Great job as always. Few things to note: 1) There are many new PaaS gateway services recently added to Azure for WVD w/ more regions on the roadmap, so the latency will be minimalized via gateway transversal, meaning, delivering a good UX does not have a hard requirement to use short path 2) UDP best optimizes the delivery of real-time audio/video content where TCP’s reliability checking and retransmitting can be extraneous (ideal UDP scenarios: server-side rendered video, in-band VoIP, graphics intensive apps like CAD) 3) media optimization for Teams does not require nor benefit from RDP short path and UDP as AV content is from client-to-client out of band from the RDP display protocol
Thanks…then, here is a fun comment for you. Thanks for taking the RDP ShortPath with me, Please share the video with others and subscribe and take all the short paths to Azure 😉🤪
Love this, customers are asking for how to use ER in WVD, I always said there is no need to do that because of reverse connection. But now they can utilize their existing ER circuit. Looking forward to Denny DevOps episode 3.
@AzureAcademy , i have the shortpath set correctly , but when i Connect to the public network its redirecting to the web instead of the RDP shortpath. How can i revert this coz i want to use shortpath not the web.
Sounds like it isn’t set up correctly…take a look at this video for why ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-k2FdqfIpiWs.htmlsi=X_HmAiOBJYHbh3sV
IF you had a NSG it would depend how restrictive it was. If you had a rule that blocked everything except what you explicitly allow the it would not work at all
The gateway isn’t exactly skipped with RDP short path. It’s still necessary to establish a connection for the session host. RDP, short path bypasses the gateway in the session host connection as the last step of the process.
I'm trying to grasp the UDP port 3390 inbound connection at the client side; imagine that a user is at this home behind a regular home-grade (NAT) router, should it then have port forwarding configured for udp/3390, and if so how does that work if there are several users using WVD? (but maybe I missed the point in the video)
RDPShort path is a WVD session host feature that accepts UDP and a direct connection from the client when on a private network. You only need to open ports for UDP is something is blocking it, but in general home connections allow all outbound traffic, so no action needed...normally.
Dean, I was revisiting this episode and I have a question. I understand that Windows Virtual Desktop uses the Azure Traffic Manager, which checks the location of the user's DNS server to find the nearest Windows Virtual Desktop service instance. But I really want to know what exactly all available WVD Service Locations are. The specific scenario is I have a customer who wants to manually register Host Pools in Azure China(completely separated environment from Global Azure, but it now has Win 10 multisession images available) to WVD Azure Global Service, I successfully tested it, but the latency is around 150ms, I wonder if there is any WVD Services in East Asia(HK), I also wonder if I can decrease the latency by enabling RDP Shortcut + VPN/ER. Apart from the latency, any potential risks you can think of? I also wonder, if this scenario works, how about Azure Stack, what if I deploy Win 10 multi-session(technically) in Azure Stack, then register them into WVD manually. Sorry that I think too much on this. Thanks.
Lots of things here...WVD doesn’t use traffic manager...Azure Front Door is in front of the WVD PaaS Service, but yes the service geolocation works that way. There are 2 parts to the WVD Service latency 1. Is talking to the WVD gateway and the other is connecting to the session host. With RDP ShortPath you do not connect to the gateway...but the client connects directly to the session host VM...so YES this would be reduced latency. Finally YES WVD can work on Azure Stack o the WVD service...not sure if RDP ShortPath works with Azure Stack.
I struggled/failed to get it working, tried creating brand new VM, still TCP only. When setting the firewall the error is : "Windows services have been restricted with rules that allow expected behaviour only. Rules that specify host processes such as svchost.exe, might not work as expected because they can conflict with Windows service-hardening rules". I tried disabling firewalls completely - still only got TCP I set UdpPortNumber to 3390 (decimal): ( Could you give me a pointer where to look to sort out...? Many Thanks
@@AzureAcademy I did permit UDP port 3390 in VM firewall and same in Azure console. In the end I disabled the firewall completely on VM and I got UDP. Not ideal - but fine for my testing.. Thanks
Hello Dean,thanks for your video it made me to better understand RDP shortpath I am missing one point here ,if we go with RDP shortpath client will get connection to session host directly. So are we skipping the RD Gateway component (core components of AVD)?. Directly connects using ER ?
What does WVD RDP Shortpath do if the client where the RDP App runs on is not on the S2S VPN / Express Route? For example the client PC is at home. Does It switch to the normal mechanism?
If you are at home running on your VPN you are effectively on your corporate network so RDP ShortPath would function if you are at a coffee shop not on a VPN then you would be using reverse connect
I've implemented this a few days ago and it works fine .. sometimes :( I'm getting mixed results, one time it connects using UDP, logout and login (same source computer and same destination WVD) and then it's on TCP. Any thoughts on this?
