{"id":410,"date":"2018-02-08T01:16:23","date_gmt":"2018-02-08T01:16:23","guid":{"rendered":"http:\/\/www.ciraltos.com\/?p=410"},"modified":"2023-03-24T00:34:53","modified_gmt":"2023-03-24T05:34:53","slug":"remote-desktop-services-azure","status":"publish","type":"post","link":"http:\/\/www.ciraltos.com\/staging2\/remote-desktop-services-azure\/","title":{"rendered":"Remote Desktop Services in Azure"},"content":{"rendered":"<p><a href=\"\/wp-content\/uploads\/2018\/02\/AzureRDSServices.png\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" loading=\"lazy\" class=\"alignleft wp-image-414 size-medium\" src=\"\/wp-content\/uploads\/2018\/02\/AzureRDSServices-300x229.png\" alt=\"\" width=\"300\" height=\"229\" srcset=\"http:\/\/www.ciraltos.com\/staging2\/wp-content\/uploads\/2018\/02\/AzureRDSServices-300x229.png 300w, http:\/\/www.ciraltos.com\/staging2\/wp-content\/uploads\/2018\/02\/AzureRDSServices-768x587.png 768w, http:\/\/www.ciraltos.com\/staging2\/wp-content\/uploads\/2018\/02\/AzureRDSServices.png 1017w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p>Over the past few months I have had the opportunity to implement Remote Desktop Services in Azure. \u00a0The strategy of this project was to go beyond a \u201clift and shift\u201d mentality of an RDS deployment to an infrastructure that will scale on demand and provide for rapid deployment of new resources as needed.\u00a0 In this post I give a high-level view of the RDS services deployed and the Azure services used to support them.<\/p>\n<p>Running RDS in Azure provides a high degree of availability compared to hosting in a conventional data center. \u00a0For example, Azure has native features such as Availably Sets and Load Balancing services to limit interruptions from planned and unplanned outages.\u00a0 Azure also has network resilience built in.\u00a0 Hosting a reliable externally available RDS environment on-premises requires redundant internet connections, BGP and underlying Routing and Switching infrastructure.\u00a0 In Azure, simply provision an external IP and the rest is built in.<!--more--><\/p>\n<p>The illustration in this post provides a visual of the Azure services used in this project and how they relate to each RDS service.\u00a0 More detail is provided below.<\/p>\n<h2>RD Web and RD Gateway<\/h2>\n<p>To start with, the Remote Desktop Web (RD Web) service provides a web-based landing page for users to log into and access services published to them.\u00a0 The RD Gateway acts as a middleman between Web to RDP services, tunneling RDP traffic over port 443.\u00a0 Providing RDP services over the internet without exposing the RDP port.<\/p>\n<p>Azure Load Balancer &#8211;\u00a0 Standard Windows Network Load Balancing (NLB) will not work with Azure.\u00a0 Instead, Microsoft Azure offers software load balancers with all VM (except for \u201cBasic\u201d VM\u2019s).\u00a0 Load balancers provide HA by redirecting traffic to active nodes if one becomes unavailable.\u00a0 Azure Load Balancers provide HA on the RD Web\/RD Gateway servers and the Connection Brokers in this implementation.<\/p>\n<p>** Please note, A reader pointed out that the correct name for the service below is Azure AD Application Proxy.\u00a0 That is different from the Application Gateway**<\/p>\n<p>Azure AD Application <del>Gateway<\/del>\u00a0Proxy\u2013 It is common practice to expose the RD Web page to the internet for external access, relying on forms-based authentication to protect the site. \u00a0The Azure AD Application Proxy is used to provide an extra layer of security to the RD Web Page.\u00a0 The Azure AD Application Proxy is a cloud-based proxy service.\u00a0 It works by installing an agent on a server inside your network.\u00a0 This agent makes an outbound connection to the Azure AD Application Proxy services, establishing a two-way connection.