Windows Server 2008 R2: Remote Desktop Services od A do Ž

Download Windows Server 2008 R2: Remote Desktop Services od A do Ž

Post on 08-Feb-2016

38 views

Category:

Documents

0 download

DESCRIPTION

Windows Server 2008 R2: Remote Desktop Services od A do . Luka Manojlovi MA-NO d.o.o. Gremo! Demo!. Connection B r okering arhitektura. RD Server. Connection Broker. 3.Prepare/ Start VM. 2.Get Target. 4.Return Target. Hyper-V. TSV. TSV. TSV. RD Redirector. VM. 5.Redirect - PowerPoint PPT Presentation

TRANSCRIPT

Slide 1Windows Server 2008 R2: Remote Desktop Services od A do Luka ManojloviMA-NO d.o.o.Gremo! Demo!Connection Brokering arhitekturaRD RedirectorRD ServerConnection BrokerClientTSVTSVTSVVMTSVTSVTSVVMHyper-VHyper-V1.Connect2.Get Target4.Return Target3.Prepare/Start VM5.RedirectTo VM6.Connect to VM1. Client connects to a RD redirector that can reside either on the connection broker machine or a dedicated machine.2. The redirector calls into connection Broker to get the redirection packet in order to redirect the client to the final destination TS (or VM) machine. 3. The Connection Broker calls into the policy plug-in to determine which VM the user must be redirected. The policy-plug-in calls into the AD to find out the assigned VM for the user. After the VM is identified connection broker with help of RDV service on the Host server prepares and starts the VM and get the IP address.4. Connection broker sends target IP address to redirector.5. Redirector sends redirection packet to client.6. Client connects to the VM with the IP address.Session Broker the component that handles load balancing and redirection of TS sessions.COM Microsofts component object model.Redirector The component that acts as a proxy for the RDP connection to communicate with SB in order to send back the redirection packet to the TS client.SB Client The component within TS that communicates with SB server.Plug-in Manager: The manager module within SB that manages all plug-insPolicy plug-in A policy plug-in that determines the target farm (or machine) of the users connection. This can be an assignment policy or other policies we may identify in M2.Resource plug-in A plug-in that determines the most suitable machine within the farm to send the connection to, readies the machine or image, and/or prepares the machine to receive the connection.Filter plug-in A third party plug-in that can override some of the functions of a Resource plug-in. Filter plug-ins can also be loaded without resource plugins. Placement: Mostly specific to VMs it is the process of locating the VM image and making sure it is placed in the right VM host.Orchestration: The process of preparing/readying the machine/VM image to accept incoming connections.Connection : A connection identifies the user connection from TS client to the redirector.Poganjamo aplikacije ali predstavljamo namizje z enega raunalnika (strenika) na drugemOddaljimo uporabniko izkunjo z uporabo remote desktop protokolaRemote Desktop Services v Win2K8 R2Today I introducing Windows Server 2008 R2 Remote Desktop Services the next generation of server tools and platformthat allows to accelerate and extend, centralized desktop and application deployments. So, what exactly is Remote Desktop Services? Remote Desktop Services (RDS) is the new name for Terminal Services to reflects it's expanded role in Windows Server 2008 R2. It allows to deploy desktop or applications in the datacenter, while users can access those desktop's and applications from anywhere. RDS enables a full-fidelity desktop or application experience from remote managed or unmanaged devices. Some of the key benefits of centralized desktop & application deployments are : Speeding-up Application DeploymentDeliver rich applications to devices that cannot run them nativelyFaster adoption of new operating systems, such as Windows VistaDeploy applications once on the server, instead of local desktopsImproving Remote Worker EfficiencyBoost application performance over low-bandwidth connectionsLaunch rich applications via a web page TS RemoteApp programs tightly integrated with the local desktopHelping Secure Data and ApplicationsHelp