Microsoft’s Virtual Desktop Infrastructure (VDI) (Part 2 of 2)

Providing Personal and Pooled Desktops in a Hosted Environment

So in Part 1 of 2 of this article on VDI titled “Microsoft’s Virtual Desktop Infrastructure (VDI) (Part 1 of 2)” where I covered the Understanding Where VDI Fits in the Enterprise I gave a background of VDI and where we’ve found it fitting in.  What I’m cover in this posting is HOW to install it VDI and make it work.

I’d highly suggest you look at the 2 part article I wrote on Remote Desktop Services “Windows 2008 R2 Remote Desktop Services (RDS) (1 of 2) - Understanding and Deploying RDS” and “Windows 2008 R2 Remote Desktop Services (RDS) (2 of 2) - Deploying RDS Web Access and RDS RemoteApp” where I cover the Remote Desktop Service in Windows Server 2008 R2.  Effectively the VDI stuff is built on top of Windows 2008 R2 RDS and Hyper-V

Here’s a snippit out of my book “Windows Server 2008 R2 Unleashed” where I cover the installation and configuration of the Virtual Desktop Infrastructure components in RDS and Hyper-V…

Installing the RD Virtualization Host Role Service

1.            Log on to the desired Hyper-V server that will be hosting the RD Virtualization Host role service with local administrator privileges.

2.            Click Start, and then click Run.

3.            In the Run dialog box, type in ServerManager.msc and click OK.

4.            In the Roles Summary section, click the Add Roles task.

5.            After the Add Roles Wizard loads, click Next.

6.            On the Select Server Roles page, select the Remote Desktop Services role, and click Next

7.            On the Remote Desktop Services page, click Next.

8.            Now, on the Select Role Services page, only select the Remote Desktop Virtualization Host role service. This is the only role service that is being installed at this time. Click Next.

NOTE

If Hyper-V is not installed, it will be installed automatically by the installation wizard.

9.            On the Confirm Installation Selections page, review the selections made, and then click Install.

10.          On the Installation Results page, review the results, and click Close.

Configuring a Personal Virtual Desktop

Personal virtual desktops are specific virtual machines hosted on an RD Virtualization Host server that have been assigned to a user account in Active Directory. The following steps describe how to assign an existing virtual machine to a user. These steps should be carried out on the server that has the RD Connection Broker role service installed:

1.            Log on to the desired server with local administrator privileges.

2.            Click Start, Administrative Tools, Remote Desktop Services, Remote Desktop Connection Manager.

3.            Next, in the Actions pane click the Configure Virtual Desktops Wizard option.

4.            Once the wizard has loaded, click Next.

5.            Now, on the Specify an RD Virtualization Host Server page, define the name of the RD Virtualization Host server in the Server Name field, click the Add button, and then click Next.

6.            On the Configure Redirection Settings page, define the name of an RD Session Host server running in Redirection mode in the Server Name field, click the Add button, and then click Next.

7.            On the Specify an RD Web Access Server page, click Next.

8.            On the next page, click Apply, ensure that the Assign Personal Virtual Desktop check box is selected, and then click Finish.

9.            Next, on the Assign Personal Virtual Desktop page, click Select User.

10.          In the Enter the Object Name to Select box, enter the user’s account name and click OK.

11.          Next, in the Virtual Machine box, select the name of the virtual machine being defined to the user, and click Next.

12.          Now, confirm the information is correct, and click Assign.

13.          Finally, clear the Assign Another Virtual Machine to Another User check box, and then click Finish.

Configuring a Virtual Desktop Pool

A virtual desktop pool is a grouping of identically configured virtual machines that reside on an RD Virtualization Host server. The following steps describe how to create a virtual desktop pool using existing virtual machines that reside on an RD Virtualization Host server. These steps should be carried out on the server that has the RD Connection Broker role service installed and the Configure Virtual Desktops Wizard has not been executed:

1.            Log on to the desired server with local administrator privileges.

2.            Click Start, Administrative Tools, Remote Desktop Services, Remote Desktop Connection Manager.

3.            Next, in the Actions pane click the Configure Virtual Desktops Wizard option.

4.            Once the wizard has loaded, click Next.

5.            Now, on the Specify an RD Virtualization Host Server page, define the name of the RD Virtualization Host server in the Server Name field, click the Add button, and then click Next.

6.            On the Configure Redirection Settings page, define the name of an RD Session Host server running in Redirection mode in the Server Name field, click the Add button, and then click Next.

7.            On the Specify an RD Web Access Server page, click Next.

8.            On the next page, click Apply, clear the Assign Personal Virtual Desktop check box, and then click Finish.

9.            Next, in the Actions pane of the Remote Desktop Connection Manager, click the Create Virtual Desktop Pool option.

10.          On the Welcome page, click Next.

11.          Now, select all of the virtual machines that will be part of the virtual desktop pool, and then click Next.

12.          On the Set Pool Properties page, define the following and then click Next:

►           Display Name box—Define the name for the virtual desktop pool.

►           Pool ID box—Define the ID used for the virtual desktop pool.