\u00a0 Internal services can be published in the Application Proxy services and made available externally without opening ports on a firewall.<\/p>\n<p>An added benefit to the Azure AD Application Proxy is it can use Azure AD authentication services as a \u201cpre-authentication\u201d to the RD Web server.\u00a0 This way, Azure AD authentication, including MFA if enabled, is required prior to accessing the RD Web page.<\/p>\n<h2>RDS Connection Broker<\/h2>\n<p>The connection broker acts as a traffic cop for RDP sessions.\u00a0 It monitors active connections to the session hosts and directs new connections accordingly.\u00a0 It also reconnects disconnected sessions to the same server, preventing orphaned connections.<\/p>\n<p>Azure SQL &#8211; \u00a0Multiple Connection Brokers provides HA, but requires a central database. \u00a0Azure SQL Server provides this central database for the Connection Broker cluster.\u00a0 Microsoft has outlined the steps to use Azure SQL for a Connection Broker Cluster <a href=\"https:\/\/docs.microsoft.com\/en-us\/windows-server\/remote\/remote-desktop-services\/rds-connection-broker-cluster\" target=\"_blank\" rel=\"noopener\">here<\/a>.<\/p>\n<p>Session Host Auto Scale &#8211; It costs money to run servers on Azure.\u00a0 However, it doesn\u2019t cost money when they are shut down and in the deallocated state.\u00a0 With that in mind, a higher number of smaller, less expensive VM\u2019s as Session Host servers were provisioned.\u00a0 These servers can be powered on and deallocated as usage increase and decrease, providing a cost savings.<\/p>\n<p>Microsoft provides an auto scale script <a href=\"https:\/\/gallery.technet.microsoft.com\/scriptcenter\/Automatic-Scaling-of-9b4f5e76\" target=\"_blank\" rel=\"noopener\">here\u00a0<\/a>that runs on the Connection Broker and brings Session Host Servers online as demand increases and shut them down when the need decreases.\u00a0 To do this, the script needs to log into Azure to control the Session Hosts power state.\u00a0 The script can be configured with user name and password credentials, or a more secure certificate option.\u00a0 The certificate option uses an Azure AD Service Principle login, storing the certificate in the Azure Automation certificate store.\u00a0 This provides additional security as it is not necessary to store your credentials in the script.<\/p>\n<h2>Session Hosts<\/h2>\n<p>The Session Host is the resource users interact with as a remote desktop or published application.\u00a0 As mentioned previously, these can be shut down and powered on as needed by the auto scale script.\u00a0 This can be a problem however when it\u2019s time to patch the servers.\u00a0 An Azure Automation Runbook is used to start all Session Hosts during their patch window.\u00a0 The Runbook uses the Azure Key Vault to store the credentials used to log into Azure and start the VM\u2019s.\u00a0 Azure Auto Shutdown is used at the end of the patch window to shut down and deallocate the VM\u2019s.<\/p>\n<h2>Azure ARM Template Deployment<\/h2>\n<p>Azure ARM Templates are used to deploy all VM\u2019s in this environment.\u00a0 Although not unique to RDS, it is worth a mention.\u00a0 ARM templates provide a way to quickly deploy a large number of VM\u2019s.\u00a0 One feature of ARM Templates called Copy Index allows for creating multiple VM\u2019s in parallel.\u00a0 Templates are used to rapidly scale out the number of session hosts in this project.<\/p>\n<p>Passwords for items such as local computer and Domain Join accounts are secured in Azure Key Vault.\u00a0 The ARM template references those secrets during the deployment.\u00a0 This prevents storing credentials directly in the template file.<\/p>\n<p>Azure Desired State Configuration is used to finish server setup tasks.