Server 2016 or 2012 - Remote Desktop Services deployment considerations or suggestions

I need upgrade an existing network and make it GLBA compliant
Currently, employees that work in the office, have the ability access their computers remotely with RDP/static ips/ customs rpd ports.
Remote employees use RDP to access virtual desktop guests hosted on desktop computers configured as Hyper-V servers.

I haven't provisioned a Terminal Server before and now understand the Terminal services is now called Remote desktop services(bah words)
I would like to provide a solution that will accommodate up to 50 remote users. I could continue to use desktops as Hyper-V servers or pursue deploying a RDS Server....
I'm concerned about licensing. The Cost of a server or servers to maintain redundancy, sufficient resources for optimal user experiences.  Increase security while minimizing vulnerability and complying with GLBA requirements.
remot
I have reviewed http://www.exitthefastlane.com/2016/05/native-rds-in-server2016-part-1-basics.html 
and
https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/welcome-to-rds

And as I am typing this, I just noticed Multipoint Services which I will start to research once I submit
https://docs.microsoft.com/en-us/windows-server/remote/multipoint-services/planning-a-multipoint-services-deployment

I'm hoping for a discussion, advice, some brainstorming so to say. Any feedback from others that may have already been down this path
Thanks
Seaweed
seaweed27Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
IT's really too broad to cover.  RDS is "session based" where what you are doing now is not.  You can do what you are doing now with a big server. This is often known as VDI, but has fundamentally different licensing considerations. And LOB apps behave differently in a session vs a VDI setup.  Both could be secured, but that requires appropriate knowledge of securing the environment regardless of which solution you choose.  Not to mention that there are 3rd-party remote solutions (Citrix, for example) that play in the app virtualization space, the session virtualization space, and the VDI space... Citrix, for example, offers a solution for each and every one of those scenarios.

I don't think any expert here could even begin to offer advice or provide feedback given the limited information provided.  To use an analogy, when you feel significantly ill, it is usually better to go to a Doctor and not research it yourself with WebMD.  Proper diagnosis requires bloodwork, maybe MRI scans, etc...and given your environment and needs, that's where you are at.

Forums are great for the "I have this error and have done research and gotten this far" type fixes.  They are not good for overall network planning.  You need someone with experience and TIME to do that.
1
seaweed27Author Commented:
Well  I appreciate your candidness
But that's not why I spend money to be a member of this community
I come here when I'm stuck or seeking guidance.
If I spend money on a service or resource  I expect something in for it
You might as well have not answered  or told me to RTFM- which I think I am already doing
I will not post any further questions nor will I be renewing my membership which I believe I have maintained for close to 18 years

Cheers
0
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
First: Remote Desktop Gateway is the principle component to providing a properly secured RDS (Remote Desktop Services) environment.

No one should publish a RDC listener to the Internet ever. TSGrinder will make things miserable in short-order and obfuscating things by changing the ports won't help either as it scans all ports for RDC listeners.

A well planned environment will need the following:

1: Client applications and their RAM/Storage Requirements
2: Local Profile volume MB/GB requirements (we use User Profile Disks exclusively in our RDS Standalone and Farm deploys)
3: Estimate ~20-~30 users per Remote Desktop Session Host (depends on app load)
4: Count on browsers bringing things to their knees ;)
5: Break things out: Remote Desktop Broker/Gateway/Web on one host/VM and Session Hosts on others
6: Set up Group Policy to restrict user's environments (keeps the mischief down)
7: Plan on high availability for the RDS components if required
8: EDIT: Make sure all print drivers are set to ISOLATED in Print Management on RDSHs

That's a start.

EDIT: Licensing is another thing altogether and depends on whether the deployment is physical or virtual. We are all-virtual for our deployments.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
seaweed27Author Commented:
@Philip Elder, Thank you your answer was very helpful and much appreciated.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Remote Access

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.