Remote Desktop allows users to
connect to a remote machine and access applications or an entire
desktop. To establish their client/server session, users utilize the
Remote Desktop Connection client. The RDC client, in turn, uses a
multichannel protocol called the Remote Desktop Protocol (RDP), which is
an extension of the ITU T.120 family of protocols. By default,
RDP-based connections are made over TCP 3389, or if Remote Desktop
Gateway is used, then the connections are made over TCP 443 (HTTPS).
When a user uses RDP, client
mouse and keyboard events are redirected from the client to the remote
machine. On the remote machine, RDP uses its own onscreen keyboard and
mouse driver to receive these keyboard and mouse events from RDC
clients. Then to render a user’s actions, RDP uses its own video driver.
Using this video driver, RDP constructs the display output into network
packets, which are then redirected back to the RDC client. On the
client, the rendering data is received and translated into corresponding
Microsoft Win32 graphics device interface (GDI) application programming
interface (API) calls.
Because RDP is
multiple-channel capable, separate virtual channels are used for
carrying device communication, presentation data, and encrypted client
mouse and keyboard data between the RDC client and a remote machine.
RDP’s virtual channel base is extensible and supports up to 64,000
separate channels for data transmissions or multipoint transmissions.
Note
Using a multipoint
transmission data from an application can be sent to multiple clients in
real time without sending the same data to each session individually
(for example, virtual whiteboards).
Modes of Operation
Remote Desktop can be run in two
different modes of operation. The first mode is called the Remote
Desktop for Administration and the other is called Remote Desktop
Services.
Remote Desktop for
Administration
Remote Desktop for
Administration is included and installed with the Windows Server 2008 R2
operating system and only needs to be enabled. This eases automated and
unattended server deployment by allowing an administrator to deploy
servers that can be managed remotely after the operating system has
completed installation. This mode can also be used to manage a headless
server, which reduces the amount of space needed in any server rack.
More space can be dedicated to servers instead of switch boxes,
monitors, keyboards, and mouse devices.
The Remote Desktop for
Administration limits the number of terminal sessions to only two
parallel connections (three, if the administrator uses session 0, the
local console), and only local administrators can connect to these
sessions by default. No additional licenses are needed to run a server
in this Remote Desktop mode, which allows an administrator to perform
almost all the server management duties remotely.
Even though Remote Desktop
for Administration is installed by default, it has to be enabled. Some
organizations might see using this feature as an unneeded security risk
and choose to keep it disabled or limit access to remote sessions.
However, Remote Desktop for Administration can also easily be enabled by
using a group policy, a PowerShell-based command/script, or good old
manual means. Lastly, this mode of Remote Desktop is available in every
Windows Server 2008 R2, Windows Server 2008, and Windows Server 2003
version and, as mentioned before, Windows XP Professional, Windows XP
Media Center and Tablet PC Editions, Windows Vista Ultimate, Enterprise,
and Business Editions, and Windows 7 Ultimate, Business, and
Professional.
Note
Starting with Windows
Vista/Windows Server 2008 and on to Windows 7/Windows Server 2008 R2,
there have also been a number of changes to how Remote Desktop works.
Remote Desktop Services
Remote Desktop Services
allows any authorized user to connect to the server and run a single
application or a complete desktop session from their client workstation.
Running Remote Desktop Services requires the purchase of a Remote
Desktop Services client access license (CAL) for each simultaneous
connection. To manage these CALs, a Remote Desktop licensing server is
needed to allocate and track the licenses for Remote Desktop Services.
The Remote Desktop Licensing role service can be installed on any
Windows Server 2008 R2 Standard, Enterprise, or Datacenter Edition
member server.
It should also be noted that
before installing applications that will be used in Remote Desktop
Services, it is recommended that administrators follow a strict
validation process to ensure that each application runs as it should in
multiple user sessions. Some applications might not be properly
suited to run on a Remote Desktop server; in such cases, extensive
Remote Desktop Services application compatibility testing should take
place before deployment. The results of such testing can both determine
if an application is compatible and if any custom installation steps or
scripts need to be created for these applications to run correctly.
Note
Remote Desktop Services is not
available in Windows Server 2008 R2 Web and Windows Server 2008 R2
Itanium Editions.
Client-Side Remote
Desktop Services
Windows XP Professional,
Windows XP Media Center and Tablet PC Editions, Windows Vista Ultimate,
Enterprise, and Business Editions, and Windows 7 Ultimate, Business, and
Professional all have a scaled-down version of Remote Desktop. This
version of Remote Desktop allows a user to connect to a workstation and
remotely take over the workstation to run applications that he or she
would normally run from their desk locally. As an administration tool,
this client-side Remote Desktop can be used to install software on an
end user’s workstation from a remote machine. Also, it can be used to
log on to a user’s desktop environment to remotely configure a user’s
profile settings.
Remote Assistance
Remote Assistance is a
feature that has been present in Windows since Windows Server 2003 and
Windows XP Professional. This feature allows a user to request
assistance from a trusted friend or administrator to help deal with
desktop issues and configurations. This feature gives the end user the
power to control what level of participation the remote assistant can
have. The remote assistant can be granted the ability to chat with the
end user, view the desktop, or remotely control the desktop. During
remote assistance sessions, both the end user and remote assistant can
hand off control of the keyboard and mouse. Remote assistance uses the
underlying Remote Desktop Protocol (RDP) used by Remote Desktop.
Remote Desktop
Connection
The Remote Desktop
Connection client is the newly improved and renamed Terminal Server
client. This full-featured client allows the end user to control Remote
Desktop session settings such as local disk, audio, and port
redirection, plus additional settings such as running only a single
program or logging on automatically and so on. Remote Desktop Connection
information can be saved and reused to connect to Remote Desktop
Services with previously defined session specifications.
