Microsoft VDI - Overview

Rate This
  • Comments 17


In previous versions of Windows Server, Terminal Services enabled a server to host multiple, simultaneous user sessions. In Windows Server 2008 R2, we have renamed Terminal Services to Remote Desktop Services because it offered a choice of presentation virtualization options: sessions for those for whom scalability was most important and virtual machines for those for whom isolation was most important. Since Microsoft Virtual Desktop Infrastructure is new, this blog post describes the function that Remote Desktop Services role services (and some supplemental technology) play in enabling MS VDI.



Personal virtual desktops are virtual machines that are permanently assigned to users by an administrator. This configuration is saved in Active Directory Domain Services. A personal virtual desktop is typically used when a user needs a dedicated virtual machine (VM) with administrative privileges (for example, a user might want to install applications).

A virtual desktop pool is a group of identically configured virtual machines that are temporarily assigned to users by the Microsoft VDI system. Administrators can configure a VM to be a part of a pool.

Role Services and Technology Included in a Microsoft VDI Deployment

The following role services and non-RDS technologies are included in a typical VDI deployment.

Remote Desktop Connection Broker (RD Connection Broker)

The main purpose of this role service is to broker a user connection to an appropriate endpoint. Brokering of the connection involves:

  • Identifying the VM for the user to make a remote connection.
  • Preparing the VM for remote connections by communicating with the Remote Desktop Virtualization Host server (for example, waking the VM from a saved state).
  • Querying the IP address of the VM by communicating with the Remote Desktop Virtualization Host server. This IP address is returned to the Remote Desktop Session Host server running in redirection mode.
  • Monitoring user sessions in a virtual desktop pool scenario. A user with an existing session in a pool is redirected to the hosting VM.
Remote Desktop Session Host (RD Session Host) server running in redirection mode

The purpose of the RD Session Host server running in redirection mode is to securely redirect an RDP client connection to a VM. The RD Session Host server running in redirection mode does not allow interactive user sessions, unless the user requests an administrative session by using the ‘/admin’ switch.

When a user requests a VM, the RD Session Host server running in redirection mode queries the RD Connection Broker server. The RD Connection Broker server in turn provisions a VM for the user and returns its IP address to the RD Session Host server running in redirection mode. The RD Session Host server running in redirection mode will then redirect the RDP client to connect to the VM by using the IP address.

It is recommended that the RD Connection Broker role service reside on the same machine as the RD Session Host server running in redirection mode (as shown in the diagram). However, the scenario where the RD Session Host server running in redirection mode and the RD Connection Broker role service are on separate machines is also supported.

Remote Desktop Virtualization Host (RD Virtualization Host)

RD Virtualization Host is a Remote Desktop Services role service included with Windows Server 2008 R2. RD Virtualization Host integrates with Hyper-V to provide virtual machines that can be used as personal virtual desktops or virtual desktop pools.

An RD Virtualization Host server has the following functions:

  • Monitoring VM guest sessions and reporting these sessions to the RD Connection Broker server.
  • Preparing the VM for a remote desktop connection when requested by the RD Connection Broker server.

In order for RD Virtualization Host to perform the above functions, the guest OS must be configured to give permission to RD Virtualization Host. Refer to the Deploying Virtual Desktop Pools by Using Remote Desktop Web Access Step-by-Step Guide for further details.

Remote Desktop Web Access (RD Web Access)

RD Web Access provides a user with an aggregated view of remote applications and desktop connections via a web browser. Using RD Web Access, a user can view all remote applications and virtual desktops (personal virtual desktops and virtual desktop pools) published to that user. VDI VMs are also accessible via the RADC feature (start menu) in Win7 clients.

Refer to the blog post for RD Web Access configuration in a Microsoft VDI deployment.

Remote Desktop Gateway (RD Gateway)

RD Gateway is an optional role service in a Microsoft VDI deployment. Its main purpose is to securely route RDP connections over the Internet through a firewall.

