Microsoft Silver Partner

Microsoft Silver Partner

mobile-logo
24 Apr

Azure RDS Deployment – Azure Remote Desktop Services

by Andrew Fitzgerald
in Azure, RDS, VDI
Comments

Azure RDS deployment.  To setup and install RDS in Azure, the quickest and easiest way, is to use our Azure RDS deployment template that fully sets up a remote desktop services on Windows Server 2022 or 2019.  Deploys Azure RDS VDI environment running on Windows Server.  The perfect solution to setup a basic RDS farm in Azure as a Windows virtual desktop infrastructure service solution (VDI,VDS). Great for testing or a production environment. Scale from 1 RDS Host to 50 RDS Hosts and automate the creation of a new Active Directory domain. Ideal solution for virtual desktops in the cloud.  Enable remote working for your users.

Azure RDS Farm

Deploy Azure RDS on Windows Server 2019

Azure RDS

Deploy Azure RDS on Windows Server 2022

Azure Remote Desktop Services 2022

Azure RDS

Azure RDS Benefits

Azure Remote Desktop Services (RDS) is the platform of choice for building cloud VDI solutions for every end customer need, including delivering individual virtualized applications, providing secure mobile and remote desktop access, and providing end users the ability to run their applications, services and desktops from the cloud (Azure).

 

RDS in Azure provides cost efficiency, flexibility, secure remote access and a scalable remote working desktop solution.  Enable users with a full desktop experience with all your applications that you install and manage who has access. Once set up, you can connect to the published desktops and applications from various platforms and devices, using the Microsoft Remote Desktop apps for Windows, Mac, iOS, and Android.

Features

The following Azure components are deployed as part of this solution:

 

  • Builds a new Active Directory Windows Domain
  • Choose your own AD Domain name
  • Creates the following Azure resources
    • Virtual Network and Subnet
    • External RDS Web URL
    • Azure load balancer for RDS Hosts
    • Public IP for load balancers
    • Network Security Group (NSG) for security for Virtual Machines
    • Azure Availability sets for all VMs
    • Deploy as many Remote Desktop Services hosts as needed. From 1 upto 50 RDS Hosts
    • Automates the creation of RDS in Azure
    • Gateway/RDWeb VM
    • RDS Broker VM
    • RDS Host VMs
  • Azure RDS Setup and Support


Azure RDS

Getting Started with Azure RDS Farm

Table of Contents

Post Deployment Configuration / RDS Setup

After deploying RDS in Azure, there are some post configuration steps in order to allow users to start logging in.

 

First is to confirm the deployment has completed successfully. It normally takes just over an hour to complete the installation, depending on how many RDS Hosts were selected during the deployment.

 

Within Azure navigate to the Resource Group the Azure RDS farm was deployed to and click on ‘deployments‘ under ‘Settings

Azure RDS Deployment

To get the RDS web URL address, if you click on cloud-infrastructure-services.rds-2022  or cloud-infrastructure-services.rds-2019-basic-depl depending on which version you’ve deployed and then click on Output, you will find the URL to login to your RDS desktop collection.

Azure RDS Setup

Make a note of your RDS fqdn and rdWebURL as you’ll use those later.

Manage the RDS in Azure Deployment Using Server Manager

RDP into RDS Gateway VM

As this deployment creates a new Active Directory domain, you can either add a new workstation to the newly created domain to manage your RDS deployment or you can RDP straight to the RDSGateway server public IP address or FQDN as per the deployment output.

Azure RDS FQDN

Once you’ve logged into the RDSGateway, from there you’ll need to RDP into your RDSBroker.  Open up remote desktop inside your RDSGateway VM and connect to your RDSBroker VM.

RDS Broker

Once logged into the RDS Broker, its time to confirm the configuration for your newly deployed RDS farm.

Launch Server Manager, select Manage and Add servers . In the Add servers dialog select Find now , select all of the servers (‘RDSbroker’, ‘RDSgateway’, and all the RD Session Host servers), and select OK.  Next select Remote Desktop Services in Server Manager and you will see something similar:

RDS on Azure

Azure Remote Desktop Services Farm Certificates

If you are going to run a Remote Desktop Services farm in a production environment, its recommended to use either an externally purchased SSL trusted root certificate or use an internal PKI cert if you have a root certificate server.  This way all users connecting will have a trusted cert in their local computer store.  You can however also use self signed RD Gateway certificate that was generated during the deployment and use a GPO from your Active Directory domain to deploy the certificates to users local certificate store (not recommended for production sensitive environments).

Configure RDS Certificates

Within Server Manager / Remote Desktop Services / Overview / Deployment Overview > Select Tasks > Edit Deployment Properties

In the deployment properties is where you can configure RD Gateway settings, RD Licensing, RD Web Access and most importantly the certificate that will be used in your RDS deployment.

 

Click on Certificates and use your own certificate or create a new certificate. If you decide to create a new certificate make sure the ‘Certificate Name‘ matches the URL of your RDS deployment.

 

Then apply this certificate to all servers used in your RDS farm and import this certificate to all users trusted root certificate store on their devices.

Notice in my example below, under certificate name i’ve put the URL of my RDS deployment.  Save the certificate in a local folder and check box to allow certificate to be added to trusted root certification authorities.

