Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks
Uploaded by anshnagpal12921

POV Unit 3

advertisement 
MODULE - III
Deploying and
Managing a
Presentation
Virtualization
Environment
3.1.3 Prepare and Manage Remote Applications
The help of remote administration features of the Windows, one can manage the applications
of all the systems from a remote server. One can access the computers of our organization
from a remote server and install application, modify application and delete application on the
remote machine by using the Remote Desktop Snap-in. In addition to that one can assign or
publish applications. One can assign an application to the users or to the computers for the
access of each person to have the application on their computers whenever needed. When a
user logs on to his/her computers, then the application starts installing. When you want the
application to be available to the users you may publish any application to the users in the
group and they will have the access to the application whenever necessary as you publish the
application to them. These users then determine when to install the application.
To create a new connection to a remote computer
1. Open the Remote Desktops snap-in from your server.
2. In the wizard right-click the Remote Desktops.
3. Then Click Add new connection.
4. In the Add New Connection wizard, in Server name or IP address, specify the name
or IP address of the server.
5.
In Connection Name, specify a name for this connection. This step is optional you
can continue without specifying name.
6. If you do not want to connect to the console of the server, uncheck the Connect to
console check box.
7.
Click OK.
To publish an application to users
1. Open the Group Policy Software Installation wizard.
2. In the details pane, right-click, New and then click Package.
3. In the Open wizard, select the Windows Installer package that you want to published
and click Open.
111
4. In the Deploy Software wizard, click Published.
Application Sharing
Application sharing is a remote access element, which falls under the collaborative
software. The software enables real time access to two or more users for a shared application
or a shared document from their respective computers at a time in real time. In general, the
host computer runs the shared application or document and the host users provide the
remote access shared content to the other users. The application must exist in only one of the
machines connected with each other. In order to transfer an application from one computer
to another.
Application sharing relies on screen-sharing technology, which uses the Internet to allow
users to remotely view and control software applications on a central host computer. The best
part of using application sharing technology is that remote users can easily run software not
installed on their systems and even software that's not compatible with their operating system
or requires more processing power than their computer has. This benefits the remote users as
they literally view and control applications that are installed on the host computer.
Figure 3.1.1: RTC Application Sharing Server
The Real-Time Collaboration Application Sharing Server handles the flow of data between
portal users collaborating through the RTC-based application sharing feature.
RTC application sharing facilitates users to share their Windows desktop or individual
applications with other portal users in real time. Remote users can interact directly with the
host or application as if they were sitting at the host's machine.
112
SharedAppVnc Tool is a remote collaboration tool. It allows application sharing between
remote participants. In a typical usage scenario, two or more remote collaborators would run
SharedAppVnc on their desktop computers while participating in a phone or conference call.
Sharing of windows between the remote desktops could be possible after establishing
SharedAppVnc connections, through ssh-tunnels., they would be able to. The shared
windows could either be set to view-only or controlled by the remote viewers
SharedAppVNC is based on VNC (Virtual Network Computer).This needs a modified VNC
protocol that allows window sharing. Unlike Normal VNC which is only able to share a user's
entire desktop and thus does not lending itself to a combination of shared and private data,
the SharedAppVNC has an advantage of ability to share individual windows. Whichever the
user would like to share.
SharedAppVNC has two components
•
A server to share windows
•
A client to view windows.
The SharedAppVNC Server runs on a host’s desktop computer and allows them to select
which windows from the desktop to share. Only windows, they select will be visible to the
other collaborators. The collaborators will run both the Server and Viewer so, that they can
share and receive windows. The other collaborator's computers will run the SharedAppVNC
which allows them to receive the shared windows. The important feature of the
SharedAppVnc Viewer is that it puts each received window in its own frame which can be
resized or positioned independently of the size or position of windows on the server or the
other clients. Both the Server and Viewer can listen for or initiate connections. Linux and
Mac OS X platforms currently support SharedAppVNC. The process of adding support for
Windows OS is going on.
Remote Application Server provides virtual desktop and application from a single platform.
Virtual application and virtual desktop can be accessed from anywhere with client computer
to network connection. We can publish full desktops, applications and documents with the
help of remote application server within a virtual environment, which provides desktop
manageability and improves security and performance.
Remote Application Server advance the Windows Terminal Services by using a customized
shell and virtual channel extensions over the Microsoft RDP protocol. It supports all major
113
Hypervisors from Microsoft, VMware and more enabling the publishing of virtual desktops
and applications to the Client.
We can centrally manage the end user’s desktop connection and application sharing from the
server using the Client Manager Module.
When a user requests a virtual desktop or application, from the group server which hosts the
desktop and application it chooses a server which is less loaded and provides the virtual
desktop or application connection from the host.
Users can connect to the remote application by using the RDP Client which can be installed
in many operating system like Windows, Linux, MAC android, Chrome and iOS or by using
a browser.
Reporting
The Remote Application Server provides a reporting tool which helps the administrator to
monitor the environment and take preventive measures before any problem occurs. It also
helps the administrator to adjust system settings in such a way that it improves the system
efficiency. There reports are divided into five groups.
Below are the groups Groups available:
1. User Reports
This group gives an insight into how an end user interacts with RAS.
2. Group Reports
These show how the groups of the users interact with the system.
3. Devices Reports
This gives information of the devices connected to RAS.
4. Server Reports
These generate the statistics of RAS server component usage which includes server health.
They display CPU and RAM usage in a graph.
5. Application Reports
Application reports are used to learn about which applications are being used.
114
More than one user can access the application in the same time.
For example, a software sales man designed an application and now he had to demonstrate
this application to his clients instead of travelling to the client location, using the application
sharing he can simply share his screen and application from his location using network
connection now the client can also work with the application from his computer. Both can
access the application at the same time. So, it will be easy for the salesman to explain and
client also will be satisfied because he worked in the application personally.
Another example is a civil engineer who has designed a project using the CAD software from
his office. If he wants to explain this to his co-worker who is working onsite. he can share his
desktop and application to the co-worker’s laptop so that he can access the CAD application.
