New RDS Capabilities in Windows Server 2016 for Service Providers

Remote Desktop Services (RDS) were significantly improved with a release of Windows Server 2016. Service Providers now can build more functional and reliable Desktop-as-a-Service (DaaS) solutions for their customers, including VDI scenarios with GPU acceleration.

Here is the list of RDS 2016 new features and improvements, that can be interesting for service providers:

  1. Windows10-like experience
  2. New GPU acceleration capabilities - RemoteFX improvements and Discrete Device Assignment feature
  3. Personal Session Desktops - VDI, based on Windows Server 2016 inside the guest
  4. New traffic protocol - RDP v10
  5. Remote Credential Guard - protects credentials from being stolen during the logon process into RDS
  6. New RDS clients for Windows, MacOS, iOS and Android
  7. Optimized Connection Broker - handles much more requests and can store its DB in Azure SQL Database
  8. Simplified deployment of RDS in Azure
  9. Integrated MultiPoint Services

Official documentation page "What's new in RDS 2016" is available here. Now let's dig into the details.


Windows10-like experience

From the end-user perspective RDS 2012 R2 looked very similar to Windows 8.1. A lot of regular office workers didn't like that tablet-oriented UI on the terminal server. They wanted back an experience of Windows 7, but that required Windows Server 2008 R2 to be installed as a Session Host.

RDS 2016 looks exactly like Windows 10, which works great on the tablet and on the desktop. Most applications, that support Windows 10, will work the same inside the terminal session on RDS 2016. If end-users already know how to work inside Windows 10, they will adopt terminal sessions on RDS 2016 as well.


Some of you may wonder where is Edge Browser in Windows Server 2016 RTM. It was available in Technical Previews, but was removed in the release version. If happened because Windows Server 2016 is based on top of Long-Term Servicing Branch (LTSB) version of Windows, so it offers Internet Explorer 11 instead. Here is the explanation. But it doesn't mean that you can't install any other browser for end-users.

RDS 2016 also natively support Pen input. Customers now can use pen-enabled devices like Surface Pro or Surface Book and work with their application using multi-touch and pen input inside RDS 2016.

GPU acceleration in Windows Server 2016

Windows Server 2016 offers you 2 options to provide GPU acceleration for virtual desktops:

  1. RemoteFX - virtual GPU adapter, that makes API redirection from the guest VM to physical GPU on the host.
  2. Discrete Device Assignment (DDA) - allows you to pass the physical GPU on the Hyper-V host into the guest VM.

RemoteFX was introduced in Windows Server 2008 R2 SP1 as a solution to provide virtual GPU acceleration for VDI scenarios. Windows Server 2012 also added RemoteFX support for Session Host scenarios (regular Terminal Server). In Windows Server 2016 RemoteFX was significantly improved again:

  1. RemoteFX now supports Windows Server 2016 as a guest. It means that service providers can build VDI solutions using Windows Server 2016 inside tenant VMs and license it through SPLA (remember: Windows 10 license is not available in SPLA).
  2. RemoteFX in Windows Server 2012 R2 could leverage only DirectX 11.1 and OpenGL 1.1. RemoteFX in Windows Server 2016 now also supports OpenGL 4.4 and OpenCL 1.1, which are required by modern graphics and 3D applications.
  3. RemoteFX GPU video RAM limit was extended from 256Mb to 1024Mb. Dedicated Video Memory now can be set directly without playing with monitor number and resolution. Depending on the amount of system memory assigned to the VM, this can provide up to a total of 2GB of video RAM (1Gb dedicated and 1Gb shared).

