remote services

MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643)

Windows Server 2008 Remote Desktop Services, Part 2

1


Objectives• Describe the tools available for managing Remote

Desktop Services in Windows Server 2008• Explain how to manage, monitor, and terminate

services in Remote Desktop Services• Describe the options available in the RD Gateway

Manager to securely manage and operate the RD Gateway

• Describe how the RD Connection Broker can be used to handle increased loads and provide fault tolerance for your servers

• Explain how RD Licensing is used to manage Client Access Licenses (CALs)

2


Managing the Remote Desktop Session Host

• Typical administrator tasks– Ensure authorized users can connect to the Remote

Desktop Session Host– Track user sessions– Ensure applications and processes are available for

users– Remotely control a user session

• Remote Desktop Services Manager– Primary GUI tool for managing the Remote Desktop

Session Host

3


Activity 5-1: Display the Remote Desktop Services Manager

• Click Start, All Programs, Administrative Tools, Remote Desktop Services, Remote Desktop Services Manager

• Click each tab to view the data displayed in the Remote Desktop Services Manager– Users– Sessions– Processes

• Close all open windows

4


5

Figure 5-1 Remote Desktop Services Manager©Cengage Learning 2012


Monitoring and Terminating Processes

• Administrators often need to monitor or terminate a process or user session

• Common concern about remote sessions– Processes executed from within the session– Administrators need to view active processes

• Terminate a process if necessary

• The following two activities illustrate how to monitor and terminate a running process and a user session

6


Activity 5-2: Monitor and Terminate a Process

• Display the Remote Desktop Services Manager• Click the Processes tab to view the active

processes• Start a command prompt window• Type ping –n 200 www.cengage.com

– Press Enter– Starts a ping process that attempts 200 times to

reach the www.cengage.com server• Click the Processes tab in the Remote Desktop

Services Manger window

7


8

Figure 5-2 Processes tab©Cengage Learning 2012


Activity 5-2: Monitor and Terminate a Process (cont’d.)

• Click the PING.EXE process and click End Process in the Actions pane

• Click OK to confirm ending the process• Navigate to the command prompt window to see

the PING command has stopped execution

9


10

Figure 5-3 End Process©Cengage Learning 2012


Activity 5-3: Manage and Terminate a Session

• Three types of sessions in the Remote Desktop Services Manager– Console

• Session connected to when you log on to a physical console

– Services• Session that contains system processes on the RD

Session Host– Listener

• Session that listens for and accepts new client connections

11


Activity 5-3: Manage and Terminate a Session (cont’d.)

• Disconnecting a session– Will use fewer resources– Leaves applications and data in use open in the

session• Terminating a session

– All resources used by the session become available

12



• Display the Remote Desktop Services Manager• Click the Users or Sessions tab

– Click Users in this example– View information and find user or session you desire

to manage• Right-click the session and select Connect• Right-click the session and select Reset

– Click OK to confirm reset

13


14

Figure 5-4 Users tab©Cengage Learning 2012


15

Figure 5-5 Connect to a session©Cengage Learning 2012


16

Figure 5-6 Resetting the session©Cengage Learning 2012



• Command line can also be used to perform common actions

• Examples of common commands– Change logon– Change port– Logoff– Reset session

• Example of command line syntaxtskill processid | processname | [/SERVER:servername] [ID:sessionid] [/V]

17


Setting Connection Limits and Session Time Limits

• Server availability– Affected by number of simultaneous connections

and session time limits• Reasons administrators set limits

– Performance reasons– Security reasons– To comply with licensing requirements

19


Activity 5-4: Specify Connection Limits and Session Time Limits

• Click Start, Administrative Tools, Remote Desktop Services, and Remote Desktop Session Host Configuration

• Double-click a setting, such as Use temporary folders per session– Properties dialog box for that setting displays

• View available settings and click OK• Click Start, Run, type gpedit.msc, and click OK

20


21

Figure 5-7 Remote Desktop Session Host Configuration ©Cengage Learning 2012


22

Figure 5-8 Remote Desktop Session Host Configuration Properties©Cengage Learning 2012


23

Figure 5-9 Group Policy Editor©Cengage Learning 2012


Activity 5-4: Specify Connection Limits and Session Time Limits (cont’d.)

• To limit the number of simultaneous connections:– Click Computer Configuration, Administrative

Templates, Windows Components, Remote Desktop Services, Remote Desktop Session Host, Connections

• Double-click Limit number of connections– Enable the setting and enter the desired value– Click OK

24


25

Figure 5-10 Connections©Cengage Learning 2012


Activity 5-4: Specify Connection Limits and Session Time Limits (cont’d.)

