none
Single server solution for RDS / TS / RDP using Windows Server 2012 R2 RRS feed

  • Question

  • Planning on setting up a small single server and  need this functionality:

    * 3 local users runnnig Windows 7 Home Premium needs to access files on the server

    * The same 3 users should also be able to connect from home (PC, Mac, iPhone) and run an application on the server. (Session-Based Remote Desktop).

    We want to use Windows Server 2012, and found out that Essentials does not support RDP, so that leaves Foundation and Standard versions.

    However, I also found out that in WS 2012 the RDP can not be on the same server as the Domain Controller, and we therefor needs to run 2 server instances on our hardware. I think this starts to look way to complicated for what we want to do, but found out that WS 2012 R2 allows a single server to run RDP (See TechNet article 2833839).

    So we will go for Windows Server 2012 R2, either Foundation or Standard to set up our RDP.

    So now the question: Will that solution work with our local machines running Windows 7 Home Premium, as they cannot connect to a domain? Can we set up some kind of simple file share or Workgroup to acces files locally while still keeping the RDP functionality on the server?

    And, will WS 2012 Foundation R2 do this as well as WS 2012 Standard R2?

    (I have been asking several locat MS representatives to find a solution to our needs, but no one seems to know how this works....of cause we could just get 2 WS 2012 Standard server instances, run one as DC and on as RDCB and upgrade all our clients to Win 7 Pro, but we would like a solution with minimal investment in time and money)

    Rgds

    Petter

     




    Monday, September 23, 2013 6:48 PM

Answers

  • Hi Peter,

    Sorry to be the bringer of bad news..

    If you are using RDS for Digital Media and wanted to view it over a RDS connection you would not want to use a RDSH server. You would also need to use UDP for performance and a Graphics card. When you have multiple users accessing Digital media over a RDSH connection (with RemoteFX) the graphics card becomes locked with the user. This means than when other users login, or connect to the session host, they will be limited in terms of graphics. I have seen this with CAD applications and MS Lync. 

    http://www.theregister.co.uk/2012/01/06/remotefx/ 

    I would recommend using VDI for this , Microsoft recommends around 150-200mb of GPU for each user.

    You cannot upgrade from preview, so i would recommend waiting until October. The preview would be great to build a test lab so you can iron things out before the deployment.

    With regards to the domain deployment, you would only need one set of credentials. You dont need to remove the local credientals and as you are such a small out fit. You just need to make sure all your users use the new domain creds.

    Best Regards,

    Ryan Mangan

    ryanmangansitblog.wordpress.com

    • Marked as answer by petter_pmagi Thursday, September 26, 2013 7:09 AM
    • Unmarked as answer by petter_pmagi Thursday, September 26, 2013 7:24 AM
    • Marked as answer by petter_pmagi Thursday, September 26, 2013 10:08 AM
    Thursday, September 26, 2013 12:22 AM

All replies

  • Hi Peter,

    I have provided a few ideas and options to your issue as there are ways round this. 

    have you considered virtualisation, as you can run multiple virtual machines under one licence. I think this would be the cheapest and most efficient use of your money. Upgrading your clients to Windows 7 pro would allow you to have domain control Single Sign On SSO. This is not essential but users will be using multiple credentials if your clients are none domain joined. You can create a file share but again security permission would need to be considered as multiple credentials would make things complex. RDS sessions do allow you to map local drives.

    "A Standard edition license will entitle you to run up to two VMs on up to two processors (subject to the VM use rights outlined in the  Product Use Rights document). A Datacenter edition license will entitle you to run an unlimited number of VMs on up to two processors."

    Server 2012 licencing

    Option 1

    2 virtual machines 1x DC and 1x RDS server.

    If you deploy a simple configuration, connection broker, 1x web access, 1x session host on one server you will be able to access RDS services via web or directly by RDP. If you want external access, you would need to deploy the gateway role. Domain joined clients access using SSO.

    Option 2 

    2 virtual machines 1x DC and 1x RDS server.

    If you deploy a simple configuration, connection broker, 1x web access, 1x session host on one server you will be able to access RDS services via web or directly by RDP. If you want external access, you would need to deploy the gateway role. Domain joined clients access using SSO.

    You can configure your RDS solution as a domain joined platform and will still be able to access resources from the local device as you can map local drives to the session host. http://www.serverintellect.com/support/techfaq/drive-rdp/

    Your users would have two sets of credentials, one for the local client and one for the domain.

    Option 3

    1x Server

    The second option would be to manually deploy the session host role and licencing role to a work group server. This would limit access to RDP only and you would loose web access functionality. 