In real life it means that service providers can offer flexible VDI solutions to their customers:

  • Physical GPU is shared among several users (RemoteFX). Can be used for high-density VDI scenarios with up to 2Gb of video RAM per user. It will be enough for regular office workers and employees, that need to work in Photoshop, AutoCAD, Solidworks and similar middle-weight GPU-powered solutions.
  • Dedicated GPU for every user (DDA). Can be used for heavy graphics scenarios, where RemoteFX capabilities are not enough - CATIA, NX, Maya etc. DDA allows to install graphics drivers inside the guest VM and leverage GPU proprietary technologies (e.g. CUDA). Keep in mind, then modern GPU cards have several GPUs. For example, nVidia Tesla M10 has 4 GPUs onboard, and you can install several cards in the same server. So you can easily get 8+ users per server density, and every user will get his/her own dedicated GPU.

Here is the example of such solution from NVidia. It leverages RemoteFX and DDA on Windows Server 2016 to provide NVidia-powered GPU acceleration, and can be extended to the cloud with Azure N-series VMs.

Personal Session Desktops

Personal Session Desktops functionality allows service providers to assign personal desktops to end-users, but based on Windows Server 2016 in the Guest VM instead of Windows Client OS (7/8/10).

The personal session desktop capability extends the session-based desktop deployment scenario in Remote Desktop Services to create a new type of session collection where each user is assigned to their own personal session host with administrative rights.


Personal Session Desktops in a combination with RemoteFX and DDA, supported on Windows Server 2016 as a guest OS, allow service providers to build VDI solutions based on Windows Server 2016 on both levels - on the host and inside the gust. Such environment can be licenses using Windows Server 2016 SKUs in SPLA. No need to ask "How can we buy Windows 10 for VDI scenario in SPLA" because you don't need it anymore. Windows Server 2016, dedicated for a user, will provide the same functionality as client Windows OS in a VDI scenario.

For example, Service Provider can deploy Desktop-as-a-Service solution on ten hosts with Hyper-V 2016 and discrete GPUs. Those hosts are used by 1000 end-users. Some of them don't need graphics acceleration, for some of them RemoteFX will be enough, and DDA will be implemented for those who really need it. In such case service provider don't need to buy 1000 Windows 10 VDA licenses, because Windows Server 2016 Datacenter per-core licensing can be used instead, which is much cheaper at such end-user density.

RDP v10

Windows Server 2016 and Windows 10 (build 1511 or newer) now use the new version of RDP v10 (traffic protocol, used for RDS). New protocol now supports up to 4K resolution and introduces a new mode - AVC 444.

The main challenge to use AVC/H.264 as the one and only Codec in Remote Desktop scenarios is that text shows a halo effect with typical implementations of AVC/H.264. This is caused by the color conversion process that happens as part of the compression which throws away some of the chrominance information, as represented in the 4:2:0 format. To the human eye the lack of chrominance information is not as apparent with video content, however with Remote Desktop scenarios, where mostly text is used, it is something that is noticeable and users will perceive this as blurry. The AVC/H.264 standard defines the capability to use 4:4:4 format which doesn’t lose the chrominance during conversion, however typically this isn’t part of most AVC/H.264 hardware encoder and decoder implementations and thus provides a challenge. To show the difference between 4:4:4 and 4:2:0 please see the following image which shows easily noticeable differences:


AVC 444 mode in RDP 10 solved the challenge to get 4:4:4 quality text with 4:2:0 hardware encoders/decoders. In addition, AVC 444 mode FPS also improves on high resolutions comparing to older versions of RDP.

New protocol also adds a new feature called Remote Credentials Guard. It protects end-user credentials from being stolen during the RDS logon process. By using Remote Credential Guard to connect, end-users can be assured that their credentials are not passed over the network to the target Session Host server. Remote Credentials Guard enables secure Single Sign On to RDS environment from the domain-joined device and protects from Pass-the-hash attacks.


New RDS Clients

RDS clients were updated to support new capabilities of RDS 2016. End-users can enjoy RDS 2016 experience on Windows, MacOS, iOS and Android devices. Currently AVC 444 works only on Windows 10 devices, but it will be fixed in the future.

Optimized Connection Broker

Connection Broker is the brain of the RDS environment. It is responsible for routing the end-users to correct Session Hosts and VDI machines. It manages all session collections and published RemoteApps. It distributes the RDS configuration among the farm members.

