1. Principles of Virtualization
Accessing published applications
Date:
Department of Computer Engineering
Jain Group of Institution, Bangalore
Presented By:
Rubal Sagwal
Assistant Professor
Department of Computer Engineering
1ADAD
2. Contents
• Access published applications:
• Configuring Remote Desktop Web Access
• Configuring role-based application provisioning, and
• Configuring Remote Desktop client connections
• Configure client settings to access
virtualized desktops:
• Configuring client settings
ADAD 2
4. Introduction
• As we know, different vendors provide different
products for application virtualization.
• For example,
• Citrix provides – Xenapp and xendesktop for application
virtualization,
• VMware provides – Thinapp,
• Microsoft provide – App V and RemoteApp.
So now, we are going to discuss about the RemoteApp.
ADAD 4
5. RemoteApp
• Remoteapp – application virtualization product of
Microsoft.
• RemoteApp is a Microsoft technology that allows
users from – to access the application – which is
running on the remote machine – from their local
machine.
• Users can access the application which is present in
the remote machine just like accessing the
application which is present in the local machine.
• RemoteApp is based on the RDS (Remote Desktop
Service).
ADAD 5
6. Contd…
RemoteApp - Azure RemoteApp
• Azure RemoteApp allows the users to access the corporate
application from anywhere such as home, coffee shop,
airport and from any device such as laptop, tablet at the
same time.
• Windows Azure RemoteApp achieves this by combining the
windows application experience with the power of remote
desktop services in the azure cloud.
• In the azure RemoteApp, all the applications will be running
on the windows servers present in the azure cloud and the
end users can access these applications with internet
connection from anywhere using any device.
• The application will run as if they are running on the local
machine.
ADAD 6
8. Contd…
RemoteApp - Azure RemoteApp
• The administrator only needs to upload the
application in the azure cloud and the end users
can access it.
• The administrator can manage the application from
the azure portal.
• All the applications are running in the azure cloud
platform so it is easy to provide centralized security
to your application.
• You can also protect the application by configuring
the credentials, so that the user can access the
application only if they know the credential.
ADAD 8
9. Contd…
RemoteApp - Azure RemoteApp
• Azure RemoteApp collections In Azure RemoteApp,
there are two types of collections:
1. Cloud Collection
2. Hybrid Collection
ADAD 9
10. Contd…
RemoteApp - Azure RemoteApp
1. Cloud collection –
• all the applications and data are stored in the
cloud and the user can access the application
by providing the credentials.
• They can use their Microsoft account for log in or if
their corporate credential is integrated with azure
directory.
• They can use their corporate credentials to log in
and access the application in the azure cloud.
ADAD 10
11. Contd…
RemoteApp - Azure RemoteApp
2. Hybrid collection –
• some applications and data are stored in the azure
cloud and the remaining application and data are
present in their corporate private network.
• The users can access all the applications which are
present in both azure cloud and private network, if
they have valid credentials.
• You can choose hybrid collection if you don’t want
to store all your confidential data on the cloud for
security reasons.
ADAD 11
12. Contd…
RemoteApp - Azure RemoteApp
Creating a cloud collection of Azure RemoteApp
There are four steps:
1. First, we need to create a Azure RemoteApp
Collection.
2. Next, we need to synchronize our Active
Directory with the Azure Active Directory tenant.
If the users are using their Microsoft account
then this step is optional.
3. Then we have to publish our apps in the
collection.
ADAD 12
13. Contd…
RemoteApp - Azure RemoteApp
4. Finally, provide access to the users. You need to do
the following before creating the collection:
• First you should Sign up for the Azure RemoteApp.
• Collect the user account information of the users for
which you are providing access. The user account can be
corporate active directory or Microsoft account.
• In this procedure we assume that you are either going to
use one of the template images which is provided as
part of your subscription when you subscribed to the
azure RemotApp.
• If you are going to upload a different template image to
the collection, from the Template Image page you can
upload the template image.
ADAD 13
14. Contd…
RemoteApp - Azure RemoteApp
Step 1: Creating a cloud collection
• Now we are going to see the steps involved in creating cloud
collection.
1. Go to the RemoteApp page from the management portal.
2. Then click New and QuickCreate.
3. Next, specify the name of your collection and then select
your region.
