Remote Desktop Services

With businesses attaining more WAN bandwidth and businesses trust with hosted services increasing, Microsoft is investing heavily in Remote Desktop Services.  Renamed from Terminal Services to Remote Desktop Services, it encompasses multiple ways to deliver application access from any location.  Below, you will find information on some of the features and requirements in an RDS deployment.

MS RDS Blog
WAN Optimization
RDP Client / Server features cross reference

Why RDS?

  1. Local-lan connectivity when using applications (e.g. Quickbooks) and when accessing the LAN resources (i.e. loading large files)
  2. Improved security for remote users
    1. Data is stored on the servers, not on laptops. This also means data is backed up consistently.
  3. New user setup is quickly done and without the need to “reimage” existing computers
  4. Portability for remote work
  5. Thin Client support
  6. Business Continuity and Disaster Recovery
  7. Green computing (more effective use of resources)
  8. Non-compliant PCs can connect with minimal security compromises
  9. Encrypted connectivity and application-level access limitation for compliance purposes or restricted access for external partners
  10. Centralize application management (updates, configuration is done in one place)

Functions

On the surface, RDS can be broken down into 2 Functions: Session Hosts and Virtual Desktop Infrastructure (VDI).  When breaking down the session hosts function further, we can include features such as RemoteApps and Remote Session Host (Terminal Services).  Similarly, VDI provides us with Personal Virtual Desktops and Pooled Virtual Desktops.

Virtual Desktop Infrastructure

Personal Desktops
This is geared for full desktop replacement deployments. The user will treat this is as their own personal computer in a VM.

Pooled Desktops
Pooled desktops are similar to deploying VMs in an academic environment. This usually means the VMs are preinstalled with generic applications and users have full administrative access to install their custom applications.  Of course, after they log off, the VM is reverted to it’s original state for the next user. An example usage would be to provide a pool of 10 Windows XP VMs for users to use intermittently due to legacy software incompatibilities.

Remote Session Host (aka Terminal Services)

Web Access – Single sign-on web portal showing RemoteApps

RemoteApp  – A more seamless integration between remote applications and local desktop

    1. Does not require Windows 7 computer to be joined to domain
    2. Updates automatically when the feeds are updated by administrators
    3. Users have to log on only once to create the connection
    4. XML – so can be used in other ways

Capacity Planning

Servers
It’s better to purchase 2 Server than it is to purchase 1 loaded with more memory. The reason is you can load balance between 2 RDS servers and the cost of smaller memory modules is a lot less than of larger ones. Scaling OUT instead of UP is more cost effective, increases Disk IO paths, and creates redundancy.

Processor
Unfortunately, adding processors isn’t a 1:1 improvement. Usually, going from 1 to 2 processors will achieve a 1.8:1 gain, while going from 2 to 4 processors will achieve a 1.65:1 improvement.
If you have each user session taking up 10% of CPU, then the server’s CPU can handle up to 10 users at full load. If you added more CPUs to get a total of 4 CPUs, it would be 10*1.8 (1 => 2 cpu)*1.65 (2 => 4 cpu) = 30 users total. As you can see, it’s not 40 users.

  • Use a processor with SLAT support

Memory
Usually, allocate about 500MB per session for a 64-bit OS. Of course, the best thing to do is to find the working set of a user’s session.

Hardware Integration

Enlightenments

This feature in Windows Server 2008, Vista+ coordinates actions with the hypervisor to make sure that they’re interacting with the hardware as efficiently as possible.  The kernel basically only asks for instructions to be carried out within the confines of it’s child partition instead of all the partitions.  It reduces wasted CPU usage.

VM integration components

These components accelerate VM access to devices.  Without it, the VM will configure hardware device drivers with the emulated devices that the hypervisor presents to it.

SLAT

AMD-V Rapid Virtualization Indexing (RVI) and Intel VT Extended Page Tables (EPT)

Although running RDS in a VM isn’t a problem, it does take up additional CPU cycles to maintain a “shadow” page table.  When this is updated in the VM, the Hypervisor has to update it’s “shadow” page table also.  This can take away precious CPU cycles that will slow down your server.  This is where SLAT-enabled processors mitigate this issue.  It maintains the address mappings in hardware, not software.  Just as hardware raid is file management using hardware, SLAT provides memory address management using hardware.  In the end, both memory usage and processor overhead will decrease.  This enables you to host more VM sessions by a factor of 1.6-2.5 times.  It’s highly recommended to have this for memory intensive workloads like RDS, SQL, IIS, Exchange, etc.

Improved Application Compatibility

  1. MSI package installation – Prevention of simultaneous first-time uses of applications based on MSI installs from blocking each other
  2. Dynamic Fair Share Scheduling – A better way of preventing a single session from starving other sessions for processor cycles
  3. IP Virtualizaton – Allows a session or application within a session to have a unique IP.  Applications with requirements of a discreet IP address can be used.

High-Fidelity User Experience

  1. True multi-monitor support, including varying layouts and landscape/portrait orientations
  2. Aero remoting for single-monitor sessions on Windows 7
  3. Cilent-side rendering of multimedia and audio Windows Media Player files
  4. Improved display of video from Silverlight and WIndows Media Foundation
  5. Bi-directional audio remoting, including sound recording to a remote session

Exploring Malware Types

Malware is the term given to a set of software with one specific function: Malicious activity. Most users know of this danger as a “Computer Virus”, but the term virus these days has a very specific meaning. When we break down the dozens of terms given to Malware, we can build an understanding of the level of infection we face during the removal process.

Here are a few of the major types of Malware users should be aware of:

Trojan

  • Malware that disguises itself as a normal file or program to trick users into downloading and installing malware. Does not self replicate or spread.

Virus

  • Malware that replicates and spreads based on user interaction. Opening infected files or running an infected executable usually triggers the virus.

Worm

  • The most common type of malware. They spread over networks by exploiting operating system vulnerabilities. Worms can contain “payloads” that perform certain actions (such as deleting or stealing data). Worms differ from Viruses in that they are able to self-replicate and spread independently. Ex. Polymorphic or Metamorphic.

Rootkit

  • Malware that enables continued privileged access to a computer. As a result, it can subvert software that is designed to circumvent or destroy it.  Typically deployed through Trojans, or security vulnerabilities. Can reside in the kernel of the OS, or even firmware of devices.

Spyware

  • Focuses on data harvesting or modifying security/permissions settings. Typically deployed through trojans.

Ransomware

  • Malware that essentially holds a system captive while demanding ransom. The most damage will come from users with Admin/root access running  a trojan.

Adware

  • Automatically delivers advertisements. Not always malware. When bundled with Spyware, can create elaborate phishing attempts.

Bot

  • Software that performs specific operations using a host computer. This can include cheating at video games, but more dangerously used in botnets to perform DDoS attacks.

Zero Day Attack

  • Not a type of Malware, but a description of the threat. A Zero-day attack is a threat that exploits a previously unknown application vulnerability. It is named as such because developers have had no time to address and patch the issue.

With an understanding of the different types of Malware, we can hope to prevent further infection and reinfection, as well as build a background to understand the newest threats.