This topic is part of a series about how to deploy a Windows Server 2016 RDS farm in Microsoft Azure. In previous topics, we saw how to deploy networks, storage and virtual machines in Azure. We added also the domain controller to the On-Prem forest across the Site-to-Site VPN. In this topic, we will deploy RDS 2016 farm in Azure. This farm is executed on Windows Server 2016. This series consists of the following topics:

Deploy the Azure SQL database

In the previous topics, we have not deployed the Azure SQL database. In this part, I will deploy this component. In Microsoft Azure, open marketplace and look for SQL Database. Create a blank database and create a new SQL Server. I have called the SQL server sql-rds and the database DBA-Broker.

Deploy RDS 2016 Farm

Once all your VM has joined the Active Directory, you can create a new Remote Desktop deployment based on session. The first broker server is AZRDB0, the first RD host server is AZRAH0 and the first RD access server is AZRDA0. From AZRDB0, I run the following cmdlet:

New-RDSessionDeployment -ConnectionBroker AZRDB0.homecloud.net ` -SessionHost AZRAH0.homecloud.net ` -WebAccessServer AZRDA0.homecloud.net

Next, in the Server Manager of AZRDB0, add all servers of the RDS farm.

Then, I add additional server to the RDS Farm. First, I add two license servers. Each server will have some licenses, so even if a server is down, a license server is available.

Add-RDServer -ConnectionBroker AZRDB0.homecloud.net -Server AZRDB0.homecloud.net -Role RDS-LICENSING Add-RDServer -ConnectionBroker AZRDB0.homecloud.net -Server AZRDB1.homecloud.net -Role RDS-LICENSING

Then I add an additional RD host server:

Add-RDServer -ConnectionBroker AZRDB0.homecloud.net -Server AZRAH1.homecloud.net -Role RDS-RD-SERVER

And I add an additional RD Web Access server:

Add-RDServer -ConnectionBroker AZRDB0.homecloud.net -Server AZRDA1.homecloud.net -Role RDS-WEB-ACCESS

In Server Manager, if you browse the Remote Desktop Deployment, you should have the following diagram.

Configure the RD Broker in High Availability

Before configuring the RD Broker in High Availability mode, go back to the Azure Portal and open the SQL database settings. Click on the link connection strings.

Then create two DNS records where each DNS record is associated to one RD broker.

N.B: you can use an Azure Load Balancer instead of DNS round-robin for the RD Broker. For more information, you can read this topic.

Then install the SQL Native Client on each RD Broker server. Next run the following cmdlet. Replace in the Connection String the SQL server and database name.

Set-RDConnectionBrokerHighAvailability -ConnectionBroker 'azrdb0.homecloud.net' ` -DatabaseConnectionString 'Driver={SQL Server Native Client 11.0};Server=tcp:sql-rds.database.windows.net,1433;Database=DBA-Broker;Uid=master@sql-rds;Pwd={DATABASE PASSWORD};Encrypt=yes;TrustServerCertificate=no;Connection Timeout=30;' ` -ClientAccessName 'broker.homecloud.net'

To finish, run the following cmdlet to add an additional RD Broker server:

Add-RDServer -ConnectionBroker AZRDB0.homecloud.net -Server AZRDB1.homecloud.net -Role RDS-CONNECTION-BROKER

If you come back to the deployment overview In Server Manager, the RD Connection Broker should be marked as a High Availability Mode.

Configure RD Gateway

To add RD Gateways, click on the + symbol in the deployment overview. Then select both RD Gateway servers and add them to selected box.

Provide an SSL certificate name which should be the FQDN of the RD Gateway servers.

Then click on add to start the RD Gateway deployment.

Now the deployment overview should look like that :

In each RD Gateway server, open the RD Gateway console and edit the server properties. Then navigate to Transport Settings and disable UDP.

In Server Farm tab, add both servers and click on Apply.

Repeat these steps for each RD Gateway server.

Deploy the Load Balancer

A Load Balancer is required for the RD Web Access and the RD Gateways. You can use also an Azure Load Balancer for the RD Broker. But in this example I deploy an Azure Load Balancer for RD Web Access and Gateway. Open the marketplace and specify load balancer in the search box.

Provide a name to the Load Balancer and select public. Select the Public IP address previously created from the JSON template.

Once the Azure Load Balancer is created, open the Backend Pools settings. Then click on Add.

Specify a name for the backend pool and select associated to Availability Set. Select the RD Access availability set and add both virtual machines.

Next add a Health probe based on TCP 443 (HTTP / 443 is currently not supported).

Add also a load balancing rule based on TCP. Specify the public TCP port and the backend port. Then select the health probe.

Now you can try the public IP (https://<IP>/rdweb). You should get the Remote Web Access authentication page.

What is missing?

For the moment, no certificate has been deployed. So, you should have some security alerts in the web browser and the RD Gateway still not working. We will configure these certificates in another topic.

Next topic

In the next topic, I’ll deploy a SOFS cluster based on Storage Spaces Direct to store User Profile Disk.