4. Choose standard plan or basic plan based on your
environment.
5. Select the template that you are going to upload to this
collection.
6. Finally, click the CreateRemoteApp collection to create
your collection.
ADAD 14
15. Contd…
RemoteApp - Azure RemoteApp
Step 2: Configure AD directory synchronization
• If you want your users to use your corporate Active
Directory account for authentication, then you should
integrate your active directory with the azure tenant
active directory, so that it will synchronize the user
name, password and contact.
• After synchronization, if the user logs in with the
corporate active directory account, the azure tenant
active directory can authenticate the user.
• If you allow your users to use their Microsoft account
for authentication, then you don’t have to configure
this active directory synchronization.
ADAD 15
16. Contd…
RemoteApp - Azure RemoteApp
Step 3: Publishing apps
• If the users want to access the app which is running in
the azure cloud, you should publish the app. For
publishing, the app should be stored in the template
that you have uploaded to the collection. You can
publish the app present in the template image by using
the Add program button in publish page.
• You can publish the app from the start menu of the
template or you can publish by specifying the path of
the application in the template.
• If you are publishing by specifying name then you have
to provide a name to your application.
• You can publish multiple apps.
ADAD 16
17. Contd…
RemoteApp - Azure RemoteApp
Step 4: Configuring user access
Now we have successfully created the RemoteApp collection, the
next step is to add the user accounts so that only these users will be
allowed to access the application. The user can use their Microsoft
account or Active directory account for logging in. If you are using
active directory account then it should be integrated with the azure
directory.
1. From the Quick Start page, click the Configure user access.
2. Enter the Active Directory or Microsoft account of the users for
which you want to grant access.
3. It will now start to validate the users. Once it is completed, click
Save.
Now we have successfully created the Azure RemoteApp collection
and published the application. The users can access this application
with the help of remote desktop client.
ADAD 17
19. Introduction
• Recap – Studied about Remote app and Remote
Desktop Services.
• Remote Desktop Service – Using this feature you
can connect to – the desktop of remote machine
from – your local machine via – network
connection.
• Precap – Remote Desktop Web Access service –
provide a simple user-friendly interface for users to
discover the available resources.
ADAD 19
20. Remote Desktop Web Access
• The RD Web Access allows the users to access the
RemoteApp and Remote Desktop from a browser or from
the start menu of Windows 7 client machine.
• Once we have configured the RD Web Access then the user
can easily discover all the published resources from RD Web
Access web portal.
• From this website, users can launch the remote desktop
sessions and remote app programs by simply clicking the
icons. Or if the user is using windows 7 machine they can
launch these resources from the start menu of the local
computer like launching a program installed on the local
machine.
• The Remote Desktop Web Access was previously called as
Terminal Service web access.
ADAD 20
21. Remote Desktop Web Access - Working of RD
Web Access
• Administrator publishes the resources (remoteapp,
remote desktop session) using Remote Desktop session
host server.
• If the user wants to use these resources from RD Web
Access server then we need to specify the source that
provides the RemoteApp programs and Remote
desktops.
• That source can be Remote Desktop Connection Broker
(RD Connection Broker - Remote Desktop Connection Broker
keeps track of all the available resources) server or a
RemoteApp source.
• The Remote Desktop Web Access role service asks RD
Connection Broker about the available resources and
RD Connection Broker provides the result.
ADAD 21
22. Contd…
Remote Desktop Web Access - Working of RD Web Access
• Using that data the RD Web Access server creates two
data streams,
• One is HTML (Hyper Text Markup Language) data that
is displayed as a web page in the RD Web Access web
portal. The end user will see the available resources
and launch the required resource.
• The other one is an Extensible Markup Language
(XML) feed that is used by the windows 7 users for
accessing the resources from the start menu.
• From the start menu, the users can start the
Remoteapp program or remote desktop session.
ADAD 22
23. Contd..
Remote Desktop Web Access - Working of RD Web Access
• If a user launches a RemoteApp program, then a
Remote Desktop Services session is started on the
Remote Desktop Session Host server that hosts the
RemoteApp program.
• When a user connects to a virtual desktop, a
remote desktop connection is made to a virtual
machine that is running on the Remote Desktop
Virtualization Host server.
