Understanding the Remote Desktop Protocol (RDP)

This article describes the Remote Desktop Protocol (RDP) used forcommunication between the Terminal Server and the Terminal Server Client.RDP is encapsulated and encrypted within TCP.
More information

Understanding the Remote Desktop Protocol (RDP)

Remote Desktop Protocol is based on, and is an extension of, the T-120family of protocol standards. A multichannel capable protocol allows forseparate virtual channels for carrying presentation data, serial devicecommunication, licensing information, highly encrypted data (keyboard,mouse activity), and so on. As RDP is an extension of the core T.Shareprotocol, several other capabilities are retained as part of the RDP, suchas the architectural features necessary to support multipoint (multipartysessions). Multipoint data delivery allows data from an application to bedelivered in "real-time" to multiple parties without having to send thesame data to each session individually (for example, Virtual Whiteboards).

In this first release of Windows Terminal Server, however, we areconcentrating on providing reliable and fast point-to-point (single-session) communications. Only one data channel will be used in the initialrelease of Terminal Server 4.0 However, the flexibility of RDP gives plentyof room for functionality in future products.

One reason that Microsoft decided to implement RDP for connectivitypurposes within Windows NT Terminal Server is that it provides a veryextensible base from which to build many more capabilities. This is becauseRDP provides 64,000 separate channels for data transmission. However,current transmission activities are only using a single channel (forkeyboard, mouse, and presentation data).

Also, RDP is designed to support many different types of Network topologies(such as ISDN, POTS, and many LAN protocols such as IPX, NetBIOS, TCP/IP,and so on). The current version of RDP will only run over TCP/IP but, withcustomer feedback, other protocol support may be added in future versions.

The activity involved in sending and receiving data through the RDP stackis essentially the same as the seven-layer OSI model standards for commonLAN networking today. Data from an application or service to be transmittedis passed down through the protocol stacks, sectioned, directed to achannel (through MCS), encrypted, wrapped, framed, packaged onto thenetwork protocol, and finally addressed and sent over the wire to theclient. The returned data works the same way only in reverse, with thepacket being stripped of its address, then unwrapped, decrypted, and so onuntil the data is presented to the application for use. Key portions of theprotocol stack modifications occur between the fourth and seventh layers,where the data is encrypted, wrapped and framed, directed to a channel andprioritized.

One of the key points for application developers is that, in using RDP,Microsoft has abstracted away the complexities of dealing with the protocolstack. This allows them to simply write clean, well-designed, well-behaved32-bit applications, and then the RDP stack implemented by the TerminalServer and its client connections takes care of the rest.

For more information on how applications interact on the Terminal Serverand what to be aware of when developing applications for a Windows TerminalServer infrastructure, look at the "Optimizing Applications for Windows NTServer 4.0, Terminal Server Edition" white paper.Four components worth discussing within the RDP stack instance are theMultipoint Communication Service (MCSMUX), the Generic Conference Control(GCC), Wdtshare.sys, and Tdtcp.sys. MCSmux and GCC are part of theInternational Telecommunication Union (ITU) T.120 family. The MCS is madeup of two standards: T.122, which defines the multipoint services, andT.125, which specifies the data transmission protocol. MCSMux controlschannel assignment (by multiplexing data onto predefined virtual channelswithin the protocol), priority levels, and segmentation of data being sent.It essentially abstracts the multiple RDP stacks into a single entity, fromthe perspective of the GCC. GCC is responsible for management of thosemultiple channels. The GCC allows the creation and deletion of sessionconnections and controls resources provided by MCS. Each Terminal Serverprotocol (currently, only RDP and Citrix's ICA are supported) will have aprotocol stack instance loaded (a listener stack awaiting a connectionrequest). The Terminal Server device driver coordinates and manages the RDPprotocol activity and is made up of smaller components, an RDP driver(Wdtshare.sys) for UI transfer, compression, encryption, framing, and soon, and a transport driver (Tdtcp.sys) to package the protocol onto theunderlying network protocol, TCP/IP.

RDP was developed to be entirely independent of its underlying transportstack, in this case TCP/IP. RDP, being completely independent of itstransport stack, means that we can add other transport drivers for othernetwork protocols as customers needs for them grow, with little or nosignificant changes to the foundational parts of the protocol. These arekey elements to the performance and extendibility of RDP on the network.

Article ID: 186607 - Last Review: 06/22/2014 18:59:00 - Revision: 4.0

  • kbinfo KB186607