Remote Desktop Services (RDS) Sizing Guide

Remote Desktop Services is a collection of roles that enable secure remote desktop access. This solution combined with cloud services empowers organizations to create true work from anywhere experience for their users. RDS is an excellent way to deliver a remote work experience for your users. It provides the flexibility to provide full desktop sessions or published apps. For the purpose of this article, we will cover a single site deployment of the RDS infrastructure. Further considerations need to be taken if your application requires High Availability, DRaaS for RDS, Geo-redundancy, or User Profile Management.

Roles Required

  • Connection Broker
  • Gateway Server
  • Licensing Server
  • RD Web Server
  • Session Host

Dependencies

  • Active Directory
  • DNS
  • File Services (for user data storage)
  • LOB application(s)

 

RDS Considerations

There is no one size fits all recommendation for RDS deployments. There are many factors that must be considered for a successful deployment of Remote Desktop Services. Below is a list of some of the considerations when deploying RDS.

Question Potential Answers
How many users will the system need to handle?
  • A Handful (1-10)
  • Many (10-100)
  • Multiple Buildings (100+)
What types of users will make up the base?
  • Task Worker
    • Performs basic data entry, single application use.
    • 2-4GB of RAM
    • 500Kbps – 1Mbps
  • Knowledge Worker
    • Light word processing, web based application use
    • 3-6GB or RAM
    • 1Mbps – 2Mbps
  • Power User
    • Full MS Office suite (Outlook, Word, Excel), heavy browser use, LOB application use
    • 6-8GB of RAM
    • 2Mbps-5Mbps
What types of applications will need to run on the system?
  • LOB Applications
  • Consider any graphics-heavy applications
How will User Profile Data be stored?
  • Folder Redirection
  • Roaming Profiles
  • User Profile Disk
How will user security be ensured?
  • Multi-Factor Authentication
  • OS Hardening
  • IPSEC or SSL VPNs
  • EPP/EDR Solutions
What are the users’ networking needs?
  • Bandwidth
    • Enough bandwidth to support all users
    • Factor in overhead for bandwidth bursting
    • Video usage will increase bandwidth demand
  • Latency
    • Recommended <50ms

Network Topology

It’s recommended to deploy the public facing roles into a DMZ. Only open the necessary ports to allow communication from the Internet to the RD Gateway and/or RD Web server. And only open the necessary ports to enable the RD Gateway and/or RD Web servers to communicate with the internal resources on the LAN.

NOTE: Additional ports may need to be open based on client specific requirements. Always take the principal of least privilege when considering opening ports from the Internet to the DMZ and the DMZ to the LAN.

Internet to DMZ

RD Gateway Server
(Internet → In)
  • 443 TCP
  • 3391 UDP
RD Web Svr
(Internet → In)
  • 443 TCP
  • 3391 UDP

DMZ to Internal (LAN)

RD Gateway/Web Svr
to AD Svr (User Authentication)
  • TCP / UDP 88 (Kerberos)
  • TCP 135 (RPC)
  • TCP / UDP 53 (DNS)
  • TCP 123 (NTP)
  • UDP 137 (NETBIOS)
  • TCP 139 (NETBIOS)
  • TCP / UDP 389 (LDAP)
  • TCP / UDP 445
  • TCP 49152 – 65535 (AD High Ports)
RD Gateway/Web Svr
to RD Connection Broker Svr
  • TCP 3389
  • TCP 5985
  • TCP 5504
RD Gateway Svr
to RD Session Host
  • TCP 3389
  • TCP 5985

Network Diagram

 

Cloud Infrastructure

It is possible to combine roles to reduce the number of servers and save on cost. For the purpose of this document, roles will be installed on dedicated servers.

Active Directory Server

The domain controller will run the FSMO roles, handle authentication requests and manage DNS for the network. It is recommended that this server have enough resources to properly run these roles.

Licensing Server

The RD licensing role is one that is often consolidated onto another server such as the Active Directory server. This role requires minimal resources to distribute licenses to RDS users/devices.

RD Gateway Server

The gateway server role handles access requests to the RDS environment from users on public networks. This role is can be consolidated with another role server such as the RD Web role server. Since this server is Internet facing, it should be placed in a DMZ. Communication between the server and client is secured with SSL.

Next to the session hosts, the gateway server is often the busiest. The number of connections the gateway server can handle depends on the types of users in your environment. Processing the connection requests and SSL encryption can put a high demand on the vCPU as the number of connection requests increase.

RD Connection Broker

The connection broker server manages incoming remote desktop connections to RD Session Host server collections. It will also reconnect disconnected sessions for users. This role can be consolidated with another role. This server needs to be sized properly for peak usage or logon storms.

The connection broker is often one of the busiest servers in the deployment. The number of connections the broker can process depends on the configuration of the system. This server needs to be sized properly for peak usage or logon storms. In your sizing, be sure to factor in the OS requirements.

RD Web Server

The RD Web Server is an optional role that enables users to access their desktops and/or applications through a web portal. It requires the IIS role to function properly. Since this server is Internet facing, it should be placed in a DMZ. For smaller deployments, this role can be consolidated with the RD Gateway server.

RD Session Host

The session host will handle the user sessions. These servers will be the most resource intensive in the RDS deployment. Green Cloud IaaS has a maximum of 8vCPU and 128GB of RAM per VM. The number of users you can allocate per server all depends on the types of users in your environment. Storage should also be considered when deploying your session host. Ensure you have fast storage as well as enough capacity for your user and application needs. In your sizing, be sure to factor in the OS requirements.

Resource Recommendations

Server Name vCPU RAM Storage
Active Directory Server 1 (min) 4GB (min) 48GB Standard (min)
Licensing Server 1 (min) 2GB (min) 48GB Standard (min)
RD Gateway Server 2 (min) – 8 (max) 4GB (min) 48GB Standard (min)
RD Connection Broker 2 (min) – 8 (max) 4GB (min) 48GB Standard (min)
RD Web Server 2 (min) – 8 (max) 4GB (min) 48GB Standard (min)
RD Session Host 1-4 users per vCPU (8vCPU max) 2-8 GB per user (128GB max) Premium Storage (Make sure there is enough storage to accommodate the number of users and your profile management methods)

 

Was this article helpful?