Windows Server 2008 Remote Desktop Services, Part 2
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
1
Objectives • Describe the tools available for managing Remote Desktop Services in Windows Server 2008 • Explain how to manage, monitor, and terminate services in Remote Desktop Services • Describe the options available in the RD Gateway Manager to securely manage and operate the RD Gateway • Describe how the RD Connection Broker can be used to handle increased loads and provide fault tolerance for your servers • Explain how RD Licensing is used to manage Client Access Licenses (CALs) MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
2
Managing the Remote Desktop Session Host • Typical administrator tasks – Ensure authorized users can connect to the Remote Desktop Session Host – Track user sessions – Ensure applications and processes are available for users – Remotely control a user session
• Remote Desktop Services Manager – Primary GUI tool for managing the Remote Desktop Session Host MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
3
Activity 5-1: Display the Remote Desktop Services Manager • Click Start, All Programs, Administrative Tools, Remote Desktop Services, Remote Desktop Services Manager • Click each tab to view the data displayed in the Remote Desktop Services Manager – Users – Sessions – Processes
• Close all open windows MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
4
Figure 5-1 Remote Desktop Services Manager ŠCengage Learning 2012
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
5
Monitoring and Terminating Processes • Administrators often need to monitor or terminate a process or user session • Common concern about remote sessions – Processes executed from within the session – Administrators need to view active processes • Terminate a process if necessary
• The following two activities illustrate how to monitor and terminate a running process and a user session
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
6
Activity 5-2: Monitor and Terminate a Process • Display the Remote Desktop Services Manager • Click the Processes tab to view the active processes • Start a command prompt window • Type ping –n 200 www.cengage.com – Press Enter – Starts a ping process that attempts 200 times to reach the www.cengage.com server
• Click the Processes tab in the Remote Desktop Services Manger window MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
7
Figure 5-2 Processes tab ŠCengage Learning 2012
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
8
Activity 5-2: Monitor and Terminate a Process (cont’d.) • Click the PING.EXE process and click End Process in the Actions pane • Click OK to confirm ending the process • Navigate to the command prompt window to see the PING command has stopped execution
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
9
Figure 5-3 End Process ŠCengage Learning 2012
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
10
Activity 5-3: Manage and Terminate a Session • Three types of sessions in the Remote Desktop Services Manager – Console • Session connected to when you log on to a physical console
– Services • Session that contains system processes on the RD Session Host
– Listener • Session that listens for and accepts new client connections MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
11
Activity 5-3: Manage and Terminate a Session (cont’d.) • Disconnecting a session – Will use fewer resources – Leaves applications and data in use open in the session
• Terminating a session – All resources used by the session become available
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
12
Activity 5-3: Manage and Terminate a Session (cont’d.) • Display the Remote Desktop Services Manager • Click the Users or Sessions tab – Click Users in this example – View information and find user or session you desire to manage
• Right-click the session and select Connect • Right-click the session and select Reset – Click OK to confirm reset
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
13
Figure 5-4 Users tab ŠCengage Learning 2012
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
14
Figure 5-5 Connect to a session ŠCengage Learning 2012
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
15
Figure 5-6 Resetting the session ŠCengage Learning 2012
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
16
Activity 5-3: Manage and Terminate a Session (cont’d.) • Command line can also be used to perform common actions • Examples of common commands – – – –
Change logon Change port Logoff Reset session
• Example of command line syntax tskill processid | processname | [/SERVER:servername] [ID:sessionid] [/V] MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
17
Activity 5-3: Manage and Terminate a Session (cont’d.) • Common command line query commands – Query process – Query session – Query user
• Example of query command syntax query process [* | processid | username | sessionname | /ID:nn | programname] [/SERVER:servername]
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
18
Setting Connection Limits and Session Time Limits • Server availability – Affected by number of simultaneous connections and session time limits
• Reasons administrators set limits – Performance reasons – Security reasons – To comply with licensing requirements
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
19
Activity 5-4: Specify Connection Limits and Session Time Limits • Click Start, Administrative Tools, Remote Desktop Services, and Remote Desktop Session Host Configuration • Double-click a setting, such as Use temporary folders per session – Properties dialog box for that setting displays
• View available settings and click OK • Click Start, Run, type gpedit.msc, and click OK
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
20
Figure 5-7 Remote Desktop Session Host Configuration ŠCengage Learning 2012 MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
21
Figure 5-8 Remote Desktop Session Host Configuration Properties ŠCengage Learning 2012
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
22
Figure 5-9 Group Policy Editor ŠCengage Learning 2012 MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
23
Activity 5-4: Specify Connection Limits and Session Time Limits (cont’d.) • To limit the number of simultaneous connections: – Click Computer Configuration, Administrative Templates, Windows Components, Remote Desktop Services, Remote Desktop Session Host, Connections
• Double-click Limit number of connections – Enable the setting and enter the desired value – Click OK
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
24
Figure 5-10 Connections ŠCengage Learning 2012
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
25
Activity 5-4: Specify Connection Limits and Session Time Limits (cont’d.) • To set the session time limit: – Click Computer Configuration, Administrative Templates, Windows Components, Remote Desktop Services, Remote Desktop Session Host, Session Time Limits
• Double-click the desired setting, modify the configuration and the desired value for the session time limit – Click OK
