ollybuba
asked on
Best Practices For Securing Windows Server 2012 R2's Remote Web Apps
I am looking at publishing Windows Server 2012 R2's Remote Desktop Web Access Role to the internet. The main thing I was concerned about was security and the added vulnerability this would add to my network. How can I mitigate some of these vulnerabilities and make this a sound deployment?
Thanks
Thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I don't see any difference as a whole.
User Profile Disk is actually Microsoft successor of Roaming Profiles and Folder Redirection. Technically, it’s a VHD (Virtual Hard Drive) file that is streamed into the (pooled) image of Session Host during logon to create a personalized experience. At the logoff process the user changes are streamed back into the VHD file, so user settings are retained.
Folder redirection is likewise similar but in the file context and not the VHD scheme...in fact the performance impact can be greater if the VHD file are huge and real time streamed to remote. Can be applicable for redirection if not found in local machine and has to be redirected from remote site...
However, we may want to bring in Roaming Profile as well in the comparison for complete picture the better of Profile disk
User Profile Disk is actually Microsoft successor of Roaming Profiles and Folder Redirection. Technically, it’s a VHD (Virtual Hard Drive) file that is streamed into the (pooled) image of Session Host during logon to create a personalized experience. At the logoff process the user changes are streamed back into the VHD file, so user settings are retained.
Folder redirection is likewise similar but in the file context and not the VHD scheme...in fact the performance impact can be greater if the VHD file are huge and real time streamed to remote. Can be applicable for redirection if not found in local machine and has to be redirected from remote site...
However, we may want to bring in Roaming Profile as well in the comparison for complete picture the better of Profile disk
The User Profile Disk is mounted and user data is available immediately, while with Roaming Profiles the data is copied from a file share to the RDS server/VDI workstation (and vice versa) which will take a longer period before the user can actually starts working.http://virtualization.vanbragt.net/index.php/articles/general-articles/rds-user-profile-disk
From an end user perspective also the locations of the folders are located locally as they are used on their private PC, I still see users who do not understand home drive concepts.
Both Roaming Profiles and the User Profile Disk are easy to configure and you don’t need to care where applications and/or the users are storing data in their profile.
Normally Roaming Profiles are combined with Folder Redirection to store some user folders directly on a file share to improve the logon/logoff times and secure the data in those folders. Technically both the User Profile Disk as Folder Redirection user folders are actually storing the data on a network share, which can cause performance issues from an user experiences.
Redirected folders have a central shared set of folders that users can store their data in. My Documents and its subsidiaries along with Desktop are the key folders we redirect. Offline Files keeps a local cache of anything redirected.
User Profile Disks are an AVHDX (virtual hard disk) that hosts their entire X:\Users\UserName folder within the virtual hard disk. Because everything is in this vDisk users can log on to any RDSH and receive exactly the same local profile.
UPDs are a lot simpler to work with in a highly complex RDS environment or even a single RDSH environment.
User Profile Disks are an AVHDX (virtual hard disk) that hosts their entire X:\Users\UserName folder within the virtual hard disk. Because everything is in this vDisk users can log on to any RDSH and receive exactly the same local profile.
UPDs are a lot simpler to work with in a highly complex RDS environment or even a single RDSH environment.
ASKER
So would you recommend to use both redirected folders in combination with UPDs? I'm definitely going to be using redirected folders no matter what.
No. UPDs make redirected folders for users that are only logging into RDSH redundant.
If you have an RDS farm then those UPDs would be network hosted anyway.
Having redirected folders enabled for RDS users creates an extra storage burden for their CSC (file cache). Please keep this in mind.
If you have an RDS farm then those UPDs would be network hosted anyway.
Having redirected folders enabled for RDS users creates an extra storage burden for their CSC (file cache). Please keep this in mind.
I rather choose either one but definitely not both UPD and Roaming User Profiles. Folder Redirection can be on top of UPD, however, it is rather redundant as redirection also does not covers all the folders and looks like more "duplicate". The performance will be further impacted if both used concurrently, that I foreseen unless you tested it out. Eventually UPD is still preferred especially using Win2012 and Virtual Desktop Infra.
It is really to know that in UPD, it covers more than redirection. It is introduced to basically have everything that would normally be stored in C:\users\<username> on the local cached copy to make immediately saved to the .vhdx on the central location. As UPD works on a lower level there are no compatibility issues. The OS is still writing settings to C:\users\<username>.
The past roaming profile and redirection has issues and sometimes can corrupt the folder local cache and remote transfer with mobility support that is not totally seamless as expected, hence UPD is the successor. The user logoff and login and with folder in write mode complicates the use case in the past but UPD strives to better it though I will not say it is error free per se. UPD surpasses and makes easy personalization of a pooled VM in your Windows Server 2012 for either virtual machine-based or session based desktop deployments.....
as a whole, since UPD operates at a lower layer, it should already be transparent and works with existing Roaming User Profiles and Folder Redirection still.
It is really to know that in UPD, it covers more than redirection. It is introduced to basically have everything that would normally be stored in C:\users\<username> on the local cached copy to make immediately saved to the .vhdx on the central location. As UPD works on a lower level there are no compatibility issues. The OS is still writing settings to C:\users\<username>.
The past roaming profile and redirection has issues and sometimes can corrupt the folder local cache and remote transfer with mobility support that is not totally seamless as expected, hence UPD is the successor. The user logoff and login and with folder in write mode complicates the use case in the past but UPD strives to better it though I will not say it is error free per se. UPD surpasses and makes easy personalization of a pooled VM in your Windows Server 2012 for either virtual machine-based or session based desktop deployments.....
as a whole, since UPD operates at a lower layer, it should already be transparent and works with existing Roaming User Profiles and Folder Redirection still.
ASKER