Embed Size (px)
Citation preview
Sudarshan Yadav, Sr. Program ManagerShivesh Ranjan, Software EngineerMicrosoft IDCSession Code:
Introduce Remote Desktop Services
How the traditional Terminal Server (now known as Remote Desktop) sessions and Virtual Desktop Infrastructure (VDI) scenarios work side by side
Introduction new features and enhancements
Agenda
Presentation Virtualization
Run an application in one location but have it be controlled in another
Only screen images, keystrokes and mouse movements are sent over the network
Remote Worker EfficiencyQuickly connect remote workers with the critical applicationsthey need from a web page
More securely deliver critical applications and data to mobile employees without additional VPN infrastructure
Helping Secure Data and ApplicationsKeeping data safe in the datacenter helps eliminatethe risk of laptop data theft
Centralized tracking helps simplify the burden ofregulatory compliance
Accelerate Application DeploymentDeploy applications to devices that can’t run them natively
Install and maintain applications once in the datacenter notevery desktop
PC hardware upgrades aren’t required to deploy new applications
Key Benefits
Scenarios
Mobile WorkersSecure access to applications and data
Consistent interface regardless of location
Task WorkersDeliver only key applications
Extend PC capabilities to environmentally unfriendly areas (i.e., Factory Floor)
Branch OfficesCentralize IT management, helping reduce cost in the branch
Reduce networkbandwidth usage
Merger IntegrationQuickly share applicationsbetween merged organizations
Facilitates use of a consistent setof Line of Business applications
OutsourcingKeep intellectual property in corporate data center
Deliver only key applicationsto existing PCs
Controlled Partner AccessEnable partners to access key applications without needingthe “keys to the kingdom”
Reduced risk of accidentaldata loss
What is Remote Session?
Runs applications on a central server - RDSH
Allows users to share an operating system
Isolates users into sessions
What is Virtual Desktop Infrastructure?
Runs virtual machines on a central server -RDVH
Gives each user their own operating system
Use Hyper-V to host OS
88
Personal vs. Pooled Virtual Desktops
•Dedicated•Exclusive•Administrator access
•Shared•Identically configured•Non-administrator access
Centralized Desktop Options:Customer Benefits
Session (aka TS)
• Low cost image management
• Easiest admin management
• Least resources required
• Good compatibility for legacy
apps
Pooled Virtual Desktop
• Medium cost image management
• Easier admin management than
Personal
• Less Resources than personal
• Better compatibility for legacy apps
Personal Virtual Desktop
• High cost image management
• Administrator access (user can
install programs)
• High Resource cost
• Best Compatibility for legacy apps
Customers will mix and match options
Introducing new name in R2
TS RemoteApp™ RemoteApp™
TS Gateway RD Gateway
TS Session Broker RD Connection Broker
TS Web AccessRemoteApp and DesktopWeb Access
TS Easy Print RD Easy Print
What's Available?
RD Licensing
RDSH Server
RDVH Server
RD Connection Broker
RD Gateway
Client
RD Web Access
The RD session host server runs applicationslocally and displays them on the clientcomputer. Each user has a separate session
The RD virtual host server hosts the virtual desktops using Hyper-V. Each user has a separate VM
What Do I See?
RD Licensing
RDSH Server
RDVH Server
RD Connection Broker
RD Gateway
Client
RD Web Access
The Connection Brokerruns the publishing service to aggregate theremote resources
The RD Web Access server displays remote resources in a Web browser.
How Do I Connect to It?
RD Licensing
RDSH Server
RDVH Server
RD Connection Broker
RD Gateway
Client
RD Web Access
Connection Broker sendsincoming connection requests to the right endpoint
The RD Gateway server provides secure remote access to the network from the Internet
How Do I License Access?
RD Licensing
RDSH Server
RDVH Server
RD Connection Broker
RD Gateway
Client
RD Web Access
RD Licensing Server manages distribution and tracking of the TSCALs required to access remote resources.
WS 2008 R2 New & Improved
TS & VDI – an integrated solution
Hyper-V support for virtual desktops
Single discovery, broker & publishing infrastructure
SCVMM Support
Remote Application Access
RemoteApp & Desktop Connections
RemoteApp & Desktop & Web Access
RD Gateway Security Improvements
Full Fidelity RemoteApp &
Desktops
True multiple monitor support
Multimedia Support & Bi direction audio
2D and 3D remoting for DirectX 10.1 (DXGI 1.1)
ImprovedNEW! Improved
Platform & Management ImprovementsNew API, Connection Broker Extensibility,
Powershell Support, Best Practices Analyze
VM
RD Connection Brokering Architecture
RD Redirector
Connection Broker
Client
TSVTSV
TSVVM
Hyper-V
RDV Host Agent
1.Connect to MyPersonalDesktop
2.Get TargetMachine
5.Return Target Machine
4.Query/Start VM
6.RedirectTo Machine
Active
Directory
3. Query Personal Desktop for User
Six Steps of Configuring Personal Virtual Desktops
Active Directory Server RD Virtualization server
RD Connection BrokerRD in Redirector Mode
Client
RD Web Access
connects through RD Web Access or start menu
1. Create VM
2. Add RDV server
3. Configure Redirector
4. Add RD Web Access server to security group
5. Configure RD Web Access to point to Connection Broker
6. Assign VM to user
Remote Application access
Integration with Win 7 Client
Application filtering on Web Access
RD Gateway improvements
RD Gateway - Device Redirection
Request for all device redirections
Inform that only specific device are allowed
Client only request for allowed device redirections to TS
Gateway can’t check what goes inside RDP & allows the connection
A malicious client may not obey
Client Gateway RDSH
Secure - Device Redirection
Request for all device redirections
Inform that only specific device are allowed
A malicious client may not obey & ask for unauthorized device redirections
Client Gateway RDSH
Informs TS on Pre-RDP protocol on devices allowed for redirection
TS rejects the connection
More Security Features
Silent re-authenticationRe-authenticate user after configured time intervals
Session & Idle timeoutDisconnect user after specific time
Consent MessageGets user consent before allowing the connection
Pluggable Authentication & Authorization
Platform support to add custom authentication & authorization policy
NAP remediation
Full fidelity remoting experience
True multi monitor support
Bi-direction Audio support
2D and 3D remoting for DirectX 10.1
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS,
IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