Even though his laptop doesn’t have the configuration and processing power to run the CAD
application he can still access it with the help of application sharing.
Application / Files sharing between computers
Let’s discuss about the tools which is used for sharing application and files between the
computers. There are many tools and application available for application and file sharing
between the computers. We will see about most commonly used tools.
Windows Homegroup
Homegroup is very simple to configure. Just create a Homegroup from the Homegroup
option within Windows Explorer and you’ll get a password which enables you to access from
your nearby computers and they can join your Homegroup. The other members of the
Homegroup will now have access to your shared files when they log ON to the same network
— then you may select the libraries whichever you want to share while you create a
Homegroup.
117
Figure 3.1.2: Create a Homegroup
Dropbox LAN Sync
Many people exchange files between their computers by synchronising them with any one of
the cloud storage solutions like, Dropbox, Google Drive, or SkyDrive. This can take a while
— the file first gets uploaded to your cloud storage provider’s servers and then it gets
downloaded back to your other computers. This process makes syncing a large file take
forever.
Dropbox stands out amongst the crowd by offering a “LAN Sync” feature. If suppose two
computers which are using Dropbox are on the same network, then they’ll sync all the files
directly between themselves without the process of long upload and download. If you add a
file of size 1 GB to your Dropbox, then it will quickly sync to the other computer which is
running Dropbox if it is available on the same network.
The highlight is folders can be shared in your Dropbox along with other people. If suppose
they are also on the same LAN network as you are, then they’ll also get the benefits of LAN
118
sync. That is you can directly sync the files to another person’s computer while sharing files
via Dropbox and you’re on the same network.
Figure 3.1.3: Dropbox LAN Sync
USB 3.0 Drive
A USB drive, an old standard doesn’t work wirelessly, but it is a quicker method to transfer
any files. Moreover, the computers need not be connected at all.
Bit Torrent Sync
When you need to keep files synchronized between your computers — ensuring that you
have the access to the same files locally on each of the hard drive then you may try the
BitTorrent Sync. There’s no cloud storage component, as in Dropbox LAN Sync, meaning
that there’s no limit for the amount of files you can sync. If BitTorrent Sync is configured
only to work between computers available on the local network, then it won’t upload
anything over the Internet. Compared to Windows Homegroup, BitTorrent Sync will
automatically sync the folders specified by you reducing the need for manually copying the
files back and forth. The focus on a shared secret means that your folder can be shared with
someone else just by giving them the secret.
119
Figure 3.1.4: Bit Torrent Sync
Self-assessment Questions
7)__________ will automatically sync the folders specified by you reducing the need
for manually copying the files back and forth.
a) Own cloud
b) Sync simplicity
c) Windows HomeGroup
d) BitTorrent Sync
8) __________ stands out among the crowd by offering a “LAN Sync” feature
a) Dopbox
b) Google Drive
c) SkyDrive
d) Skype
120
Introduction
In the previous chapter, we have discussed about the application virtualization. Different
vendors provide different products for application virtualization. For example, Citrix
provides Xenapp and xendesktop for application virtualization, VMware provides the
product named Thinapp, Microsoft provide App V and RemoteApp. In this chapter, we are
going to discuss about the RemoteApp.
Using RemoteAPP the end user will access the applications which are hosted in a remote
server present in the cloud environment. The cloud platform developed by Microsoft is called
Azure. Using this cloud platform, administrator can develop and manage application and
services in the cloud environment and the end users can access these applications and services
from their own device.
The RemotAapp functioning is based on the Remote Desktop service provided by the
Microsoft. So in this section we will also discuss about the Remote Desktop.
3.2.1 RemoteApp
The application virtualization product of Microsoft is RemoteApp.
RemoteApp is a Microsoft technology that allows users to access the application which is
running on the remote machine from their local machine. Users can access the application
which is present in the remote machine just like accessing the application which is present in
the local machine. RemoteApp is based on the RDS (Remote Desktop Service).
Azure RemoteApp
Azure RemoteApp allows the users to access the corporate application from anywhere such as
home, coffee shop, airport and from any device such as laptop, tablet at the same time. It
provides security to the application.
Windows Azure RemoteApp achieves this by combining the windows application experience
with the power of remote desktop services in the azure cloud.
In the azure RemoteApp, all the applications will be running on the windows servers present
in the azure cloud and the end users can access these applications with internet connection
from anywhere using any device. The application will run as if they are running on the local
machine.
126
The administrator only needs to upload the application in the azure cloud and the end users
can access it. The administrator can manage the application from the azure portal. All the
applications are running in the azure cloud platform so it is easy to provide centralised
security to your application. You can also protect the application by configuring the
credentials, so that the user can access the application only if they know the credential.
Did You Know!
The Microsoft Azure is previously called as Windows Azure.
Azure RemoteApp collections
In Azure RemoteApp, there are two types of collections:
•
Cloud Collection
•
Hybrid Collection
In cloud collection, all the applications and data are stored in the cloud and the user can
access the application by providing the credentials. They can use their Microsoft account for
log in or if their corporate credential is integrated with azure directory. They can use their
corporate credentials to log in and access the application in the azure cloud.
In hybrid collection, some applications and data are stored in the azure cloud and the
remaining application and data are present in their corporate private network. The users can
access all the applications which are present in both azure cloud and private network, if they
have valid credentials.
You can choose hybrid collection if you don’t want to store all your confidential data on the
cloud for security reasons.
127
Did You Know!
Microsoft is charging "per user" not "per device." The same employee can use this app to
access Windows apps on an iPad at home and on their Windows PC and Microsoft won't
charge extra for that. In the past, Microsoft charged separately for both.
Microsoft is also using "pay as you go" pricing with Azure RemoteApp. Companies pay a set
fee for up to 40 hours a month, then additional fees for each hour, up to a maximum of $23
per user per month. This is how many cloud products and consumer services work, but it's
brand new for Windows.
Creating a cloud collection of Azure RemoteApp
There are four steps:
1. First, we need to create a Azure RemoteApp Collection
2. Next, we need to synchronize our Active Directory with the Azure Active Directory
tenant. If the users are using their Microsoft account then this step is optional.
