Clinic

Windows Server® 2008: Presentation Virtualization

Clinic Outline
Terminal Services Core Functionality Terminal Services Gateway Terminal Services RemoteApp Terminal Services Web Access

Spend Less Time on Everyday Tasks
Enhanced Scripting and Task Automation Role Based Installation and Management

Hardens the OS and Protects Your Environment
Better Security and Compliance Network Access Protection

Quickly Respond to Changing Business Needs
Centralized Application and Remote Access Solutions Integrated Server Virtualization

Terminal Services Core Functionality

Overview

Central Location Benefits & Uses of Terminal Services What is Presentation Virtualization? Terminal Services Installation, Configuration & Management
Home Office Mobile Worker In Airport

Branch Office

Client Connectivity

Demonstration: Terminal Server Management

Server Manager Interface Overview TS Role Management Page

Technical Background
Support for 64-bit Architecture & Hardware Installation & Configuration Authentication Device Redirection Remote Experience Improvements Managing TS Resources

Support for 64-bit Architecture and Hardware
Provides a significantly larger virtual address space for kernel data structures Accommodates more TS user sessions
Runs 32-bit software without recompiling Runs 64-bit drivers/software specifically compiled for 64-bit environment Runs 32-bit applications at high performance

4 GB user VA for large memory-aware processes 8 TB virtual address space Reduces mapping and soft page faults

Runs 64 bit applications
• • •

Eases migration to 64-bit infrastructure

Installation and Configuration Terminal Services roles that can be installed:
• • • • • Terminal Server TS Licensing TS Session Broker TS Gateway TS Web Access

Configuring Terminal Services

• Install programs on server • Configure remote connection settings • Configure clients to use Terminal Services

Authentication

Network Level Authentication – finishes user authentication before you establish a full remote connection and the desktop appears Server Authentication – verifies that you are connecting to the correct remote computer Single Sign-On – allows a user with a domain account to log on once, using a password or smart card, and then gain access to remote servers without being asked for their credentials again

Device Redirection

Plug and Play Device Redirection Windows Portable Devices Media players, based on Media Transfer Protocol (MTP) Digital cameras, based on Picture Transfer Protocol (PTP) Windows Point of Service (POS) Device Redirection Implement POS for .NET 1.1 (downloadable) Configure .rdp file Connect device

Remote Experience Improvements
Custom Display Resolutions Monitor Spanning Desktop Experience 32-Bit Color Font Smoothing Display Data Prioritization TS Easy Print

Demonstration: User Experience Enhancements

Plug & Play Redirection configuration Remote Desktop Connection Display configuration

Managing TS Resources
Windows System Resource Manager Built-in feature Requires installation

Allows control of CPU and memory resource allocations to applications, services and processes Improves system performance Creates a more consistent and predictable experience for users

Implementation/Usage Scenarios

Presentation Virtualization Security Enhancement Centralized Application Management User Productivity Enhancement Complexity Reduction Branch Office Environments

Recommendations
Upgrade existing Terminal Servers to Windows Server 2008 Configure client systems to use RDC 6.0 Implement new features to enhance user experience Use Single Sign-On Implement TS Gateway, TS RemoteApp and TS Web capabilities Use x64 hardware and WSRM

Summary

Terminal Services
• • • •

is about more than just remote connectivity reduces complexity of providing access to applications for users, partners, or customers provides enhancements designed to improved the end user experience

TS Gateway eliminates the need for users to connect to a VPN in order to gain access to applications hosted by Terminal Services TS RemoteApp allows remote programs to behave as though they were running on the end user’s local computer TS Web Access makes TS RemoteApp programs available to users from a Web browser

Terminal Services Gateway

Overview
Benefits of a TS Gateway TS Gateway Management TS Gateway Prerequisites

Home

Strips off RPC/HTTPS

Passes RDP/SSL traffic to TS

TS

HTTPS / 443

TS

Hotel Termi nal Servic es Gatew ay Server

Other RDP Hosts NPS DC

Business Partner/ Client Site

Benefits of TS Gateway
Allows you to control access to specific resources Reduces management costs Facilitates consolidation of existing Terminal Servers Can be integrated with Network Policy Server, enabling centralized policy deployment and lower TCO Allows monitoring on remote connections Enables connections across firewalls and NATs Eliminates the need to configure VPN connections

TS Gateway Management
TS Gateway Management Snap-In: Provides a single, one-stop tool to configure policies to define conditions that must be met before users to connect. Provides a tool to monitor TS Gateway events. Allows you to review details about connections. No remote computers are directly exposed to the internet; all data remains within the corporate network.