First, with improved connection handling, the Connection Broker is now able to handle over 10,000 concurrent logon requests, sometimes seen during "logon storms". It means that Service Providers can build large Desktop-as-a-Service solutions, that will be used by thousands of end-users.

Second, now you can deploy the Connection Broker in a highly available mode much easier. Because Connection Broker is the brain of you RDS environment, it should always be online. Before RDS 2016, service providers were used to deploy a highly available cluster of SQL Servers. Now you can easily deploy a highly available Connection Broker configuration using Azure SQL Database as a backend.

Just imagine how easy it is comparing to previous versions of RDS:

  1. Create 2 VMs with Windows Server 2016 to make a pair of Connection Brokers in a cluster.
  2. Configure load balancing between them. You can use Azure Load Balancer if you want to deploy DaaS in Azure, or Windows Server 2016 Software Load Balancer if you are deploying it in your DC. Also you can use DNS Round Robin as an alternative.
  3. Create a new Azure SQL Database. Start with the Basic plan. You will be able to switch to more expensive plans (S0-S3) in the future without a downtime. Copy the connection string to the database.
  4. Install Microsoft ODBC Driver 13 for SQL Server on both VMs
  5. Create a new RDS 2016 environment with a single connection broker. Click on the Connection Broker in a topology and choose "Configure High Availability".
  6. Choose Shared database server, enter the Connection Broker cluster FQDN and paste Azure SQL Database connection string.
  7. Click on the Connection Broker in a topology and choose "Add RD Connection Broker Server" to add a second Connection Broker into your topology.

With 7 seven easy steps we've built a highly available Connection Broker cluster, backed by Azure SQL Database. It is a great simplification comparing to RDS 2012 R2.


RDS 2016 deployment in Azure

If you want to deploy a scalable high available Desktop-as-a-Service solution in Azure, you can start just with 4 VMs and scale as you grow.

Cloud-optimized RDS 2016 farm will look like this:

  1. 2 VMs for RDS 2016 highly available "core"
    1. Every VM collocates Connection Broker, RD Gateway, RDWeb, RD Licensing Server and a File Server to store User Profile Disks.
    2. Azure Load Balancer will distribute RDP and HTTPS traffic among 2 servers
    3. Azure SQL Database will be used store Connection Broker DB (described earlier)
  2. 2 VMs for RDS 2016 Session Hosts
    1. Add more VMs with RD Session Host roles to the same Availability Set when you'll need more resources for end-users.
    2. Deploy additional VMs for Personal Session Desktops
    3. Highly available Connection Broker will distribute the load among all Session Hosts.
  3. Azure AD Application Gateway to publish RDS environment to the Internet
    1. Use Azure AD Application Gateway to securely publish RDS 2016 farm to the internet. It can require end-users to make Azure AD pre-authentication with Azure Multifactor Authentication.
    2. Use can also use Azure Site-to-Site VPN or Client-to-Site VPN capabilities instead of publishing RDS environment to the Internet.
  4. Azure AD Domain Services can be used instead of traditional Domain Controllers.


With Azure Resource Manager capabilities, you can prepare a Resource Manager template and deploy standardized dedicated highly-available Desktop-as-a-Service environments in 20 minutes.

Integrated Windows MultiPoint Services

Windows MultiPoint Server, that was available as a separate product before, now included into regular Windows Server 2016 Standard and Windows Server 2016 Datacenter editions.


MultiPoint Services in Windows Server 2016 allows customers to build labs and education classes quickly, using inexpensive USB hubs and zero clients as endpoints. MultiPoint Services are much more simple comparing to "full" RDS solution. It includes its own management tools like MultiPoint Dashboard, that can be used by the lab admin to control which pupil is doing what.