3. Then we have to publish our apps in the collection.
4. Finally, provide access to the users.
You need to do the following before creating the collection:
•
First you should Sign up for the Azure RemoteApp.
•
Collect the user account information of the users for which you are providing access.
The user account can be corporate active directory or Microsoft account.
•
In this procedure we assume that you are either going to use one of the template
images which is provided as part of your subscription when you subscribed to the
azure RemotApp. If you are going to upload a different template image to the
collection, from the Template Image page you can upload the template image.
Step 1: Creating a cloud collection
Now we are going to see the steps involved in creating cloud collection.
1. Go to the RemoteApp page from the management portal.
2. Then click New and QuickCreate.
128
3. Next, specify the name of your collection and then select your region.
4. Choose standard plan or basic plan based on your environment.
5. Select the template that you are going to upload to this collection.
6. Finally, click the CreateRemoteApp collection to create your collection.
It can take maximum 30 minutes to create your collection.
After the collection is created, if you double click the collection it will open the Quick Start
page, from where you can configure your collection.
Step 2: Configure AD directory synchronization
If you want your users to use your corporate Active Directory account for authentication,
then you should integrate your active directory with the azure tenant active directory, so that
it will synchronize the user name, password and contact. After synchronization, if the user
logs in with the corporate active directory account, the azure tenant active directory can
authenticate the user.
If you allow your users to use their Microsoft account for authentication, then you don’t have
to configure this active directory synchronization.
Step 3: Publishing apps
If the users want to access the app which is running in the azure cloud, you should publish the
app. For publishing, the app should be stored in the template that you have uploaded to the
collection. You can publish the app present in the template image by using the Add program
button in publish page.
You can publish the app from the start menu of the template or you can publish by specifying
the path of the application in the template.
If you are publishing by specifying name then you have to provide a name to your
application.
You can publish multiple apps.
Step 4: Configuring user access
129
Now we have successfully created the RemoteApp collection, the next step is to add the user
accounts so that only these users will be allowed to access the application. The user can use
their Microsoft account or Active directory account for logging in. If you are using active
directory account then it should be integrated with the azure directory.
1. From the Quick Start page, click the Configure user access.
2. Enter the Active Directory or Microsoft account of the users for which you want to
grant access.
3. It will now start to validate the users. Once it is completed, click Save.
Now we have successfully created the Azure RemoteApp collection and published the
application. The users can access this application with the help of remote desktop client.
For Your Information!
Citrix supports hybrid cloud provisioning on Amazon Web Services (AWS) or any public
private cloud.
Self-assessment Questions
1) In March 2014, Microsoft announced plans to rebrand its Azure cloud platform to
Microsoft Azure. What was its former name?
a) Azure Exchange
b) Windows Azure
c) Azure Web Services
d) Azure Office
2) Which Azure collection allows you to access both internal resources and cloud
hosted resources?
a) Cloud collection
b) Hybrid collection
c) Data collection
d) Resource collection
3) What is the name of the azure Remoteapp collection which allows you access the
resources hosted in cloud?
130
a) Cloud collection
b) Hybrid collection
c) Data collection
d) Resource collection
3.2.2 Remote Desktop Service
Using remote desktop feature, you can connect to the desktop of remote machine from your
local machine via network connection. For example, if you want to connect to your office
computer from your home, then you can use this remote desktop feature, you can connect to
your office computer from your home, you can access the application and files in the office
computer. You can do all the set asks in the remote desktop as if you are physically accessing
the machine.
In other words, with the remote desktop feature you can take control of remote machine from
your local machine. And you can access all the data and application present in the remote
machine easily.
The remote desktop feature allows the users to work from anywhere and anytime and they
can access their office computer desktop and do their work. It gives flexibility to users.
And from any device they can access the desktop of remote machine, the desktop session and
applications are running on the remote machine as your local machine is just an interface to
access the machine so even with low configuration device you can access power full servers.
Figure 3.2.1: Remote Desktop Service
Most of the IT and other organizations are successfully using this remote desktop feature to
maintain their IT infrastructure. For example, if an end user faces some issue in his
computer, then he will call the support team, the team member will take the remote desktop
131
of the user’s machine to rectify the problem. Instead of the end user explaining the problem
the support team member can take control of the machine, easily find the problem and rectify
it.
(i) Remote Desktop Service Advantages
•
Security – When remote desktop is implemented in the organization then users will
take the desktop of the remote machine and do their work. All the important files,
data and applications are stored on the remote machine. The remote machine can be
present in the data centre. Nothing is stored on the end user machine. So it is more
secure there is no way to steal the confidential data. And the communication between
the remote machine and end user devices in remote desktop are encrypted that
nobody can hack the data.
•
Flexibility – With the help of the remote desktop the users can work from anywhere
and anytime. All they need is a network connection and machine to perform their
duties which give more flexibility to the users.
•
Lower Costs – With the help of remote desktop, the organization can reduce the
hardware and software costs. As the users are going to take remote desktop the end
user device need not to be a high configuration machine, which reduces the hardware
cost. And no need to install the same copy of the software in all the machine, which
reduces the software license cost.
•
Application deployment: With the help of remote desktop, we can quickly install the
application in all the machines in the organization.
•
Application consolidation: The programs are installed and run from the RD Session
There is a host server in the remote desktop environment so all the users can access
this application, and the administrator don’t have to update application on each client
computer
•
Remote access: Users can access programs that are running on an RD Session Host
server from any devices such as home computers, kiosks, low-powered hardware and
even the device can have any operating systems.
•
Branch office access: If a branch office user wants to access the data which is present
in the main office, using remote desktop the user can access the data. When compared
132
to other solutions, the remote desktop provides better performance when there is a lot
of data transfer involved.
(ii) Disadvantages of Remote Desktop Service
•
Downtime – If the main server which provides the remote desktop service is down,
then the entire system will go down. So the main server has to be consistent.
•
Network Dependency – The remote desktop feature is completely dependent on the
network. The user connects to remote desktop via the network connection so if there
is a problem in the network then the users cannot use this feature.
