Need recommendation on Windows Server 2016 running Remote Desktop Services

I have a client that currently has a Windows 2011 SBS environment with 20 workstations on the lan and another 5-10 remote offsite users. The 20 users with workstations on the lan use the RDP Gateway Service to remote into their personal workstations. The offsite users currently use Remote Web Access, however this no longer meets their needs and they wish to have an actual workstation environment/experience for these remote users without having a physical workstation in the office. They would need the same access to all shared files and resources just as if they were local users.

I have only used RDP for administrative purposes and have never had users RDP into the server directly and work so my question is what exact software/licenses do I require and what recommended hardware does this solution require.
Joe D'AngeloIT ConsultantAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Brian BEE Topic Advisor, Independant Technology ProfessionalCommented:
You would have two options:

Remote desktop server or some variant such as Citrix: Users log on directly to the server and run everything from that server location. This keeps all the compute central to your office and gives you more control over security and policy. Downside is licensing may be expensive.
- This can also lead to using virtual desktop or another thin client technology. Again, depending on what your users are doing. Centralizing all your compute also opens up an opportunity to have your users on thin clients in the office. That reduces cost and increase life of hardware since all the processing is done centrally.

VPN: Users remotely join their computer to the office network and work locally off their own system. This saves on compute resources, but may not work so well if your users are performing tasks that require a lot of bandwidth. There also may be security resources if you do not control what computers are allowed to connect (a personal computer versus a work-provided computer, for example).

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Your best bet probably would be to add additional RDS host to the mix.
Deploy WEB and GATEWAY roles on Windows 2011 SBS (which is probably already there), add RRAS and add a new machine 2008/2012/2016 as RDS host.
Sizing: (bunch of good links in the post)
Joe D'AngeloIT ConsultantAuthor Commented:
The SBS 2011 server will be retired. Email will be migrated to Office365.   A new 2016 server will be deployed in its place.  My main question is will the remote users have full functionality in the RDP session, such as running Quickbooks and other various applications?  Or do I need to have them run their own virtual desktop?
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

Brian BEE Topic Advisor, Independant Technology ProfessionalCommented:
As long as the software you install is supported running in RDP you should be okay. Be sure to check into licensing requirements as well. Some software requires license for every user on the server, even if they won't be running the software!
If you're going to retire SBS2008, are you going to maintain a directory sync between on-prem and Office365? This will allow you to manage users identities in one single place, in your AD. Now, since those identities include users with mailboxes in Office365, you should leave a Exchange Hybrid on-prem in order to adjust and change various attributes related to email, so they would properly sync up to the cloud. Note, that this is the ONLY Microsoft supported way of doing so. If you're NOT going to maintain directory sync, that would mean that you'll be able to manage various Exchange-related attributes of your users directly through Office365 console, however that would mean you will have two separate directories to manage - the local AD and Azure AD, which will be tied to your Office365 deployment.

If you're going to maintain Exchange on-prem in Hybrid mode, as previously described for management purposes, it should NOT be installed on the same server as your AD DC.

As for the RDS host Brian B is correct that licenses needs to be reviewed with every software vendor whose software will be deployed on the RDS host, as well as COMPATIBILITY, since not every software is supported to run in multi-user environment as RDS. Not to mentioned that there a specific installation process for software which is going to be installed on RDS.

Overall, RDS host can be either sessions-based or VDI, not both to the best of my knowledge.
Lee W, MVPTechnology and Business Process AdvisorCommented:
Similar to what Ronin said, Session-based RDS environments can have license implications.  

For example, Office can be installed, HOWEVER, it MUST be a supported edition (last time I checked it included only these versions):
  • Office 365 ProPlus
  • Volume License based editions such as Standard or Professional Plus
  • E3 or higher version of Office 365
Note: installation methods can differ from a standard workstation in some cases.

Further, EVERY user using the session based environment must be licensed with the same edition of Office.  For example, if you have a bookkeeper who ONLY used quickbooks and NEVER used Outlook or Excel (unlikely, but for the purposes of making the point) so you didn't get a license for office for them but had them use RDS, this would be a violation of licensing.

As Ronin noted, other vendors (such as intuit) may have requirements as well.  (I've heard a rumor that the only edition of Quickbooks supported on RDS Sessions is Enterprise).

In one client I have, we're putting most users on RDS and those with special requirements (such as Quickbooks) get a full PC they can remote into.

Note, RDS Gateway will require RDS licenses for all users using it, as I understand it.

Licensing Disclaimer
License information provided here is "best efforts".  The comments of the respondents are based on interpretation of the license agreements and their knowledge of the particular laws and regulations in their geographic location.  Laws in your location may invalidate certain aspects of the license and/or licenses can change.  "They told me on Experts-Exchange" will not be a valid excuse in an audit.  You need to contact the license granting authority to confirm any advice offered here.
Bottom line:
Every single point indicated in the posts validate with the CORRESPONDING VENDOR, no exceptions.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2016

From novice to tech pro — start learning today.