Remote Desktop Protocol (RDP) is Microsoft's distributed presentation services protocol, which controls the transmission of display and user input between the client and the Terminal Server. RDP has been adapted from the T.120 set of standards to meet the specific needs of the Terminal Server environment and continues to be updated with new features to improve the user's server-based computing experience. The following sections discuss the features available with RDP 5.0, which ships with Windows 2000 Terminal Services, and RDP 5.2, which ships with Windows Server 2003 Terminal Services. I begin by outlining the overall behavior of the RDP protocol.
RDP Basics
The transfer of RDP information between the server and the client can be broken down into two main components:
-
Graphical data transmission
-
Mouse/keyboard data transmission
Graphical Data Transmission
All graphical information that would normally be displayed on the console needs to be encoded and transmitted to the Terminal Server client so it can be displayed on the user's local desktop. As described in the earlier section "Virtual Memory Management," each user session has its own session address space that contains its own Win32 kernel and display and printer drivers. Each of these sessions uses a special RDP display driver that's responsible for receiving display commands from the GDI (just as a normal driver would) and passing this information to the kernel-mode Terminal Server device driver (termdd.sys). This driver encodes the input as RDP data and passes it on to the transport layer to be sent to the client. On reception, at the client, the RDP data is decoded and the display updated accordingly. Figure 1.7 illustrates the flow of graphical data between the server and the client.
Figure 1.7. RDP graphical data flow between the client and the server.
![](https://i-blog.csdnimg.cn/blog_migrate/85467f440bf548169215fa40da320cc8.jpeg)
Mouse/Keyboard Transmission
Every time a user generates an input message (keyboard or mouse), the information is captured by the RDP client, encoded as RDP data, and sent to the server. When input data is received by the Terminal Server device driver on the server, it's decoded and the actual mouse and keyboard input is sent to the Win32 kernel in the user's session address space, where it's processed as normal input. Figure 1.8 shows the flow of input data between the client and the server.
Figure 1.8. RDP mouse/keyboard data flow between the client and the server.
![](https://i-blog.csdnimg.cn/blog_migrate/c2f0c7533c4f3e26cb0851e82b36b20f.jpeg)
Microsoft RDP Clients
The actual RDP client application has continued to evolve since it was first introduced with Windows NT 4.0, Terminal Server Edition. Currently, three types of RDP clients are available:
-
Terminal Services Client (RDP 5.0) This is one of the two RDP 5.0 clients that ships with Windows 2000 and provides a simple interface for connecting to a Windows Terminal Server. Primarily, the Terminal Services client (TSC) is used as a simple tool for establishing a connection to a Terminal Server. When TSC is launched, a dialog box appears (Figure 1.9), with the lower half of the dialog box listing all the Terminal Servers found in the current domain. To establish a connection, select one of the servers, choose the resolution size, and click the Connect button. The Server drop-down list shows a history of the servers you've previously connected to. If the server you want isn't in the list, you can type the name in the text box. Having the appropriate name service (DNS or WINS) configured in your environment ensures that all the valid Terminal Servers are displayed. Little configuration is involved in the TSC, and on its own it's not a very useful application to deploy to end users.
Figure 1.9. The Terminal Services client application.
Client Connection Manager (RDP 5.0) This is the main RDP 5.0 client, and it provides a management tool for creating, configuring, and storing connections to different Terminal Servers. Figure 1.10 shows an example of what the main Client Connection Manager (CCM) application window looks like. The CCM lets you configure additional settings for the client that are not available with the Terminal Services client. Options include shortcut creation, saving connection configuration information, defining a specific application to launch from the Terminal Server, and even storing the user ID, password, and domain information to automate the user's logon process.
-
Figure 1.10. The RDP Client Connection Manager (CCM).
-
Remote Desktop Connection (RDP 5.1 and higher) Originally introduced with RDP 5.1 and Windows XP, the Remote Desktop Connection application is the new RDP client interface being used with RDP versions 5.1 and higher. The latest version, 5.2, ships with Windows Server 2003. Figure 1.11 demonstrates the new interface given to the RDP client. In addition to supporting all the features available with the Client Connection Manager, the latest Remote Desktop Connection application supports additional features, which I discuss briefly in the " RDP Client Integration Features" section of this chapter. The Remote Desktop Connection application is fully backward compatible with all versions of Windows Terminal Server. Any client options selected in the RDC not supported by the host Terminal Server are simply ignored.
-
Figure 1.11. The RDP Remote Desktop Connection (RDC) client.
-
![](https://i-blog.csdnimg.cn/blog_migrate/fa637bcd6a55632245f0e489a60285f2.jpeg)
![](https://i-blog.csdnimg.cn/blog_migrate/7a7b6d1286b168321b861c0a3025a1ef.jpeg)
![](https://i-blog.csdnimg.cn/blog_migrate/5dcc3bffe2ed44c8ef0750379e8acb27.jpeg)
![](https://i-blog.csdnimg.cn/blog_migrate/7572811a871738595b825f950c4b8ab1.jpeg)
RDP Encryption
To ensure that data is transmitted securely between the client and the server, three encryption levels are available, from which you can choose based on your security requirements. All levels are encrypted using the RC4 encryption algorithm.