    Best Regards,

    Ryan Mangan

    ryanmangansitblog.wordpress.com 

    Monday, September 23, 2013 10:45 PM
  • Hi Ryan, 

    and thanks for the answer! I do not know how to do "multiple quote" in this forum so I do it this way:

    "have you considered virtualisation, as you can run multiple virtual machines under one licence. I think this would be the cheapest and most efficient use of your money. Upgrading your clients to Windows 7 pro would allow you to have domain control Single Sign On SSO. "

    This is the "official" solution I think: Upgrade all clients to Win 7 Pro and run two instances of Win Server 2012 Standard on the server.

    However, I was hoping to get away with something a bit more Quick & Dirty.....;-) We do not have big security issues and will have a good backup system, and I think for 3 users only, it will be more work trying to centralise administration like updating, backups etc, than to just go to each machine and do what is needed. 

    We are good with computers/Windows but have no Server experience. A server guy will help us get started, but I dont want him around after that, so it must be a very simple solution.

    Also, installing 2 instances of WS 2012 and upgrading all 3 clients to Win Pro, and then installing all software and settings on the clients into the new domain user accounts on these clients is quite a lot of work. So I was hoping to keep only existing local users on the client machines and only have some kind of file share thing going on with the server disks that we need to access. So perhaps use a Workgroup instead of a domain, if that works with the RDS setup?

    "Option 1
    2 virtual machines 1x DC and 1x RDS server."

    So, if we set up RDS this way (so we can log in remote and run our application session-based on the server), can we keep the local clients running Windows Home Premium using our current local user logins (ie no domain user accounts created on the client machines, as this is impossible in Home versions) and still access the server disks somehow, or is it impossible? 

    Another question is if it is stupid/a really bad solution...but I still want to know if it is possible....;-)

    "Option 2 
    2 virtual machines 1x DC and 1x RDS server.
    You can configure your RDS solution as a domain joined platform and will still be able to access resources from the local device as you can map local drives to the session host. http://www.serverintellect.com/support/techfaq/drive-rdp/
    Your users would have two sets of credentials, one for the local client and one for the domain."

    I do not want to access files over VPN or RDP, we only want to run an application on the server from remote (Session-Based Remote Desktop). However when we use the local clients we want to access files on the server, and then we access huge image and film files on fast RAID drives, so local network speed must be top speed. Also if possible we would like to not upgrade to Win Pro, and then joining a domain is not possible.

    "Option 3

    1x Server
    The second option would be to manually deploy the session host role and licencing role to a work group server. This would limit access to RDP only and you would loose web access functionality."

    I think this is what I was hoping for. It seems that the new R2 release of WS 2012 allows you to rund RDP and Domain Controller roles on the SAME instance of the server. That sounds nice, it limits what we need to keep track on and minimises the load on the server that needs to act as a very fast file server locally.

    However, can we do this and still keep file acces with only Windows Home (no domain) in the local clients (same question as above under "Option 1")?

    Rgds
    Petter

     
    • Edited by petter_pmagi Tuesday, September 24, 2013 6:46 AM
    Tuesday, September 24, 2013 6:37 AM
  • Hi Peter,

    sorry about that.

    RDS 2012 does needs to be installed in a domain environment. This means that you would still need to create domain user accounts. As you have a small requirement, the deployment can be easily achieved in one day. 

    Option one would make the configuration rather complex and i would avoid this. I would recommend upgrading to Windows 7 Pro. 

    Option two, I am unsure of what your requirement is here, are you looking to store data on the RDS servers for users to access within using remote applications or are you wanting to access them on both local and rds.

    Option three, I am currently working on a article to demonstrate this so keep a look out on my blog. You would still need to create user names and passwords on the server locally so again there would be use of double credentials. 

    I would strongly recommend a Domain joined environment as it will simplify things in the long term. 

    Best Regards,

    Ryan Mangan

    Ryan.mangansitblog.wordpress.com

    Wednesday, September 25, 2013 10:37 AM
  •  

    No problem....;-)

    Aha, so we do need a domain for RDS to work, very good info!

    I guess we could somehow have a domain and still get file access from our Windows 7 Home clients, by using NFS or something? (I understand you recommend upgrading to Pro though, so perhaps that will be the way to go anyway)


    Some explanation of what we want to do and why:

    We work with huge amounts (15Tb) of image data that needs to be be accessed at high speed. We want to store all of this data on the server and access the files locally over 1GbE from an image browser application.  This is fast enough. However, when we work from remote, we can not run the image browser locally, since it then would have to send massive amounts of data over the net, in this case we want the users to log in via Remote Desktop to the server and run the browser app there, then only screen data needs to be transmitted over the net. That is why VPN is no good for us.

