

LEAD Technologies Inc. V1.01
Figure 3

To provide authenticated users access to virtual desktop pools or their assigned personal virtual desktops, RD Web Access must be configured manually to use an RD Connection Broker. From Administrative Tools on the Start menu, open Remote Desktop Web Access Configuration in the Remote Desktop Services folder. Internet Explorer will open. Sign in using a domain administrator user name and password. On the Configuration tab, check An RD Connection Broker server and type its full DNS name in the Source name box before clicking OK. You can then sign out (see Figure 4).

LEAD Technologies Inc. V1.01
Figure 4

Continue clicking through the Configure Virtual Desktops Wizard until you reach the summary on the last page (see Figure 5).

LEAD Technologies Inc. V1.01
Figure 5

You can assign users a personal virtual desktop by checking the box before clicking Finish, or you can do this at a later stage in the Active Directory Users and Computers (ADUC) console (see Figure 6).

LEAD Technologies Inc. V1.01
Figure 6

In a production environment, a certification authority (CA) needs to be in place to provide certificates for securing communications between Remote Desktop Connection clients, RD Web Access, RD Gateway and VMs hosted by Hyper-V. In a lab, self-signed certificates can be used.

Though the RSS feed for the RemoteApp And Desktop Connection control panel applet can’t be set using Group Policy, sysadmins can generate a workspace configuration file (.wcx) on the RD Connection Broker server and distribute it using a Group Policy logon script. The RD Web Access site must have a digital certificate that is trusted by client computers.

Preparing a VM for VDI

Hyper-V VMs used as virtual desktops must be configured to participate in a VDI. The setup required on the operating system inside the VM is quite involved, so you may want to create a script or image to automate the process. The requirements include joining the domain, importing the RD Web Access server certificate and granting the RD Virtualization Host permissions to the RDP Protocol. Look here for more-detailed instructions.

Additional Desktops

Microsoft has pitched its new VDI solution to provide users with an additional desktop (rather than replacing the underlying fat client OS) for situations where a user might need more flexibility than is permitted with the standard corporate image. Limitations of VDI in R2 include the inability to provision new virtual machines should all VMs in a pool be busy; and loss of access to standard terminal server remote desktops if the RD Session Host is configured for VDI (redirection mode).

More established VDI products, such as VMware View, are intended to replace the client OS altogether, centralizing desktop management in the data center and providing better scalability and features for large organizations. For medium-size businesses that won’t rely on VDI to provide users with a primary desktop operating system, Microsoft’s VDI solution is a welcome new feature.

 

Russell Smith is an independent consultant based in the United Kingdom who specializes in Microsoft systems management.
Subscribe to our E-Newsletter Today!
Dec 15 2009 Spice IT

Comments