Clinic

Windows Server® 2008:

Presentation
Virtualization
Clinic Outline

Terminal Services Core Functionality

Terminal Services Gateway
Terminal Services RemoteApp
Terminal Services Web Access
 Spend Less Hardens the OS Quickly Respond
Time on and Protects to Changing
Everyday Tasks Your Business Needs
Environment
Enhanced Better Security Centralized
Scripting and and Application and
Task Compliance Remote Access
Automation Solutions
Network
Role Based Access Integrated
Installation Server
and Protection
Management Virtualization
Terminal Services
Core Functionality
Overview

Central Location

Benefits & Uses of Terminal

Services

What is Presentation
Virtualization?

Terminal Services Installation,

Configuration & Management
Branch Office

Home Office Client Connectivity

Mobile Worker
In Airport
Demonstration: Terminal Server
Management

• Server Manager Interface

Overview
• TS Role Management Page
Technical Background

Support for 64-bit

Architecture &
Hardware
Installation &
Configuration

Authentication

Device Redirection

Remote Experience
Improvements
Managing TS
Resources
Support for 64-bit Architecture and
Hardware

Provides a significantly larger virtual

address space for kernel data structures
Accommodates more TS user sessions
Runs 32-bit software without recompiling
Runs 64-bit drivers/software specifically
compiled for 64-bit environment
Runs 32-bit applications at high performance
• 4 GB user VA for large memory-aware
processes
Runs 64 bit applications
• 8 TB virtual address space
• Reduces mapping and soft page faults
• Eases migration to 64-bit infrastructure
Installation and Configuration

Terminal Services roles that can be

installed:
• Terminal Server
• TS Licensing
• TS Session Broker
• TS Gateway
• TS Web Access
Configuring Terminal Services
• Install programs on server
• Configure remote connection settings
• Configure clients to use Terminal
Services
Authentication

Network Level Authentication – finishes

user authentication before you establish a
full remote connection and the desktop
appears

Server Authentication – verifies that you

are connecting to the correct remote
computer

Single Sign-On – allows a user with a

domain account to log on once, using a
password or smart card, and then gain
access to remote servers without being
asked for their credentials again
Device Redirection

Plug and Play Device Redirection

Windows Portable Devices
Media players, based on Media
Transfer Protocol (MTP)
Digital cameras, based on Picture
Transfer Protocol (PTP)
Windows Point of Service (POS) Device
Redirection
Implement POS for .NET 1.1
(downloadable)
Configure .rdp file
Connect device
Remote Experience Improvements

Custom Display
Resolutions

Monitor Spanning

Desktop Experience

32-Bit Color

Font Smoothing
Display Data
Prioritization

TS Easy Print
Demonstration: User Experience
Enhancements

• Plug & Play Redirection

configuration
• Remote Desktop Connection
Display configuration
Managing TS Resources

Windows System Resource Manager

Built-in feature
Requires installation

Allows control of CPU and memory

resource allocations to applications,
services and processes
Improves system performance
Creates a more consistent and
predictable experience for users
Implementation/Usage Scenarios

Presentation Virtualization

Security Enhancement

Centralized Application Management

User Productivity Enhancement

Complexity Reduction

Branch Office Environments

Recommendations

Upgrade existing Terminal Servers to

Windows Server 2008

Configure client systems to use RDC 6.0

Implement new features to enhance user

experience

Use Single Sign-On

Implement TS Gateway, TS RemoteApp and

TS Web capabilities

Use x64 hardware and WSRM

Summary

Terminal Services
• is about more than just remote connectivity
• reduces complexity of providing access to
applications for users, partners, or customers
• provides enhancements designed to improved
the end user experience
• TS Gateway eliminates the need for users to
connect to a VPN in order to gain access to
applications hosted by Terminal Services
• TS RemoteApp allows remote programs to behave
as though they were running on the end user’s local
computer
• TS Web Access makes TS RemoteApp programs
available to users from a Web browser
Terminal Services
Gateway
Overview

Benefits of a TS
Gateway TS Gateway
TS Gateway Prerequisites
Management

Passes
RDP/SSL
TS
Strips off
Home RPC/HTTPS
traffic to TS

HTTPS / 443 TS

Hotel
Termi Other RDP
Hosts
nal
Servic
NPS
es
Business
Partner/ Gatew
ay DC
Client
Site Server
Benefits of TS Gateway

Allows you to control access to specific

resources
Reduces management costs
Facilitates consolidation of existing
Terminal Servers
Can be integrated with Network Policy
Server, enabling centralized policy
deployment and lower TCO
Allows monitoring on remote connections
Enables connections across firewalls and
NATs
Eliminates the need to configure VPN
connections
TS Gateway Management

TS Gateway Management Snap-In:

Provides a single, one-stop tool to
configure policies to define conditions
that must be met before users to
connect.
Provides a tool to monitor TS Gateway
events.
Allows you to review details about
connections.
No remote computers are directly exposed
to the internet; all data remains within the
corporate network.
Prerequisites for a TS Gateway

