Post on 12-Jun-2015
description
Terminal Services in Windows Server® 2008
Infrastructure Planning and Design
What Is IPD?
Guidance that aims to clarify and streamline the planning and design process for Microsoft® infrastructure technologies.
IPD:
Defines decision flow
Describes decisions to be made
Relates decisions and options for the business
Frames additional questions for business understanding
IPD Guides are available at www.microsoft.com/ipd
Page 2 |
TERMINAL SERVICES IN WINDOWS SERVER® 2008
Getting Started
Page 3 |
Terminal Services in Windows Server 2008 and the Core Infrastructure Optimization Model
Page 4 |
Purpose and Overview
PurposeTo provide guidance for designing a Terminal Services infrastructure
AgendaTerminal Services in Windows Server 2008 featuresTerminal Services infrastructure design process
Page 5 |
Terminal Services inWindows Server 2008 Overview
Presentation virtualization segment of Microsoft’s virtualization technologiesEnables centralized application management
Page 6 |
New Features in Windows Server 2008 TS RemoteApp
Shortcuts on the Start menu
TS Web AccessLaunch Terminal Services applications through a Web page
TS GatewayRemote access without virtual private networks (VPNs)
TS Session BrokerLoad balancing
TS Easy PrintNo more printer driver confusion
Page 7 |
Terminal Services in Windows Server 2008 Architecture
Page 8 |
Terminal Services Decision Flow
Page 9 |
Determine the Scope of the Presentation Virtualization Project
Determine the location scopeWhich locations will be served by thisimplementation?
Determine the application scopeDefine which applications Terminal Services will hostWhat benefits are desired from presentation virtualization?• Cost• Service levels• Remote access• Centralized management• Application compatibility fix• Platform independence
Page 10 |
1
2
3
4
5
6
7
8
9
10
Determine Which Applications to Deliver and How They Will Be Used
Gather information about users andapplications
Numbers of usersApplications they runCustomizations and requirements
Page 11 |
1
2
3
4
5
6
7
8
9
10
Determine Whether Terminal Services Can Deliver Each Application
Examine each application’s capability to be servedPossible business issues
• Licensing cost and issues• Legal
Potential technical issues• Operating system compatibility• Multi-user environment compatibility• Server resource use• Bandwidth use
Rank applications by suitabilityGood candidateSome issuesNot suitable for Terminal Services
Page 12 |
1
2
3
4
5
6
7
8
9
10
Appendix B Job Aid
Page 13 |
1
2
3
4
5
6
7
8
9
10
Categorize Users
Categorize how users use their computersHelps with factoring the number and size of the terminal servers
Heavy userHas specialized applications, uses advanced application features, and spends most of the day at the computerGraphic artist, engineer, developer
Normal userFrequent computer use but runs mostly spreadsheets,e-mail client, and word-processing applicationsAdministrative assistant, salesperson, producer
Light userUses the computer infrequently to check e-mail orparticipate in a workflowHospital volunteer, baker, assembly line worker
Page 14 |
1
2
3
4
5
6
7
8
9
10
Determine the Number of Terminal Server Farms
Each server in a farmSame applications installedConfigured identically
Start with one farm and add more farms only as necessaryConditions that may require the implementation of additional farms:
Page 15 |
1
2
3
4
5
6
7
8
9
10
Large branch offices Remote users
Software issues Different roles
Encryption levels Security considerations
Business Legal
Map Applications and Users to Farms
Page 16 |
1
2
3
4
5
6
7
8
9
10
Design the FarmSelect a form factor for the server
CPU, memory, disks, disk capacity
Determine the number of terminal servers requiredin the farm
Number of users/maximum number of users perserver = number of servers needed to handle amaximum load
Determine the number of additional servers requiredfor fault tolerance
Extra servers for increased user capacity in case aserver goes offline
Determine the number of servers required forTS Web Access
Cannot be shared between farms
Page 17 |
1
2
3
4
5
6
7
8
9
10
Step 7 Job Aid
Page 18 |
1
2
3
4
5
6
7
8
9
10
Determine Where to Store User Data
Decide user profile policy/storage locationMandatory versus RoamingStorage size and locationDifferent profiles for different farms necessary?• \\fileserver\share\%FarmName%\%username%
Decide user data policy/storage locationsSpace requiredStorage location
Design storage for user profiles and dataCapacity required for all usersPerformanceFault tolerance
Page 19 |
1
2
3
4
5
6
7
8
9
10
Size and Place the TerminalServices Role Services for the Farm
Design and place the Terminal Services Session Brokers
Place at least one TS Session Brokeranywhere there is a geographicallyseparated farm, then add more to providefault tolerance and handle load
Design and place the Terminal Services Licensing Servers
Start with one TS Licensing server, add another for fault tolerance, then add moreas necessary to handle the load
Page 20 |
1
2
3
4
5
6
7
8
9
10
Size and Place the TerminalServices Role Services for the Farm
Design and place the Terminal ServicesGateway servers
Only needed if users without VPN access requireaccess through a firewallAt least one fault-tolerant TS Gateway at each pointof access through a firewallRequires a certificate that is either self-signed ortrusted certification authority (CA)Can be combined with Microsoft Internet Securityand Acceleration (ISA) Server or MicrosoftForefront™ Internet Application Gateway forincreased securityIf uncertain how many role servers are required, a load test can be performed to measure capacity
Page 21 |
1
2
3
4
5
6
7
8
9
10
Job Aid with Role ServerInformation Added
Page 22 |
1
2
3
4
5
6
7
8
9
10
Secure the CommunicationsDetermine the encryption level betweenclient computers and the terminal server
56 bit, 128 bit, Federal Information Processing(FIPS) 140
Determine whether to seal the communicationsUse Transport Layer Security (TLS)/Secure SocketsLayer (SSL) to prevent a man-in-the-middle attack
Determine the CADetermine whether to encapsulate withHypertext Transfer Protocol over SSL (HTTPS)
Require HTTPS Web access so port 3389 can beclosed on the firewall.
Page 23 |
1
2
3
4
5
6
7
8
9
10
Conclusion
If designed properly, Terminal Services in Windows Server 2008 can save the organization money while increasing security and application availabilityPlanning is key
This guide offers major architectural guidance. Refer to product documentation for additional details.
Page 24 |
All the IPD Guides are available at www.microsoft.com/ipd
Questions?