    If we get Win Pro on the clients, so we still need two sets of credentials on each client? I thought we just needed the domain credentials, so we delete the local credentials we have now on each machine and just install everything from start on each client? Two machines are laptops, so we need RDP to work on that too, but that should be OK, or is that why we need double credentials on each machine?

    If possible I would like to avoid installing things twice on each client machine....

    So, it seems we should wait for WS 2012 R2, do you know if its possible to install the Preview now and then just enter a licence nr when its released officially?
    /Petter










    • Edited by petter_pmagi Wednesday, September 25, 2013 11:19 AM
    Wednesday, September 25, 2013 11:10 AM
  • Hi Peter,

    Sorry to be the bringer of bad news..

    If you are using RDS for Digital Media and wanted to view it over a RDS connection you would not want to use a RDSH server. You would also need to use UDP for performance and a Graphics card. When you have multiple users accessing Digital media over a RDSH connection (with RemoteFX) the graphics card becomes locked with the user. This means than when other users login, or connect to the session host, they will be limited in terms of graphics. I have seen this with CAD applications and MS Lync. 

    http://www.theregister.co.uk/2012/01/06/remotefx/ 

    I would recommend using VDI for this , Microsoft recommends around 150-200mb of GPU for each user.

    You cannot upgrade from preview, so i would recommend waiting until October. The preview would be great to build a test lab so you can iron things out before the deployment.

    With regards to the domain deployment, you would only need one set of credentials. You dont need to remove the local credientals and as you are such a small out fit. You just need to make sure all your users use the new domain creds.

    Best Regards,

    Ryan Mangan

    ryanmangansitblog.wordpress.com

    • Marked as answer by petter_pmagi Thursday, September 26, 2013 7:09 AM
    • Unmarked as answer by petter_pmagi Thursday, September 26, 2013 7:24 AM
    • Marked as answer by petter_pmagi Thursday, September 26, 2013 10:08 AM
    Thursday, September 26, 2013 12:22 AM
  • Ryan, you are a goldmine! I have been asking a lot of people about these things, most of them dont even understand what I try to achieve...suggesting WS Essentials for RDS, or complicated multiple server setups.....

    VDI sounds nice, but its a bit extra administartion, and proably takes away server capacity, so I think RDS could be enough for us. The application we want to run on the server via RDS is a simple image browser, called Photo Mechanic. It is not doing any advanced graphics, it is only good for one thing. It can read RAW photo images from disk and display them as thumbnails for very fast image bank browsing. I am not sure if that will use any kind of acceleration. Also, most of the time I think we will be only 1 user logged in from remote, the rest will run locally and then run Photo Mechanic on their client instead.

    However, no harm in being prepared for the future, so I think to upgrade the clients to Win 7 Pro, get WS 2012 Standard R2 for the server so we can implement VDI later if needed, but start out with just RDS for now.

    I will also get a 1Gb Graphics card, just to be prepared...

    Sounds lika a good plan?

    Thanks for all the help!
    Thursday, September 26, 2013 10:08 AM
  • heres a link for a recommended supported graphics card.

    Quadro 2000 – Workstation graphics card for 3D design ... - Nvidia

    Its my pleasure

    Best Regards,


    Friday, September 27, 2013 5:42 PM
  • heres a link for a recommended supported graphics card.


    Thanks Ryan, that card is a bit expensive for me, I am thinking to use this instead: Nvidia NVS 315 - http://www.cdw.com/shop/products/NVIDIA-NVS-315-graphics-card-Quadro-NVS-315-1-GB/3088100.aspx#TS

    It is not certified for WS 2012 (yet) but I hope it will work, as it is replacing the older NVS 300 card, and that is certified, and uses the same drivers. Or?

    Also, I am now thinking that even if I use a singel installation of WS 2012 R2 for both DC and RDP (I guess Foundation would be OK for that too, not just Standard): I could try to save some more money and work by not joining the domain on the local machines even though its there. So instead letting them keep running Windows Home Premium with their old user logins, and then only make a shared drive on the sever so they can access data. That way I wont have to upgrade and install applications etc on the clients. If you set the workgroup name to same as the domain name and then add the existing userdnames to the domain it should work, or?

    http://www.networksteve.com/windows/topic.php/Windows_7_Home_Premium_accessing_domain_share...not_working./?TopicId=38771&Posts=3

    Rgds

    Petter

    Sunday, September 29, 2013 9:11 AM
  • Hi All.

