Remote Desktop Licensing and Resulting Internet Communication in Windows Server 2008 R2

Applies To: Windows 7, Windows Server 2008 R2

In this section

Purpose of Remote Desktop Licensing

Overview: Using Remote Desktop Licensing in a managed environment

How Remote Desktop Licensing communicates with Internet sites

Controlling Remote Desktop Licensing to limit the flow of information to and from the Internet

Additional references

This section provides overview information about Remote Desktop Licensing (RD Licensing), formerly Terminal Services Licensing (TS Licensing), and also provides suggestions for other sources of information about RD Licensing to help you balance your organization’s requirements for communication across the Internet with your organization’s requirements for protecting networked assets. However, it is beyond the scope of this document to describe all aspects of maintaining appropriate levels of privacy and security in an organization running servers that use RD Licensing.

Purpose of Remote Desktop Licensing

RD Licensing manages the Remote Desktop Services client access licenses (RDS CALs) that are required for each device or user to connect to a Remote Desktop Session Host (RD Session Host) server. You use RD Licensing to install, issue, and track the availability of RDS CALs on a Remote Desktop license server. Although there is a licensing grace period during which no license server is required, after the grace period ends, clients must have a valid RDS CAL issued by a license server before they can log on to an RD Session Host server.

For more information about RD Licensing, see Overview of Remote Desktop Licensing in the Windows Server® 2008 R2 Technical Library.

Overview: Using Remote Desktop Licensing in a managed environment

The RD Licensing role service is not installed by default in Windows Server 2008 R2.

If you install the RD Licensing role service on a computer, you will need to communicate with the Microsoft® Clearinghouse to configure and maintain RD Licensing. To perform these operations, you use the Remote Desktop Licensing Manager tool. The Remote Desktop Licensing Manager tool is automatically installed on a computer on which the RD Licensing role service is installed.

Note

RD Licensing is not available in Windows® Web Server 2008 R2, Windows Server 2008 R2 for Itanium-Based Systems, or the Server Core installation option of Windows Server 2008 R2.

The Microsoft Clearinghouse is the facility that Microsoft maintains to activate Remote Desktop license servers, issue RDS CALs to license servers, recover RDS CALs, and deactivate or reactivate license servers. The Microsoft Clearinghouse stores information about all activated license servers and RDS CALs that have been issued.

You can control the communication that occurs between RD Licensing and the Microsoft Clearinghouse by choosing the server or servers on which to install the RD Licensing role service, and by choosing among three methods of communication. The three methods of communication are as follows:

  • Automatic. This method requires Internet connectivity from the computer running the Remote Desktop Licensing Manager tool. Internet connectivity is not required from the license server itself. This method uses TCP/IP (TCP port 443) to connect directly to the Microsoft Clearinghouse.

  • Web Browser. This method can be used when the computer running the Remote Desktop Licensing Manager tool does not have Internet connectivity, but you have access to the Internet by means of a Web browser from another computer.

  • Telephone. This method allows you to talk to a Microsoft customer service representative to complete the desired action. The appropriate telephone number is determined by the country or region that you have specified in Remote Desktop Licensing Manager.

To configure the method of communication, use the Remote Desktop Licensing Manager tool. The Remote Desktop Licensing Manager tool uses the term "connection method" to refer to the method of communication.

How Remote Desktop Licensing communicates with Internet sites

The Remote Desktop Licensing Manager tool communicates with the Microsoft Clearinghouse on the Internet only when you initiate certain actions, such as activating the license server or installing RDS CALs, and only when you are using the Automatic connection method. If you use the Web Browser connection method, information will be passed between the computer on which you are using the Web browser and the Remote Desktop Services Licensing Web site.

Note

The information in the following list applies only when you are using the Automatic connection method or Web Browser connection method. It does not apply when you use the Telephone connection method.

The rest of this subsection describes various aspects of the RD Licensing data that is sent to and from the Internet and how the exchange of information takes place.

  • Specific information sent: Depending on which user action is being performed and the Remote Desktop configuration, some or all of the following information is sent to the Microsoft Clearinghouse by using an encrypted connection:

    • User account information, which may include:

      • First name

      • Last name

      • Company

      • Country or Region

      • E-mail

      • Organizational unit

      • Company address

      • City

      • State/province

      • Postal code

    • License server ID

    • Product ID

    • License program

    • License code

    • Agreement number

    • Product version

    • License type

    • License quantity

    • Reason for reactivating the license server

    • Reason for migrating RDS CALs

    • Reason for rebuilding the RD Licensing database

  • Specific information received: Depending on which action is being performed, some or all of the following information is received from the Microsoft Clearinghouse by using an encrypted connection:

    • License server ID

    • Limited-use X.509 industry standard digital certificate, which is used to validate license server ownership and identity

    • License key pack ID

  • Default settings: RD Licensing is not installed by default.

  • User notification and triggers: The administrator triggers the activation, deactivation, and reactivation of license servers, and triggers the installation and migration of RDS CALs by using the Remote Desktop Licensing Manager tool.

  • Logging: RD Licensing logs events in the system log. These events can be viewed through Event Viewer.

  • Encryption: RD Licensing uses the HTTP protocol over Secure Sockets Layer (SSL) to communicate on the Internet.

  • Access: The Microsoft Clearinghouse is the database that Microsoft maintains to activate license servers and to issue client license key packs. Microsoft customer service representatives have access to the licensing information, and they can successfully re-create the information on your Remote Desktop license server if technical problems occur.

  • Privacy: For information about privacy, see Remote Desktop Services License Management and Your Privacy in the Windows Server 2008 R2 Technical Library.

  • Transmission protocol and port: HTTPS over port 443 and remote procedure call (RPC) over port 135.

  • Ability to disable: The RD Licensing role service is not installed by default. However, when it is installed, it can be uninstalled. For more information, see Uninstall the Remote Desktop Licensing Role Service in the Windows Server 2008 R2 Technical Library.

Controlling Remote Desktop Licensing to limit the flow of information to and from the Internet

You can control RD Licensing-related communication that occurs with Internet sites in the following ways:

  • Install the Remote Desktop Licensing role service only on selected servers. This follows the basic principle of stopping unnecessary services and keeping computers (especially servers) free of unnecessary software. For information about installing the RD Licensing role service, see Checklist: Remote Desktop Licensing Installation Prerequisites in the Windows Server 2008 R2 Technical Library.

  • Install or run the Remote Desktop Licensing Manager tool only on selected computers. The computer running Remote Desktop Licensing Manager is the computer that communicates directly with the Microsoft Clearinghouse when you perform actions by using the Automatic connection method. For more information, see Running Remote Desktop Licensing Manager in the Windows Server 2008 R2 Technical Library.

  • Review the connection method that you want to use to perform Remote Desktop Licensing-related actions. For information about the three connection methods that are available, see Overview: Using Remote Desktop Licensing in a managed environment.

Additional references