13.          Lastly, click Finish.

Okay, so the above gets you started on the basics of installing VDI as a personal desktop or virtual pool.  Some tips / tricks / snippits to “really” get this stuff going…

For the client guest session running in Hyper-V that the remote VDI users will access, you need to make sure a few things are setup on the client system so that your VDI session can successfully connect to the client system.  Here’s what needs to be configure:

►           Go in to Control Panel / System and enable Remote Desktop

►           Go into Computer Management, groups, for the Remote Desktop Users group and add in the domain users, domain admins, and most importantly the computer account of the HyperV (VDI) host otherwise you get an error that you cannot connect

►           On the Win7 guests run RegEdit and go to HKeyLocalMachine\system\CurrentControlSet\Control\TerminalServer\AllowRemoteRPC (set to 1)

Note:

To make sure VDI will even work, try to RDC straight into the IP address of the dedicated HyperV guest session for the system for the user.  So if you have a user that is supposed to redirect to say 10.0.0.105, then try to RDC right to 10.0.0.105.  If you get an error that you can’t even Remote Desktop directly to the Windows 7 guest session, then you need to go figure out what's wrong with your access to the guest session, likely a firewall block on the guest session, or the guest session isn’t allowing remote desktop access.  If you can successfully Remote Desktop into the Windows 7 guest session manually, then at least you know the basics are working.

If you go into Active Directo Users and Computers, and double click on a user, you’ll notice a new Tab for the  Personal Virtualization Host.  On this tab notes whether the user will be redirected to a personal guest session.  Effectively if you want user “Mike” to redirect to the Hyper-V guest session “Mike-Win7.companyabc.com" then it’ll show up as such in AD Users and Computers.  You can “assign” a personal desktop session connection there in AD Users and Computers for the user as you desire.

Key to making VDI work is that you need to split the RD Session Broker from the RD TSWeb/RemoteApp from the RD Sesssion Host roles.  If you try to combine the roles onto a single system, you’ll find that your users will ALwAYS redirect as a “Personal Desktop” user BECAUSE the if your RD Session Host is also the Redirector, then you get caught in this loop that you want to access the RD Session Host, but instead you get redirected.  However by assigning a separate system to old the Redirector role, then RDS will successfully redirect a user to the VDI server for a Personal Desktop, or it’ll redirect a user to a separate RD Session Host server.

So, the end result is you end up with a Hyper-V host running the RD Virtualization role only, you have an RD Session Broker running just the RD Session Broker role, you have an RD Session Host as the "redirector" running only the RD Session Host role where the configuration in the Connection Mgr software tells it that this RD Session Host is the "redirector", and you have a separate RD Session Host running RemoteApp and Web Access roles.

Tips, Tricks, and Common Fixes:

To get rid of the Certificate error when an application launches, put a certificate on each RDS server.  If you want to have a server authorization certificate issued, but the CERTSRV only allows you to do User / Administrator / Web Server and you want a "computer cert", do the following

1) go to the server you want to create a certificate

2) run MMC and load Certificates / Computer (local)

3) Click on the Certificates (Local), then Click on View / Options / organize view by Certificate purpoase

4) Right Click on Server Authorization and Request Certificate, Click Next, then choose the Active Directory Enrollment Policy, click Next

5) choose Computer, then Enroll

6) it'll create a certificate for the server you are on

7) Then go to the Remote Desktop Session Host Configuration and double click on the RDP-TCP

8) Click on Select and the cert for the server will show up, click OK

9) Choose under Security Layer above on that page to choose SSL (TLS 1.0)

10) OK to set

Need to do this for ALL servers in the RDS farm, starting with the Session Broker, and to the RDS Hosts and RDS Web/RemoteApp server

Issue the Certs

For Session Broker, go into the Connection Mgr and for the Digital Certificate, add in the certificate to the RDS screen

    Then on the SessionBroker, go into c:\windows\remotepackages\remotedesktops and delete the *.RDP files (it'll generate new ones with the trusted CA

For the Web/RemoteApp server, go into the RemoteApp Manager and add a digital cert

   Then go into the c:\Windows\Web\RDWeb\Pages\RDP folder and delete the *.RDP files (it'll generate new ones with the trusted CA for the local apps like Word, Excel, etc and it'll copy over from the Session Broker the RDP files for the VDI and other gateways)

After you setup the SSL cert, you no longer get an error that the app is untrusted, but you do get a pop up notifying you that the application is being trusted.  To get rid of the notification, at the Remote Desktop WebAccess logon page, choose that you are running on a private computer.  First time you run the app it'll ask if you want to trust signed files from the site and checkmark that, the notice won't pop up again

I know I zip through a lot of little tips and tricks here, as you get into installing and configuring, you'll see the errors I'm referencing and the tips/tricks/comments start to make sense.  It's moreso an evolving process of getting the basics working and then fine tuning to work out the error notifications (which with RDS and VDI, there are a lot of these little "notifications").

Work through this, if you have questions, post your questions / comments of where you're at and I can clarify...

Hopefully this will give you a taste of what Microsoft provides out of the box for VDI.   It's a great solution for organizations that need personal / dedicated system configuration for key users!

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:

Copyright © 2010 IDG Communications, Inc.

IT Salary Survey 2021: The results are in