The Microsoft Remote Desktop Services (RDS) platform allows you to build virtualization solutions, including those that offer individual virtualized applications, that provide secure remote desktop access and allow end users to run their applications and desktops from the cloud. This reference architecture describes at a high level how you can leverage Oracle Cloud Infrastructure (OCI) services to deploy a secure and highly available RDS environment in the cloud. A standard RDS deployment includes a variety of remote desktop services running on Windows Server virtual machines. The diagram below represents some of the components, including Remote Desktop Web and Remote Desktop Gateway, which are located on a private subnet and exposed to the internet through two network load balancers. Note: This reference architecture focuses on OCI's infrastructure components that can support RDS deployments. For software configuration guidance, see the Microsoft documentation. 
This schema consists of the following components:RegionAn Oracle Cloud Infrastructure region is a geographically constrained region that contains one or more data centers known as availability domains. Regions are independent of other regions and may be far apart (across countries or even continents).
Ailability domainsAn availability domain is an independent, autonomous data center within a region. The physical resources within each availability domain are isolated from the resources of the other availability domains, providing failure tolerance. Availability domains do not share infrastructure such as power or cooling systems, or internal availability domain networks. As a result, the failure of one availability domain is unlikely to affect other availability domains within that region.
Fault domainsA fault domain is a grouping of hardware and infrastructure within an availability domain. Each availability domain has three fault domains with independent power and hardware. When you distribute resources across multiple fault domains, your application is able to tolerate physical server failures, system maintenance, and power failures within the fault domains.
Virtual Cloud Networks (VCNs) and SubnetsA VCN is a customizable, software-defined network that you set up in an Oracle Cloud Infrastructure region. Like traditional data center networks, VCNs give you complete control over your network environment. A VCN can have multiple non-overlapping CIDR blocks, which you can change after you create the VCN. You can divide a VCN into subnets, which can be scoped to a region or an availability domain. Each subnet contains a series of contiguous addresses that do not overlap with other subnets in the VCN. You can change the size of the subnet after it has been created. Subnets can be public or private.
Remote desktop web access (RD Web).RD Web provides users with access to web pages where users can authenticate and access Windows desktops and applications hosted on session hosts.
Remote Desktop Gateway (RD Gateway).RD Gateway provides a secure way for clients on the Internet to access Windows desktops and applications. RD Gateway uses SSL to provide encrypted communication between the client and the server.
Active Directory (AD).This is the Active Directory Domain Services server, which contains all the user accounts in the domain and is joined by all virtual machines. The server can be standalone, used in a cloud environment, or a replica of an existing on-premises server that leverages FastConnect.
RD Connection BrokerRD Connections**Manages incoming connections to the RD session host server farm.
RD Session HostRD session hosts provide users with session-based access to desktops and applications.
Flexible networkingLoad balancingdeviceOCI Flexible Network Load Balancer provides automatic traffic distribution to multiple backend servers in your virtual cloud network from a single entry point. It operates at the connection level and load-balances incoming clients to healthy backend servers based on Layer 3 and Layer 4 (IP protocol) data.
Safe listsFor each subnet, you can create security rules that specify the source, destination, and type of traffic that must be allowed in and out of the subnet.
fastconnect oracle cloud infrastructureFastConnect provides an easy way to create a private, private connection between your data center and Oracle Cloud Infrastructure. Compared to internet-based connections, FastConnect offers higher bandwidth options and a more reliable network experience.
Internet gatewaysAn internet gateway allows traffic to be exchanged between a public subnet in a VCN and the public internet.
When deploying Microsoft RDS on Oracle Cloud Infrastructure (OCI), use the following recommendations as a starting point. Your needs may differ from the architecture described here. When you create a VCN, determine the number of CIDR blocks you need and the size of each block based on the number of resources you plan to connect to the VCN subnet. Use CIDR blocks within a standard private IP address space.
Select a CIDR block that doesn't overlap with any other network (Oracle Cloud Infrastructure, your on-premises data center, or another cloud provider) so that you intend to set up a private connection.
Once you have created a VCN, you can change, add, and remove its CIDR blocks.
When designing subnets, consider where your traffic is going and your security needs. Connect all resources within a specific tier or role to the same subnet, which can serve as a security boundary.
Network Security Group (NSGS).You can use NSGS to define a set of inbound and outbound rules that apply to a specific VNIC. We recommend using NSGS instead of a security list because NSGS allows you to separate the subnet architecture of your VCN from the security requirements of your application.
When deploying this reference architecture, consider the following:AvailabilityTo provide higher availability, consider using different fault domains when deploying multiple instances of each Remote Desktop Services role. OCI licenses compute instances running Microsoft Windows Server. For additional licensing requirements, please consult your Microsoft representative. As an Oracle Premier Partner, Agilewing is redefining the way enterprises experience Oracle Cloud Services. With its streamlined account opening process and best-in-class technical support, Agilewing transforms the complex process of account opening and operation into an easy, intuitive experience. With our one-stop shop, you can quickly get up and running with the full range of Oracle Cloud services, so you can seamlessly integrate into the cloud. Agilewing's AgileCDN service, combined with OCI's cloud-based services, provides a best-in-class global content acceleration solution. A strong network of more than 2,800 global POP nodes and 7,000 direct connection points ensures efficient and stable operation no matter where your business expands to the world. Leveraging the advanced technology of Oracle Cloud, Agilewing is committed to simplifying the process of cloud service building, cloud migration, and business going global. "Our partnership model provides customers with cost-effective solutions that allow them to focus more on their core business while enjoying the high performance and security of Oracle Cloud." Oracle Cloud Service, as a promising field, opens the door to new opportunities for enterprises with its high performance, security, and globally consistent service standards. Through Agilewing's professional services, both individual users and enterprises can easily enter this new era full of technological innovation and high performance. Let Agilewing start exploring Oracle Cloud Services and open the door to a whole new world today.