As you saw, Remote Desktop Services in Windows Server 2016 have been significantly improved. Service Providers can use them for different scenarios:

  1. Build larger and more reliable Desktop-as-a-Service solutions, that can be delivered to any device even through unstable network connection (RDP v10, new RDP Clients, Connection Broker enhancements)
  2. Build GPU-powered VDI solutions on top of Windows Server 2016 and license them through SPLA (RemoteFX, DDA, Personal Session Desktops)
  3. Provide MultiPoint Services to customers which need to build a lab environment or education class quickly.
  4. Deploy those solutions in a local service provider datacenter or in Azure.

I hope you've enjoyed. Subscribe to this blog to stay updated on Microsoft technologies for Service Providers.

Comments (25)
  1. Casey D says:

    I would love to know more about this deployment. We are at a crossroads as we transition from our multi-tenant private cloud of W2K12 RDS. We’re looking at the newly announced RemoteApp 2.0 (XenApp Express) and also Citrix Cloud.

  2. Arthur says:

    Interesting, it seems Microsoft start the way to the VDI solutions in Azure. I’d like to know more about the RDS 2016 solution in Azure. Thanks.

  3. Peter Takacs says:

    Azure AD Domain Services can be used instead of traditional Domain Controllers.
    This cannot be done because you cannot publish the licensing server in Azure ADDS. This is blocked because within Azure ADDS you don’t have domain admin or enterprise admin rights.

    1. You can use Forest-wide discovery and specify Licensing server manually on every Session Host. But you are right – you can’t configure auto-discovery of RD Licensing server if you use Azure ADDS.

  4. Hi Kiril, I would appreciate the step-by-step guide for Azure deployments

  5. Mark Ellis says:

    Nice article. I would appreciate the step by step set up of the RDS architecture in the article above and the Desktop-as-a-Service solution in Azure. Thank you.

  6. Daniel Y says:

    Hi Kiril, I would appreciate the step-by-step guide for Azure deployments

  7. Patrick Thomas says:

    Hi Kirill, I would appreciate the step-by-step guide for Azure deployments. Your article was very interesting. We are looking to deploy a desktop-as-a-service solution for our customers in 2017.

  8. Dave says:

    This does not provide any guidance on using WARP. If the Windows Server 2016 does not have a physical GPU, then RemoteFX or DDA will not work as expected. But how can the application be tested with WARP in this case. Current tests show that EnumWarpAdapter works and returns an adapter, but D3D12CreateDevice with this adapter fails with 0x887a0004.

    1. It won’t work without physical GPU, so no WARP at this stage.

  9. Thomas says:

    Hi, when I use DDI instead of RemoteFX, do I also need to install RemoteFX on the Hyper-V Host?
    I have tried with a Desktop Graphics Card from AMD, but the driver installer said, that he can’t locate the Card.. manually pointing the Device Manager to the drivers folder, was working. But dxdiag was not showing, that the card is working on the Server 2016 VM.
    Now I ordered a NVIDA Card for testing… possible somebody has some experience on this topic?

    1. No, RemoteFX is not needed for that. Are you sure that your AMG graphics card support DDA? Desktop cards usually don’t support that technology.

  10. lolix2 says:

    Quote : “Connection Broker is the brain of the RDS environment.”

    No it’s not….
    All my current W2008 RDS servers are VMs. The “high availability” for the service they provide is not handled by a connection broker but by the underlying virtualization infrastructure and this is sufficient for our needs.
    Up to now I had no need of a connection broker which is adding a layer of complexity.

    So, please don’t assume that a connection broker is mandatory for everyone. Some of us like keeping things small and simple.

  11. David Strom says:

    With Windows Server 2016, can our users run applications that make use of the GPU by using Remote Desktop? With 2012 R2 and earlier, we cannot, it seems, we’re stuck with GPU emulations and OpenGL v1. This is a simple Terminal Services configuration, and we have a server GPU card installed, and our users want to run apps that require OpenGL 3 or above, which is available with the graphics driver, just not over Remote Desktop. We have licenses for RDS, don’t want to use VMs, this is a physical server we want to share.

