In the sprit of overkill and amazingness, Lets setup a Remote Desktop Services Farm for Windows based applications that you may need access to in your lab. Being a Mac user can be a pain sometimes when you work with Windows Servers and One way to get around this is to setup a simple Windows 10 Virtual Machine that has all the programs needed as this wouldn't take much resources or space. Or you can go for a full on RDS farm like what I am planing on. The end goal will be to integrate the RDS farm into VMware Horizon View VDI setup and Vmware Workspace One for a single point of access to all applications, VDI, ThinApps, and websites. Stay tuned for those parts.
To start lets get a few virtual machines going. From my MSDN account I got a Server 2016 Datacenter key to use for all the servers in the cluster.
The servers are:
* RDSbroker01 - 1core, 6gb ram, 120gb disk - RDS broker, and RDS Web Access Server will be installed here.
* RDSH01 - 4core, 10gb ram, 300gb disk - RDS session host server
* RDSH02 - 4core, 10gb ram, 300gb disk - RDS session host server
These are the 3 servers I am using for the RDS farm. Two of them for the accually applications and sessions, and one to do the controlling of where you go. This is probably over kill for the 4 people that will be using this setup but hey, isn't that what a homelab is all about? Somethings I am not going to go over in this guide is the install and joining/ basic setup of the server. I am going to start right from installing RDS farm. I do recomened having another windows server or desktop to do everything from. This way when reboots are needed, it doesn't cause any issues with monitoring the service installs.
With that out of the way lets get started.
Frist we need to install RDS on the systems. To do that we click Manage,Add Roles and Features.
On the next page, we need to select Remote Desktop Services installation and click next.
On the next page, We will be selecting Standard deployment as we are going to use multiple servers. If you plan on only doing one server for this setup instead of like my setup you can select Quick start instead. After you made sure that Standard deployment is selected, you can click next.
On the next Page we are selectiong Session-Based desktop deployment as we are going to run the apps on the server itself.
On Role Services Section you can just click next.
The next thing to do is Select the RDS broker server that we created and add it to the Selected list.
Next we select the rdsborker01 again to add it to the web access server list
Now we add the RDS Session Host servers rdsh01 and rdsh02
The last page we select the "Restart the desination server automatically if required" option and we are ready to deploy the servers.
Now that all the servers and servicces are all setup, you can hit close.
With the install all done. We now see a new option in our Server Manager Dashboard called "Remote Desktop Services" this is the central place to manage all the RDS services.
From here you can see everything is mostly ready to go. There are two services that were not installed though. RD Gateway and RD Licensing. The only one of those that we need to select is RD Licensing as this farm will not be accessible withouth a vpn access.
To do that Click RD Licensing. And it will pop up asking what server to use. We will use the Broker server for this also. If you are just doing a trail run of RDS you do not need the Licensing part.
Next page just make sure everything is good to go and selected the right server and then click Add
After this is all done we have the dashboard looking like this now.
Next we need to setup some Certificates to be able to do single sign on and establish a secure connection between the servers.
First we need to select Tasks and then Edit Deployment Properties
Next we need to Select Certificates, and then Create new certificate... If you have a certificate that you created before hand select exisiting certificate.
Next, make the page look similar to this.
After clicking apply, you will see that the level is Untrusted but everything else is good to go. This is becuase the Cert is self signed. if you used an internal CA (which is next on my list of things to setup) or an External CA that is trusted, this will be marked trusted. The other certificates can be left as is as they are already self signed and not an issue for this setup.
you can now click Ok and go back to the RDS dashboard. At this point we have the base of the RDS farm configured and ready to start deploying applications to for use from systems. You should have configured the RDS broker, RD web access, and the RDS session hosts for the farm.
Next up is setting up the Licensing server as RDS uses a differnt licensce key and enforces CALs for users and devices. To start, we need to be in Server Manager and then click on Tools -> Remote Desktop Services -> Remote Desktop Licensing Manager. This section can be skipped if you are not going to be licensing your server and just running the trail.
I am connectiong from a differnt server that I am using to set everything up so I need to tell the Manger what server to use.
right click on All Servers and click connect
Then enter the Server Name
Your screen should look similar to this. note: I am using a rdsgw01 in this image as I added it after starting the guide.
Next we need to Right click on the server we just added and then click Activate
Fill in the requested information
You can skip this page if wanted. It is optional data to help with support.
Click next making sure Start Install Licesnses Wizard now is checked.
click next to verify the data on screen
select the license program of where you got the keys from. If it is MSDN select License Pack( Retail Purchase)
Now enter your keys that you want. Saddly you can not just copy and paste the whole product key as it has dashs in it and need to select or type out each block.
In the end you should have something like mine. You dont need 2 sets of keys as they allow up to 50 each for the MSDN keys but for my testing I figured why not.
Click next and then wait for the products to be done installing and then you can click finish.
You will notice that the server has a little ! on it. Click the Review link in the configuration column to see why.
Ah looks like it can't tell when RDS users are in use if it isn't apart of the Terminal Server Licesnse Servers group. Click Add to Group to add the server.
Make sure you have Domain Admin rights when doing this setup.
The Computer is added to the group now.
SUCESS! We have a green check mark. The licensing server is all done and ready to be used.
Next go to the RDS Overview page and click Tasks, Edit Deployment Properties.
And make sure your Licensing server is in the list, and Remote Desktop Licensing mode is selected correctly.
After that is all done, on your RD session servers, you should be able to see that they are now licensed correctly. If not You may need to wait a little bit or deploy the config for it through GPO using the Group Policy settings in Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing
At this point, We should have a fully working RDS Farm minus the apps. For the Applications we are going to use Collections. On rdsh01 and rdsh02 I have installed Visio already so that we have an application that can be used to test the collections with.
To get Started with Collections and Deploy your frist application,on the RDS Overview page, Click on Collections. As you can see right now we have no connections or collections on the servers.
To add a collection, click Tasks->Create Session Collection
Select a name for the Collection
Select the hosts that will be part of the Collection. As I am planing on working with load balancing, I added both RDSH01 and RDSH02 as they are Identical setup and that is needed for the farm.
Select the User Groups that should have access to the collection. You can limit this down by Application latter. For now I am using the default Domain Users.
I am not using User Profile Disks and using redirected folders for user profiles.
Verify all the day and click create
At this point, We have a collection called FarmApps that has 2 hosts in it.
If we go to https://rdbroker01/rdweb and login, you can see that we have 1 item there. This Item is a Remote Desktop Session instead of an application. we can us this to login to the server instead of an application. As soon as we add a application to the collection the remote desktop icon for it will go away.
Next thing we need to do is add some applications. Start by clicking on FarmApps in the sidebar.
Then in the REMOTEAPP PROGRAMS select the tasks-> Publish RemoteApp Programs. In the select RemoteApp programs list select the applications you want to publish. You can add more apps late. for now I am just going to add Visio 2016
Verify the apps are selected that you want and click publish.
And wait for them to be done.
We have now Deployed Visio to rdweb and will be able to get to it over RDP.
Running remote desktop on mac, I now have Visio running over RDP in a Remote Desktop Sesson.
If we go back to the FarmApps Collection, we can see that I am logged into rdsh01 as user ad\rob and that my session is active.
We have sucesfully deployed a RDS Farm now with Visio 2016 published for all users. You can now lock down the users by going to the application and limiting the user assignments. In my next guide related to this, I am going to be setting up VMware Horizon VDI and ID manager to integrate ThinApps and RDS apps into one UI to access.