Unlocking AWS Subscriber Access Licenses for Microsoft RDS

  • Thread Author
In a landscape where flexibility and scalability are imperative, Amazon Web Services (AWS) has unveiled a significant upgrade for businesses running Windows workloads. The announcement of Subscriber Access Licenses (SAL) for Microsoft Remote Desktop Services (RDS) via AWS's License Manager is a game changer. But how, exactly, does this new offering enhance the licensing landscape for Windows RDS users, and why should you care? Let’s break it all down to show how this impacts not just your IT infrastructure but your scalability and cost-efficiency as well.

A holographic 3D data visualization displays inside a modern office with city views.
What is Microsoft Remote Desktop Services (RDS)?

For those new to the topic, Microsoft RDS serves as the backbone for organizations needing a session-based virtual desktop environment. It enables GUI-based Windows Server applications to run remotely, which is essential for businesses requiring secure access to critical software. By default, Windows Server allows two remote connections for administrative purposes. However, exceeding this limit requires installing RDS roles and accommodating additional user licenses—this is where things can become tricky (and costly).
RDS deployments typically include:
  • Remote Desktop Session Host (RD Session Host): Manages the individual remote sessions.
  • Remote Desktop Licensing Server (RD Licensing): Handles licensing for user sessions and ensures compliance.
So if you’re running a team where multiple users need simultaneous access to a Windows Server environment, RDS is your go-to solution.

Why Pivot to AWS SAL for RDS?

Traditionally, extending RDS capabilities on AWS meant leveraging a Bring-Your-Own-License (BYOL) model or relying on Microsoft’s SPLA (Services Provider Licensing Agreement). However, Microsoft is tightening its reins on SPLA, prohibiting these licenses from being brought to "Listed Providers" like AWS, effective September 30, 2025. This leaves enterprises scrambling for alternatives.
Enter AWS SAL, which offers:
  • Licensing Flexibility: Users pay per license on a monthly basis, eliminating the need for active Software Assurance or SPLA agreements.
  • Simplified Integration: AWS provides its own Managed RD Licensing Server that connects seamlessly with your AWS or self-managed Active Directory, avoiding re-architecting nightmares.
  • Scalability: Add or remove licenses based on demand, allowing you to control costs like a pro.
  • Extended User Sessions: Unlike RDS’s default configuration limiting usage to two administrative sessions, AWS SAL opens the door to unlimited user-based sessions at scale.
Bottom Line: It's not just a workaround to Microsoft’s SPLA changes—it’s a pivotal opportunity to streamline operations. Whether you're running SQL Server on AWS or integrating apps like Visual Studio on EC2, this model promises a smoother, hassle-free deployment.

Step-by-Step Guide: Get Started with AWS SAL for RDS

Ready to step into the AWS-powered future of RDS licensing? Here's how to configure your solution using AWS License Manager:

1. Prerequisites: Start with Active Directory

First, AWS License Manager needs to sync with Active Directory to manage RDS licenses. You can use:
  • AWS Managed Active Directory: A turnkey solution integrated into AWS.
  • Self-managed Active Directory: If you're hosting AD on-premises or in your AWS infrastructure.

Key Task:​

Create a Service Account (via AWS Secrets Manager) to handle linking between Active Directory and AWS’s RD Licensing Server. Store the account credentials securely to allow seamless communication.
Concept to Understand:
  • Amazon's RD Licensing Servers will join your Active Directory to enforce per-user licenses. This ensures that compliance and licensing modes (like "Per User" or "Per Device") are configured directly within AWS.

2. Subscribe to RDS SAL in AWS Marketplace

  • Open the AWS License Manager Console and go to the "Products" section.
  • Initiate the creation of a service-linked role, enabling AWS to automatically manage licensing for you.
  • Subscribe to Remote Desktop Services SAL from the AWS Marketplace.
  • Confirm your subscription and return to the License Manager—your licenses will now show as “Active.”

3. Register Your Active Directory

To start provisioning licenses, Register your AD based on your setup:
  • For AWS Active Directory: Simply select it directly from the dropdown menu.
  • For Self-Managed Active Directory: Provide manual configuration, detailing:
  • Domain Controllers IPs
  • Subnets within Virtual Private Cloud (VPC) hosting these controllers
Both options securely extend your AD domains into AWS's infrastructure, and this step ensures the AD is recognized for SAL provisioning.

4. Configure the RD Licensing Server

Now, you need to deploy the AWS-managed RD Licensing Server. This is the infrastructure handling your SALs.
  • Refer back to the Secrets Manager credential (username/password) created in the prerequisites.
  • Provision the license server via the AWS License Manager Console.
  • Once complete, retrieve the licensing server's endpoint URL or direct IP addresses.

5. Map SAL Licenses to Users

With the infrastructure set up, you now associate SALs to individual user accounts:
  • Navigate to your subscribed Active Directory in License Manager.
  • Select users and activate their subscriptions under the "Subscribe Users" section.
Pro Tip: Users in subdomains? Enter fully qualified domain names for precise registration.

6. Configure RD Session Hosts

This final step ensures your Windows Server-based RD Session Hosts are aware of the RD Licensing Server endpoint you just configured. You can:
  • Apply this via Group Policy in your Windows Server environment, or
  • Use the direct IP addresses fetched from License Manager to manually configure the Session Hosts.
Validate your setup using Remote Desktop Licensing Diagnoser, which pulls up vital stats like active license counts and mode configuration.

Rollback Actions

If you decide to unsubscribe a user or remove an entire domain from AWS’s License Manager, here’s what you do:
  • Unsubscribing Users: Mark their subscriptions as inactive on License Manager—ensure they’re off your Active Directory for immediate cost cessation.
  • Deregistering Active Directory: Clear or unsubscribe all users from the AD first before fully removing it from AWS License Manager.

The Bigger Picture: Why AWS SAL for Microsoft RDS?

It’s not just about managing your Windows infrastructure. AWS’s subscription-based RDS licensing model aligns directly with the needs of modern organizations:
  • Reduced Complexity: Gone are the cumbersome BYOL configurations.
  • Lower Costs: Licensing is pay-as-you-go, avoiding hefty upfront costs.
  • Future-Proof Compliance: Microsoft’s changes to SPLA licensing won’t halt your operations.
With these changes, AWS is asserting itself as an adept partner for businesses reliant on Microsoft services. Whether you're large-scale enterprise or small business adjusting to cloud-first mandates, this solution should be on your radar.

Key Takeaway:​

RDS SALs from AWS pave the way for scalable, compliant, and streamlined remote desktop usage on the cloud. As Microsoft sets new parameters on SPLA licenses, this solution shows true foresight for any organization eyeing a smooth transition.
What's your experience with AWS and Microsoft RDS? Join the discussion below and share your thoughts!

Source: Amazon Web Services How to configure Microsoft Remote Desktop Services using user-based subscription licenses with AWS License Manager | Amazon Web Services
 

Last edited:
Back
Top