Freigeben über

Servers in the Cloud – Day 30 : Using Windows Azure Virtual Machines to Learn: Remote Desktop Services

  • Artikel

by: Don Noonan (https://blog.skylera.com)

Important Note: The current scenarios written in this article concerning using RDS for Production workloads are not supported in the licensing agreement for Windows Azure. The purpose of this article is to allow for administrators to have a place to learn how to configure RDS for potential future scenarios covered under their On-Premise licensing of Server 2012. 

Some of the most common workloads I come across are training environments. These are fun and prove to be a quick “to-the-cloud” win compared to more complex systems. Unlike the majority of customer facing services, training environments typically:

  • Generate revenue
  • Provide consistent content
  • Use non-sensitive (sample) data

There are actually two high-level opportunities here – infrastructure and licensing. Most of the time there is some some sort of delivery solution being used on top of Windows Remote Desktop Services (formerly Terminal Services) to provide desktops to students over the internet. Products like Citrix XenApp and Quest vWorkspace are commonplace.

Over the past few years, there have been significant improvements made to the built-in remote desktop capabilities of Windows Server. For example, Windows Server 2008 includes RemoteApp to deliver windowed (“seamless”) applications rather than the entire desktop. In Windows Server 2012 there have been updates to WAN stability and printing. With these three major areas now covered, the need to license additional third-party software should be carefully studied.

Don’t already have a Windows Azure account? Go here for a free trial.

Let’s build a classroom in the sky!

There are a number of ways to do this, but let’s assume we’re mirroring a classic instructor-led classroom environment:

rdsazure

In this scenario we’ve done some basic subnetting to group classroom resources while isolating classrooms from each other. We have a common management subnet that contains our domain controllers and DNS. We also have a management server that can act as a general purpose file or imaging server, depending on your scenario. In this case I’m using the management server to host RDP connection files via IIS with a basic classroom webpage.

Connecting to Classroom Computers

By default Windows Azure creates a unique RDP public endpoint for each virtual machine in a cloud service. This process maps a high public port number to private port 3389 (default used by Remote Desktop Services). For example:

rdsendpoint

This is very convenient, especially for administrators eager to jump on a server once it’s been provisioned. This can also serve our classroom scenario quite well, however there are scenarios where students may be unable to connect due to firewall restrictions of their organization. For example, the port number assigned above assumes your on-premise firewall allows TCP traffic to flow freely over 56078.

How can we achieve a consistent connection experience when dealing with remote desktop port requirements?

There are two (2) ways to ensure students can connect to your training environment when using Remote Desktop Services as your delivery solution:

  1. Use Remote Desktop Gateway
  2. Use a specific range of ports that are communicated to students prior to class

Among other things, Remote Desktop Gateway provides RDP over HTTPS which means we can have a single public endpoint on a commonly open port number (443). In other words, if a student can reach a website that uses SSL (i.e. online banking) they can also successfully connect to their classroom computer.

The other option is to define a static, predictable port range for your classrooms so that students can ask their IT department that the required port numbers be available to them.

Assigning and reassigning public endpoints is easy on Windows Azure. For example, I can override the platform generated RDP port number with my own during the creation of the virtual machine by using the Set-AzureEndpoint PowerShell CmdLet:

$skyc01s01 = New-AzureVMConfig -Name $vmName -ImageName $imageName -InstanceSize $instanceSize |
    Add-AzureProvisioningConfig -Windows -Password $password |
    Set-AzureEndpoint -Name 'RDP' -LocalPort 3389 -PublicPort 55001 -Protocol tcp |
    Set-AzureSubnet $subnetName

Once created, the custom port number appears in the portal:

rdsendpointcustom

As you can see, using Remote Desktop Services with Windows Azure is not only a powerful administration tool, but a simple and cost effective way to learn Server 2012 technology without utilizing your own infrastructure.

 

Don’t already have a Windows Azure account? Go here for a free trial.

This article was written by Don Noonan as Day 30 of our Servers in the Cloud Series.