Remote Desktop Services architecture
Applies To: Windows Server (Semi-Annual Channel), Windows Server 2016
Below are various configurations for deploying Remote Desktop Services to host Windows apps and desktops for end-users.
The architecture diagrams below show using RDS in Azure. However, you can deploy Remote Desktop Services on-premises and on other clouds. These diagrams are primarily intended to illustrate how the RDS roles are colocated and use other services.
Standard RDS deployment architectures
Remote Desktop Services has two standard architectures:
- Basic deployment – This contains the minimum number of servers to create a fully effective RDS environment
- Highly available deployment – This contains all necessary components to have the highest guaranteed uptime for your RDS environment
Highly available deployment
RDS architectures with unique Azure PaaS roles
Though the standard RDS deployment architectures fit most scenarios, Azure continues to invest in first-party PaaS solutions that drive customer value. Below are some architectures showing how they incorporate with RDS.
RDS deployment with Azure AD Domain Services
The two standard architecture diagrams above are based on a traditional Active Directory (AD) deployed on a Windows Server VM. However, if you don’t have a traditional AD and only have an Azure AD tenant—through services like Office365—but still want to leverage RDS, you can use Azure AD Domain Services to create a fully managed domain in your Azure IaaS environment that uses the same users that exist in your Azure AD tenant. This removes the complexity of manually syncing users and managing more virtual machines. Azure AD Domain Services can work in either deployment: basic or highly available.
RDS deployment with Azure AD Application Proxy
The two standard architecture diagrams above use the RD Web/Gateway servers as the Internet-facing entry point into the RDS system. For some environments, administrators would prefer to remove their own servers from the perimeter and instead use technologies that also provide additional security through reverse proxy technologies. The Azure AD Application Proxy PaaS role fits nicely with this scenario.
Due to the limitations of the two technologies together, we are currently working with the Azure AD Application Proxy team to produce specific deployment guidance and scenarios.