I'll point you to other SO answers I've given on this, but... a Web Role and Worker Role are just Windows 2008 Servers, with and without IIS running. You can run everything in a Web Role if you want, and just scale the number of instances to handle the load. Or... create a Worker Role for some tasks that you don't want competing with your Web Role CPU/Memory/Network.
You can listen on any port, via tcp, http, or https. You may have up to 25 such ports open, and direct traffic to whichever role you want (and it'll be load-balanced across all instances of that role).
You do not want to RDP and install software. The VMs will not retain such changes upon reboot. This is the cool part of Windows Azure: Within your webrole.cs or workerrole.cs, you can set up whatever you want, then in Run(), simply sleep or kick off background tasks (or whatever). If, during boot, you need something installed (maybe an MSI or registry addition) that requires elevated privileges), you can use a startup task to do pretty much whatever you want. These changes are reapplied during reboot. Although... you can short-circuit this and skip installation if you find stuff is already installed (that is, sometimes your stuff will be preserved between reboots - you can't count on this, but you can certainly drop yourself a breadcrumb to know things have been installed...).
More SO answers for you, that I posted: