Deploying a 2012 / 2012R2 Remote Desktop Services (RDS) farm
Applies to: Windows Server 2012 and 2012 R2
A lot of people were pretty excited when Microsoft released RDS for 2012 and for good reason. Not only did they overcome the shortcomings of the previous release of RDS on Windows 2008 R2, they have also made it very easy to setup and configure. One of the many great features of 2012 and 2012 R2 is the ability to push roles and features to multiple servers in an environment from a single Server Manager console. Not only does this save time when rolling out a new RDS environment, it also makes it easy.
The following will cover the step by step process in deploying the base components of a RDS 2012 /2012 R2 farm. Before we begin the process, let’s look at the different roles we will be deploying.
Remote Desktop Connection Broker (RD Connection Broker):
Connects or reconnects a client device to RemoteApp programs, session-based desktops and virtual desktops.
Remote Desktop WebAccess (RD Web Access)
Enables users to connect to resources provided by session collections and virtual desktop collections by using the Start menu or a web browser.
Remote Desktop Session Host (RD Session Host RDSH):
Enables a server to host RemoteApp programs or session-based desktops.
Remote Desktop Gateway (RD Gateway):
Enables authorized users to connect to virtual desktops, RemoteApp programs, and session-based desktops on the corporate network or over the Internet.
In our deployment, we will be logged into a single server and through Server Manager we will deploy our new Remote Desktop farm. Each of the servers designated in the environment are virtual, domain joined and were created from a template with the latest Windows updates. No other special changes or configurations were done to any of the servers with the exception of the RD Session Host servers. Some applications were installed on the RD Session Host servers in order for us to deploy our RemoteApp programs.
Here is a list of the servers which will be deployed in our RD Farm:
RDBROKER01:
RD Connection Broker and RD Web Access Server
RDBROKER02:
RD Connection Broker which will be used at later time for configuring HA for the RD connection brokers in the farm.
RDSH01:
RD Session Host servers
RDSH02:
RD Session Host servers
RDGWY01:
RD Gateway Server
Log into a domain joined 2012 or 2012 R2 server and launch Server Manager.
From the Dashboard, let’s create a new server group. This is not a requirement, however this is a good practice and helps organize the servers you will be managing.
Enter a name for the server group. Here we will call it RDS Farm.
Go to the Active Directory tab and search for the designated RD servers.
Once we find our servers, add them and hit ok.
Once the servers are added, you will see a new node in Server Manager with the server group name RDS Farm.
Now that we have all of our designated RD servers organized, go to the top right of Server Manager, click Manage and select Add Roles and Features.
On the before you begin screen, hit Next.
Here, Microsoft has separated the option of deploying Remote Desktop Services from all other roles and features. Select the option Remote Desktop Services Installation and hit next.
There are two different deployment types: Standard and Quick Start. Quick start is an option to be used mainly for testing purposes or for a proof of concept. The Quick start option will deploy each role for Remote Desktop Services on a single server. In this case we are doing a full deployment and will use the standard deployment option. Select Standard deployment and hit next.
There are two different deployment scenarios. The first is for a Virtual machine-based desktop deployment (VDI). Since we are focusing on the traditional form of Remote Desktop Services, we will choose the Session-based desktop deployment option. Click next.
On the Review Role Services screen it will list a description of the three minimum roles required for the deployment. Review the items and hit next.
Now we need to specify which server will be our RD Connection Broker. In our environment we have already determined the server RDBROKER01 will be our RD Connection Broker. Select and add RDBROKER01 and hit next.
The RD Web Access server has a very small footprint and a lot of times it is easier and more practical to share this role on the designated RD Connection Broker server(s). In some big environments, the RD Web Access role can be installed on its own servers, however for our environment we will be adding the role to our designated RD Connection Broker server RDBROKER01. To do this, check the box listed to install the RD Web Access role service on the RD Connection Broker server and hit next.
For the RD Session Host servers, we have 2 designated servers. Add both servers RDSH01 and RDSH02 and hit next.
On the confirmation screen we can see our proposed configuration. A message will appear stating the RD Session Host servers may require a restart. In order to proceed from this screen, you must check the box to “Restart the destination server automatically if required”. Once checked, hit Deploy.
During the deployment, you will be able to view the progress of each role as it is being deployed. Should there be any issues, it will list the issue along with an error. Wait for the deployment to be completed and hit close.
Go back to Server Manager and you will notice a new node called Remote Desktop Services. Go ahead and click on the Remote Desktop Services node.
In the Remote Desktop Services node, you will see the entire configuration for the new farm. This is where you can begin publishing RemoteApps or session based desktops, add more session host servers, configure HA for the RD Connection Brokers, etc… It is your single console for managing and configuring the Remote Desktop Farm. THANK YOU MICROSOFT!
Now that we have our farm deployed, we will need to install certificates. A Remote Desktop deployment requires certificates for server authentication, single sign on, and establishing secure connections. These certificates should be created prior to the RDS deployment. Since there are multiple roles which require a certificate, you can use a wildcard certificate to make things easier. In our deployment, I’ve already generated a wildcard certificate and placed it in the following location: \\dc01\d$\Certs\. To begin installing the certs, click on the Tasks drop-down and select the option “Edit Deployment Properties”
Highlight the Role service RD Connection Broker – Enable Single Sign On. Then click on the “Select Existing certificate” button.
On the select existing certificate window, click on the browse button.
Locate and select the certificate and hit the open button.
Enter the password for the certificate and check the box “Allow the Certificate to be added to the Trusted Root Certification Authorities store on the destination computers”. Hit OK.
Back on the deployment properties screen, hit apply.
Once the certificate is applied for the single sign on role service, go ahead and highlight the RD Connection Broker – Publishing option and click on the Select existing certificate button.
Browse and locate the certificate. Once found hit the open button.
Enter the password for the certificate and check the box “Allow the Certificate to be added to the Trusted Root Certification Authorities store on the destination computers”. Hit OK.
Back on the deployment properties screen, hit apply.
Once the certificate is applied for the publishing role service, go ahead and highlight the RD Web Access role service and click on the Select existing certificate button.
Browse and locate the certificate. Once found hit the open button.
Enter the password for the certificate and check the box “Allow the Certificate to be added to the Trusted Root Certification Authorities store on the destination computers”. Hit OK.
Back on the deployment properties screen, hit apply.
Once completed, hit OK.
You have successfully deployed a 2012 RDS farm. Now on to publishing RemoteApp programs.
No comments:
Post a Comment