    I'm going to throw my two cents worth in here FWIW.  Now I'm far from an expert on server OSs; in fact I'm about to attend a course in Administering Server 2012 at a local technical college.  HOWEVER, I'm currently running Server 2008 R2 Foundation in a Workgroup, instead of a Domain.  My server is in my home office in north Georgia and I have RDS clients in south Florida, as well as local LAN users.  this model has been working very successfully for almost four years.  The only limitation I've found with '08 R2 Foundation is that it will only recognize 8GB of RAM, but I think I read that '12 will allow much more.  That would only be significant when there are a lot of users dancing on the server concurrently.  I've had as many as 5 concurrent users running programs with good response times, with the 8GB that I currently have.

    My point here is, that, assuming that 2012 R2 Foundation works the same way - and from what I've read on this forum, it apparently does - if using a Workgroup environment doesn't cause any other grief, you might want to consider this model.

    As for virtualization, '08 R2 Foundation does not allow it, and I think that's also true with 2012 R2 Foundation.


    Capt. Dinosaur

    Friday, September 12, 2014 2:23 PM
  • Hi Capt.Dinosaur!

    I have a problem with licencing WS 2012R2 Foundation on one side in LAN through Workgroup , on the other side simultanously through RDS connections.

    My questions to you:

    • What kind of RDS licences did you use?
    • How many RDS connections are possible to connect in this way?

    There are 2 admin RDS licences included by default, but I need more for users...

    Jozef


    • Edited by Jozef Mehes Thursday, February 4, 2016 8:36 AM
    Thursday, February 4, 2016 8:35 AM
  • Hi Jozef,

    "My questions to you:

      • What kind of RDS licences did you use?

      You can purchase RDS licenses (CALs) from whom you bought the machine with the Server OS preinstalled, directly from Microsoft or from a third party vendor, which is usually less expensive.  In any case, they require you  to buy 5 the first time, and after that can get more individually as you need them.  I purchased mine from a vender called "softwarejones.com", at a very good price - I think it was called "Open License Program" , where the vendor simply sends you a form with the license numbers, and when you install them online, the numbers are verified by Microsoft (M$).  BUT BE CAREFUL,  because there're two kinds of CALs, "Device" and "User".  The "Device" CALs allow ANY USER to access via RDS from a SPECIFIC DEVICE, while the "User" CALs allow a SPECIFIC USER ACCOUNT to access RDS from ANY DEVICE.  You need to determine which one's are best for you.

      Also, be aware that Foundation edition DOES NOT REQUIRE LOCAL USERS to have CALs.

      • How many RDS connections are possible to connect in this way?

      Foundation edition allows up to 15 simultaneous users, but I don't know if that's only w/regard to RDS, or if that  means a total of 15 RDS and local combined.  I'm kind of thinking that it's the latter, but I haven't had the need to test that.

      FWIW, The above appears to be true whether your server is in a Workgroup or a Domain.  I had my original server w/Server 2008 R2 in a work group, and my new one w/Server 2012 R2 in a Domain and the licensing worked the same.

      Also, re: the caveat about not using RDS on a domain controller, while they advise against that for security reasons, that's mainly for larger organizations.  My 2012 R2 server is a domain controller, but I successfully use RDS to access it.  I have my older server (2008 R2) now in the same domain, running as a "Backup Domain Controller" for redundancy/fault tolerance.  When I was first setting up my new server, I was worried sick about that caveat, until some kind person here on TechNet explained the whole thing to me, and told me that since we're a 1 1/2 person business - it's my wife's business, and I'm the 1/2 person, providing IT and security functions - that it would probably be OK to use RDS on my domain controller.

      There is, however an important remote access consideration, if your server is in a domain.  You should use Remote Desktop GATEWAY in addition to RDP, i.e. RDP/RDG.  The difference is significant.  RDP alone uses port 3389, which is unsecured and unencrypted, while RDG uses port 443, which is secured and encrypted.  Its the same port that HTTPS/SSL uses.  It's easy enough to set up.  Just install the Remote Desktop Gateway role (and all it's features), then open port 443 in your router.  Also, you'll need to configure your "Remote Desktop Connection" dialog.  On the "Advanced" tab, click the "Settings" button, select the "Use these RD Gateway server settings" radio button and enter the name of the server that contains your SSL Certificate.  Also check the "Use my RD Gateway credentials for the remoter computer" box at the bottom, then click OK.

      You'll need to purchase and install an SSL certificate from a Certificate Authority such as Verisign or Go Daddy (which is who I use), and renew it annually (or for whatever period you purchase).

      Sounds like a bit of a PITA, but it's a great CYA solution <LOL>

      Good luck, happy severing, and let me know if I can be of any further help.


    Capt. Dinosaur

    Thursday, February 4, 2016 2:56 PM