\u00a0 This service can add roles and services, copy file, set the time zone and make many other configuration changes.\u00a0 Azure ARM Templates and DSC cut the deployment time down to a fraction of what a traditional server deployment takes.<\/p>\n<p>More information on ARM templates and DSC can be found <a href=\"http:\/\/www.ciraltos.com\/category\/azure\/\" target=\"_blank\" rel=\"noopener\">here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Over the past few months I have had the opportunity to implement Remote Desktop Services in Azure. \u00a0The strategy of this project was to go beyond a \u201clift and shift\u201d mentality of an RDS deployment to an infrastructure that will scale on demand and provide for rapid deployment of new resources as needed.\u00a0 In this &hellip;<\/p>\n<p class=\"read-more\"> <a class=\"\" href=\"http:\/\/www.ciraltos.com\/staging2\/remote-desktop-services-azure\/\"> <span class=\"screen-reader-text\">Remote Desktop Services in Azure<\/span> Read More &raquo;<\/a><\/p>\n","protected":false},"author":1,"featured_media":4095,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"default","ast-global-header-display":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":""},"categories":[2],"tags":[204,205,9,207,206,181,203,209,208,26,56],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Remote Desktop Services in Azure - ciraltos<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/www.ciraltos.com\/staging2\/remote-desktop-services-azure\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Remote Desktop Services in Azure - ciraltos\" \/>\n<meta property=\"og:description\" content=\"Over the past few months I have had the opportunity to implement Remote Desktop Services in Azure. \u00a0The strategy of this project was to go beyond a \u201clift and shift\u201d mentality of an RDS deployment to an infrastructure that will scale on demand and provide for rapid deployment of new resources as needed.\u00a0 In this &hellip; Remote Desktop Services in Azure Read More &raquo;\" \/>\n<meta property=\"og:url\" content=\"http:\/\/www.ciraltos.com\/staging2\/remote-desktop-services-azure\/\" \/>\n<meta property=\"og:site_name\" content=\"ciraltos\" \/>\n<meta property=\"article:published_time\" content=\"2018-02-08T01:16:23+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-03-24T05:34:53+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/www.ciraltos.com\/staging2\/wp-content\/uploads\/2023\/03\/AzureRDSServices-300x229-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"300\" \/>\n\t<meta property=\"og:image:height\" content=\"229\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Travis Roberts\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ciraltos\" \/>\n<meta name=\"twitter:site\" content=\"@ciraltos\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Travis Roberts\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"http:\/\/www.ciraltos.com\/staging2\/remote-desktop-services-azure\/#article\",\"isPartOf\":{\"@id\":\"http:\/\/www.ciraltos.com\/staging2\/remote-desktop-services-azure\/\"},\"author\":{\"name\":\"Travis Roberts\",\"@id\":\"http:\/\/www.ciraltos.com\/staging2\/#\/schema\/person\/25391996d6cddfecd4d257162b7e373a\"},\"headline\":\"Remote Desktop Services in Azure\",\"datePublished\":\"2018-02-08T01:16:23+00:00\",\"dateModified\":\"2023-03-24T05:34:53+00:00\",\"mainEntityOfPage\":{\"@id\":\"http:\/\/www.ciraltos.com\/staging2\/remote-desktop-services-azure\/\"},\"wordCount\":1002,\"commentCount\":3,\"publisher\":{\"@id\":\"http:\/\/www.ciraltos.com\/staging2\/#\/schema\/person\/25391996d6cddfecd4d257162b7e373a\"},\"keywords\":[\"AD Application Gateway\",\"AD Application Proxy\",\"Azure\",\"Connection Broker\",\"Load Balancing\",\"RDS\",\"Remote Dekstop\",\"Session Host\",\"Terminal