Skip to main content

Core RDS Components (Servers & Roles)

Remote Desktop Session Host (RDSH)

The Remote Desktop Session Host (RDSH) is the core server where users actually work. It runs on Windows Server and allows multiple users to log in at the same time, each inside their own isolated session. When users connect through Remote Desktop, this is the server they are connected to.

RDSH is responsible for running applications and desktops for all connected users. Although everyone shares the same operating system, each user has their own desktop environment, processes, and user profile. The server carefully allocates CPU, memory, and storage resources across all active sessions so that no single user overwhelms the system.

An RDSH server can provide users with either a full session-based desktop (which looks like a normal Windows desktop) or RemoteApps, which are individual applications published from the server and displayed as if they were running locally on the user’s device. In short, RDSH is what users actually log into and interact with.

The main server users work on.

  • Hosts multiple user sessions simultaneously
  • Runs applications and desktops
  • Allocates CPU, memory, and storage fairly across users

Can publish:

  • Session-based desktops
  • RemoteApps (individual applications)
  • This is what users actually log into.

Remote Desktop Connection Broker

The Remote Desktop Connection Broker acts as the traffic controller for the entire RDS environment. Users do not connect directly to a specific session host; instead, the broker decides where each connection should go.

The broker keeps track of all active user sessions across RDSH servers. If a user disconnects and later reconnects, the Connection Broker ensures they are sent back to their existing session, rather than starting a new one. This is known as session persistence.

In environments with multiple session hosts, the broker also load-balances new connections, distributing users across servers to prevent overload. It stores session information in a database and works closely with Remote Desktop Gateway and Remote Desktop Web Access to coordinate access.

The traffic controller of RDS.

  • Tracks active user sessions
  • Reconnects users to existing sessions (session persistence)
  • Load-balances new connections across RDSH servers
  • Stores session data in a database
  • Works with Gateway and Web Access

Remote Desktop Gateway

The Remote Desktop Gateway allows users to securely access RDS resources from outside the internal network, such as from home or over the internet. Instead of exposing RDP directly, the gateway wraps RDP traffic inside HTTPS, which encrypts the data and allows it to pass through firewalls safely.

This makes external access much more secure and manageable. Administrators can also apply access policies at the gateway level, controlling who can connect, from where, and under what conditions. Any RDS environment that is accessible from the internet should use an RD Gateway.

Provides secure external access to RDS.

  • Encapsulates RDP traffic in HTTPS
  • Allows access through firewalls
  • Applies access and security policies
  • Required for internet-facing RDS deployments

Remote Desktop Web Access

Remote Desktop Web Access provides a browser-based portal for users to access their remote desktops and applications. Users simply log in through a web browser and are presented with a list of resources they are allowed to use.

From this portal, users can launch full desktops or RemoteApps without needing to manually configure RDP connection files. This makes RDS easier to use across different devices and reduces configuration complexity for end users, while still connecting them to the same centralized RDS infrastructure.

A web portal for launching RDS resources.

  • Users log in via a browser
  • See assigned desktops and apps
  • No manual RDP configuration needed

Remote Desktop Licensing

Remote Desktop Licensing ensures that the RDS environment complies with licensing requirements. It is responsible for issuing and tracking Remote Desktop Services Client Access Licenses (RDS CALs), which are required for users or devices to connect legally.

Windows Server allows a short grace period where licensing is not enforced, but once that period expires, a functioning licensing server becomes mandatory. Without it, new connections will be blocked. This makes the licensing role essential for any long-term RDS deployment.

Ensures compliance with Microsoft licensing.

  • Issues and tracks RDS CALs
  • Enforces licensing rules
  • Required after the grace period expires

CMDB (Configuration Management Database)

A CMDB (Configuration Management Database) is a central record of an organization’s IT environment. It stores information about all configuration items—such as servers, applications, databases, networks, and services—and, most importantly, how those items are related to each other.

A CMDB does not run systems and does not connect users. Instead, its role is to document what exists, how each component is configured, and how changes to one component may impact others. This makes the CMDB a critical reference for troubleshooting, change management, audits, and incident response.

By maintaining an accurate view of the environment, a CMDB helps organizations understand dependencies, reduce risk during changes, and improve overall operational stability.