IP Virtualization

Using Remote Desktop Services, a single server OS instance can serve multiple users having their own sessions and profile. As all the connecting users are sharing the same server OS instance, they all will be sharing the IP address of the server. In some use cases sharing IP address by multiple users can cause problems in an environment.

Use Cases

  1. Applications that require a unique IP address that can’t be same as any other instance of the application.
  2. Tracking user generated network traffic will be a challenge in case they are sharing common IP Address.
  3. Filtering network traffic based on IP Address.

Starting Windows 2008 R2, Microsoft introduced a new feature called IP Virtualization. IP Virtualization allows a unique IP Address for each session on that host for its network communication. An administrator can configure IP virtualization in two modes, one based on per-session and another based on per-program.  In case of per-session, the entire session will be using the same virtual IP Address. While in case of per-program, virtual IP address will be assigned only when certain program will be accessed by connected user.

IP Virtualization leverage DHCP server to allocate new IP addresses to the users logged in to RDS Server. Leverage DHCP server and RDS host should be in same subnet and should have enough IP Addresses to cater the RDS users.

Configuring IP Virtualization in Windows 2012 R2 RDS host.

You can configure IP Virtualization either using Group Policy or modifying the local security policy on individual RDS host. In my lab I configured IP Virtualization by modifying Local Security Policies.

  1. Logon the RDHS Host using Administrative access rights.
  2. Open gpedit.msc
  3. Navigate to Computer Configuration –> Administrative Templates –> Windows Components –> Remote Desktop Services –> Remote Desktop Session Host –> Application Compatibility and enable policy. In the policy “Select the Network Adapter to use”  specify the IP Address of the RDHS host network Adapter e.g. 192.168.73.132/24 in my lab.

1 2 3 4

Update local security policy running gpudate /force on command prompt.

Connect to RDS Server over RDP and verify multiple IP Address assigned to RDS Server using IPCONFIG. In case of issue, verify if DHCP server is reachable from RDS Server.