eliminate the risk of data theft when a laptop is lost or stolenCentralized data helps simplify the burden of regulatory complianceConnect via https to internal applications, without VPN infrastructureThe key here is that RDS in Windows Server 2008 R2 makes the new server OS the ideal platform for companies to implement a centralized desktop strategy and for partners to provide additional innovation. It introduces the new Remote Desktop Connection Broker an expansion of the Session Broker in Windows Server 2008 which provides the administrator with a unified experience for setting up user access to both traditional session-based remote desktops and virtualized desktops, which is (running as a full Windows client OS on top of Microsofts virtualization infrastructure). Windows Server 2008 R2 also introduces a series of platform enhancementsfor remote desktop users such as support for multiple physical monitors, redirection of multimedia and 3D content, including Vista Aero, and enhanced, bi-directional audio support. 5/28/2009 10:26 AM 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.Kaj so terminalske storitve?Skupek orodij za oddaljeni dostop do namizja raunalnikaUporabljajo protokol RDPVrata TCP 3389Od nas proti streniku se prenaajoTipkovnica in mikaProti odjemalcu se prenaaSlikaSejno bazirana infrastrukturaAplikacije se poganjajo na cetralnem strenikuDovoljuje uporabnikom skupno rabo sistemaUporabniki so izolirani v sejahExplain RemoteApps here. Virtual Desktop InfrastructurePoganjanje virtualnih strojev na skupnem strenikuS tem damo posameznemu uporabniku lasten operacijski sistemTrajen / osebenZaasenOver the past 3-5 years, Microsoft has seen increased customer demand in the area of centralized desktops - from TS/Citrix to blade PCs and now to VDI. Microsoft is not new to delivering a centralized desktop experience as TS has been delivering this capability for 10+ yrs. But TS has its limitations, and there are users and scenarios that TS isnt the best fit for. Point out that VDI can solve some of these centralized desktop problems, however it is not the silver bullet to all enterprise desktop computing problems.Kaj imamo na voljo?RD LicensingRD ServerVirtual desktopServerConnection BrokerRD GatewayClientRD Web AccessRD strenik poganja aplikacije in jihprikazuje odjemalecem v sejahVirtual desktop server poganja virtualne strojeza uporabnikeRemote resources are RemoteApps, virtual desktops using VDI, and desktops published from the terminal server.Explain here how the RemoteApps and virtual desktops are aggregated into the feedThe terminal server supplies RemoteApps and full desktops.The TSV Host supplies VDI infrastructure.TS Session Broker routes incoming connections to the right terminal server or virtual desktop, according to its built-in rules. SB is linked to the remote resource delivery mechanismon the same machine in Win7TS Gateway provides secure access to TS from the Internet through port 443TS Licensing manages licenses for the connections and keeps track of whos using licenses.Kaj vidim?RD LicensingRD ServerConnection BrokerRD Web AccessRD GatewayClientRD Web Access server prikazuje objavljene aplikacije alioddaljena namizjaVirtual desktopserverConnectionBrokerpoganja storitve za objavo in pravilno razporejanje obremenitve med RD strenikiRemote resources are RemoteApps, virtual desktops using VDI, and desktops published from the terminal server.Explain here how the RemoteApps and virtual desktops are aggregated into the feedThe terminal server supplies RemoteApps and full desktops.The TSV Host supplies VDI infrastructure.TS Session Broker routes incoming connections to the right terminal server or virtual desktop, according to its built-in rules. SB is linked to the remote resource delivery mechanismon the same machine in Win7TS Gateway provides secure access to TS from the Internet through port 443TS Licensing manages licenses for the connections and keeps track of whos using licenses.Kako se povezujem?RD LicensingRD ServerConnection BrokerRD GatewayClientConnection Broker poilja oziromaprevsmerja prihajajoe povezave napravilne konne destinacijeRD Web AccessVirtual