-
Low security Only data sent from the client to the server is encrypted; data from the server to the client is not encrypted. The encryption key is 56-bit for both Windows 2003 and 2000.
-
Medium security Uses the same encryption level as the low-security option, except that data is now encrypted in both directions, from the server to the client and from the client to the server.
-
High security The high-security option encrypts data in both directions, using a 128-bit encryption key.
NOTE:
SSL encryption is expected to be available with the release of Service Pack 1 for Windows Server 2003.
RDP Client Integration Features
As mentioned, each new Windows Terminal Server release has introduced new client integration features that enhance the user's computing experience. Table 1.3 summarizes the features supported by the RDP 5.x clients, and what version of Windows Terminal Server is required to enable the feature. The latest RDP client (5.2) can be used to connect to older Terminal Servers (Windows NT 4.0, Terminal Server Edition; or Windows 2000 Terminal Server).
Feature | RDP Version | Terminal Server Version | Description | ||
---|---|---|---|---|---|
5.1 | 5.2 | ||||
Local/remote clipboard integration | X | X | X | Both | Allows clipboard contents to be cut and pasted seamlessly back and forth between the active Terminal Server session and the user's local desktop. |
Local/remote file copy and paste integration | X | X | Windows 2003 only | Allows the cut and pasting of entire file objects back and forth between the active session and the local desktop. | |
Local client printer redirection | X | X | X | Both | Printers that are configured on a local client can be made available automatically from within the user's Terminal Server session. |
Network client printer redirection | X | Both | This allows for access to locally mapped network printers on the client desktop. | ||
Session remote control | X | X | X | Both | Session remote control is the capacity for one person to remotely view and even control another user's active session. |
Persistent bitmap cache | X | X | X | Both | The persistent bitmap cache is stored on disk so that it can be reused the next time a session is started. Version 4.0 allowed only in-memory caching. |
Connection bar | X | X | Both | This allows you to still easily minimize a full-screen session without having to toggle the session between full screen and windowed using the Ctrl+Alt+Break key combination. | |
Automatic session reconnect | X | Both | If a network disruption causes your connection to a Terminal Server to be lost, the Remote Desktop Connection client will automatically attempt to reestablish that connection. If the connection cannot be reestablished, then after about one minute the client will give up and an error message will appear saying the connection has been lost. | ||
Client drive redirection | X | Windows 2003 only | The automatic redirection of a client's local and network drives so they are accessible from within the Terminal Server session. | ||
Client serial port redirection | X | Windows 2003 only | Redirection of the local serial ports. | ||
Client audio redirection | X | Windows 2003 only | Audio is redirected from the Terminal Server session to the local client for output. | ||
Smart card sign-on | X | Windows 2003 only | The user is able to provide their smart card to a local reader attached to their PC and have those credentials transmitted and authenticated on the Terminal Server. | ||
Windows shortcut key support | X | Both Client must be running WinNT, 2000, XP, or 2003. Windows 98 or 95 operating systems don't support this feature. | Introduces support for the Alt+Tab and other Windows key combinations within the Terminal Server session. | ||
Client time zone support | X | Windows 2003 only | Client time zone support lets the RDP client provide its own local time zone information to a Windows 2003 Terminal Server so that the server can automatically configure the user's session to reflect the same time zone information. A Terminal Server can support any number of users located in different time zones, and this feature lets the user maintain proper time and date information within his or her own session. | ||
Direct Terminal Server console access | X | Windows 2003 only | This feature allows for the creation of a direct connection to the console and not a Terminal Server session. Applications that require direct console access will function within this special remote session. This feature is dependent on having a Windows 2003 Terminal Server. |
More detailed information on each of these supported features is discussed in Chapter 5, "Client Hardware and Software Planning."
Microsoft RDP Clients
Table 1.4 summarizes the native Microsoft RDP client versions and the operating systems they support.
Operating System | RDP Client Version Supported | Notes |
---|---|---|
Windows 2003, XP, 2000, client are ME, 98, and NT 4.0 | RDP 5.0 and higher | All versions of the RDP supported on all 32-bit versions of Windows, NT 4.0 or higher. |
Windows 95 | RDP 5.0 or 5.1 only | Microsoft does not officially support the RDP 5.2 (or newer) client on Windows 95. |
Windows for Workgroups 3.11 | RDP 5.0 only | Microsoft no longer supports this version of Windows with the new RDP client. Only the client that originally ships with Windows 2000 is available for the 16-bit version of Windows. |
Macintosh OS X | Mac OS X RDP Client 1.0.2 | This is currently the only RDP client that Microsoft produces for a non-Windows operating system. |
Pocket PC 2002 | PPC 2002 client | This special RDP client is designed specifically to run on Pocket PC 2002. It will not run on older versions of Pocket PC. |
Windows CE | Handheld and CE-based terminals running CE 3.0 and CE.NET | Special versions of the RDP client can either be installed on a Windows CE client or come embedded with the CE operating system. |
Third-Party RDP Clients
In addition to the RDP clients supplied by Microsoft, there exist clients created by other vendors to run on client operating systems not natively supported by Microsoft. Many of these clients support only a small subset of the functions available through the Microsoft RDP clients. Currently the only non-Windows operating system supported by Microsoft is Apple's Mac OS X. Table 1.5 lists some third-party RDP clients that are available.