Create rds certificate
Example of creating new self signed certificate

For the remainder servers, select existing certificate and use the newly created certificate you created in the previous step.

rds certificates complete

Test RDWeb URL

Once you’ve completed importing the certificate to all your RDS servers, you’ll want to make sure this certificate is imported to all your users computers certificate stores under:

 

Certificates – Local Computer\Personal\Certificates

Certificates – Local Computer\Trusted Root Certification Authorities\Certificates

 

Once certificates are imported and users connect to your RDWeb URL they will securely connect without any SSL errors. If you do receive certificate error in your web browser, it will be related to your certificate. Go back and recheck:

Add RDS Session Hosts

Confirm all your RDS session hosts are added to the desktop collection pool.  On your RDS Broker under Server Manager / Remote Desktop Services / Collections / Desktop Collection  / Host Servers > Select Tasks / Add RDS Session Host Servers

 

Select your RDS Session Hosts and add them to the deployment.

Manage Remote Desktop Collection Users

It’s recommended to create an AD group and put users into this group who will require access to the Azure RDS farm.

 

Once you’ve created the users and groups in Active Directory, you can add some granularity regarding who has access to the Remote Desktop collections in your deployment.

 

  1. Connect to the server running the Remote Desktop Connection Broker (RD Connection Broker) role.
  2. Add the other Remote Desktop servers to the RD Connection Broker’s pool of managed servers (if not already done):
    1. In Server Manager click Manage > Add Servers.
    2. Click Find Now.
    3. Click each server in your deployment that is running a Remote Desktop Services role, and then click OK.

3. Edit a collection to assign access to specific users or groups:

    1. In Server Manager click Remote Desktop Services > Overview, and then click a specific collection (Desktop Collection).
    2. Under Properties, click Tasks > Edit properties.
    3. Click User groups.
    4. Click Add and enter the user or group that you want to have access to the collection. You can also remove users and groups from this window by selecting the user or group you want to remove, and then clicking Remove.

Licencing Azure RDS Farm

The Azure RDS Farm deployment comes installed with a 120 grace period. After this time you will have to purchase a licence in order for users to connect.  This RDS deployment is configured with Per User CALs.

Activate the license server

Login to the RDS Broker server.

 

  1. Open the Remote Desktop Licensing Manager: click Start > Administrative Tools > Remote Desktop Services > Remote Desktop Licensing Manager.
  2. Right-click the license server, and then click Activate Server.
  3. Click Next on the welcome page.
  4. For the connection method, select Automatic connection (recommended), and then click Next.
  5. Enter your company information (your name, the company name, your geographic region), and then click Next.
  6. Optionally enter any other company information (for example, email and company addresses), and then click Next.
  7. Make sure that Start Install Licenses Wizard now is not selected (we’ll install the licenses in a later step), and then click Next.

 

Your license server is now ready to start issuing and managing licenses for upto 120 days as part of Microsoft’s grace period.

Deploy RDS on Azure

Install RDS CAL Licences

If you have purchased CAL licences for your RDS deployment, these are the steps to add the licence to your Licence server (required before the 120 grace period).

 

Login to your RDS Broker server.

 

Once the CALs are installed, the license server will issue them to users as appropriate.

 

Note: You need Internet connectivity on the computer running Remote Desktop Licensing Manager but not on the computer running the license server.

  1. On the license server (The first RD Connection Broker), open the Remote Desktop Licensing Manager.
  2. Right-click the license server, and then click Install licenses.
  3. Click Next on the welcome page.
  4. Select the program you purchased your RDS CALs from, and then click Next. If you are a service provider, select Service Provider License Agreement.
  5. Enter the information for your license program. In most cases, this will be the license code or an agreement number, but this varies depending on the license program you’re using.
  6. Click Next.
  7. Select the product version, license type, and number of licenses for your environment, and then click Next. The license manager contacts the Microsoft Clearinghouse to validate and retrieve your licenses.
  8. Click Finish to complete the process.
Setting up Azure RDS Licences

Azure RDS Firewall Ports

As part of the Azure RDS deployment, an NSG is created and the following firewall ports are configured to allow access to the RDS Gateway server via an Azure Load Balancer:

 

  • 443
  • 3391
  • 3389

 

To setup Azure firewall rules refer to – Azure Network Security Groups

Also Read

How to Sync Active Directory with Office 365 with Azure AD Connect

RDS in Azure Support

If you have any questions about the setup of our Azure RDS Deployment solution, leave your comments below and we will reply within 24 hours.

Related Posts:

Avatar for Andrew Fitzgerald
Andrew Fitzgerald

Cloud Solution Architect. Helping customers transform their business to the cloud. 20 years experience working in complex infrastructure environments and a Microsoft Certified Solutions Expert on everything Cloud.

5 4 votes
Article Rating
Subscribe
Notify of
2 Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Adrian

Can this be used to access External Resources? By external i mean that i want to be able to connect from my PC through the RDS GW using RDP to a Internet IP.

1
Andrew Fitzgerald

Yes you can access your internal network from the Internet and vice versa.

0
2
0
Would love your thoughts, please comment.x
()
x