A server with Windows Server 2008

installed
Administrator must be a member of the
Administrators group on this machine
A Network Policy Server (NPS) to centralize
the storage, management and validation of
TS Gateway policies
A certificate for the TS Gateway server that
meets these requirements:
Computer certificate
Intended purpose – server
authentication
Has a corresponding private key
Technical Background

Configuring a TS Gateway Server

Connection Authorization Policies
Resource Groups
Resource Authorization Policies
Server Farm

Client Configuration

TS Gateway integration with NAP

TS Gateway Configuration

Configuring the TS Gateway Server:

Install the TS Gateway role services
Configure IIS settings
Obtain/Configure a server certificate
Create a CAP for the TS Gateway Server
Create resource groups
Create a RAP for the TS Gateway Server
Configure a Server Farm

Configure the TS Gateway Client:

RDC 6.0 Settings
TS Gateway Integration with NAP

On the TS Gateway Server:

Enable NAP health policy checking
Delete Existing TS CAPs; create new
CAPs
Configure a System Health Validator
Create health policies
Create network policies

Configure TS Clients as NAP enforcement

clients (ECs)
Implementation/Usage Scenarios

Presentation
Virtualization
Home
Security
Enhancemen
t Hotel
Termin
Server al
Service
Consolidation s
Busines
s Gatewa
Partner y
Cost / Server
Reduction Client
Site
Recommendations

Use a TS Gateway instead of a VPN

Configure Connection Access Policies, Resource

Groups and Resource Access Policies
Use TS Gateway management to monitor the
status, health, and events on remote
connections
Do not use a self-signed SSL certificate in
production
Use in conjunction with an application layer
firewall

Don’t depend on device blocking for security

Summary

TS Gateway:
Eliminates the need to configure VPN connections
Provides a comprehensive security configuration
model
Reduces management costs by removing the need
for application servers at distributed locations
Allows monitoring of status, health and events on
remote connections
Enables users to connect remotely to terminal
servers and remote desktops across firewalls and
NATs
Reduces the total cost of ownership (TCO) for your
organization by integration with Network Policy
Server, enabling you to centralize the deployment
of TS Gateway policies
Facilitates consolidation of existing terminal servers
using x64 technology
Terminal Services
RemoteApp™
Overview

TS
RemoteA
pp What is TS
RemoteApp?

What are the

benefits of using TS
RemoteApp?
Branch Office
Does any code
Home Office require
Mobile Worker
modification?
In Airport
Technical Background

What works differently?

Configuring a TS RemoteApp Server

How can users access TS RemoteApp

programs?
Implementation/Usage Scenarios

LOB Applications
Deployment

Roaming Users

Version Management

Branch Offices
Recommendations

Put common applications, such as MS Office, on

the same TS RemoteApp Server

Consider putting individual applications on

separate servers when:
The application has compatibility issues
A single application and associated users may fill
server capacity
Create a load-balanced farm for single
applications that exceed the capacity of
one server
Consider placing the TS RemoteApp server
behind an ISA Server

Use a trusted root-signed SSL certificate

Summary

TS RemoteApp:
Allows organizations to provide access to standard
Windows programs from virtually any location
Improves the user’s experience when connecting to
a Terminal Services environment
Opens new avenues for program deployment
Reduces the amount of administrative effort
required to support applications

TS RemoteApp Management:
Enables remote connections
Configures which applications on a Terminal Server
to make available to specific users
Terminal Services
Web Access
Overview

TS Web
Access What is Terminal
Services Web
Access?
What are the
benefits of TS Web
Access?
TS Web Access
Server
Branch Office Requirements
Home Office TS Web Access
Client
Mobile Worker
In Airport
Requirements
Technical Background

TS RemoteApp Web Part

List of available TS RemoteApp programs is
dynamically populated

TS Web Access Security Group

Add computer accounts for servers running the
TS Web Access role

Remote Desktop Web Connection

Allows remote connectivity to the desktop of any
computer where the user has Remote Desktop
access
Available through TS Remote App Web page, not
IIS
Implementation/Usage Scenarios

Presentati
on
Virtualizat
ion
New
Version
Deployme
nt

Remote
Desktop
Access
Recommendations

• Use TS Web Access defaults for single

server deployments
Use TS Web Access in conjunction with
TS Gateway to make TS RemoteApp
programs available to users over the
Internet
For Remote Desktop Web Connections,
plan device and resource redirection
and authentication requirements
Update Windows XP clients to SP3 or
Windows Vista SP1 to allow them to
make TS Web Access connections
Summary

TS Web Access makes Terminal

Services RemoteApp programs
available to users from a Web browser

A TS RemoteApp Server dynamically

populates the list of TS Remote Apps to
the TS Web Access web part
Clinic Summary

TS Gateway enables corporate network

connections from any Internet-
connected RDC 6.0 device
TS RemoteApp programs behave as if
they were running on the end user's
local computer
TS Web Access makes TS RemoteApp
programs available to users from a
Web browser