RDP Server Software

We need to set up multi factor authentication when connecting to server using RDP. I have tried Azure MFA Server, but it gives so much troubles. Maybe anyone have some information about this or practice with this kind of things. Thank you in advance. Popular Topics in Microsoft Remote Desktop Services. However you have to do the math if DUO or Azure AD with MFA might be a better bet for you. أريد تأمين خادم الويب الخاص بي vm ليقتصر بشكل أساسي على المنافذ 443 و 3389 بدقة. أنكرت كل شيء آخر صادر وداخل في NSG للويب vm. لكن لا يمكنني rdp بعد القيام بذلك. Introduction Back in 2014 I co-authored an article together with Kristin Griffin on how to secure RD Gateway with Azure MFA.

For conditional access you need a Azure P1 or P2. Get a trail version and create conditional access. Nope, no answer yet. Have you set up conditional access for remote desktop users when using the Azure MFA Extension for NPS? I have P2 licenses, which is required in order to set the MFA up for RD Gateway and the NPS extension.

Microsoft Remote Desktop Protocol (RDP) server software allows the Microsoft Remote Desktop Services (RDS) role in Windows Server operating systems to communicate with the RDS Client. Microsoft RDS role can be enabled on most editions of Windows Server. With Microsoft RDP server protocol, IT administrators can provide encrypted remote access to hosted desktops and applications on the server when using Microsoft RDS.

Here we will discuss how to enhance Microsoft RDP server performance through the straightforward, all-inclusive virtualization provided by Parallels® Remote Application Server (RAS).

Remote desktop services roles

Deploying RDS involves many components (roles). The roles you choose largely depends on how you want to deliver RDS to the end-user. These roles include:

1. Remote desktop session host

RDSH is a back-end server that holds desktops and session-based apps that you share with users. Users can access these apps and desktop via remote desktop clients that run on macOS, Windows, iOS, Android—including any HTML5-compliant browser. You can pool RDSHs into collections and configure properties such as session settings, load balancing, and user groups. This way, you control how the apps and desktops get accessed in the organization. For example, you can create a specific user group and only allow users designated to the group to access particular applications and desktops.

2. Remote Desktop Connection Broker

The remote desktop connection broker (RDCB) connects and reconnects users to their apps and desktops on RDP server farms. When making new connections, RDCB can load-balance requests to RDSH servers in session collections. If a session disconnects, RDCB automatically reconnects the user to the correct RDSH server and its interrupted session.

3. Remote desktop gateway

The remote desktop gateway (RDG) securely connects endpoints to remote apps and desktops on the RDSH servers over the public internet. It allows users to access their
desktops and apps on an internal network via a single public IP address and port. To enhance security, RDG authenticates users’ requests before granting them access to the published resources.

You can use RDG to enforce connection authorization policies (CAPs) that limits how users connect to the RDSH servers. For example, you can specify authentication requirements such as multi-factor authentication (MFA) and enable or disable device redirection in the CAP.

Kasumbi no rang pdf. 4. Remote desktop web access

The remote desktop web access (RDWA) allows users to access apps and desktops via a web portal. RDWA uses the hypertext transfer protocol secure (HTTPS) to encrypt the communication channel between client devices and the RDSH servers.

When connected, the RDWA launches resources through the endpoint’s remote desktop client application. You can leverage RDWA to publish resources to both Windows and non-Windows endpoints

5. Remote desktop licensing

The remote desktop licensing (RDL) manages the licenses that users require to connect to RDSH servers hosting tenant desktops and apps. An organization requires sufficient subscriber access licenses (SALs) to allow all unique authorized users that sign into the RDP servers each month.

Microsoft RDS Limitations

Since the release of Windows Server 2008 R2 OS, Microsoft refers to RDP server software as Microsoft RDS. Although it seems inexpensive, Microsoft RDS as a standalone delivery solution hides sunk costs in the tedious and time-consuming management.

