Remote Desktop Services

What is Remote Desktop Service? 

Remote Desktop Service (RDS) is a general term for all Microsoft Windows Server features that allow users to get remote access to Windows applications and graphical desktops. Users can create an account and use it remotely on other computers or their phone. If an account is created it originates a certain workspace that is not located on your own computer, but on an external server so it can be used at all times. As long as users have an internet connection, RDS can be used on all brands and types of devices no matter which operating software. RDS is a license that facilitates working for people who have to be on the move a lot. Moreover, it’s a management tool that allows IT departments to update, resolve problems, and maintain multiple devices from a remote central point.  

A relevant factor that has to be taken into account when purchasing Remote Desktop Services, is which CAL type of RDS users purchase. There are two options: User CAL and Device CAL. The difference between these two options is that a User CAL is linked to a person and a Device Cal is linked to the device that is used within your company. For remote workers who use several devices the better option would be to purchase a User CAL so he or she can license all their devices to this CAL. For users on premise the better option would be to purchase Device CAL’s since they will only be using devices on premise most of the times.  

Remote Desktop Service: Safety  

In terms of safety, it makes sense that there could be some concerns since everything is online which could feel less safe than storing data on a local server. However, RDS includes several safety features as well. It applies the Remote Desktop Protocol (RDP) created for remote connections. By protecting the connection through Secure Sockets Layer (SSL) and Transport Layer Security (TLS) this protocol and therefore your RDS is a lot safer. 

A second security feature is one regarding the authentication. Apart from the normally used authentication tools RADIUS or smart cards that require your log-in information and/or other authentication procedures RDS also provides Network Level Authentication (NLA) as a protection tool. To protect users from unauthorized and/or malicious access NLA requires its authentication before a remote user wants to start a session.  

To further ensure the protection of data on RDS, users can apply certain firewall rules so unauthorized access can be prevented and unreliable incoming RDP traffic blocked. To ensure an as good as possible protected RDS, the advice is to implement a multi-layered authentication protection and update the system so it’s most recent security updates can benefit the user.  

Remote Desktop Service: components 

Remote Desktop Service consists of multiple components that enable users to properly work with the remote license: 

Remote Desktop Session Host (RDHS): this tool is used to facilitate session-based desktops. Users can get access to RDHS though RemoteApp or Remote Desktop Connection Broker. Multiple RDSH-servers can be grouped in a Session Collection. Within this Session either session-based desktops or Remote-App applications can be published, but not both. 

Remote Desktop Connection Broker (RDCB): RDCB is a layer of software that’s compatible with your entire IT environment and it provides remote access to all its users. It can be seen as a an intermediary between a resource and its user. In other words, it’s one of the main reasons people can easily work remote. 

Remote Desktop Gateway (RDG): RDG is tool that provides a secure encrypted connection to your server through Remote Desktop Protocol. It improves the control users have on their system by disconnecting all remote users access and instead apply a point-to-point remote desktop connection.  

Remote Desktop Web Access (RD Web Access): This technology ensures that users can have access to applications that are running on a Terminal Server remotely without the need of a VPN connection. RD Web Access ensures that programs ran on a remote device, act like they’re ran on a local device.  

Case study Remote Desktop Services

An organization has 400 employees. Out of these employees 300 work on premise, and the remaining 100 variate between working at home, on premise, or on the go. The allocation of resources has to be done as efficiently as possible since there’s a high desire to keep costs as low as possible. The organization wants to implement Remote Desktop Service in their management so costs for the 100 people working remotely, won’t be too high.  

To provide all 300 on premise employees with access to the required service, the appropriate number of devices and their respective Device CALs should be purchased. In this case that would mean the number of devices and their CALs should be as high as the maximum capacity of employees that can work at the same time. This way when full capacity is reached, all workers have access to a device and can do their job.  

To provide all 100 remote employees with access to the required service, they should all be receiving their own User CAL. This way the organization doesn’t need to acquire CALs per device that these employees use, but only have to purchase one CAL per employee.  

To summarize: 400 employees existing of 300 on premise and 100 remote workers. All remote workers receive a personal CAL, whereas for the on-premises employees, the necessary amount of Device CALs has to be the same as the amount of people that can work on premise at the same time.