•
Bottlenecks – The remote desktop session and RemoteApp programs are hosted on a
server. When a user connects to the remote desktop on the remote desktop session
from the server, it is assigned to the user. For more number of users trying to connect
to the remote desktop at the same time, then the server hosting the remote desktop
session will be overloaded. The users will face performance issue during such
situations
•
Knowledge – The administrator should have good knowledge of remote desktop
service. If there is a problem when user connects to the remote desktop, then the
administrator should be able to solve it.
(iii) Remote Desktop Services Components
Now we will discuss the components of the remote desktop service.
•
RD Session Host: Remote Desktop Session Host was previously called as Terminal
Server. The RD session host server hosts the remote desktop session and RemoteApp
program that the remote desktop user access. If an end user wants to access a remote
desktop session, he will access one of the remote desktops which are hosted in the session
host server. You can have more than one remote desktop session host server in your
environment and the group of session host servers is called as Farm.
•
RD Web Access: Remote Desktop Web Access (RD Web Access) was previously called as
TS Web Access. The RD web access allows the users to access the remote desktop session
and remote app programs simply from a browser or using the start menu of the windows
7 machine. The RD web access provides an easy path for end users to access the machine.
133
•
RD Licensing: Remote Desktop Licensing (RD Licensing) was previously called as
TS Licensing. Every user and every device which access the remote desktop session needs
Client Access License (CAL). When a user connects to the remote desktop session, which
is hosted on the RD session host server then a client access license will be used. The
function of RD License server is to install, issue and keep track of the license. So that you
cannot have number of remote desktop session than you have license for.
•
RD Gateway: Remote Desktop Gateway (RD Gateway) was previously called as
TS Gateway. For security reasons the RD session host server and other components will
be in the private network behind the firewall. So that only internal network users can
access it, anybody from the internet cannot access these servers directly. But in some
situation you want to allow your users to access from the internet at the time you need
this RD gateway.
Users from internet will connect to the RD gateway then the gateway will be connected to
the RD session host server and the user can access the remote desktop session.
•
RD Connection Broker: Remote Desktop Connection Broker (RD Connection Broker),
was previously called as TS Session Broker. Its main function is to provide load balancing
in the server farm. In the farm you will have many RD session host servers, hosting the
remote desktop sessions and remoteapp programs, when an end user request the
connection for remote desktop session, based on the load in the farm the connection
broker will assign one of the session host servers for the user. It evenly distributes the load
among the RD session servers in the farm. It is acting as a middle man between the end
user and server which is hosting the remote desktop session.
•
RD Virtualization Host: Remote Desktop Virtualization Host provides virtual machines
as remote desktop to the users. It provides virtual machines to the users with the help of
Hyper-V.
134
Self-assessment Questions
4) Which Windows feature enables you to run applications, open files and access
network resources on a remote computer?
a) Internet Explorer
b) RCTICKET
c) Remote Assistance
d) Remote Desktop
5) What is the RD Gateway role for?
a) Accessing RDS sessions from an iPad only
b) Accessing RDS sessions remotely
c) Connecting users to an RDS session over an unsecured Internet connection
d) Connecting users to an RDS session over an secured Internet connection
6) Which protocol is specific to Terminal Services?
a) RRAS
b) RDP
c) PAP
d) CHAP
135
3.2.3 Installing and Configuring Remote Desktop
Services (RDS) on Windows
1. In your server open the Server Manager.
Figure 3.2.2 Open the Server Manager
2. Click on Manager, Add Roles and Features.
Figure 3.2.3 Click on Manager
136
3. In the before you begin page Click Next.
Figure 3.2.4: Add roles and features wizards
4. In the Add roles and Features wizard, select the role based or feature based installation
option and click Next.
Figure 3.2.5: In the Add roles and Features wizard, select the role based or feature based
installation option
137
5. Select the server on which you are going to install the Remote Desktop Services role
on, Click Next.
Figure 3.2.6: Select the server on which you are going to install the Remote Desktop Services
role on
6. Select Remote Desktop Services, Click Next.
Figure 3.2.7: Select server roles
138
7. Select any features if required, Click Next.
Figure 3.2.8: Select feautures in add roles and features wizards
8. Read the Description, Click Next.
Figure 3.2.9: Discription window
139
9. In the select role services wizard select Desktop Licensing, RD Gateway, RD web
access and then Click Next.
Figure 3.2.10: Select role services wizard select Desktop Licensing
10. Click Next on Network Policy and Access Services.
Figure 3.2.11: Network Policy and Access Services
140
11. Click next, in the Network Policy Server wizard.
Figure 3.2.12: Network Policy Server wizard
12. Click Install.
Figure 3.2.13 Role and Feature wizard
141
13. Close the wizard when finished.
Figure 3.2.14: Installation progress
Configuring Remote Desktop Services on Windows Server 2012
1. We begin the configuration by launching Remote Desktop Gateway Manager from
Tools menu.
2. Select the Server name from the left pane it will give a warning.
Figure 3.2.15: Launching Remote Desktop Gateway Manager from Tools menu
142
Activating Remote Desktop Licensing in Windows Server 2012
1. We begin by Launching the Remote Desktop Licensing Manager.
Figure 3.2.25: Server manager
149
2. Right Click on the server and select activate server.
Figure 3.2.26: RD Licensing manager
3. Click Next.
Figure 3.2.27: Activate server wizard
150
4. In the method of activation choose Web Browser, Click Next.
Figure 3.2.28: In the method of activation choose Web Browser
151
5. Click on the Link to open the activation page.
Figure 3.2.29: Activate server wizard – License server activation
6. Select Activate a license server, Click Next.
Figure 3.2.30: Activate License server
152
7. Enter the required information. Click Next.
Figure 3.2.31: Remote desktop server
8. Verify the information, Click Next.
Figure 3.2.32 Remote desktop server – verify the information
153
9. Copy the License server ID.
Figure 3.2.33: Copy the License server ID
10. Paste the License server ID in the given field. Click Next.
Figure 3.2.34: Paste the License server ID in the given field
154
11. Uncheck Start Install Licenses Wizard now. As we do not require any Client licenses.
Click Finish.