In fact, configuring and running a standalone Microsoft RDS environment is a complex task. It requires the installation of various components and the skills of highly qualified professionals with knowledge of virtualization. In addition, Microsoft RDS does not provide users with a seamless experience while accessing resources on mobile devices, Mac®, Linux, Chromebook, or thin clients.

RDP Server – Parallels RAS Overcomes the Limitations

Parallels RAS is a comprehensive, easy-to-use virtualization solution. Via a proprietary protocol and Microsoft RDP, it brokers the connection between RDSH applications and desktops to client devices. Parallels RAS streamlines the configuration, deployment, and management of Microsoft RDS by Microsoft PowerShell API and configuration wizards. Additionally, several mission-critical features—such as gateways, servers, smart load balancing, and printing redirection—come ready to use out of the box.

Future of RDP Server

The future is the cloud. The case is the same as the RDP server. The future of RDP lies in making it available in the cloud, and Microsoft has managed to do just that.

Windows Virtual Desktop from Microsoft is a set of technologies, that allows the creation of virtual desktops in the cloud solution Azure.

Windows Virtual Desktop (WVD) gives employees access to a virtualized desktop environment on Azure. Hence, IT departments can host multiple Windows 10 desktops on the same hardware. The future of RDP Server is the cloud, but that is not the only usability of the WVD:

• WVD is also integrated with Azure Resource Manager, this means that you can change everything directly from the portal, without the use of PowerShell, third-party tools, or web apps.
• With the integration with Azure Resource Manager, it is also possible to publish resources lie Remote Apps and Desktops to Azure Active Directory Groups.
• WVD also supports Azure’s role-based access control.
• WVD also integrates with Azure Shared Image Gallery, which stores the virtual image definitions and image versioning.
• WVD also allows concurrent users to use a single Azure virtual machine at a given time.
• WVD licensing is simplified from prior virtual desktop technologies like RDS.
• User profiles are handed independently of the virtual machine.

WVD service recommends the usage of FSLogix profile containers as a user profile. FSLogix is a combination of solutions that simplifies, enables, and enhances Windows computing environments. They are appropriate for both public and private virtual environments and include solutions like profile container, application masking, java version control and application masking. With FSLogix solutions you can:

• Simplify management of applications and specify the Java version to be utilized by specific URL.
• Optimize file IO.
• Minimize sign in times and maintain user context for non-persistent environments.

It is evident from the introduction of WVD and the new features being introduced now and then, that virtual desktop’s future lies in the cloud. A virtual desktop is not limited to being a way to access resources on end devices but is surely set to be integrated with the capabilities of role-based access, profile management, active directory management, imaging, etc.

Platform and Device Independent User Experience

Parallels® Remote Application Server (RAS) provides an intuitive, consistent, and user-friendly experience on any device. It offers native clients across a wide range of desktop and mobile operating systems, including Windows, Linux, MacOS, Android, and iOS. Parallels RAS also provides HTML5 web access via compatible browsers such as Chrome, Firefox, and Safari.

Parallels Client, as the Parallels native client for various devices is called, supports native gestures and multitasking for the best mobile desktop experience. The Parallels Clients for Windows and HTML5 web browsers are also fully customizable for white-labelling purposes. With its full support for Samsung Desktop Experience (DeX), users can turn their Samsung smartphones into full-fledged workstations.

Parallels RAS Universal Printing allows users to print from any device utilizing local printers, and without needing to install additional printer drivers. Parallels RAS adapts applications to fit entire screens, making for easier user interactions. It provides extended drag-and-drop functionality between servers and clients and supports multiple monitors out of the box. Local drive redirection capability means users can choose to keep their work locally and RemoteFX USB redirection enables local services to be used even while working on remote applications.

Ultra-fast logins and smart-load balancing are enabled by default on Parallels RAS. For routine tasks, administrators can configure quick keys on virtual keyboards to make user interaction even easier. This functionality is extended to the Chrome OS, allowing Windows-specific keyboard actions to be configured for Chrome, making life easier for Chromebook users.

Test Parallels RAS in your RDS environment by downloading the free trial.

