Windows Terminal Server, or Remote Desktop Services (RDS), allows multiple users to connect to a central server and access Windows desktops and applications remotely. Setting up a Windows Terminal Server on AWS with AWS Managed Active Directory (AD) is a powerful combination that offers scalability, security, and ease of management. In this guide, we’ll walk through the steps to set up a Windows Terminal Server on AWS using AWS Managed AD.
Step 1: Set Up AWS Managed Active Directory
- Create a Directory:
- Go to the AWS Directory Service console.
- Choose “Set up directory” and select “AWS Managed Microsoft AD”.
- Enter your directory details, such as directory DNS name and NetBIOS name.
- Choose the VPC and subnets where the directory will be created.
- Review and create the directory.
- Configure Security Group:
- Ensure that the security groups associated with your directory allow inbound and outbound traffic on necessary ports (e.g., TCP/UDP 53 for DNS, TCP 88 for Kerberos, etc.).
Step 2: Launch a Windows EC2 Instance
- Choose an AMI:
- Navigate to the EC2 console.
- Choose “Launch Instance” and select a Windows Server AMI (e.g., Windows Server 2019).
- Configure Instance Details:
- Select the appropriate instance type based on your performance needs.
- Configure the instance to be launched in the same VPC as your AWS Managed AD.
- Domain Join:
In the Advanced Details section, provide the necessary User Data script to join the instance to the domain. The script should look something like this:
<powershell>
$Domain = “yourdomain.com”
$Password = ConvertTo-SecureString “yourpassword” -AsPlainText -Force
$User = “AdminUser”
$Credential = New-Object System.Management.Automation.PSCredential($User, $Password)
Add-Computer -DomainName $Domain -Credential $Credential -Restart -Force
</powershell>
- Configure Security Groups:
- Ensure the security group allows RDP (Remote Desktop Protocol) traffic on port 3389.
- Launch Instance:
- Review your settings and launch the instance.
- Connect to the instance using RDP.
Step 3: Install Remote Desktop Services
- Connect to the Instance:
- Use RDP to connect to your Windows EC2 instance.
- Add Roles and Features:
- Open the Server Manager and choose “Add roles and features”.
- Select “Remote Desktop Services installation”.
- Select Deployment Type:
- Choose “Standard deployment” and then select “Session-based desktop deployment”.
- Deploy RD Connection Broker, RD Web Access, and RD Session Host:
- Follow the wizard to install these roles on your instance.
- Configure RD Licensing:
- Open RD Licensing Manager to add your RDS CALs (Client Access Licenses).
Step 4: Configure Remote Desktop Gateway
- Install RD Gateway Role:
- Open Server Manager, go to “Add roles and features”, and install the “Remote Desktop Gateway” role.
- Configure RD Gateway:
- Open the Remote Desktop Gateway Manager.
- Configure the server settings, including the SSL certificate for secure connections.
- Create Resource Authorization Policies (RAP):
- Define policies to specify which users can connect through the RD Gateway.
Step 5: Configure Active Directory Users and Groups
- Create User Accounts:
- Create user accounts in the AWS Managed AD console and assign them to appropriate groups.
- Assign RDS User Permissions:
- Use the Remote Desktop Services manager to assign permissions to users/groups to access the terminal server.
Conclusion
Setting up a Windows Terminal Server on AWS using AWS Managed AD streamlines user access management and enhances security through centralized authentication. Following these steps can provide your users with a robust and scalable remote desktop solution.