Figure 3.2.35: Uncheck Start Install Licenses Wizard
155
MODULE - IV
Accessing
Published
Applications
Introduction
In the previous chapter, we have discussed Remote app and Remote Desktop Services. Now
you know how to successfully deploy and manage Remote App and configure the Remote
Desktop session host server. However the success of deploying the Remote App and Remote
Desktop relies on end-user satisfaction. That is the end-user should access the Remote App
and Remote Desktop in a simple way without much effort. So we have to provide a simple
user-friendly interface for users to discover the available resources. Providing an easy way for
end-user to access the resources is very important.
To achieve this we can use the Remote Desktop Web Access service. In this chapter, we will
discuss remote desktop and its configuration.
4.1.1 Remote Desktop Web Access
The RD Web Access allows the users to access the RemoteApp and Remote Desktop from a
browser or from the start menu of Windows 7 client machine.
Once we have configured the RD Web Access then the user can easily discover all the
published resources from RD Web Access web portal.
From this website, users can launch the remote desktop sessions and remote app programs by
simply clicking the icons. Or if the user is using windows 7 machine they can launch these
resources from the start menu of the local computer like launching a program installed on the
local machine.
The Remote Desktop Web Access was previously called as Terminal Service web access.
Working of RD Web Access
Administrator publishes the resources (remoteapp, remote desktop session) using Remote
Desktop session host server. If the user wants to use these resources from RD Web Access
server then we need to specify the source that provides the RemoteApp programs and Remote
desktops. That source can be Remote Desktop Connection Broker (RD Connection Broker)
server or a RemoteApp source.
The Remote Desktop Connection Broker keeps track of all the available resources. The
Remote Desktop Web Access role service asks RD Connection Broker about the available
resources and RD Connection Broker provides the result.
164
Using that data the RD Web Access server creates two data streams,
One is HTML (Hyper Text Markup Language) data that is displayed as a web page in the RD
Web Access web portal. The end user will see the available resources and launch the required
resource.
The other one is an Extensible Markup Language (XML) feed that is used by the windows 7
users for accessing the resources from the start menu. From the start menu, the users can start
the Remoteapp program or remote desktop session.
Figure 4.1.1: Working of RD Web Access
If a user launches a RemoteApp program, then a Remote Desktop Services session is started
on the Remote Desktop Session Host server that hosts the RemoteApp program. When a user
connects to a virtual desktop, a remote desktop connection is made to a virtual machine that
is running on the Remote Desktop Virtualization Host server.
165
Configuring the Remote Desktop Web Access
Now we will discuss the steps involved to configure the Remote Desktop Web Access. Before
configuring the RD Web Access, first, we should have an RD session host server and we need
to enable the Remote App program for the RD web access so that the RemoteApp program
will be displayed on the page.
After that, we need to install the Remote Desktop Web Access service role on a server and
the server will act as an RD Web Access server. Then we have to specify the source of the
Remote Desktop and RemoteApp program in the RD web access server. The RD web access
server fetches the detail of available resources from the source and put it on the website. The
end user will access the website and use the resources.
Enabling RemoteApp Program for Remote Desktop Web Access
By default, a RemoteApp program is enabled for Remote Desktop Web Access when a
program is added to the RemoteApp Programs list on a Remote Desktop Session Host server.
In the previous chapter, we have already discussed RD session host configuration and adding
a program to Remote App program list.
Use the following procedure on the RD Session Host server. The RemoteApp programs are
configured to determine if a RemoteApp program is enabled for RD Web Access.
1. On the Remote Desktop Session Host server, click the Start menu, go to
Administrative Tools -> Remote Desktop Services and then click RemoteApp
Manager.
2. In the RemoteApp Programs list, make sure that a Yes value appears in the RD Web
Access column next to the program that you want to make available through RD Web
Access.
3. If the Remote App program is not enabled for Web Access then click the program
name and select Show in RD Web Access in the Actions pane. Now the remote app
program will be enabled for RD web access.
166
Figure 4.1.2 RemoteApp Manager
Install Remote Desktop Web Access Role Service
Remote Desktop Web Access is a role service under the remote desktop services. After
installing the role, the server will act as a web portal from where the end users can discover
and access the published resources. When you install this role the Microsoft Internet
Information Services (IIS) is also installed on the server. In short, after installing the Remote
Desktop Web Access role service on the server, the server will act as a Web Server.
You can install this role service in the same server or in a separate host server. Use the
following procedure to install the RD Web Access role service.
1. In the host server, go to Start menu, select Administrative Tools and then
click Server Manager.
2. This role service is a sub role under the Remote Desktop Services (This step will be
required if you are installing the RD web access role service in a separate server other
than the session host server)
a. In the Roles Summary, click Add Roles.
b. Then click Next on Before You Begin page.
c. On the Select Server Roles page, select the Remote Desktop Services check box
and click Next.
d. Review and then click Next.
167
e. On the Select Role Services page, select the Remote Desktop Web Access check
box.
Figure 4.1.3: Add roles Wizard- Select Server
If the Remote Desktop Services role is already installed (if you are installing the RD web
access in the RD session host server then Remote Desktop role will be already installed):
a. In the Roles Summary, click Remote Desktop Services.
b. Then click Add Role Services.
c. On the Select Role Services page, select the Remote Desktop Web Access check box.
168
Figure 4.1.4: Checking Role Status
169
3. Click Add Required Role Services.
Figure 4.1.5: Add role wizard – Adding required role services
4. Click Next.
5. Then on the Select Role Services page, you will be prompted to select the role services
that you want to install for IIS, click Next.
6. On the Confirm Installation Selections page, click Install.
Then the installation will begin. You can see the installation progress. Once the installation is
completed click Close.
Now we have successfully installed the Remote Desktop Web Access role service.
