Continuing with the previous blog post, where our fellow Hugo Margallo explaines how to build a Windows Server 2016 farm using the roles of Remote Desktop Services and deploying on a hierarchical cloud infrastructure of 4 servers, in this new post we will complete the information explaining what it is and how to create a File Server and a collection of Remote Desks. Let’s go there!
The next step is to configure a file server to share folders throughout the domain and to help the farm. Specifically, two folders will be shared: one to store the userprofiles (we will see later) and another that serves as a temporary store to facilitate the transfer of files between the Session Host and the host machine. We will also use this last folder to facilitate the autoscaling function (we will see it later), as it supports the scripts I will use.
First, it is necessary to install the File Server role. We will do it in EnimbosBroker1, although we could do it in anyone.
It is important to check the File Server Resource Manager box if we want to use advanced features of Samba, as we will see now.
The next step is to go to the File and Storage Services option from the menu on the left and select Shares. In the upper right corner of the main frame, click on Tasks and then on New Share. An assistant will start.
The option that we must select is SMB Share-Advanced.
Then we must select the EnimbosBroker1 server and, very important, mark that we will share specific routes. In this case I have created a folder called RDS in C: and, in turn, two folders within it: UserProfiles and Data, and I will share both. You can see that folders can be created in the wizard itself.
We already have the folders ready to be used throughout the domain. The way to access is using the following format \\(teamname)\(foldername)
The wizard shows you other options such as managing permits or applying fees, but we will ignore them for being irrelevant in the example I am illustrating.
2. Remote Desks Collection
Now comes the most important step, because we must facilitate access to the current RDHost and those that will be created by autoscaling, so we must create what in RDS is known as Collection, which is nothing more than a way to group several Session Hosts that can be accessed remotely (or remote applications) under the same security policies, so that the broker knows where and how to apply its balancing rules as well as restrict or allow access to a certain group of users , in addition to other rules such as those related to authentication and the maximum times and limits of each session. This part is subject to the administrator’s criteria.
To create a collection we must select Collections in the RDS menu and then click on Task, where we can see the option Create Session Collection. We also complete below with information on which teams have the RDHost role.
Once inside we have an assistant where, among other things, we must authorize users who can remotely access the equipment in the collection and, above all, which RDHosts will belong to the collection. These should have that role installed.
Another important option is that of the UserProfiles, which will consist of a folder (in this case shared), where disk images of each user who accesses the farm will be stored from the first time and will be loaded during user logins .
We can use a program called Sidder that does not require installation and that allows us to manage the disk image files, being able to verify who they belong to and being able to delete them if they are not in use (they are marked in red). In the following photo we can see an example of its function, which is quite intuitive and simple.
This image shows only one user, which is the one I will log in with in the example I will show later. The other image is simply a template.
I have called the collection Remote Desks, and that will be the name that is shown on the web that will be provided by the RDWeb role machine (EnimbosBroker2).
We can edit the characteristics of the collection by clicking on the name of the collection in the menu on the left and then on Tasks and Edit Collection in the upper frame of the menu. These options are also subject to the administrator’s criteria.
Among other possibilities, we can configure the balancing rules, the connection and disconnection criteria of the user sessions and, very importantly, what the host machine will share with the Session Hosts of the collection. In this case I have chosen, for security reasons, that only the audio and the clipboard be shared.
Finally, we must review the general configuration of the farm’s deployment. To do this we must go to the Overview menu of Remote Desktop Services and click on Tasks in the upper right corner of the farm scheme, once there click on Edit Deployment Properties. This menu allows us to configure each of the main elements of the farm: RDWeb, RDBrokers, RDLicensing, and RDGateway. In our case we are only interested in the first two, although we already have the RDBroker well configured. However, we need to know the URL from which we can download the custom rdp file from the collection we have created:
Now we just have to access that URL and authenticate. This website is accessible from all computers in the domain and it is convenient to add a specific DNS entry just like we did for RDBrokers, although it would only be for an IP. We will access the web from Google Chrome and authenticate with the administrator user, although it could be anyone who belongs to the domain as long as we have authorized them.
As we have not yet configured the certificates (it can be done from the previous menu), the page is shown as not secure, but we only have to add an exception and enter equally. Later we will access it by https with a secure certificate.
On the next page we have the RDP files (one per remote desktop collection) with the names that we have given to each collection. If we had created a collection of Remote Apps, we would see the remote applications we have published, which would also be downloaded as RDP files. We download Remote Desks.
Now we just have to execute it and we will go to one of the brokers (according to Round Robin), and from this to the corresponding RDHost according to the balancing criteria.
When executing the RDP file we can see a warning message. This is because the Publisher of the file is unknown. Later we will solve it when we configure the different certificates that the farm will use. We give it to connect.We can see in the image that we are connected to the EnimbosHost1 equipment, but nevertheless the Remote Desktop application indicates that we are in EnimbosBroker1, since the function of the broker is precisely to bridge the host machine and the Session Host, applying the balancing corresponding.
We already have the RDS farm fully operational. In fact, we can view from the Server Manager in EnimbosDC the users who have logged in to the collection.
In the next entry we will see the configuration of the certificates and the autoscaling function using Powershell scripts and Scheduled Tasks.