By Giorgio Bonuccelli

October 18, 2021

  0

Fast Remote Desktop Access with RDP Shortpath and Parallels RAS

RDP Shortpath is a feature of Azure Virtual Desktop that establishes a direct User Datagram Protocol (UDP) based transport between a remote desktop client and a session host. This blog post will explain how RDP Shortpath works, what its requirements are, what main benefits it has, and how to configure Parallels® Remote Application Server (RAS) to use Azure Virtual Desktop RDP Shortpath.

What Are the Key Benefits?

The key benefits of RDP Shortpath are outlined below:

• RDP Shortpath is based on the Universal Rate Control Protocol (URCP), which enhances the well-known UDP with active monitoring of the network conditions and provides full link utilization across complex networks such as Wi-Fi hotspots, 4G (HSPA+), and WiMAX.
• A direct connection is established between the remote desktop client and the session host, thereby improving the connection’s reliability and reducing the round-trip time, which also enhances the user experience.
• RDP Shortpath supports Quality of Service (QoS) configuration and allows limiting outbound network traffic by specifying a throttle rate for each session.
• In terms of connection security, RDP Shortpath complements reverse connect transport and uses a Transport Layer Security (TLS) connection between the client and the session host. RDP Shortpath uses UDP port 3390, used only for traffic authenticated over reverse connect transport and ignores all the rest of the connection attempts.

How Does RDP Shortpath work?

Azure Virtual Desktop uses reverse connect transport over an HTTPS connection for establishing the remote session and negotiating multi-transport capabilities. When using RDP Shortpath, additional steps are required:

1. The session host sends a list of its private and public IPv4 and IPv6 addresses to the client.

2. The client starts a background thread, trying to establish a UDP-based transport directly to one of the provided addresses while it continues the connection establishment over the reverse connect transport to avoid delays in the user connection.

3. If the client has a direct line of sight to the session host, a secure TLS connection is established. All dynamic virtual channels (DVCs) including remote graphics, input, and device redirection are moved to the new transport, thus successfully establishing the Shortpath transport.

4. If a direct UDP connectivity cannot be established, RDP continues with a reverse connect transport.

View a detailed diagram of the connection sequence.

What are the RDP Shortpath Requirements?

Remote client machines must be running either Windows 7 or Windows 10 and have the Windows Desktop Client installed. Additionally, the PC with the Parallels Client installed needs a direct line of sight to the session host. Make sure you:

• Ensure firewalls are not blocking UDP port 3390.

• Use one of the following technologies:

• ExpressRoute private peering
• Site-to-site VPN (virtual private network)
• Point-to-site VPN
• Public IP address assignment

Starting from Parallels RAS 18.1, support for Azure Virtual Desktop RDP Shortpath is included. Note that Parallels RAS gateways will be used to initiate the session only; once the Shortpath has been established, no more traffic will go through it.

How Can You Configure Parallels RAS to use Azure Virtual Desktop RDP Shortpath?

In order to enable Azure Virtual Desktop RDP Shortpath, it should be configured in Parallels RAS and on the Microsoft Azure side. Additionally, the Windows Defender Firewall and Azure Network Security Group need to be configured to allow RDP traffic over the UDP 3390 port. Once all the connection requirements have been configured, you can verify that they have been applied correctly.

Configure RDP Shortpath on Microsoft Azure

To enable RDP Shortpath on a session host, follow these steps:

Note: When working with template-based host pools, this change can be applied directly to the template.

1. Run regedit.exe, and then navigate to the following location:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations

2. Create a new DWORD value named fUseUdpPortRedirector, and set it to 1 (decimal).

3. Create a new DWORD value named UdpPortNumber, and set it to 3390 (decimal).

4. Quit the Registry Editor, and restart the session host.

You can enable RDP Shortpath listener on any number of session hosts used in your environment, and there is no requirement to enable it on all hosts in the pool.

Configure RDP Shortpath on Parallels RAS

To configure the RDP Shortpath, open the Parallels RAS Console and navigate to Farm > Site > Windows Virtual Desktop. Locate the Host pools tab, and to view the properties of an existing host pool, right-click on it and choose Properties.

The Use RDP Shortpath check box can be found under the Host pool settings tab.

This option can also be configured from Site Defaults. To view and configure Site defaults for Azure Virtual Desktop, navigate to Farm > Site, click the Tasks menu and choose either WVD multi-session hosts or WVD single-session hosts. You can find the Use RDP Shortpath selectable option on the Host pool settings tab.

Configure Windows Defender Firewall

To configure the Windows Defender Firewall, do the following on the session host that will support RDP Shortpath:

1. Open Windows Defender Firewall from the Control Panel, and click on Advanced settings.

2. Create a new Custom inbound rule by clicking New Rule… and then select Custom.

3. On the Program page, select This program path, type %SystemRoot%\system32\svchost.exe and then select Next.

4. On the Protocol and Ports page, select the UDP protocol type. In the Local port, select Specific ports and type 3390. Click on the Next, button.

5. On the Scope page, select the local and remote IP addresses that this rule will apply to, according to your network requirements.

6. On the Action page, choose the Allow the connection option.

7. On the Profile page, select the network location types to which this rule will apply, and click on the Next button.

8. On the Name page, enter a name for the rule, and click on Finish.

Configure Azure Network Security Group

To enable access to the RDP Shortpath listener across network security boundaries, Azure Network Security Group needs to be configured to allow inbound UDP port 3390. Here are the correct configuration parameters:

• Source: Any or select the IP ranges where clients reside
• Source port ranges: *
• Destination: Any
• Destination port ranges: 3390
• Protocol: UDP
• Action: Allow

Read a detailed guide to configure security rules.

Parallels RAS Provides a Seamless User Experience with High-Performance Features

Parallels RAS enriches and extends Azure Virtual Desktop by providing organizations with a unified administrative and end-user experience. Benefits include:

• Simplified deployment and management through wizard-driven interfaces from the Parallels RAS Console.

• Centralized monitoring and reporting for Remote Desktop Session Host (RDSH), virtual desktop infrastructure (VDI), Azure Virtual Desktop and Remote PC workloads.
• UX Evaluator and advanced session details for all workloads.
• A local, workspace-like experience on any device when you use Parallels Client—even on mobile clients.

Further details about Azure Virtual Desktop supportability can be reviewed in the corresponding joint solution brief.

Download the trial to see how Parallels enhances Azure Virtual Desktop capabilities.