    1. barry says:

      You can get open gl higher than 1.1 working on RDS baremetal, but you have to run a video card that supports open gl under RDS.
      The quadro higher end series of cards support open gl in RDS, basically what you can throw at these cards they can do graphics wise.
      I have tested m2000, m6000, p5000 quadro cards and they all work with open gl above v1.1

      server 2012 r2 in RDS works perfect

      Just be aware there is currently an issue with 2016 in RDS where you will only be able to get 7 odd users on a host before wdm.exe (windows desktop manager) starts crashing and not letting on new users, MS are currently working on a fix:

      2012 r2 runs fine and I have had 20 users on a host with a m6000 24gb quadro

    2. fred says:

      You can run open GL above 1.1 on baremetal with RDS but you need a specific card. The Nivdia quadro higher end cards support open gl and just about everything els you can chuck at them I rds both 2012 and 2016 on baremetal.
      I have had the following cards working: NVidia quadro m2000, m6000, m6000 24gb, p5000

      See page 7:


      Be aware of this issue with 2016, 2012 r2 works fine

  12. Felix says:

    Hello and thank you for the information.
    I have an issue that I would like to share with you.. Maybe someone can give me a good advice 🙂

    Our office work with Autocad, and sometimes the users want to finish the work from home. We consider to buy a server but we don’t know what type of harware and software we need.

    I did some research and I found out that we need a server that supports Graphic card, Maybe more then 1.

    The users can login through RDP, and use the GPU on the server. The thing is that we have more then 100 users and the windows 2012 r2 does not support GPU server usage through RDP.

    I found that on windows server 2016 microsoft solved that problem with RemoteFX. the problem is that I don’t know what exactly the hardware that we need; As many GPU as possible? GPU that supports multiple users (like Tesla M60)?

    And again, I don’t know what is the ratio per user.. one gpu per user is not an option…

    *We need a server that supports 100-110 users on the same time working with Autocad.

    I also thought maybe we can configure the server that will use the client’s graphic card but I don’t know if it’s possible.

    what can I do in windows server 2016 for that?
    and there is is any harware recommendations?

    Thanks in advance 🙂

    1. KPA says:

      For best performance, you can use Discrete Device Assignment (DDA), which dedicates one or more GPU to a VM. However, if that’s not an option for you, you can try RemoteFX vGPU, which allows multiple VMs to share a GPU. See details here:

      As an alternative, if your end users already have PCs in the office with AutoCAD loaded, why not use RD Web to give them access to their PCs when working remotely?

      1. This is an old-school way of solving this task, but yes, you can do so 🙂

    2. Steve Fiore says:

      Felix, you can actually do this – I am doing it right now with server 2016, RemoteFx, and 1 Tesla GPU installed in a Dell R730. One GPU allows for roughly 32 simultaneous connections; however, if you need more you could either add another GPU, or build another Remote Desktop Virtualization Host (RDVH) server. You will need 1, RDWeb server, 1 RD Gateway, server, 1 RD Connection Broker server, and 1 RDVH server for this particular scenario. I have two physical servers – 1 big R730 for the RDVH, and one smaller R710 which I use as the front-end server with Hyper-V hosting 2 VM’s (RD Connection Broker, RD Gateway/RD Web). RD Web and RD Gateway roles are on the same VM. I can run approximately 30 Windows 10 VM’s with AutoCad running at the same time – each has approximately 16GB RAM and 2 procs.

  13. CyberlinkAsp says:

    Excellent Services Of Cloud computing.

  14. Dhruvit Desai says:

    Hi Kirill,
    I have deployed RDS service in azure as mentioned above.After installing RD Session host service in NV 6 VM,I am not able to use DirectX on that(I am testing it with NVIDIA Faceworks Demo which uses DirectX11).I can run OpenGL application but not DirectX. Before installing RD Session host service DirectX was working normally.
    I can see M60 card in dxdiag also.But after install RDS host service I am not able to see M60 card in it.Am i missing something here?
    Is this expected behavior?

Comments are closed.

Skip to main content