Configure NetFoundry Network for Azure Windows Virtual Desktop -- Short Path

Follow

NetFoundry is pleased to announce support for Microsoft Windows Virtual Desktop Short Path to enhance performance and overall user experience.

Microsoft Preview 

RDP Shortpath is a feature of Windows Virtual Desktop that establishes a direct UDP-based transport between Remote Desktop Client and Session host. RDP uses this transport to deliver Remote Desktop and RemoteApp while offering better reliability and consistent latency. The Shortpath functionality is best suited for Branch/Office connectivity to Azure.

 

Connection security

RDP Shortpath is extending RDP multi-transport capabilities. It doesn't replace reverse connect transport but complements it. All of the initial session brokering is managed through the Windows Virtual Desktop infrastructure.

UDP port 3390 is used only for the incoming Shortpath traffic that is authenticated over reverse connect transport. RDP Shortpath listener ignores all connection attempts to the listener unless they match the reverse connect session.

 

RDP Shortpath connection sequence

After installing the reverse connect transport, the client and session host establish the RDP connection and negotiate multi-transport capabilities. Additional steps described below:

1. The session host sends the list of its private and public IPv4 and IPv6 addresses to the client.
2. The client starts the background thread to establish a parallel UDP-based transport directly to one of the host's IP addresses.
3. While the client is probing the provided IP addresses, it continues the initial connection establishment over the reverse connect transport to ensure no delay in the user connection.
4. If the client has a direct line of sight and the firewall configuration is correct, the client establishes a secure TLS connection with session host.
5. After establishing the Shortpath transport, RDP moves all Dynamic Virtual Channels (DVCs), including remote graphics, input, and device redirection to the new transport.
6. If a firewall or network topology prevents the client from establishing direct UDP connectivity, RDP continues with a reverse connect transport.

The diagram below gives a high-level overview of the RDP Shortpath network connection.

 

Requirements

To support RDP Shortpath, the Windows Virtual Desktop client needs a direct line of sight to the session host. You can get a direct line of sight by using NetFoundry NaaS from the Branch to consume Azure WVD. 

 

Solution Overview

The diagram below gives a high-level overview of the RDP Shortpath network connection using NetFoundry NaaS:

This solution can be ideal for connecting remote offices to Azure for Virtual Desktop services. It is intended to be used as a secure direct line of sight networking solution for private network connectivity to your Azure WVD infrastructure. 

Solution Steps

1. Login to your NetFoundry Organization @ www.nfconsole.io

 

 

2. Create NetFoundry V7 Network.

 

 

3. Create NetFoundry Fabric Router. Select DataCenter location strategic to Azure Cloud Resources.

 

 

4. Create Router Policy. Select the @FabricRouter(from previous step) and @all for endpoints

 

 

5. Create and Register Branch Office Edge Router(s)

 

 

6. Create and Register Azure Edge Router.

 

 

7. Create Router terminated Service for Session host in Azure Vnet.

 

 

8. Create AppWAN which includes Remote Office Edge Router and Azure Session HostService.

 

 

9. Once completed, login to your WVD session to verify that connections are using RDP Shortpath.

Open the “Connection Information” dialog by clicking on the antenna icon in the connection toolbar.