Creating a Windows Terminal Server on AWS Using AWS Managed AD

Windows Terminal Server, or Remote Desktop Services (RDS), allows multiple users to connect to a central server and access Windows desktops and applications remotely. Setting up a Windows Terminal Server on AWS with AWS Managed Active Directory (AD) is a powerful combination that offers scalability, security, and ease of management. In this guide, we’ll walk through the steps to set up a Windows Terminal Server on AWS using AWS Managed AD.

Step 1: Set Up AWS Managed Active Directory

1. Create a Directory:
   • Go to the AWS Directory Service console.
   • Choose “Set up directory” and select “AWS Managed Microsoft AD”.
   • Enter your directory details, such as directory DNS name and NetBIOS name.
   • Choose the VPC and subnets where the directory will be created.
   • Review and create the directory.
2. Configure Security Group:
   • Ensure that the security groups associated with your directory allow inbound and outbound traffic on necessary ports (e.g., TCP/UDP 53 for DNS, TCP 88 for Kerberos, etc.).

Step 2: Launch a Windows EC2 Instance

1. Choose an AMI:
   • Navigate to the EC2 console.
   • Choose “Launch Instance” and select a Windows Server AMI (e.g., Windows Server 2019).
2. Configure Instance Details:
   • Select the appropriate instance type based on your performance needs.
   • Configure the instance to be launched in the same VPC as your AWS Managed AD.
3. Domain Join:

In the Advanced Details section, provide the necessary User Data script to join the instance to the domain. The script should look something like this:

<powershell>

$Domain = “yourdomain.com”

$Password = ConvertTo-SecureString “yourpassword” -AsPlainText -Force

$User = “AdminUser”

$Credential = New-Object System.Management.Automation.PSCredential($User, $Password)

Add-Computer -DomainName $Domain -Credential $Credential -Restart -Force

</powershell>

1. Configure Security Groups:
   • Ensure the security group allows RDP (Remote Desktop Protocol) traffic on port 3389.
2. Launch Instance:
   • Review your settings and launch the instance.
   • Connect to the instance using RDP.

Step 3: Install Remote Desktop Services

1. Connect to the Instance:
   • Use RDP to connect to your Windows EC2 instance.
2. Add Roles and Features:
   • Open the Server Manager and choose “Add roles and features”.
   • Select “Remote Desktop Services installation”.
3. Select Deployment Type:
   • Choose “Standard deployment” and then select “Session-based desktop deployment”.
4. Deploy RD Connection Broker, RD Web Access, and RD Session Host:
   • Follow the wizard to install these roles on your instance.
5. Configure RD Licensing:
   • Open RD Licensing Manager to add your RDS CALs (Client Access Licenses).

Step 4: Configure Remote Desktop Gateway

1. Install RD Gateway Role:
   • Open Server Manager, go to “Add roles and features”, and install the “Remote Desktop Gateway” role.
2. Configure RD Gateway:
   • Open the Remote Desktop Gateway Manager.
   • Configure the server settings, including the SSL certificate for secure connections.
3. Create Resource Authorization Policies (RAP):
   • Define policies to specify which users can connect through the RD Gateway.

Step 5: Configure Active Directory Users and Groups

1. Create User Accounts:
   • Create user accounts in the AWS Managed AD console and assign them to appropriate groups.
2. Assign RDS User Permissions:
   • Use the Remote Desktop Services manager to assign permissions to users/groups to access the terminal server.

Conclusion

Setting up a Windows Terminal Server on AWS using AWS Managed AD streamlines user access management and enhances security through centralized authentication. Following these steps can provide your users with a robust and scalable remote desktop solution.