ADAD 23
24. Remote Desktop Web Access - Configuring the
Remote Desktop Web Access
• Now we will discuss the steps involved to configure
the Remote Desktop Web Access.
• Before configuring the RD Web Access, first, we
should have an RD session host server and we need
to enable the Remote App program for the RD web
access so that the RemoteApp program will be
displayed on the page.
• After that, we need to install the Remote Desktop
Web Access service role on a server and the server
will act as an RD Web Access server.
ADAD 24
25. Contd..
Remote Desktop Web Access - Configuring the
Remote Desktop Web Access
• Then we have to specify the source of the Remote
Desktop and RemoteApp program in the RD web
access server. The RD web access server fetches the
detail of available resources from the source and
put it on the website.
• The end user will access the website and use the
resources.
ADAD 25
26. Remote Desktop Web Access - Enabling
RemoteApp Program for Remote Desktop Web
Access
• By default, a RemoteApp program is enabled for
Remote Desktop Web Access when a program is
added to the RemoteApp Programs list on a
Remote Desktop Session Host server.
• In the previous chapter, we have already discussed
RD session host configuration and adding a
program to Remote App program list.
ADAD 26
27. Contd…
Remote Desktop Web Access - Enabling RemoteApp Program
for Remote Desktop Web Access
• Use the following procedure on the RD Session Host server.
The RemoteApp programs are configured to determine if a
RemoteApp program is enabled for RD Web Access.
1. On the Remote Desktop Session Host server, click the
Start menu, go to Administrative Tools -> Remote Desktop
Services and then click RemoteApp Manager.
2. In the RemoteApp Programs list, make sure that a Yes
value appears in the RD Web Access column next to the
program that you want to make available through RD Web
Access.
3. If the Remote App program is not enabled for Web Access
then click the program name and select Show in RD Web
Access in the Actions pane. Now the remote app program
will be enabled for RD web access.
ADAD 27
28. Remote Desktop Web Access - Install Remote
Desktop Web Access Role Service
• Remote Desktop Web Access is a role service under
the remote desktop services.
• After installing the role, the server will act as a web
portal from where the end users can discover and
access the published resources.
• When you install this role the Microsoft Internet
Information Services (IIS) is also installed on the
server. In short, after installing the Remote Desktop
Web Access role service on the server, the server
will act as a Web Server.
ADAD 28
29. Contd…
Remote Desktop Web Access - Install Remote Desktop Web
Access Role Service
• Remote Desktop Web Access is a role service under the remote
desktop You can install this role service in the same server or in a
separate host server. Use the following procedure to install the RD
Web Access role service:
1. In the host server, go to Start menu, select Administrative Tools and
then click Server Manager.
2. This role service is a sub role under the Remote Desktop Services
(This step will be required if you are installing the RD web access role
service in a separate server other than the session host server)
1. In the Roles Summary, click Add Roles.
2. Then click Next on Before You Begin page.
3. On the Select Server Roles page, select the Remote Desktop Services check
box and click Next.
4. Review and then click Next.
5. On the Select Role Services page, select the Remote Desktop Web Access
check box.
ADAD 29
30. Contd…
Remote Desktop Web Access - Install Remote Desktop Web
Access Role Service
• If the Remote Desktop Services role is already installed (if you are
installing the RD web access in the RD session host server then Remote
Desktop role will be already installed):
1. In the Roles Summary, click Remote Desktop Services.
2. Then click Add Role Services.
3. On the Select Role Services page, select the Remote Desktop Web
Access check box.
4. Click Next.
5. Then on the Select Role Services page, you will be prompted to select
the role services that you want to install for IIS, click Next.
6. On the Confirm Installation Selections page, click Install.
Then the installation will begin. You can see the installation progress. Once
the installation is completed click Close.
Now we have successfully installed the Remote Desktop Web Access role
service.
ADAD 30
31. Remote Desktop Web Access - Populate the TS
Web Access Computers Security Group
• Suppose if the RD web access server and the RD
session host server that host the Remoteapp
program are different servers, you have to add the
computer account of the RD Web Access server to
the TS Web Access Computers security group on
the RD Session Host server.
• This is done to enable the web port to display
applications from that terminal server.