@@AzureAcademy It took some time (other things got a bit in the way). But after checking everything over 5 times your description in the video and through MS docs (docs.microsoft.com/en-us/azure/virtual-desktop/shortpath) it's still not working. The only thing I could find was using the PowerShell cmd to check the UDP listener (Get-NetUDPEndpoint -OwningProcess ((Get-WmiObject win32_service -Filter "name = 'TermService'").ProcessId) -LocalPort 3390) And the result of that is the following : Get-NetUDPEndpoint : No matching MSFT_NetUDPEndpoint objects found by CIM query for instances of the ROOT/StandardCimv2 /MSFT_NetUDPEndpoint class on the CIM server: SELECT * FROM MSFT_NetUDPEndpoint WHERE ((LocalPort = 3390)) AND ((Owni ngProcess = 1072)). Verify query parameters and retry. At line:1 char:1 + Get-NetUDPEndpoint -OwningProcess ((Get-WmiObject win32_service -Filt ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (MSFT_NetUDPEndpoint:String) [Get-NetUDPEndpoint], CimJobException + FullyQualifiedErrorId : CmdletizationQuery_NotFound,Get-NetUDPEndpoint Just using Get-NetUDPEndpoint results in : LocalAddress LocalPort ------------ --------- :: 65501 ::1 54018 fe80::1002:9bed:267d:ab9f%2 54017 :: 5355 ::1 5353 :: 5353 :: 3389 fe80::1002:9bed:267d:ab9f%2 1900 ::1 1900 :: 123 0.0.0.0 65500 127.0.0.1 63400 127.0.0.1 62069 127.0.0.1 61580 127.0.0.1 61578 127.0.0.1 61394 127.0.0.1 60755 127.0.0.1 54104 127.0.0.1 54020 192.168.10.9 54019 127.0.0.1 52331 127.0.0.1 52138 0.0.0.0 49550 127.0.0.1 49495 192.168.10.9 49246 0.0.0.0 5355 192.168.10.9 5353 0.0.0.0 5353 0.0.0.0 3389 192.168.10.9 1900 127.0.0.1 1900 192.168.10.9 138 192.168.10.9 137 0.0.0.0 123 I'm lost and have given up also knowing it's a preview so maybe later it will be solved. TCP works fine, UDP would be the cherry on the cake.
sorry to hear you have run into so many issues Patrick. Did you try setting the reg key directly or the GPO, Also verify that those settings are present? Also do you have a NSG or firewall that needs to have UDP 3390 open?
My users have a basic vpn gateway, and they are complaining that opening office applications/submitting files in outlook takes a while, would this solution help them?
RDP ShortPath would give them a “more direct” connection path to WVD. But as for if the VPN has enough bandwidth for your users...that depends on what they are doing and how much bandwidth you have.
no, not exactly. RDP Shortpath is more about connection from the user to the VM, not the user in the session getting to an internet service like Office 365. Remember the Shortpath allows you to bypass the WVD Internet gateway service to the Session Hosts you get to connect directly to them. ..hope this helps.
Wonderful Video, but i have to ask since this is new to me. Why would i need to do this? My users today use "regular" tcp and i even checked the infograph on rdp it said 40ms and 5mb/s, which normaly is bad. But i dont notice any performance issues at all? Is it on heavier workloads its more noticible?
Thanks Zurelia! Great question. Latency and Bandwidth are something to consider, but one of the biggest reasons for RDP ShortPath is to keep all the data of the user session on my private network, and off the public internet, which reverse connect does.
Hi Dean, Great video. I have implemented several times from within my Azure network and I have a DC in the cloud. Is my assumption correct that RDP Short Path will only work in a hybrid environment? After implementing in my DEV environment. I still get TCP only.
RDP ShortPath will work over your internal private network including any client vpn that you have and reverse connect will still work over the public internet
Thank you for this awesome video! I am not a network specialist ;-) I wonder what additional costs are there for my Site2Site VPN? Is there any outbound traffic from the VPN?
How does Short Path handle if you have users both inside and outside the corporate network. will still use 443 reverse connection for those that do not have line of site via Express Route?
You need to restrict the short path traffic Watch this for more info ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-k2FdqfIpiWs.htmlsi=EPfmUPGxtSYMDhAs
Hello Dean thank you so much for sharing this video! So does RDP short path falls back to TCP 443 if UDP 3390 is not available? So I can only allow RDP short path for the connections from the corporate location meanwhile users working from home will continue using TCP 443 reverse connection?
Correct, if they are on your private network they will use RDP ShortPath in that includes your VPN even point to site or client VPN. If they are over the public Internet they will use reverse connect
Hey Dean! First of all thanks :) is that official supported? Do you think we can see something less manual configuration and more automatic? The last question you talk about bandwidth... If I correct understanding you tell that with udp you use more bandwidth... Is that true or I don't understand? Sorry for all question 😭
RDP ShortPath is in public preview today. So not production supported but if you have any issues or feedback etc, the product group would love to hear it! My comments about bandwidth were to start you thinking. If you have for example 2000 users on you Azure point to site VPN to a single gateway...is the gateway of a high enough SKU to support the load, or if the users are in a remote office...and they all have dual 4K monitors and want to use GPU powered VMs for CAD work but are on a satellite internet connection... using RDP ShortPath may put more of a bottleneck on those then reverse connect