desktopserverThe RD Gateway strenik pa ponuja novovarno monost dostopa do strenike aliodjemalske infrastrukture znotraj omrejaRemote resources are RemoteApps, virtual desktops using VDI, and desktops published from the terminal server.Explain here how the RemoteApps and virtual desktops are aggregated into the feedThe terminal server supplies RemoteApps and full desktops.The TSV Host supplies VDI infrastructure.TS Session Broker routes incoming connections to the right terminal server or virtual desktop, according to its built-in rules. SB is linked to the remote resource delivery mechanismon the same machine in Win7TS Gateway provides secure access to TS from the Internet through port 443TS Licensing manages licenses for the connections and keeps track of whos using licenses.Kako pa licenciram?RD LicensingRD ServerConnection BrokerRD GatewayClientRD Licensing Server ureja distribucijo insledljivost TSCAL-ov, ki jih potrebujemoza dostop do oddaljenih storitevRD Web AccessVirtual desktopserverVarujmo internetno povezljivostPred prihodom WS08, sta bili na voljo dve monosti za oddaljen dostop z uporabo terminalskih storitev:Odpiranje vrat TCP 3389Nastavitev VPN povezavZ uporabo RD Gateway sistema lahko:Vzpostavimo varno povezavo preko vrat 443 oziroma HTTPS brez uporabe nerodnih VPN povezavOmejimo dostop samo doloenim uporabnikomOmejimo dostop do virov v omrejuAccess rules for the LAN dont always apply to Internet scenariosTechReady7 Breakout Chalktalk Template5/28/2009 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.Kako RD Gateway deluje?DMZHTTPS / 443InternetCorp LANRD ServerHotelExternal FirewallInternal FirewallHomeBusiness Partner/Client SiteOther RDPHosts Eg. DesktopsRDVServerInternetTunnels RDP over RPC/HTTPSPasses RDP/SSL traffic to TSStrips off RPC/HTTPSNetwork Policy ServerActive Directory DCRD Gateway Server5/28/2009 10:40 AM 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.15User launches RDP file configured to use TS Gateway. RDP file uses its settings to find appropriate TS Gateway and establishes SSL tunnel.TS Gateway checks its connection access policies to verify that the client may connect.User requests access to a specific internal resource). TS Gateway checks its resource authorization policies to verify that access is allowed. TS Gateway establishes an RDP connection to the resource. Thereafter, all traffic for this connection flows through TS Gateway.TS Gateway primer II (WAN to LAN and WAN)Sreanje MSDN in TechNetRD Gateway primer I (WAN to LAN)RD Gateway primer I (WAN to LAN)Connection Authorization PoliciesKatere avtentikacijske metode so na voljoKateri uporabniki se lahko povezejo?S katerih raunalnikov se lahko poveejo?Connection Authorization PoliciesKontrola nad prevsmerjenemi napravamiOmogoanje oziroma onemogoanje uporabe napravResource Authorization PoliciesControl what computers can be connected to by Active Directory Security Group or by TSG managed groupsControl what ports canbe connectedEasy print in Display Data prioritizationEasy print je univerzalen tiskalniki gonilnikNa terminalski strenik ni potrebno instalirati gonilnikovUporabnikom omogoa uporabo lastnih tiskalnikih nastavitevDejansko skoi ven nako pogovorno okno, kot na lokalnem raunalnikuSpooler hitreje otevili preusmerjene tiskalnike hitreja prijavaAdministrator ne vidi ve kopice preusmerjenih tiskalnikovNastavmo lahko per session default printerKraja imena tiskalnikov, ki so preusmerjeni %printername% (%session id%)Podatki potujejo v XPS XML Paper specification formatuIn v praksi...22Easy print in Display Data prioritizationPrivzeto nastavljeno razmerje 70:3070 % slika30 % podatki preko preusmerjenih virov oziroma tiskalnike storitveZa nas, ki imamo radi registry pa...HKLM\System\CurrentControlSet\Services\TermDDFlowControlDisable FIFO ali KPPPMFlowControlDisplayBandwidth privzeto 70FlowControlChannelBandwidth privzeto 30FlowControlChargePostCompression privzeto 0 kalkulacija se vri na podlagi post-compression bytesSpremembe registra zahtevajo ponovni zagon Terminal services storitve25Click to edit Master title styleClick to edit Master text stylesLorem ipsumSecond level

Recommended

View more >