Remote Desktop Services: RDS Sizing Calculations

KB ID 0001753

Problem

This is a horrible subject to find any decent information on. Microsoft are typically ‘vague’ and most people are stuck with using trial and error, or massively overestimating hardware to be on the safe side. I get asked this occasionally and, just like Microsoft, it’s a question I don’t like to answer!

People are reticent to tell you that you need ‘x’ amount of CPU and ‘y’ amount of RAM. Simply because ‘it depends’ e.g. a dozen users just doing some file and print, and working on office documents, will be much less of a requirement, than a dozen users making MS Teams calls and doing 3D Auto CAD modelling.

I’m going to Assume: That we are deploying RDS in a virtual environment, so I’ll be talking about vCPU requirements. BE AWARE: Running a VM with a LOT of vCPUs can be counter productive for performance (Google CPU Ready).

RDS Sizing Requirements

RDS Dependancies

Most of these will be common sense, 

  • Domain Authentication: Usually via Active Directory or Azure AD credentials.
  • DNS Resolution: Not just for the RDS server roles deployed, for resolving the names on Certificates, and for third party hosted applications.
  • Third Party (Line of Business) Applications: Not all apps support RDS deployment, and many that do, require different licensing (Check!)
  • File and Print: Thankfully these days most file storage is moving into the cloud, but users still need user profiles? How are you going to present them?FXLogix, Redirected folders, Shared folders etc.
  • Access: These days having RDP open to the outside world is a thing of the past, it you want to connect to RDS you either come in via an RDS Web Gateway, or even better, by connecting to a VPN, then accessing the RDS deployment.
  • Licensing: Obviously the RDS servers themselves require licensing, but so does RDS. Depending on what licence model you buy, (user CALs, or device CALs). Typically most people buy user CALs (Device CALs are good for things like call centres e.g. where 3 shift workers use the same PC in a 24 hour period so you can buy 1 device CAL rather than 3 user CALs).*

*Note: Whats a SAL then? A Subscriber Access Licence is used if you have your servers SPLA licenced from a service provider. These are usually on a monthly rental basis.

RDS Sizing: Roles

You can,  (and I think it’s still the default) put all the RDS roles on one server, obviously this is not ideal for anything other than a tiny deployment (5-10 users doing very low impact roles for example). But the individual roles required are;

RD Session Host: This is what does all the heavy lifting, it hosts the remote user sessions. Typically these will be the server(s) in your deployment that suffer with recourse constraints if you get something wrong. As I’ve mentioned above if you’re running 3rd Party Line of Business applications on here MAKE sure they are designed and optimised for RDS. Finally based on what your users are doing is it worth having better/faster/local storage on these servers.

RD Connection Broker: This role had two primary jobs, 1) Connect remote users to the least utilised session hosts, and 2) Reconnect users to the correct session host if they’ve dropped a connection, or have an existing open RDS session. 

RD Web Server: This provides a web logon portal for RDS so that RDS desktops and applications can be accessed over HTTPS. Remember just because traffic is on HTTPS (TCP port 443) do not assume it’s trusted and non malicious. Nearly every exploit and attack these days used HTTPS or SSH to get traffic in and out of your network. Unless you are inspecting https it’s not more secure than http! Typically the RD Web server is deployed in a DMZ. In some small deployments it can also be on the RD Connection broker.

RD Licence Server: Typically this gets put on ‘Another‘ server in the environment, the draw back of this is people forget where it is, and don’t check before decommissioning a server then find out a few days later their licence server disappeared. You install this role, then register it with Microsoft, then finally add your licences to it.

RDS Sizing Calculations

For all RDS roles apart from the RD Session Host(s) Then the footprint is relatively small.

RD Session Host(s) CPU: This depends on the amount of users, typically no more more than 4 users per vCPU , and up to a maximum of 8 vCPUs per host, (this should tell you you need an RDS Session Host for every 24 (approx) users). Remember to factor in additional hosts in case you suffer a loss of server/hypervisor. For that reason it’s also good practice to deploy your session hosts with anti-affix city rules so that they are not all on the same hypervisor host!

RD Session Host(s) RAM: Again depends on the user and what they will be doing, as a rule of thumb, allow between 2 and 8 GB per user, but do not allocate more than 128 GB per RDS Session Host.

RD Connection Broker: (2x vCPU, 8GB RAM, 70GB HDD) Note: Can scale up to 8 vCPU, 16 GB RAM, 70 GB HDD) for larger deployments.

RD Web Server: (2x vCPU, 4GB RAM, 70GB HDD) Note: Can scale up to 8 vCPU, 16GB RAM, 70 GB HDD) for larger deployments. Once you get larger than this you need to look as load balancing multiple RD Web servers.

RD Licensing: (1 x vCPU, 4GB RAM, 70GB HDD) Assuming there’s no additional compute requirements on the same host.

I welcome any feedback and recommendations below.

Related Articles, References, Credits, or External Links

Deploying Remote Desktop Services

Remote Desktop Services: Can’t Remove Dead Server

KB ID 0001415

Problem

I was doing some RDS work for a client today, and it would seem that at some time in the past their RDS Licensing server had died, it had been replaced, and everything was working OK. But when I was adding roles to the new servers, this kept popping up;

The following server in this deployment are not part of the server pool
1. Server-Name
The servers must be added to the server pool.

I could have ignored the error and finished the job, but things like this remaining ‘unfinished’ really wind me up. So I thought I’d sort it out.

Solution

At first I thought I could just dive into either ADSIEdit or ‘AD Sites And Services’, make a quick change and everything would be fixed. That revealed that the site licence server was set to a server that also didn’t exist! (So I fixed that, still the problem remained).

So if all else fails then use PowerShell right?

[box]Remove-RDServer {Server-FQDN} {ROLE}[/box]


Error: Object Reference not set to an instance of an object

After some research I discovered that the RDS servers are stored in a database, (Windows Internal Database) on the connection broker(s). So you need to download the ‘SQL Management Studio’ software on your connection broker(s). Then ‘Run As’ administrator.

Connect to, “\\.\pipe\MICROSOFT##WID\tsql\query

Under Databases you will find a database called RDCms  >Expand that, and drill down to the tables. Locate rds.server. Press the ‘Query’ button > Right click the rds.server table > List top 1000 rows.

Locate your ‘Dead’ server here you can see mine has an ‘Id’ of 3. Look in the following tables and make sure there are no references to Id 3. (I didn’t have any, my only reference was in the rds.server table.)

  • rds.RoleRdcb (Connection Broker)
  • rds.RoleRdls (License Server)
  • rds.RoleRdsh (Session Host)
  • rds.RoleRdvh (Virtualisation Host)
  • rds.RoleRdwa (Web Access Host)

In the bottom of the Query Section enter the following, (as applicable, i.e your column might be ServerId, and your server might be number 123)

[box]use RDCms

delete from rds.server where Id=3[/box]

Press ‘Execute’, Close the SQL Manager, repeat on any remaining ‘Session Brokers’. Have a coffee, then try again, the problem should be resolved.

Related Articles, References, Credits, or External Links

NA