Blog Post

Security, Compliance, and Identity Blog
5 MIN READ

Configuring Remote Desktop IP Virtualization: Part 1

MicrosoftSecurityandComplianceTeam's avatar
Sep 08, 2018
First published on CloudBlogs on Jul, 10 2009

Part I: Using RD Session Host Configuration MMC snap-in

What is Remote Desktop IP Virtualization?

In Windows Server 2008, Terminal Server has a single IP address, which is shared among all TS users. This makes the TS experience different from that of regular desktops and introduces some application compatibility problems. In Windows Server 2008 R2, Remote Desktop Session Host server, formerly known as Terminal Server, supports per-session and per-program Remote Desktop IP Virtualization for Winsock applications. This essentially means assigning individual IP addresses to user sessions to avoid application incompatibility issues by simulating a single user desktop.

What are the different modes of Remote Desktop IP Virtualization?

Per-Session mode: In per-session mode, Remote Desktop IP Virtualization assigns an IP address per user session.

Per-program mode: In per-program mode, Remote Desktop IP Virtualization facilitates shared-session IP, but only uses it for specified applications instead of the whole session. That is, a “per session” IP will still be used, but it will only be scoped for a specified set of applications. The remaining applications in the session will continue using the overall server IP.

Why do we need Remote Desktop IP Virtualization?

Compatibility problems with a pplications: Some legacy applications run in user mode and listen for requests on a specific port.  If there is only one IP address for the entire Remote Desktop Session Host (RD Session Host) server, the application will not work if multiple RDS users use it at the same time. In addition, Business Planning and Control System (BPCS) applications use the client’s IP address as a workstation ID, causing a variety of consistency problems. Enabling per-program Remote Desktop IP Virtualization will resolve this issue.

Support tracking and logging solutions for ISP regulatory requirements: Regulatory requirements call for the ISP to track user traffic originating from an IP address. Today, monitoring devices mostly look at DHCP logs and identify users based on the MAC address of their network adapters, which is a good approach for desktops but not for users logged onto RD Session Host servers. Enabling per-session Remote Desktop IP Virtualization will log per-session IP addresses to DHCP.

Compatibility problems with ISP metrics collection devices: ISPs need the ability to monitor network traffic per-user. A user is charged based on traffic generated on behalf of the user, and the measuring tools use the IP address. For RDS, enabling per-session Remote Desktop IP Virtualization and creating monitoring services can facilitate measurement of traffic generated by each user.

Compatibility problems with network filtering security devices and resource access control based on IP: For devices in the network that filter URLs and audit by IP address, the corporation or ISP may want to allow or disallow access to certain resources based on IP addresses. Enabling per-session IP virtualization and creating some rules on the RD Session Host Server that will control access to resources for different users helps address this.

Prerequisites for configuring a server in RD IP Virtualization mode:
  1. Ensure that there are no active sessions on the RD Session Host server before enabling this feature.
  2. Ensure that the DHCP server is set on the same subnet as the RD Session Host server and that the DHCP scope contains enough IP addresses for the load.
How to configure Remote Desktop IP Virtualization using RD Session Host Configuration MMC snap-in?

In Windows 2008 R2 server, after successfully installing the RD Session Host server role, open the RD Session Host Configuration MMC snap-in. On the RD Session Host Configuration console, in the “ Edit Settings ” table, you can see a new entry: “ RD IP Virtualization

  1. Double-click the “ IP Virtualization ” link to access the “ RD IP Virtualization ” Property sheet. Because RD IP Virtualization is disabled by default, all the other fields and buttons will be grayed out except the “ Enable IP virtualization ” check box.
  2. To enable Remote Desktop IP Virtualization, select the “ Enable IP virtualization ” check box. The “ Select the network adapter to be used for IP Virtualization ” dropdown lists all the enabled network adapters that can be used for RD IP Virtualization. Select the appropriate network adapter to be used for RD IP Virtualization.
    Note:
    · Only single network adapter scenarios are currently supported. If the server has multiple enabled network adapters, only the adapter specified in the settings will be used for IP Virtualization.
  3. Click “ Apply ” to confirm the selection.

Configuring IP Virtualization for Per-Program Mode

  1. The “Per program” IP virtualization mode (radio button) is selected by default. If you want to configure the server in per-program mode, retain the “Per program” selection. Click “Apply” to confirm the network adapter selection and to set the server to “Per program” IP virtualization mode.
    Note:
    · This mode is of no practical significance if no programs are selected that use virtual IP addresses.
  2. To add programs that should get a virtual IP address, click “Add Program.” This opens a browser view to select applications installed on the server. Browse to the path where the application exists, select it, and then click “Open.” The selected applications appear in a list view in the “Assign virtual IP addresses to these programs” list box. Click “Apply” to confirm the selection.

Note:

· To remove a program from the list, select the entry in the list box, and then click “Remove Program.” Click “Apply.”

3. The final step is to reboot the RDSH server so that new user sessions logging on will get virtual IP addresses for their virtualized applications.

Configuring IP Virtualization for Per-Session Mode

1. Select the “ Per session ” radio button. This automatically grays out the list box view under “ Assign virtual IP Addresses to these programs ” and the “ Add Program ” and “ Remove Program ” buttons which are applicable only to the per-program” mode. Click “ Apply .”

2. Reboot the RDSH server so that new user sessions logging on will get virtual IP addresses for their virtualized applications.

To disable RD IP Virtualization, clear the “ Enable IP virtualization ” check box, and then click “ Apply .”

Related Posts:

In addition to RD Session Host Configuration MMC snap-in, Remote Desktop IP Virtualization can also be configured by using GPO, RDS Provider for Windows PowerShell and also through WMI.

Part II of this blog post series has information on configuring RD IP Virtualization automatically on managed computers by using Group Policy objects.

Part III (coming soon) of this blog post series has information on configuring RD IP virtualization through RDS Provider for Windows PowerShell.

Published Sep 08, 2018
Version 1.0
No CommentsBe the first to comment