Windows Server 2008 R2: Remote Desktop IP Virtualization
Tuesday, 20 October 2009 by Michel Roth
A quick overview of Remote Desktop IP Virtualization (RD IP Virtualization).  RD IP Virtualization allows IP addresses to be assigned to remote desktop connections on a per-session or per-program basis.

Prior to Windows Server 2008 R2, every session on a remote desktop server had the same IP address.  I’m sure some of you are wondering, “Well, OK – big deal.  Why does that matter?”  Think about applications that require a unique IP address for each instance of the application.  Clearly having a single IP for all the sessions, can cause a number of application compatibility problems – consider the scenario below where the backend database server refuses the second and third client connections based on their use of the same IP address as the first connection.

OK, let’s take a quick look at the architecture of the RD IP Virtualization feature.  User mode applications using WinSock will be able to get Virtual IP’s – the application itself does not need to be aware of RD IP Virtualization or need to be changed in any way.  However, there are some caveats – services in Session 0 will not be virtualized, nor will applications and services running inside the a remote administrator session.  In addition, applications that use named pipes or any other mechanism besides sockets will not be virtualized.  The RD IP Virtualization Service depends on a valid DHCP Server being active.  A pool of static addresses can also be configured.  The actual process for assigning the IP Addresses is as follows (the diagram below shows the sequence):

  1. The RD IP Virtualization Client Layered Service Provider (LSP) intercepts WinSock bind() and connect() calls.  It calls the RD IP Virtualization Service and requests IP addresses
  2. The RD IP Virtualization Service calls into the DHCP client.  This call returns either a Machine IP (MIP), Virtual IP (VIP) or an access denied error
  3. The RD IP Virtualization Client writes the VIP address to the WTSInfoClass which is returned by WTSQuerySessionInformation().
    • In order to determine what users have what IP’s at what time, WTSEnumerateSessions is called to get a list of sessions
    • For sessions in the list, WTSQuerySessionInformation is called to get the IP Address.  The session is not virtualized if the call fails and GetLastError() returns ERROR_NOT_SUPPORTED or RPC_S_SERVER_UNAVAILABLE
    • WTSQuerySessionInformation is also called to retrieve the user name for the session

A couple of things to note about permissions – only administrators will be able to query and see virtual IP addresses from all sessions.  Users will only be able to see the IP address of their session – they cannot see the VIP’s of other sessions – also, the Remote Desktop User group cannot query VIP’s for all sessions.  Now let’s look at how applications get their IP Addresses and what RD IP Virtualization does in each case.

Source: http://blogs.technet.com/askperf/archive/2009/10/18/windows-7-windows-server-2008-r2-remote-desktop-ip-virtualization.aspx


Related Items:

Windows Server 2008 R2: Remote Desktop Services Virtualization (RDS-V) (19 October 2009)
MS VDI and TS 101 (13 December 2010)
Windows 7 / Windows Server 2008 R2: Remote Desktop Connection Broker (Part One) (16 October 2009)
Remote Desktop Connection Broker (Part Two) (19 October 2009)
Windows 7 / Windows Server 2008 R2: Remote Desktop Services Architecture (16 October 2009)
Free tool: CTXCOMMAP (8 April 2008)
Windows Server 2008 R2: AppLocker (21 October 2009)
RDC Enhancements and Administrative Sessions (20 February 2008)
Wyse goes Android (16 December 2010)
Centralized Licensing Management for Microsoft VDI (13 December 2010)
Comments (0)