Populate the TS Web Access Computers Security Group
Suppose if the RD web access server and the RD session host server that host the Remoteapp
program are different servers, you have to add the computer account of the RD Web Access
server to the TS Web Access Computers security group on the RD Session Host server. This is
done to enable the web port to display applications from that terminal server.
If you have not added then when you access the RD Web Access website you will get an error
message.
170
7. In the Enter the object names to select box, specify the name of the RD Web Access
server and then click OK.
8. Click OK to save the settings.
Accessing the RD Web Access web page
After installing the RD we can access service role and adding the computer account of web
access server to the security group we can access the RD web access web page.
If you want to access this web page from a browser you can use this
https://<server_fqdn>/rdweb URL (server fqdn(Fully Qualified Domain Name) is the name
of the server where you have installed the RD web access service role i.e. your RD web access
server name).
The other way of accessing RD web access web page is from the RD web access server. Go to
start menu of the RD web access server, select Administrative Tools then select Remote
Desktop Services and click Remote Desktop Web Access Configuration.
When you access the web page you will be prompted to provide the username and password.
You need to provide the credential of a user account which has Administrator privilege.
172
4.1.2 Configuring Role-based Application
Provisioning
Every user in the organization needs to access the application. There will be many
departments like HR, IT, Accounts in the organization and there will be different types of
users like Manager, Team Leader, Assistant. Everybody will access the same web portal to
launch their resources but they need to view only the application for which they have access,
for example, the accounts department user should not access the IT department application,
the manager should not access the Director’s application. If the permission to access the
application is not properly maintained then it will lead to security risks.
But every user will log into the same portal. The portal must give customized results for each
user based on their role. It should show only the application that the user has the rights to
access. So the provision of application should be automated. If it is not automated then when
a new user joins then the administrator needs to manually configure the permission and
provide access to the user. Until that time the user cannot access any application so the new
user has to wait idly till he gets access to the resources.
Suppose if a user leaves the organization and the administrator doesn’t remove the privilege
then the user can still access the organization resources.
To avoid these situations we can automate the application provisioning based on the user
roles. If it is automated, the new user is given provision immediately when the user account is
created and will de-provision the user automatically when a user leaves the organization by
synchronizing user details regularly.
We will discuss the components in the automated role-based application provisioning
solution.
Components for Role-Based Provisioning
•
Provisioning platform
•
Role management platform
•
Access management platform
•
Web portal
185
PROVISIONING
PLATFORM
ROLE
MANAGEMENT
ACCESS
MANAGEMENT
WEB PORTAL
Creating,
Deleting and
Modifying user
accounts on the
target system.
Synchronize
regularly with the
trusted sources.
Creates
hierarchy of
user access
rights based
on the
similar
roles.
Authentication
and
authorization of
users.
Provides
centralized SSO
service to users.
Provides
access to the
enterprise
application.
Provide
personalized
listing of
application
to users with
the help of
access
management
Figure 4.1.19: Components of Role Based Provisioning
The Provisioning Platform
The provisioning platform simplifies the provisioning of application to the users by
automatically creating user accounts based on the role of the user and relationship to the data
on the target system.
The provisioning platform fetches the details of users from a trusted source. And based on
these details it creates the user accounts on the target system. If there is a change in user data
such as changes in job role, the addition of a new employee, termination of an employee, the
provisioning platform automatically synchronizes these data between the target system and
the source. For example, if an employee is terminated, the provisioning platform
automatically deletes the user account on the target system, or if an employee role is changed
and the employee no longer requires the access to the application then provisioning platform
automatically removes the privilege of the user on the target system.
In short, the provisioning platform is responsible for regularly synchronizing user details and
provisioning and de-provisioning users by creating and deleting user accounts on the target
system.
186
The Role Management Platform
The provisioning platform will provide the user details; it will create a hierarchy of user access
rights based on the responsibility of the user. The role management and provisioning
platform together decide the rights of users and the applications that the user can access
Access Management Platform
Access management platform provides the automated Single Sign On solution. That is, the
user can log in once and can access multiple applications across the organization. The user
doesn’t have to provide the credentials whenever he accesses a different application. It is
providing centralized authentication.
Web Portal
The portal is the place where the users can view and access the resources. Once the user logs
in, the portal displays only the applications that the user has access. That is the portal is
personalized for each user based on their roles. The user can view and access only those
applications for which the user has the privilege to access. We have discussed the functions of
each component, now we will see how these components work together.
Figure 4.1.20: Working of Role Based Provisioning
187
1. When a new user is added to the trusted identity source, a notification is sent to the
provisioning platform. Because the provisioning platform is responsible for
synchronizing user details.
2. After receiving the user details the provisioning platform provisions the user in the
role manager.
3. The role manager checks the attributes of the user and based on attributes the role
manager assigns the user a hierarchy.
4. The role manager considers the role and membership of the user and calculates based
on attribute and applications that are provisioned and send this result back to the
provisioning platform.
5. The provisioning platform based on this result creates, deletes and modifies user
accounts on target applications.
6. In the example image above, the user has provisioned an LDAP directory which stores
the user identities in groups based on their roles.
7. The access management platform is responsible for authentication of the users when
they access the application portal. It authenticates the users with the help of LDAP
directory because the organization user details are stored in the LDAP directory.
Did You Know?
RDP does not use a constant amount of bandwidth; it actually tries to reduce bandwidth
usage to 0 when nothing is changing on the screen. Bandwidth consumption only goes up in
proportion to what is changing on the screen. For instance, if you just run a line of the
business app with basic graphics and not much animation you may end up sending just a
few Kbps of bandwidth down the wire. Of course, if you start running animation-heavy
applications or graphics your bandwidth usage will go up to support that scenario.
188
Introduction
Remote Desktop grants access to the desktop of a computer at another location. For example,
you can connect to your office computer from your house and manage all your applications,
network resources and files just as if you were actually in your office, using your office
computer.
The RDP (Remote Desktop Protocol) enables the communication between the local machine
and the remote machine. If a client machine wants to connect with the remote machine then
remote desktop must be enabled on the remote machine. The local machine should have
network connectivity with the remote desktop because we are going to connect through the
network and the user should have the valid credential to access the remote machine.
