Use RDP Shortpath for private networks with Windows 365
You can use Remote Desktop Protocol (RDP) Shortpath for private networks with your Windows 365 Cloud PCs.
Requirements
To use RDP Shortpath for private networks with Windows 365, you must meet these requirements:
- Cloud PCs provisioned on the customer's private network. Private networks are supported with Azure network connections. Microsoft hosted networks aren't supported.
- Session Host (Cloud PC)
- Enable a UDP listener on the UDP port 3390.
- Direct line-of-sight connectivity between the client and the session host. This means that the client can connect directly to the session host on port 3390 (default):
- Without being blocked by firewalls (including the Windows Firewall) or Network Security Group.
- Using a managed network such as:
- ExpressRoute private peering.
- Site-to-site or Point-to-site VPN (IPsec), like Azure VPN Gateway.
If you're using other VPN types to connect to Azure, a UDP-based VPN provides better performance. While most TCP-based VPN solutions support nested UDP, they add inherited overhead of TCP congestion control, which slows down RDP performance.
Enable RDP Shortpath for private networks
To configure and enable RDP Shortpath for private networks, visit the Azure Virtual Desktop documentation page and follow the instructions.
RDP Shortpath benefits
The default connectivity to a Windows 365 Cloud PC is through a TCP connection that traverses a gateway using the reverse connect transport. The reverse transport means that there’s no need for inbound connectivity to the session host (Cloud PC) to connect RDP traffic.
RDP Shortpath builds on the TCP connection and provides, when possible, another direct connection between the Remote Desktop client and the Windows 365 Cloud PC. This connection uses UDP as the underlying transport protocol. This UDP connection is a direct connection over the network that is managed by the customer.
A. After authentication, a WebSocket reverse connect using TCP is established over port 443.
B. UDP over private network using port 3390. If UDP connection is established successfully, the RDP session switches to this path.
For more information about RDP Shortpath benefits, see Key benefits.
RDP Shortpath connection process
When you use RDP Shortpath, the connection with the Cloud PC proceeds as follows:
- The RDP connection establishes a TCP-based connection using the reverse connect transport through the Gateway (in the same way as it does for connectivity without RDP Shortpath).
- The session host sends the list of its IPv4 and IPv6 addresses to the client.
- The client starts the background thread to establish a parallel UDP-based transport directly to one of the session host's IP addresses.
- While the client is probing the provided IP addresses, it continues to establish the initial connection over the reverse connect transport to ensure there's no delay in the user connection.
- If the client has a direct connection to the session host, the client establishes a secure connection using TLS over reliable UDP.
- After establishing the RDP Shortpath transport, all Dynamic Virtual Channels (DVCs), including remote graphics, input, and device redirection, are moved to the new transport. However, if a firewall or network topology prevents the client from establishing direct UDP connectivity, RDP continues with a reverse connect transport.
Next steps
For complete information, see RDP Shortpath for Azure Virtual Desktop.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for