Server\",\"VM\",\"web\"],\"articleSection\":[\"Azure\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"http:\/\/www.ciraltos.com\/staging2\/remote-desktop-services-azure\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"http:\/\/www.ciraltos.com\/staging2\/remote-desktop-services-azure\/\",\"url\":\"http:\/\/www.ciraltos.com\/staging2\/remote-desktop-services-azure\/\",\"name\":\"Remote Desktop Services in Azure - ciraltos\",\"isPartOf\":{\"@id\":\"http:\/\/www.ciraltos.com\/staging2\/#website\"},\"datePublished\":\"2018-02-08T01:16:23+00:00\",\"dateModified\":\"2023-03-24T05:34:53+00:00\",\"breadcrumb\":{\"@id\":\"http:\/\/www.ciraltos.com\/staging2\/remote-desktop-services-azure\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/www.ciraltos.com\/staging2\/remote-desktop-services-azure\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/www.ciraltos.com\/staging2\/remote-desktop-services-azure\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/www.ciraltos.com\/staging2\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Remote Desktop Services in Azure\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/www.ciraltos.com\/staging2\/#website\",\"url\":\"http:\/\/www.ciraltos.com\/staging2\/\",\"name\":\"ciraltos\",\"description\":\"cloud, technology and trends\",\"publisher\":{\"@id\":\"http:\/\/www.ciraltos.com\/staging2\/#\/schema\/person\/25391996d6cddfecd4d257162b7e373a\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/www.ciraltos.com\/staging2\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"http:\/\/www.ciraltos.com\/staging2\/#\/schema\/person\/25391996d6cddfecd4d257162b7e373a\",\"name\":\"Travis Roberts\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"http:\/\/www.ciraltos.com\/staging2\/#\/schema\/person\/image\/\",\"url\":\"http:\/\/www.ciraltos.com\/staging2\/wp-content\/uploads\/2023\/03\/Logo-1.png\",\"contentUrl\":\"http:\/\/www.ciraltos.com\/staging2\/wp-content\/uploads\/2023\/03\/Logo-1.png\",\"width\":5657,\"height\":3563,\"caption\":\"Travis Roberts\"},\"logo\":{\"@id\":\"http:\/\/www.ciraltos.com\/staging2\/#\/schema\/person\/image\/\"},\"sameAs\":[\"http:\/\/www.ciraltos.com\",\"https:\/\/twitter.com\/ciraltos\"],\"url\":\"http:\/\/www.ciraltos.com\/staging2\/author\/admin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Remote Desktop Services in Azure - ciraltos","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/www.ciraltos.com\/staging2\/remote-desktop-services-azure\/","og_locale":"en_US","og_type":"article","og_title":"Remote Desktop Services in Azure - ciraltos","og_description":"Over the past few months I have had the opportunity to implement Remote Desktop Services in Azure. \u00a0The strategy of this project was to go beyond a \u201clift and shift\u201d mentality of an RDS deployment to an infrastructure that will scale on demand and provide for rapid deployment of new resources as needed.\u00a0 In this &hellip; Remote Desktop Services in Azure Read More &raquo;","og_url":"http:\/\/www.ciraltos.com\/staging2\/remote-desktop-services-azure\/","og_site_name":"ciraltos","article_published_time":"2018-02-08T01:16:23+00:00","article_modified_time":"2023-03-24T05:34:53+00:00","og_image":[{"width":300,"height":229,"url":"http:\/\/www.ciraltos.com\/staging2\/wp-content\/uploads\/2023\/03\/AzureRDSServices-300x229-1.png","type":"image\/png"}],"author":"Travis Roberts","twitter_card":"summary_large_image","twitter_creator":"@ciraltos","twitter_site":"@ciraltos","twitter_misc":{"Written by":"Travis Roberts","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"http:\/\/www.ciraltos.com\/staging2\/remote-desktop-services-azure\/#article","isPartOf":{"@id":"http:\/\/www.ciraltos.com\/staging2\/remote-desktop-services-azure\/"},"author":{"name":"Travis Roberts","@id":"http:\/\/www.ciraltos.com\/staging2\/#\/schema\/person\/25391996d6cddfecd4d257162b7e373a"},"headline":"Remote