You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/virtual-desktop/rdp-shortpath.md
+22-10Lines changed: 22 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -96,7 +96,7 @@ Each RDP session uses a dynamically assigned UDP port from an ephemeral port ran
96
96
97
97
The following diagram gives a high-level overview of the network connections when using RDP Shortpath for public networks where session hosts joined to Azure Active Directory (Azure AD).
98
98
99
-
:::image type="content" source="media/rdp-shortpath-public-networks.svg" alt-text="Diagram of network connections when using RDP Shortpath for public networks." lightbox="media/rdp-shortpath-public-networks.svg":::
99
+
:::image type="content" source="media/rdp-shortpath/rdp-shortpath-public-networks.png" alt-text="Diagram of network connections when using RDP Shortpath for public networks." lightbox="media/rdp-shortpath/rdp-shortpath-public-networks.png":::
100
100
101
101
### Network Address Translation and firewalls
102
102
@@ -231,39 +231,51 @@ Here are some example scenarios to show how connections are evaluated to decide
231
231
232
232
### Scenario 1
233
233
234
-
A UDP connection can only be established between the client device and the session host over a public network (internet). A direct connection, such as a VPN, isn't available.
234
+
A UDP connection can only be established between the client device and the session host over a public network (internet). A direct connection, such as a VPN, isn't available. UDP is allowed through firewall or NAT device.
235
235
236
-
:::image type="content" source="media/rdp-shortpath/rdp-shortpath-scenario-1.png" alt-text="Diagram that shows RDP Shortpath for public networks is used." border="false":::
236
+
:::image type="content" source="media/rdp-shortpath/rdp-shortpath-scenario-1.png" alt-text="Diagram that shows RDP Shortpath for public networks uses STUN." border="false":::
237
237
238
238
### Scenario 2
239
239
240
+
A firewall or NAT device is blocking a direct UDP connection, but an indirect UDP connection can be relayed using TURN between the client device and the session host over a public network (internet). Another direct connection, such as a VPN, isn't available.
241
+
242
+
:::image type="content" source="media/rdp-shortpath/rdp-shortpath-scenario-2.png" alt-text="Diagram that shows RDP Shortpath for public networks uses TURN." border="false":::
243
+
244
+
### Scenario 3
245
+
240
246
A UDP connection can be established between the client device and the session host over a public network or over a direct VPN connection, but RDP Shortpath for managed networks isn't enabled. When the client initiates the connection, the ICE/STUN protocol can see multiple routes and will evaluate each route and choose the one with the lowest latency.
241
247
242
248
In this example, a UDP connection using RDP Shortpath for public networks over the direct VPN connection will be made as it has the lowest latency, as shown by the green line.
243
249
244
-
:::image type="content" source="media/rdp-shortpath/rdp-shortpath-scenario-2.png" alt-text="Diagram that shows a UDP connection using RDP Shortpath for public networks over the direct VPN connection will be made as it has the lowest latency." border="false":::
250
+
:::image type="content" source="media/rdp-shortpath/rdp-shortpath-scenario-3.png" alt-text="Diagram that shows a UDP connection using RDP Shortpath for public networks over the direct VPN connection will be made as it has the lowest latency." border="false":::
245
251
246
-
### Scenario 3
252
+
### Scenario 4
247
253
248
254
Both RDP Shortpath for public networks and managed networks are enabled. A UDP connection can be established between the client device and the session host over a public network or over a direct VPN connection. When the client initiates the connection, there are simultaneous attempts to connect using RDP Shortpath for managed networks through port 3390 (by default) and RDP Shortpath for public networks through the ICE/STUN protocol. The first-found algorithm will be used and the user will use whichever connection gets established first for that session.
249
255
250
256
Since going over a public network has more steps, for example a NAT device, a load balancer, or a STUN server, it's likely that the first-found algorithm will select the connection using RDP Shortpath for managed networks and be established first.
251
257
252
-
:::image type="content" source="media/rdp-shortpath/rdp-shortpath-scenario-3.png" alt-text="Diagram that shows the first-found algorithm will select the connection using RDP Shortpath for managed networks and be established first." border="false":::
258
+
:::image type="content" source="media/rdp-shortpath/rdp-shortpath-scenario-4.png" alt-text="Diagram that shows the first-found algorithm will select the connection using RDP Shortpath for managed networks and be established first." border="false":::
253
259
254
-
### Scenario 4
260
+
### Scenario 5
255
261
256
262
A UDP connection can be established between the client device and the session host over a public network or over a direct VPN connection, but RDP Shortpath for managed networks isn't enabled. To prevent ICE/STUN from using a particular route, an admin can block one of the routes for UDP traffic. Blocking a route would ensure the remaining path is always used.
257
263
258
264
In this example, UDP is blocked on the direct VPN connection and the ICE/STUN protocol establishes a connection over the public network.
259
265
260
-
:::image type="content" source="media/rdp-shortpath/rdp-shortpath-scenario-4.png" alt-text="Diagram that shows UDP is blocked on the direct VPN connection and the ICE/STUN protocol establishes a connection over the public network." border="false":::
266
+
:::image type="content" source="media/rdp-shortpath/rdp-shortpath-scenario-5.png" alt-text="Diagram that shows UDP is blocked on the direct VPN connection and the ICE/STUN protocol establishes a connection over the public network." border="false":::
261
267
262
-
### Scenario 5
268
+
### Scenario 6
269
+
270
+
Both RDP Shortpath for public networks and managed networks are configured, however a UDP connection couldn't be established using direct VPN connection. A firewall or NAT device is also blocking a direct UDP connection using the public network (internet), but an indirect UDP connection can be relayed using TURN between the client device and the session host over a public network (internet).
271
+
272
+
:::image type="content" source="media/rdp-shortpath/rdp-shortpath-scenario-6.png" alt-text="Diagram that shows UDP is blocked on the direct VPN connection and a direct connection using a public network also fails. TURN relays the connection over the public network." border="false":::
273
+
274
+
### Scenario 7
263
275
264
276
Both RDP Shortpath for public networks and managed networks are configured, however a UDP connection couldn't be established. In this instance, RDP Shortpath will fail and the connection will fall back to TCP-based reverse connect transport.
265
277
266
-
:::image type="content" source="media/rdp-shortpath/rdp-shortpath-scenario-5.png" alt-text="Diagram that shows a UDP connection couldn't be established. In this instance, RDP Shortpath will fail and the connection will fall back to TCP-based reverse connect transport." border="false":::
278
+
:::image type="content" source="media/rdp-shortpath/rdp-shortpath-scenario-7.png" alt-text="Diagram that shows a UDP connection couldn't be established. In this instance, RDP Shortpath will fail and the connection will fall back to TCP-based reverse connect transport." border="false":::
0 commit comments