4.2.1 Configuring Remote Desktop Client
Connection
In the client machine, go to Start menu, search
Remote Desktop Connection and
click to start the connection.
If you want to access it quickly then press WIN + R to open Run dialog, type mstsc and
click OK.
The following Figure 4.2.1 will guide you to open the Remote Desktop Connection.
Figure 4.2.1: Run Dialog
196
Now the Remote Desktop Connection wizard will open.
Figure 4.2.2: Remote Desktop Connection Wizard
Provide the computer name or IP address of the remote computer for a specific connection or
click the connect button for default settings.
You can edit the settings of the remote desktop connection by selecting Show options as in
figure 4.2.3
Figure 4.2.3: Remote Desktop Connection- Show Option
Many configuration tabs such as General, Display, Local Resources, Experience and
Advanced can be viewed as in figure 4.2.4
197
The information provided under the General tab like remote computer name or IP and user
name can be saved as an .rdp file using the save option (Refer Figure 4.2.4). Else the already
saved file can be selected from the file list shown using the open option. This option will be
useful when you frequently take the remote desktop of the same machine.
Click connect option to make the remote desktop connection for the chosen file.
Figure 4.2.4: Remote Desktop Connection- General Tab
In Display tab, you can select a specific window size (remote host resolution) or full screen.
You can also select the colour depth (Refer Figure 4.2.5).
Once, the remote desktop connection is established then you cannot change the resolution.
So, before establishing the connection we have to configure this setting. This is the only
option to set the screen resolution.
198
Figure 4.2.5: Remote Desktop Connection – Display Tab
When the Full Screen is selected, remote session uses the full screen of the client computer
and sets resolution automatically. For example, if the client display resolution is set to
1600x900, then the remote host is shown on your desktop in full screen using 1600x900
resolution, regardless of local resolution set on the remote computer.
The Local Resources tab allows us to set the audio settings of the remote host like playback
and recording. In the audio playback, you have three options (figure 4.2.6) and they are: play
on this computer, don’t play and play on the remote computer. You can select any option
according to your environment and requirement.
199
Figure 4.2.6: Remote Desktop Connection – Local Resources Tab
200
The Experience tab has settings related to the connection quality.
Figure 4.2.7: Remote Desktop Connection – Experience Tab
201
In the Advanced tab, you can configure to show or hide the authentication warning when you
connect to the remote computer.
Figure 4.2.8: Remote Desktop Connection – Advanced Tab
Click Connect to access the remote desktop.
The credentials are to be provided by the user like username which has the permission to
access the remote desktop, i.e., you have to provide the credential of the user profile present
in the remote system which has permission to access the remote desktop. Your local machine
credential will not work.
Provide the username in the format of computer name/username.
Now
you
will
get
a
security
warning
about
the
certificate
Select Don't ask me again for connections to this computer and click Yes.
202
(Figure
4.2.9).
Figure 4.2.9: Remote Desktop Connection – Certificate Warning Page
Now we are connected successfully to our remote desktop.
Figure 4.2.10: Remote Desktop Connection – Connected Remote Desktop
203
If you want to disconnect the remote desktop connection, then go to the Start menu -> Log
off. Choose the disconnect option.
Figure 4.2.11: Remote Desktop Connection – Log Off menu
204
You can also disconnect simply by using the Close button on remote session window
Figure 4.2.12: Remote Desktop Connection – Close button
While disconnecting, you will be shown a dialog box (Figure 4.2.13) for confirmation.
Figure 4.2.13: Remote Desktop Connection – Disconnected Dialogue box
205
4.2.2 Configuring Client Settings
By configuring the client settings for Remote Desktop session, we can achieve better
performance and more user-friendly remote desktops.
We can now discuss how to configure the following client settings:
•
Making the local devices and resources available in a remote session.
•
Start program automatically when a user logs on.
•
Configuring the maximum colour depth for a remote session.
•
Configuring monitor settings for a remote session (when client has multiple
monitors).
Making The Local Devices And Resources Available In A Remote Session
Remote Desktop feature helps you to log on and view the desktop of another computer from
your own computer. After logging into the remote session, if you go to My Computer, it will
show the drives of the remote computer not your own computer’s driver.
Remote desktop services allow the users to access their local resources and devices in the
remote session which is referred as Redirection. By using redirection, the user can access their
local computer resources such as local drivers, COM port, Clipboard, printer, audio and
supported plug and play devices (USB).
Users can also specify which local resources will be available to them for the remote session.
Now we will see how to configure it using the Local Resource tab.
How to transfer files from remote desktop to local machine?
You can redirect the local disk drives, including the hard disk drives, CD-ROM disk drives,
floppy disk drives and mapped network disk drives so that you can transfer files between the
local host and the remote computer in the same way that you copy files from a network share.
Did you know?
Using Remote Desktop you can access your windows machine from your iphone. You can connect
to your Windows Computer and see the files, programs and resources exactly as you would if you
were sitting at your desk, just on a smaller screen.”
207
1. Open the Remote Desktop Connection
Figure 4.2.14: Remote Desktop Connection Wizard
2. Click Options to see the advanced options.
3. In the options, click Local Resources tab.
4. Under the Local Drives and Resources pane, you can check or uncheck the resources
based on your requirement. Then click on More to see the extensive list of resources that you
can redirect to the remote machine.
Figure 4.2.15: Remote Desktop Connection – Local Resources Tab
208
5. Now you can select the drives and port which you want to redirect to the remote machine.
Figure 4.2.16: Remote Desktop Connection – Select Drive Page
6. After the redirection configuration, log into the Remote Desktop as you normally do.
7.Now if you go to My Computer you can see the changes. It will now show the redirected
drives.
Figure 4.2.17: Connected Remote Desktop after mounting Local Drives
209
The administrator can also specify which local drives and resources should be available to
users for the remote session. In short, the administrator can enable or disable the redirection
for particular resources.
For example, if the administrator disables redirection of local drives, users connecting
remotely to the RD Session Host server on this connection will not be able to redirect their
local drives in their remote session even if the user selects the Local drives check box on
the Local Resources tab under Options in Remote Desktop Connection.
