Using Hyper-V Enhanced Session Mode
Microsoft has continually added headline features to Hyper-V with each release. But since Windows Server 2012 (WS2012), Microsoft has also been “rounding the corners”; that is, they’ve been making the experience of day-to-day operations easier by fixing some of the niggling annoyances.
- Related: How Do I Manage Hyper-V?
One of those annoyances in releases prior to Windows Server 2012 R2 (WS2012 R2) was the limited way we could interact with a virtual machine’s guest OS when using the Connect window for a KVM-style session. In this post, I will explain how Microsoft fixed those complaints in WS2012 R2 with a feature called Enhanced Session Mode.
Connecting to Hyper-V VMs Prior to WS2012 R2
There are two ways that we normally log into a virtual machine. If the virtual machine is new and doesn’t have a network/remote access configuration, or if the virtual machine is deliberately isolated from the network, then we can use the Connect window in Hyper-V Manager or Failover Cluster Manager (right-click the virtual machine and select Connect) to start a console that gives us keyboard and mouse access to the virtual machine. Previous to WS2012 R2, the Connect tool was very crude; there was no redirected audio, no redirected USB, the performance was not great, and you could not copy and paste between the window and your PC (there is a PC-to-Virtual Machine method for auto-typing text from the copy buffer of your PC).
Passwords Haven’t Disappeared Yet
123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?
We used the Connect tool as a way to get going. Once a virtual machine was connected to the network (remember a host can talk to a virtual machine via an internal virtual switch without the virtual machine having LAN access), we would normally either enable remote desktop (Windows) or SSH/Telnet (Linux) access to the virtual machine. That gives us the best experience for directly administrating and managing a virtual machine, although we should be trying to use centralized tools like Server Manager, System Center, and so forth from the PC.
Microsoft heard over and over that people wanted a better experience for those occasions when we could not use remote desktop or SSH/Telnet. This is why Enhanced Session Mode was added in Windows 8.1 Client Hyper-V and WS2012 R2 Hyper-V.
What is Hyper-V’s Enhanced Session Mode?
Microsoft improved the Connect tool functionality with the release of the new operating systems in late 2013. Enhanced Session Mode uses the RemoteFX protocol, which was previously called Remote Desktop Protocol (RDP), to greatly improve performance of the console experience and to add features. There are two misconceptions about this foundation:
- Network connection: The virtual machine does not need to be connected to a network to use Enhanced Session Mode.
- Remote desktop: You do not need to enable remote desktop in the guest OS of the virtual machine.
Enhanced Session Mode is using the RemoteFX protocol to route the connection via the VMBus of the host and the integration services of the virtual machine and not the remote desktop client of your PC and endpoint of the guest OS. RemoteFX provides performance, but it also allows devices to be redirected. In other words, you can share the following between your PC and the virtual machine for the duration of your Connect session:
- Display configuration
- Smart cards
- USB devices
- Supported Plug and Play devices
For example, any sounds generated in a guest OS while you are connected will be played back on your PC. Any Windows-supported USB device that you plug into your PC can appear in your guest OS that’s subject to driver installation requirements. Printers can be redirected. And yes, you can copy and paste text or files in both directions between your PC and the guest OS. I was not surprised that veteran Hyper-V users applauded the announced of Enhanced Session Mode when it was first publicly announced at TechEd North America 2013 because it introduced so many features that we take for granted when we manage servers.
Enhanced Session Mode can also be used to extend your security policies. Once enabled, a Hyper-V administrator cannot simply connect to a virtual machine and see everything that was open in the console if the previous administrator had not logged out. Enhanced Session Mode forces you to log into the guest OS or domain once you open the window; it is similar to what happens if you use Remote Desktop to log into an existing session on a computer. You can also use smart cards to further secure your log in mechanism.
Note that Enhanced Session mode is restricted to the following guest OS types:
- Windows Server 2012 R2
- Windows 8.1
- And probably whatever comes after these releases
There are further requirements of the guest OS. Remote Desktop Services (the actual Windows service) needs to be running (which it will by default), even though you don’t have to enable remote desktop administration in the guest OS system settings. The user account you use to sign in to the virtual machine needs to be a member of the Remote Desktop Users local group or the local Administrators group in the guest OS.
Using Enhanced Session Mode
There is not much to know with this feature, and most of it is similar what you probably already do with the Remote Desktop utility. Enhanced Session Mode is enabled by default in Windows 8.1 Client Hyper-V, and disabled by default on Windows Server. This is because:
- When using Client Hyper-V, we want convenience.
- Microsoft decided to enforce security and compliance by default on the server, to give customers control over what features delegated administrators can use, for example, to prevent file theft in a multi-tenant public cloud.
You can control the host-wide status of Enhanced Session Mode in Hyper-V Manager. Select the host and open Hyper-V Settings. Browse to Enhanced Session Mode Policy and check the Allow Enhanced Session Mode box to enable this feature. Note that this is a global per-host setting.
Enabling Hyper-V Enhanced Session Mode (Image: Aidan Finn)
Once enabled, you connect to virtual machines with a supported guest OS in the same way as before. A dialog will appear that prompts you to select a screen resolution for your connection.
If you click Show Options, then you can configure some per-virtual machine settings:
- Save your settings for future sessions so the prompt does not appear again
- Configure audio redirection
- Choose which devices on your PC that you want to redirect to the guest OS
Connecting to a Hyper-V virtual machine using Enhanced Session Mode (Image: Aidan Finn)
The guest OS login will appear when you connect and you can then log into the virtual machine. The performance should be similar to that of a remote desktop session because it is using RemoteFX.
If you do save the settings, then a new option will appear when you right-click a virtual machine; Edit Session Settings will open up the above dialog. You can modify the settings and un-save the configuration if you want to.