Application Virtualization (App-V)

App-V can simplify management of Virtual Machine images within a Microsoft VDI environment. Using App-V, you can dynamically load and assign applications on a user group basis, reduce application testing, reduce application to application conflicts, and increase application compatibility. 

For more information on the next version of App-V refer to Get your applications virtualized on Windows 7 Beta with Microsoft App-V.

System Center Virtual Machine Manager (SCVMM)

SCVMM's console is a one stop shop for VM Management. As part of Microsoft VDI solution it not only provides the Hyper-V UI functionality but enables fast and easy VM provisioning, which is helpful in large deployments.

Need More Details?

To learn more, refer to the Remote Desktop Services Getting Started guides.

Leave a Comment
  • Please add 4 and 6 and type the answer here:
  • Post
  • What's the advantage of using RD Virtualization Host rather than just connecting to Remote Desktop Services running directly on the guest OS?

  • This is a very cool post and much needed.  Along with your partnership with Citrix, a good follow up post would be to define where, when, and how Citrix would be layered in or replace specific components/role.  For example, where and when would Provisioning Server or the Citrix Connection Broker be a better solution.

  • Is a Remote Desktop services cal required if the desktop vms' are being hosted in a Citrix environment OR only when utilizing Microsoft's Hyper V technology?

  • @Karen - RDS cals or VECD licensing is required no matter the hypervisor.  If you're accessing remote desktops, you need VECD licenses regardless of third party solutions like Citrix XenDesktop.  Same goes for RDS (aka terminal services), you'll need RDS cals regardless of third party product like Citrix XenApp.

  • Any reason this isn't available for Server 2003? Is there a way to get it to install it on Server 2003...uh...manually?

  • I've setup a test rig of a RD Gateway+RemoteApp pointing to a Connection Broker which has 3 RDSH farm members.

    Internally everthing works great but when I'm external a packet sniff shows it's trying to connect to the internal ip.

    I though the Gateway would tunnel all traffic?

    Should this be the case or am I being a joey?

  • Most of these questions are over 4 months old. When is someone going to answer them?

  • @TimFisher - RD Virtualization Host in conjunction with RD Connection Broker enables scenarios where unused VMs can be put to saved state (resulting in power saving). When a user wants a session on one of these VMs in saved state, RD Virtualization agent in conjunction with RD COnnection Broker can wake the VM & get it ready for a rdp connection.

  • @Rich - Unfortunately this scenario (VDI) isnt supported on Windows Server 2003.

    In Windows 2003, RD Connection Broker component wasnt capable of serving VDI connections.

    Moreover RD Virtualization Agent didnt exist in Windows 2003.

    There is no plan to back port these components to windows 2003.

  • Hi Prasad and than you for your post.

    You always mention that redirection is made using IP address of VM. So does it mean that SSO (CredSSP) would not work (in case we allow delegation of credentials to * Or it is mentioned just for simplicity and there's actually no problem to use FQDN instead of IP addresses?

    Thanks in advance

  • SSO (CredSSP) should work if you enable it for both the endpoint computer name as well as for the redirector name. It should also work for the wildcard (*

  • We tried this with a rd gateway and a three remote desktop 2008 r2 boxes and it worked internally but not externally, it turned out that we need to allow 3389 traffic directly to the rda boxes behind the gateway, which does'nt seem quick right.

  • Hi Everybody

    I have troubles for publishing a Microsoft VDI enviroment to internet, I need grant conection between thin client (RDP) in internet and the local virtual machine into my network Microsoft VDI.

    I have instaled:

    RD Gateway

    RD Web Access

    RD Session Host

    RD Conection Broker

    RD Virtualization Host

    TMG Server Like Proxy and front end server.

    I have a rule that redirect all trafic of  443 port to RD Gateway, but don`t works.

    Locally works fine.

    Can Help me please ????


  • Just started to try VDI, and run into the same problemas Juan A, and David.

    Did enyone found a solution

  • Is it possible to preload the sessions for a group of users to speed-up an initial connection?

Page 1 of 2 (17 items) 12

Microsoft VDI - Overview