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
26
Figure 5-11 Session Time Limits ŠCengage Learning 2012
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
27
Remotely Controlling a User Session • Ways to monitor or take control of another user’s session – Use Remote Control settings in Group Policy (Remote Desktop Session Host Configuration) – Use Active Directory User and Computers (user account properties)
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
28
RD Gateway • RD Gateway needs to install a certificate in the server’s certificate store – Enables RD Gateway and remote clients to establish a secure, encrypted connection
• RD Gateway acts as a proxy between remote user and internal network resources • Certificate must meet certain criteria • RD CAP – Defines which users can connect through an RD Gateway MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
29
RD Gateway (cont’d.) • RD CAP can define: – From which computers a connection can be made – Authentication method – Client devices that will be redirected
• RD RAP – Defines resources a user group may access after connecting through RD Gateway
• At least one RD CAP and one RD RAP is required for a user to connect on a network MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
30
Activity 5-5: Install the RD Gateway Role Service • • • • • • •
Click Start, Administrative Tools, Server Manager Click Remote Desktop Services in Roles Summary Click Add Role Services in the Role Services area Select the Remote Desktop Gateway check box Click Next Click Add Required Role Services Click Next
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
31
Figure 5-12 Select Role Services ŠCengage Learning 2012 MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
32
Activity 5-5: Install the RD Gateway Role Service (cont’d.) • Select the desired SSL encryption • Click Next • Click Next on the Create Authorization Policies for RD Gateway page • Click Add and select the groups that can connect through the RD Gateway – Click Next
• Select desired options, including a name for the RD CAP and the desired Windows authentication method, and click Next MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
33
Figure 5-13 Choose a Server Authentication Certificate for SSL Encryption ŠCengage Learning 2012 MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
34
Figure 5-14 Create Authorization Policies for RD Gateway ŠCengage Learning 2012 MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
35
Figure 5-15 Create an RD CAP ŠCengage Learning 2012 MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
36
Activity 5-5: Install the RD Gateway Role Service (cont’d.) • Select desired options, including a name for the RD RAP and add the group that contains the resources – Choose Allow Users To Connect to Any Computer on the Network, and click Next
• Click Next on the Network Policy and Access Services page • Confirm the Network Policy Server role is selected, and click Next
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
37
Figure 5-16 Create an RD RAP ŠCengage Learning 2012 MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
38
Activity 5-5: Install the RD Gateway Role Service (cont’d.) • Click Next on the Web Server (IIS) page • Change or accept the default roles, and click Next • Click Install
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
39
RD Gateway Options • RD Gateway Manager – Used to manage the RD Gateway – Open by clicking Start, Administrative Tools, Remote Desktop Services, Remote Desktop Gateway Manager
• Left pane displays the RD Gateway server, policies, and monitoring • Center pane displays status • Right pane displays available actions MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
40
Remote Desktop Connection Broker • Server farm – Two or more servers with the same configuration – Appear to the client as a single entity – Used to handle increased server load and to provide additional fault tolerance
• Multi-server environment – Client connection request goes through a connection broker and the load balancer
• Environment must have an Active Directory domain setup to install RD Connection Broker role service MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
41
Server Farms and Load Balancing • Network load balancing (NLB) – Provides increased performance, availability, and scalability for supported clients
• Clients will have one IP address to communicate with – Each server in the server farm will have an internal IP address
• RD Connection Broker tracks disconnected sessions – Can reconnect clients to those sessions MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
42
RD Licensing • Remote Desktop Licensing (RD Licensing) – Used to manage Client Access Licenses (CALs) required for devices or users to connect to RD Session Host server
• Process – Server requests a CAL from an RD Licensing server – At least one license server must be deployed – RD Services includes a grace period for licensing
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
43
RD Licensing (cont’d.) • General steps to configure RD Licensing – – – –
Install the RD Licensing service Activate the licensing server Install licenses on the server Ensure the license server can be discovered
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
44
Managing Client Access Licenses • Tips for other common licensing actions – After RD Licensing is installed, use the RD Licensing Manager to manage the RD Licensing servers – To change RD Licensing properties, right-click the desired server from the RD Licensing Manager and select Properties – You may need to change the discovery scope of the RD Licensing server – Review Configuration can help identify RD Licensing configuration problems MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
45
Managing Client Access Licenses (cont’d.) • Tips for other common licensing actions (cont’d.) – Control which servers can receive an RD CAL through group policy settings • For increased security
– Use the RD Licensing Manager to revoke an RDS Per Device CAL • So it will become available to other users
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
46
Summary • Windows Server 2008 provides command-line tools and GUI tools for managing RD Session Host server • Administrator tasks – – – – – –
Tracking user sessions Ensuring applications and processes are available Terminating processes and sessions Limiting the number of simultaneous connections Specifying session time limits Remotely controlling another user’s session
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
47
Summary (cont’d.) • RD Gateway is managed using the RD Gateway Manager • A server farm consists of two or more servers with the same configuration, and appear to the client as a single entity • Network load balancing provides increased performance, availability, and scalability for supported clients • Remote Desktop Licensing is used to manage Client Access Licenses for connecting to a server MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)
48