• If you have not added then when you access the RD
Web Access website you will get an error message.
ADAD 31
32. Contd…
Remote Desktop Web Access - Populate the TS Web Access
Computers Security Group
• To add the computer account of the RD Web Access server to the security
group:
1. On the RD Session Host server, go to Start menu, select Administrative Tools
and then click Computer Management.
2. In the left pane, expand Local Users and Groups and then click Groups.
3. Find the TS Web Access Computers group then right click the group select
Properties.
4. Click the Add button on the TS Web Access Computer Properties dialogue
box.
5. Then click the Object Types button.
6. In the Object Types dialog box, select the box next to Computers and then
click OK.
7. In the Enter the object names to select box, specify the name of the RD Web
Access server and then click OK.
8. Click OK to save the settings.
ADAD 32
33. Remote Desktop Web Access - Accessing the RD
Web Access web page
• After installing the RD we can access service role and adding the
computer account of web access server to the security group we can
access the RD web access web page.
• If you want to access this web page from a browser you can use this
https://<server_fqdn>/rdweb URL (server fqdn(Fully Qualified Domain
Name) is the name of the server where you have installed the RD web
access service role i.e. your RD web access server name).
• The other way of accessing RD web access web page is from the RD web
access server. Go to start menu of the RD web access server, select
Administrative Tools then select Remote Desktop Services and click
Remote Desktop Web Access Configuration.
• When you access the web page you will be prompted to provide the
username and password.
• You need to provide the credential of a user account which has
Administrator privilege.
ADAD 33
34. Remote Desktop Web Access - Configure the RD Web
Access Server for RemoteApp and Desktop Connection
• Now we have an RD web access server and we can access
the web page. The next important step is to specify the
source, only then the web page can display the available
RemoteApp program and remote desktop to the users.
• As we have already discussed that the source can be remote
desktop connection broker or a RemoteApp source. Now we
will discuss how to specify the source:
1. Go to the RD Web Access Web site.
2. Log on to the site by using a user account which has
Administrator privilege.
3. On the title bar, click Configuration.
4. In the Select source to use, select An RD Connection
Broker server or one or more RemoteApp sources.
ADAD 34
35. Contd…
Remote Desktop Web Access - Configure the RD Web Access Server for
RemoteApp and Desktop Connection
• If you select the An RD Connection Broker Server, then
in the Source Name box, specify the NetBIOS name or
FQDN of the RD Connection Broker (i.e. the name of
the server where you have installed the connection
broker role service)
• If you select the One or More RemoteApp Sources,
then in the Source name box, provide the NetBIOS
name or FQDN of the RemoteApp source.
• If you are using an RD Session Host server farm as the
RemoteApp source, specify the DNS name of the farm.
• If you are going to specify multiple RemoteApp sources,
then each name must be separated by a semicolon
ADAD 35
36. Contd…
Remote Desktop Web Access - Configure the RD Web Access Server for
RemoteApp and Desktop Connection
5. Click OK to save the changes.
• If you have selected One or More RemoteApp Sources, then
you have to specify a connection name and a connection ID.
• The connection name will be used to identify RemoteApp
and Desktop Connection provided by the RD Web Access
server to the user.
• To specify the connection name and connection ID, on the
RD Web Access server, open the
%windir%WebRDWebApp_DataRDWebAccess.config
file in a text editor, such as Notepad.
• If you have selected An RD Connection Broker server, you
can specify the connection name and connection ID by using
the Remote Desktop Connection Manager tool on the RD
Connection Broker server.
ADAD 36
37. Remote Desktop Web Access - Discover the Available
Resources using RD web access web page from an end
user computer
• After specifying the source of the web access, the web
page will display the RemoteApp programs and Remote
Desktop session that is available to the end users. The
users can simply start the RemoteApp programs by
clicking the icon.
• The users can access the Remote Desktop Web Access
web by simply using URL
(https://<server_fqdn>/rdweb) from a browser.
• It will ask for user credentials and then you need to
select one the following two options:
• This is a public or shared computer
• This is a private computer
ADAD 37
38. Contd..
Remote Desktop Web Access - Discover the Available Resources using RD
web access web page from an end user computer
• If you select This is a private computer then your user name is
remembered, so when you log on to this web access website you
need to provide only the password. Use this option when you are
accessing the website from a computer that is dedicated only to
you and not shared with others.