Enable or disable the redirection of local devices and resources
1. On the Remote Desktop Session Host server, click Start menu, then select Administrative
Tools, select Remote Desktop Services and then click Remote Desktop Session Host
Configuration.
Figure 4.2.18: Remote Desktop Host Configuration
210
2. Under Connections pane, right-click the name of the connection and then click
Properties.
Figure 4.2.19: Connections Pane
3. In the Properties dialog box for the connection, click the Client Settings tab.
4. Under Redirection tab(as shown in fig4.2.20), you can select the check box next to
particular local drive or resource type to disable the redirection. Uncheck the check box to
enable redirection.
211
Figure 4.2.20 Select Redirection Wizard in Session Host server
5. Click OK to save the settings.
Start a Program on Connection
When you access the Remote Desktop Services sessions, you can access the full Windows
desktop by default. You can also specify a particular program to start when the user logs in.
If an initial starting program has been specified, the user can use only this program on the
remote desktop session. The Start menu and the Windows Desktop will not be displayed
when the user logs on to the remote session and when the user closes the program, the session
is automatically logged off.
You can configure this initial starting program at remote session host configuration, at the
connection level or at the user level. If you configure at the connection level, it will affect all
212
the users who are using this connection. If you configure at the user level, the particular
program only runs when the user logs in.
If all the three are configured, preference will be given to Initial starting program settings
configured by using Remote Desktop Session Host Configuration over specific user account
configuration or in Remote Desktop Connection.
Now we will discuss the procedure to configure the initial starting program using the Remote
Desktop Session Host Configuration.
1. First, go to the Remote Desktop Session Host server then click Start, select
Administrative Tools -> Remote Desktop Services and then click Remote Desktop
Session Host Configuration.
2. In the Remote Desktop Session Host Configuration wizard under Connections, rightclick the name of the connection and then click Properties.
3. In the Properties dialog box for the connection, click the Environment tab.
Figure 4.2.21: Start the Program
213
4. Select Start the following program when the user logs on. Do the following:
a. In the Program path and file name box, enter the fully qualified path and file
name of the executable file to be run when the user logs on. For example: if you
want
to
run
notepad
when
the
user
logs
in
specify
c:\windows\system32\notepad.exe.
b. Optionally in the Start in box, enter the fully qualified path to the starting
directory for the program. For example c:\windows\system32.
If you leave the Start in box blank the program will run using its default directory.
5. Click OK to save the settings.
The changes made on the Environment tab are not applied to the users who are connected.
The changes will take effect the next time when the user establishes a new connection to this
Remote Desktop Session Host server.
If you don’t want to start a program when the user logs in, then in the Environment tab, select
the always show desktop option.
Configuring the Maximum Colour depth for a Remote Session
We can specify the maximum colour resolution (colour depth) for a remote session. When we
limit the colour resolution, connection performance is improved especially over slow links
and reduces server load.
The actual colour depth for the connection is determined by the colour support available on
the client machine.
The administrator can configure the colour depth in the Remote Desktop Session host server.
The user can also specify a colour depth for the connection on Remote Desktop Connection
wizard under the Display tab, but the user specified colour depth cannot exceed the value that
is configured in the Remote Desktop Session Host server.
214
Figure 4.2.22 Remote Desktop Connection
Now we will see how to configure the maximum colour depth in remote Desktop session host
server.
1. On the Remote Desktop Session Host server, first, open the Remote Desktop Session
Host Configuration.
2. Under the Connections, right-click the name of the connection and then
click Properties.
215
3. In the Properties dialog box, click the Client Settings tab, then select the Limit
Maximum Color Depth check box. Provide the value based on your environment
requirement.
The default value is 32 bpp.
Figure 4.2.23 Colour Depth
4. Click OK to apply the settings.
The changes are not applied to the users who are connected. The changes will take
effect, the next time when the user establishes a new connection to this Remote
Desktop Session Host.
216
Configuring the Monitor Settings for a Remote Session
In your client machine even if you have a dual monitor or multiple monitor setup, when you
connect to the remote desktop you will have only one monitor. If you want the multi-monitor
experience in the remote host session, then you need to configure the settings.
Multiple monitor support for Remote Desktop Services allows users to open a Remote
Desktop connection expanded across all the monitors on the client computer. With this
feature, the user can fully utilize all the monitors connected to the client computer for the
Remote Desktop connection.
Currently, this feature displays the remote desktop on all the monitors available on the client
computer. It can handle any client monitor configuration supported by Windows.
The user can enable this feature by checking the Use all my monitors for the remote session
under the Display tab in the Remote Desktop Connection wizard.
Figure 4.2.24: Checking Use all my monitors for the remote session under the display
217
This feature was introduced in Windows_7. In previous versions, if we want to use the
multiple monitor features in remote desktop then we have to use the span mode.
The span mode was introduced in Vista. It has some restrictions such as the primary monitor
must be left_most, all the monitors must have the same resolution and the set of the monitor
should form a rectangle. The total of all monitor resolutions must be below 4096×2048
(example. 1600×1200+1600×1200 = 3200×1200).
Only some monitor configuration satisfies the span mode requirement. The following
diagram shows the value valid or invalid for Span.
Figure 4.2.25: Value Valid or invalid for Span
The maximum number of monitors available for the remote session will depend on the
number of monitors the client has, but it cannot exceed the maximum number of monitors
specified in the Remote Desktop session host.
RDP allows a maximum of 16 monitors. The administrator can configure a value between 1
and 16 by default.
218
Now we will see how to configure the maximum number of monitors for a remote session in
the Desktop session host server configuration.
1. On the Remote Desktop Session Host server, open the Remote Desktop Session Host
Configuration.
2. Under the Connections, right-click the name of the connection and then
click Properties.
3. In the Properties dialog box for the connection, click the Client Settings tab, then
specify the maximum number of monitors per session. A lesser number of monitor
provides better performance.
Figure 4.2.26: Monitor Settings
219
Related documents
Information Age
Information Age
Download
advertisement