• To set the session time limit:– Click Computer Configuration, Administrative

Templates, Windows Components, Remote Desktop Services, Remote Desktop Session Host, Session Time Limits

• Double-click the desired setting, modify the configuration and the desired value for the session time limit– Click OK

26


27

Figure 5-11 Session Time Limits©Cengage Learning 2012


Remotely Controlling a User Session

• Ways to monitor or take control of another user’s session– Use Remote Control settings in Group Policy

(Remote Desktop Session Host Configuration)– Use Active Directory User and Computers (user

account properties)

28


RD Gateway

• RD Gateway needs to install a certificate in the server’s certificate store– Enables RD Gateway and remote clients to establish

a secure, encrypted connection• RD Gateway acts as a proxy between remote user

and internal network resources• Certificate must meet certain criteria• RD CAP

– Defines which users can connect through an RD Gateway

29


RD Gateway (cont’d.)

• RD CAP can define:– From which computers a connection can be made– Authentication method– Client devices that will be redirected

• RD RAP– Defines resources a user group may access after

connecting through RD Gateway• At least one RD CAP and one RD RAP is required

for a user to connect on a network

30


Activity 5-5: Install the RD Gateway Role Service

• Click Start, Administrative Tools, Server Manager• Click Remote Desktop Services in Roles Summary• Click Add Role Services in the Role Services area• Select the Remote Desktop Gateway check box• Click Next• Click Add Required Role Services• Click Next

31


32

Figure 5-12 Select Role Services©Cengage Learning 2012


Activity 5-5: Install the RD Gateway Role Service (cont’d.)

• Select the desired SSL encryption• Click Next• Click Next on the Create Authorization Policies for

RD Gateway page• Click Add and select the groups that can connect

through the RD Gateway– Click Next

• Select desired options, including a name for the RD CAP and the desired Windows authentication method, and click Next

33



• Select desired options, including a name for the RD RAP and add the group that contains the resources– Choose Allow Users To Connect to Any Computer on

the Network, and click Next• Click Next on the Network Policy and Access

Services page• Confirm the Network Policy Server role is selected,

and click Next

37



• Click Next on the Web Server (IIS) page• Change or accept the default roles, and click Next• Click Install

39


RD Gateway Options

• RD Gateway Manager– Used to manage the RD Gateway– Open by clicking Start, Administrative Tools, Remote

Desktop Services, Remote Desktop Gateway Manager

• Left pane displays the RD Gateway server, policies, and monitoring

• Center pane displays status• Right pane displays available actions

40


Remote Desktop Connection Broker

• Server farm– Two or more servers with the same configuration– Appear to the client as a single entity– Used to handle increased server load and to provide

additional fault tolerance• Multi-server environment

– Client connection request goes through a connection broker and the load balancer

• Environment must have an Active Directory domain setup to install RD Connection Broker role service

41


Server Farms and Load Balancing

• Network load balancing (NLB)– Provides increased performance, availability, and

scalability for supported clients• Clients will have one IP address to communicate

with– Each server in the server farm will have an internal

IP address• RD Connection Broker tracks disconnected

sessions– Can reconnect clients to those sessions

42


RD Licensing

• Remote Desktop Licensing (RD Licensing)– Used to manage Client Access Licenses (CALs)

required for devices or users to connect to RD Session Host server

• Process– Server requests a CAL from an RD Licensing server– At least one license server must be deployed– RD Services includes a grace period for licensing

43


RD Licensing (cont’d.)

• General steps to configure RD Licensing– Install the RD Licensing service– Activate the licensing server– Install licenses on the server– Ensure the license server can be discovered

44


Managing Client Access Licenses

• Tips for other common licensing actions– After RD Licensing is installed, use the RD Licensing

Manager to manage the RD Licensing servers– To change RD Licensing properties, right-click the

desired server from the RD Licensing Manager and select Properties

– You may need to change the discovery scope of the RD Licensing server

– Review Configuration can help identify RD Licensing configuration problems

45


Managing Client Access Licenses (cont’d.)

• Tips for other common licensing actions (cont’d.)– Control which servers can receive an RD CAL

through group policy settings• For increased security

– Use the RD Licensing Manager to revoke an RDS Per Device CAL

• So it will become available to other users

46


Summary

• Windows Server 2008 provides command-line tools and GUI tools for managing RD Session Host server

• Administrator tasks– Tracking user sessions– Ensuring applications and processes are available– Terminating processes and sessions– Limiting the number of simultaneous connections– Specifying session time limits– Remotely controlling another user’s session

47


Summary (cont’d.)

• RD Gateway is managed using the RD Gateway Manager

• A server farm consists of two or more servers with the same configuration, and appear to the client as a single entity

• Network load balancing provides increased performance, availability, and scalability for supported clients

• Remote Desktop Licensing is used to manage Client Access Licenses for connecting to a server

48

remote services

Documents