locked
RDS on Azure Windows Server RRS feed

  • Question

  • We have 3 servers on Azure

    1. AD
    2. File Server
    3. RD Server

    We need to install RDS. The plan is for users to RDP to file server. Can we install the RDS (Gateway & LIcensing) roles on RD Server to faciliate the RDP for users to access the file server?
    Monday, July 24, 2017 3:52 PM

Answers

  • Hi,

    If users need to remotely connect to Server02 and Server03, yes RD Session Host role needs to be installed on both of them.

    I would suggest you set up RDS deployment (with RD Session Host, Connection Broker and Web Access roles), you may place Server02 and Server03 into the same collection or separate collection based on whether they have the same target resources that users would need to access, adding RD SH servers into the same collection provides load balancing benefit.

    In addition, users would access published RD resources via RD Web Access page, and it's recommended to install RD Web Access and Gateway roles on the server as they are both public-faced, in the meantime you may place RD licensing role on any server.

    Regarding certificate, it's recommended to purchase certificate from public commercial CAs, which is not expensive while it would management tasks.

    Here are some related articles below might be useful for you:

    Step by Step Windows 2012 R2 Remote Desktop Services – Part 1

    https://msfreaks.wordpress.com/2013/12/09/windows-2012-r2-remote-desktop-services-part-1/

    Configuring RDS 2012 Certificates and SSO

    https://ryanmangansitblog.com/2013/03/10/configuring-rds-2012-certificates-and-sso/

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Best Regards,

    Amy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by sphilip14 Tuesday, August 8, 2017 10:55 AM
    Tuesday, August 8, 2017 8:49 AM

All replies

  • Can we install the RDS (Gateway & LIcensing) roles on RD Server to faciliate the RDP for users to access the file server?

    Hi,

    Yes, if there are needs to remote desktop to the file server, you may make the file server a RD Session Host, and install other roles on RD server.

    Best Regards,

    Amy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Edited by Amy Wang_ Tuesday, July 25, 2017 7:55 AM
    • Proposed as answer by Amy Wang_ Thursday, July 27, 2017 6:53 AM
    Tuesday, July 25, 2017 7:55 AM
  • Hi,

    Is further assistance required?

    Best Regards,

    Amy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, August 7, 2017 6:53 AM
  • Hi,

    Please note that to use RDS in Azure each person needs to have a Per User RDS CAL with Software Assurance (SA).  Within 10 days of deployment you need to submit a License Verification form.  Please see page below for instructions, link to download form, etc.:

    https://www.microsoft.com/en-us/licensing/licensing-programs/software-assurance-license-mobility.aspx

    Thanks.

    -TP

    • Proposed as answer by Amy Wang_ Monday, August 7, 2017 7:06 AM
    Monday, August 7, 2017 7:03 AM
  • Hi Amy, thanks for your response.

    We have 3 windows 2012 R2 servers

    Server01 - AD
    Server02 - RDS Server where users will login remotely to work on files/folders that are mapped.
    Server03 - SQL Server 

    Now, I need to

    1. Deploy RDS to ensure users can login remotely to both server02 and server03.

    2. Setup certificates to ensure the internet facing RDP are secure for users.

    From your response I am concluding

    I need to deploy the "Gateway" and "Licensing" roles on Server02

    And I need to deploy the "Session Host" on Server02 and Server03.

    Am I correct?


    Monday, August 7, 2017 11:48 AM
  • Hi,

    If users need to remotely connect to Server02 and Server03, yes RD Session Host role needs to be installed on both of them.

    I would suggest you set up RDS deployment (with RD Session Host, Connection Broker and Web Access roles), you may place Server02 and Server03 into the same collection or separate collection based on whether they have the same target resources that users would need to access, adding RD SH servers into the same collection provides load balancing benefit.

    In addition, users would access published RD resources via RD Web Access page, and it's recommended to install RD Web Access and Gateway roles on the server as they are both public-faced, in the meantime you may place RD licensing role on any server.

    Regarding certificate, it's recommended to purchase certificate from public commercial CAs, which is not expensive while it would management tasks.

    Here are some related articles below might be useful for you:

    Step by Step Windows 2012 R2 Remote Desktop Services – Part 1

    https://msfreaks.wordpress.com/2013/12/09/windows-2012-r2-remote-desktop-services-part-1/

    Configuring RDS 2012 Certificates and SSO

    https://ryanmangansitblog.com/2013/03/10/configuring-rds-2012-certificates-and-sso/

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Best Regards,

    Amy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by sphilip14 Tuesday, August 8, 2017 10:55 AM
    Tuesday, August 8, 2017 8:49 AM
  • Hi Amy,

    Pardon my understanding. Im going to summarize your response.

    Server02 -RD Session Host, Connection Broker and Web Access roles + Gateway

    Server03 - RD Session Host, Connection Broker and Web Access roles + Gateway

    Both servers will not be publishing the same applications.

    my understanding before your response was to deploy

    RD Session Host, Connection Broker and Web Access roles on Server02

    RD Session Host - Server03.

    The users will be accessing Server02 for their target applications.

    Server03 is our SQL server and will be accessed by the administrators from time to time? For this do we need a RDS deployment?

    How to I secure Server03 (SQL Server) with SAN certificate as this is internet facing as well.

    Tuesday, August 8, 2017 11:07 AM
  • Hi,

    You may use the same RD Connection Broker and Gateway, just create 2 collections and add RD SH Server to each after RDS deployment is configured, which means, RD Session Host role on 2 servers, and RD CB, Web Access and Gateway on single server based on your needs.

    Server03 is our SQL server and will be accessed by the administrators from time to time? For this do we need a RDS deployment?

    If it's only for administrative purpose, no RDS deployment is required (no need to install RD SH role on it), as a maximum of 2 concurrent administrative RDP connections are allowed onto a server system.

    How to I secure Server03 (SQL Server) with SAN certificate as this is internet facing as well

    Regarding SQL server SSL, here are a couple of articles below might be useful to you:

    Encrypting Connections to SQL Server

    https://technet.microsoft.com/en-us/library/ms189067(v=sql.105).aspx

    How to enable SSL encryption for an instance of SQL Server by using Microsoft Management Console

    https://support.microsoft.com/en-hk/help/316898/how-to-enable-ssl-encryption-for-an-instance-of-sql-server-by-using-mi

    If further assistance regarding SQL is required, please refer to dedicated SQL forums to get more efficient support.

    Best Regards,

    Amy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Edited by Amy Wang_ Wednesday, August 9, 2017 2:27 AM
    Wednesday, August 9, 2017 2:26 AM