Prerequisites for a TS Gateway
A server with Windows Server 2008 installed Administrator must be a member of the Administrators group on this machine A Network Policy Server (NPS) to centralize the storage, management and validation of TS Gateway policies A certificate for the TS Gateway server that meets these requirements: Computer certificate Intended purpose – server authentication Has a corresponding private key

Technical Background

Configuring a TS Gateway Server Connection Authorization Policies Resource Groups Resource Authorization Policies Server Farm Client Configuration TS Gateway integration with NAP

TS Gateway Configuration
Configuring the TS Gateway Server: Install the TS Gateway role services Configure IIS settings Obtain/Configure a server certificate Create a CAP for the TS Gateway Server Create resource groups Create a RAP for the TS Gateway Server Configure a Server Farm Configure the TS Gateway Client: RDC 6.0 Settings

TS Gateway Integration with NAP
On the TS Gateway Server: Enable NAP health policy checking Delete Existing TS CAPs; create new CAPs Configure a System Health Validator Create health policies Create network policies Configure TS Clients as NAP enforcement clients (ECs)

Implementation/Usage Scenarios

Presentation Virtualization Security Enhancemen t Server Consolidation Cost Reduction

Home

Hotel

Busines s Partner / Client Site

Termin al Service s Gatewa y Server

Recommendations

Use a TS Gateway instead of a VPN Configure Connection Access Policies, Resource Groups and Resource Access Policies Use TS Gateway management to monitor the status, health, and events on remote connections Do not use a self-signed SSL certificate in production Use in conjunction with an application layer firewall Don’t depend on device blocking for security

Summary
TS Gateway: Eliminates the need to configure VPN connections Provides a comprehensive security configuration model Reduces management costs by removing the need for application servers at distributed locations Allows monitoring of status, health and events on remote connections Enables users to connect remotely to terminal servers and remote desktops across firewalls and NATs Reduces the total cost of ownership (TCO) for your organization by integration with Network Policy Server, enabling you to centralize the deployment of TS Gateway policies Facilitates consolidation of existing terminal servers using x64 technology

Terminal Services RemoteApp™

Overview

TS RemoteA pp

What is TS RemoteApp? What are the benefits of using TS RemoteApp?

Branch Office Home Office Mobile Worker In Airport

Does any code require modification?

Technical Background

What works differently? Configuring a TS RemoteApp Server How can users access TS RemoteApp programs?

Implementation/Usage Scenarios

LOB Applications Deployment Roaming Users

Version Management Branch Offices

Recommendations
Put common applications, such as MS Office, on the same TS RemoteApp Server Consider putting individual applications on separate servers when:
The application has compatibility issues A single application and associated users may fill server capacity

Create a load-balanced farm for single applications that exceed the capacity of one server Consider placing the TS RemoteApp server behind an ISA Server Use a trusted root-signed SSL certificate

Summary

TS RemoteApp:
Allows organizations to provide access to standard Windows programs from virtually any location Improves the user’s experience when connecting to a Terminal Services environment Opens new avenues for program deployment Reduces the amount of administrative effort required to support applications

TS RemoteApp Management:
Enables remote connections Configures which applications on a Terminal Server to make available to specific users

Terminal Services Web Access

Overview

TS Web Access

What is Terminal Services Web Access?
What are the benefits of TS Web Access? TS Web Access Server Requirements

Branch Office Home Office Mobile Worker In Airport

TS Web Access Client Requirements

Technical Background

TS RemoteApp Web Part
List of available TS RemoteApp programs is dynamically populated

TS Web Access Security Group
Add computer accounts for servers running the TS Web Access role

Remote Desktop Web Connection
Allows remote connectivity to the desktop of any computer where the user has Remote Desktop access Available through TS Remote App Web page, not IIS

Implementation/Usage Scenarios

Presentati on Virtualizat ion New Version Deployme nt Remote Desktop Access

Recommendations

Use TS Web Access defaults for single

server deployments Use TS Web Access in conjunction with TS Gateway to make TS RemoteApp programs available to users over the Internet For Remote Desktop Web Connections, plan device and resource redirection and authentication requirements Update Windows XP clients to SP3 or Windows Vista SP1 to allow them to make TS Web Access connections

Summary

TS Web Access makes Terminal Services RemoteApp programs available to users from a Web browser A TS RemoteApp Server dynamically populates the list of TS Remote Apps to the TS Web Access web part

Clinic Summary
TS Gateway enables corporate network connections from any Internetconnected RDC 6.0 device TS RemoteApp programs behave as if they were running on the end user's local computer TS Web Access makes TS RemoteApp programs available to users from a Web browser

Sign up to vote on this title
UsefulNot useful