References

Connecting to Your Windows Instance

How to Use Remote Desktop

What Is RDP/VPN and How to Use It

How to Set Up and Use Remote Desktop for Windows 10

TS RemoteApp Step-by-Step Guide

Hello Everyone,

In First article of this series, we discussed the general concept of Azure Multifactor Authentication, and how MFA participate in securing your on premise environment and Hybrid one if exist.

In this article we will go in more technical details about how to use Azure Multifactor Authentication using a real example.

One of my customers have a server which contains a highly secure data and only around 6 users have a remote desktop access to that server, the customer need to add more security layer for accessing this server.

I suggest the customer to use Azure MFA, since it will add a highly secure layer to the remote desktop access to the server in addition to the low cost of this service.

so let’s start the technical steps to do that, remember that we need to integrate remote desktop protocol access (RDP) with Azure MFA.

in this part we will prepare the Azure MFA provider and download the MFA server setup files, In next part we will deploy and configure the MFA server to secure the RDP.

First of all let’s summarize the requirements to implement this scenario:

1- we need an azure account (Azure Tenant) to configure and install the Azure setup, if you don’t have account you can sign up for one month as trial, for more info follow this link : https://azure.microsoft.com/en-us/pricing/free-trial/

Azure Mfa Rdp Login

2- integrate RPD protocol with Azure MFA is not supported in windows 2012 R2 (until the date of this article), which means if you need to integrate RPD with Azure MFA you need to install windows 2012 and earlier such as windows 2008 R2.

3- To secure the remote desktop protocol (RDP) with Azure Multifactor, you must install the Azure MFA server in the same RDP server, in other word assume you have a server called “SRV1”, then you should install the MFA setup in the “SRV1” server, if you look back to point #2 you can conclude that you cannot secure the RDP for windows 2012 R2 (until the date of this article).

This deployment called MFA stand alone server since all deployment will be on premise and no integration will be done between local AD and Azure AD.

Now, log in to your azure tenant using https://manage.windowsazure.com, go to active directory tab from left pane:

Now choose MULTI-FACTOR AUTH PROVIDERS option from the top options,

Click New:

MULTI-FACTOR AUTH PROVIDERS used to install the MFA server setup files, also the provider will be responsible for the usage calculations and you can customize your setup from the provide such as fraud alerts.

Now choose App Services -> Active Directory -> MULTI-FACTOR AUTH PROVIDERS – Quick Create.

Name: choose any meaning full name for your provider.
Usage Model: you have two options here, per user enabled and per authentication, this option cannot be changed later, if you need to change it later you must create new provider, the difference between the two model is how Microsoft will charge you, if you choose per enabled user then you will be charged for how many users using MFA regardless of how many actual authentication occurs, if you choose per authentication you will be charged every time the users try to authenticate using Azure MFA.
Directory: choose Don’t link a directory since we will install the stand alone MFA server without integration with Azure AD.

After you fill the required information, click create:

after less than minute a new provider will be available in your tenant as shown below:

Mfa Remote Desktop Gateway

Click in the provider just created, then click in the MANAGE button in the bottom of the portal page:

Using Azure Mfa For Rdp

The MFA Management page will appear, click in Downloads button as below:

in the download server page, it’s list the supported OS versions for MFA server including windows 2012 R2 and this is not what I said before, be smart I mentioned that the RPD feature is not supported in windows 2012 R2 but there is a lot of features that work in windows 2012 R2, Now click in Generate Activation Credentials button to generate the credential which will be used to register your server in MFA provider during the setup.

Email and password credential will be generated, these credential valid to be used within 10 minutes, if you take more than 10 min to start the setup you can re generate a new credentials.

Now click the download text to start the downloading of the MFA setup:

After the download complete, copy the setup file to the server you need to secure the RDP on it and double click on the setup to start the installation.

In Next Part we will continue our demo by installing the multifactor server and configuring it to secure remote desktop access.

So keep tuned 🙂

About Blogger …

Ahmad Yasin (MCSA office 365, MCSE : Messaging, Azure Certified)