Desktop Services in Azure","datePublished":"2018-02-08T01:16:23+00:00","dateModified":"2023-03-24T05:34:53+00:00","mainEntityOfPage":{"@id":"http:\/\/www.ciraltos.com\/staging2\/remote-desktop-services-azure\/"},"wordCount":1002,"commentCount":3,"publisher":{"@id":"http:\/\/www.ciraltos.com\/staging2\/#\/schema\/person\/25391996d6cddfecd4d257162b7e373a"},"keywords":["AD Application Gateway","AD Application Proxy","Azure","Connection Broker","Load Balancing","RDS","Remote Dekstop","Session Host","Terminal Server","VM","web"],"articleSection":["Azure"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["http:\/\/www.ciraltos.com\/staging2\/remote-desktop-services-azure\/#respond"]}]},{"@type":"WebPage","@id":"http:\/\/www.ciraltos.com\/staging2\/remote-desktop-services-azure\/","url":"http:\/\/www.ciraltos.com\/staging2\/remote-desktop-services-azure\/","name":"Remote Desktop Services in Azure - ciraltos","isPartOf":{"@id":"http:\/\/www.ciraltos.com\/staging2\/#website"},"datePublished":"2018-02-08T01:16:23+00:00","dateModified":"2023-03-24T05:34:53+00:00","breadcrumb":{"@id":"http:\/\/www.ciraltos.com\/staging2\/remote-desktop-services-azure\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/www.ciraltos.com\/staging2\/remote-desktop-services-azure\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/www.ciraltos.com\/staging2\/remote-desktop-services-azure\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/www.ciraltos.com\/staging2\/"},{"@type":"ListItem","position":2,"name":"Remote Desktop Services in Azure"}]},{"@type":"WebSite","@id":"http:\/\/www.ciraltos.com\/staging2\/#website","url":"http:\/\/www.ciraltos.com\/staging2\/","name":"ciraltos","description":"cloud, technology and trends","publisher":{"@id":"http:\/\/www.ciraltos.com\/staging2\/#\/schema\/person\/25391996d6cddfecd4d257162b7e373a"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/www.ciraltos.com\/staging2\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"http:\/\/www.ciraltos.com\/staging2\/#\/schema\/person\/25391996d6cddfecd4d257162b7e373a","name":"Travis Roberts","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"http:\/\/www.ciraltos.com\/staging2\/#\/schema\/person\/image\/","url":"http:\/\/www.ciraltos.com\/staging2\/wp-content\/uploads\/2023\/03\/Logo-1.png","contentUrl":"http:\/\/www.ciraltos.com\/staging2\/wp-content\/uploads\/2023\/03\/Logo-1.png","width":5657,"height":3563,"caption":"Travis Roberts"},"logo":{"@id":"http:\/\/www.ciraltos.com\/staging2\/#\/schema\/person\/image\/"},"sameAs":["http:\/\/www.ciraltos.com","https:\/\/twitter.com\/ciraltos"],"url":"http:\/\/www.ciraltos.com\/staging2\/author\/admin\/"}]}},"_links":{"self":[{"href":"http:\/\/www.ciraltos.com\/staging2\/wp-json\/wp\/v2\/posts\/410"}],"collection":[{"href":"http:\/\/www.ciraltos.com\/staging2\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.ciraltos.com\/staging2\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.ciraltos.com\/staging2\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.ciraltos.com\/staging2\/wp-json\/wp\/v2\/comments?post=410"}],"version-history":[{"count":12,"href":"http:\/\/www.ciraltos.com\/staging2\/wp-json\/wp\/v2\/posts\/410\/revisions"}],"predecessor-version":[{"id":615,"href":"http:\/\/www.ciraltos.com\/staging2\/wp-json\/wp\/v2\/posts\/410\/revisions\/615"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/www.ciraltos.com\/staging2\/wp-json\/wp\/v2\/media\/4095"}],"wp:attachment":[{"href":"http:\/\/www.ciraltos.com\/staging2\/wp-json\/wp\/v2\/media?parent=410"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.ciraltos.com\/staging2\/wp-json\/wp\/v2\/categories?post=410"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.ciraltos.com\/staging2\/wp-json\/wp\/v2\/tags?post=410"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}