Plan and implement Remote Desktop Protocol Shortpath

  • 5 minutes

Remote Desktop Protocol (RDP) Shortpath for managed networks is a feature of Azure Virtual Desktop that establishes a direct UDP-based transport between Remote Desktop Client and Session host. RDP uses this transport to deliver Remote Desktop and RemoteApp while offering better reliability and consistent latency.

Key benefits to RDP Shortpath are:

  • RDP Shortpath transport is based on the Universal Rate Control Protocol (URCP). URCP enhances UDP with active monitoring of the network conditions and provides fair and full link utilization. URCP operates at low delay and loss levels.
  • RDP Shortpath establishes the direct connectivity between the Remote Desktop client and the session host. Direct connectivity reduces dependency on the Azure Virtual Desktop gateways, improves the connection's reliability, and increases available bandwidth for each user session.
  • The removal of extra relay reduces round-trip time, which improves user experience with latency-sensitive applications and input methods.
  • RDP Shortpath brings support for configuring Quality of Service (QoS)
  • RDP Shortpath transport allows limiting outbound network traffic by specifying a throttle rate for each session.

Improved connection security

RDP Shortpath is extending RDP multi-transport capabilities. It doesn't replace reverse connect transport but complements it. All of the initial session brokering is managed through the Azure Virtual Desktop infrastructure.

RDP Shortpath deployments use the user-configured UDP port for incoming Shortpath traffic authenticated over reverse connect transport. The RDP Shortpath listener will ignore all connection attempts unless they match the reverse connect session.

RDP Shortpath uses a TLS connection between the client and the session host using the session host's certificates. By default, the certificate used for RDP encryption is self-generated by the OS during the deployment.

Connection flow

After establishing the reverse connect transport, the client and session host starts the RDP connection and negotiates the multi-transport capabilities.

The session host negotiates multi-transport capabilities:

  1. The session host sends the list of its private and public IPv4 and IPv6 addresses to the client.
  2. The client starts the background thread to establish a parallel UDP-based transport directly to one of the host's IP addresses.
  3. While the client is probing the provided IP addresses, it continues the initial connection establishment over the reverse connect transport to ensure no delay in the user connection.
  4. If the client has a direct line of sight, the client establishes a secure TLS connection with the session host.
  5. After establishing the Shortpath transport, RDP moves all Dynamic Virtual Channels (DVCs), including remote graphics, input, and device redirection, to the new transport.
  6. If a firewall or network topology prevents the client from establishing direct UDP connectivity, RDP continues with a reverse connect transport.

The diagram below is an overview of the RDP Shortpath network connection. Diagram showing the flow for Remote Desktop Protocol shortpath.

The Azure Virtual Desktop client needs a direct line of sight to the session host. You can get a direct line of sight by using one of these methods:

If you're using other VPN types to connect to the Azure portal, we recommend using a User Datagram Protocol (UDP)-based VPN. While most Transmission Control Protocol (TCP)-based VPN solutions support nested UDP, they add inherited overhead of TCP congestion control, which slows down RDP performance.

Having a direct line of sight means that the client can connect directly to the session host without being blocked by firewalls.