• If you select This is a public or shared computer then you need to
provide the username and password each time when you log into
this website. You can use this option when you access this web
page from a computer that is shared with others.
• Once the user is logged in they view the available RemoteApp
programs,
• By simply clicking the icon they can start the application.
• If the user wants to login to the remote desktop then he can click
the Remote Desktop tab.
ADAD 38
39. Contd..
Remote Desktop Web Access - Discover the Available Resources using RD web access
web page from an end user computer
• In the Connect to box, provide the name of the
remote computer then click connect to, the remote
desktop session will be started.
• If you log into the RD Web Access web page as a
normal user you can see only two options,
RemoteApp Program and Remote Desktop. If you
log in as Administrator you can see the additional
tab Configuration in the web page.
ADAD 39
40. Remote Desktop Web Access – Allowing Access From
The Internet
• The end user can access the RemoteApp program or remote
desktop sessions using corporate network or public network.
Suppose if the user is accessing the resources from the public
network we need to configure our firewall according to that.
• For security reasons, it is recommended to place the RD Web
Access server in the perimeter network and the RD session host
server behind the internal firewall. The internal firewall is
between the RD session host server and the RD web access
server. If these two servers need to communicate then we have
to configure our internal firewall in a way that it allows the WMI
(Windows Management Instrumentation) traffic from the Remote
Desktop Web Access server to the Remote Desktop Session Host
server.
• And we need to ensure that the Remote Desktop Web Access
website is configured to use Forms authentication (By default
Forms authentication is enabled).
ADAD 40
41. Contd…
Remote Desktop Web Access – Allowing Access From The Internet
• To verify that Forms Authentication is enabled:
1. In the RD Web Access server, go to Start menu, select
the Administrative Tools and then click the IIS
Manager.
2. In the left pane expand the tree structure by selecting
ServerName, Sites, Default Web Site, RDWeb and then
click Pages.
3. Find and Select Authentication under IIS and Click Edit.
4. Check whether the Forms Authentication is set to
Enabled. If it is not enabled, then right-click Forms
Authentication and click Enable.
ADAD 41
42. Contd…
Remote Desktop Web Access – Customizing the Remote Desktop Web
Connection behavior
• Using the Remote Desktop tab on the RD web access
website the end user can easily connect to the desktop of a
remote computer by providing the name of the remote
computer.
• The administrator can customize the Remote Desktop Web
Access webpage that is displayed to the user.
• For example, we can decide whether the Remote Desktop
tab is available to users and can customize settings. The
default device and resource redirection options, the RD
Gateway server to use can also be customized. You can
configure these settings using the application setting in the
IIS manager. Now we will see how to configure these
settings.
• By default, the Remote Desktop tab is available to the users.
ADAD 42
43. Contd..
Remote Desktop Web Access – Customizing the Remote Desktop Web
Connection behavior
• Using this tab the users provide the name of the remote machine and
size of the screen and he will be connected to the desktop of the remote
machine. If the administrator doesn’t want to display this tab to users
then the administrator can hide it.
1. In the RD Web Access server, launch the Internet Information
Services Manager.
2. In the left pane, expand the tree structure by clicking Server Name,
Sites, Default Web Site, RDWeb and then click Pages.
3. Find Application Settings under ASP.NET then double-click it.
4. In the application settings pane find and select ShowDesktop option
and then click Edit. The value in the value box will be Yes by default,
change the value.
5. Then Click OK to save the settings.
After configuring this if the user logs in, he cannot view the Remote
Desktop.
ADAD 43
44. Contd..
Remote Desktop Web Access – Customizing the Remote Desktop Web
Connection behavior
• The administrator will create a user account and password
for all the users. Suppose if the administrator wants to force
the users to change their password when they first login or
the administrator wants the user to change his or her
password when it has expired, the administrator can
configure this using the Application settings.
• Similarly, the administrator can customize RD web page
using the Application Settings. Select the options you want
to change and then change the value in the value box.
• The configuration changes you are making in the application
settings of IIS manager will take effect immediately, but if
the web page is already open and you are not able to see
the changes just refresh the page. Then you can see the
changes.
ADAD 44