Today is going to be the start of a lengthy one followed but another, but one that definitely warrants it because it appears there are a lot of other Admins who ran into my situation but could not figure out how to overcome the final hurdle.
(From here on out I will refer to terminal services as RDS which is Microsoft's new name for that role... Remote Desktop Services).
Our network consists of 150ish servers, 8,000ish users and about 250ish vlan's. We are a big organization to say the least. We have never really had a widespread need for users to use RDS. That changed recently when the software company that does our payroll system (which does timekeeping, vacation time, sick time and of course payroll decided to move to a cloud solution). Most end users (such as myself) only use a web portal to request time off, enter hours or view their pay stubs. Other users such as managers, payroll staff and the accounting staff have to have an application installed to do their managerial and payroll tasks in the system. The problem being is that we have a lot of staff that are on Mac's and the client application for this system is not compatible with Macs. To top it off, the team that installs applications on the users' computers does not like the idea of having to go to a bunch of PC's and install this application. So the idea of RDS is brought up to me. Which of course prompts me to think of the amount of users that would be using this RDS so my thoughts turn to high availability and future growth/needs of RDS. Enter and RDS farm project!
Setting up the RDS farm was very simple. I already had one RDS VM for my departments use. I simply cloned it twice and changed the SID on it after installing the new client application for our new payroll system. After renaming the clones and joining them to the domain, I setup the farm.
I do not yet have a need for the Published web apps side of RDS so I will focus here on the install of the RDS farm utilizing only the Session host service so users can log into the RDS servers the old school traditional way we think of a "Terminal Server".
Let me quickly explain the role of the "Broker" in an RDS Farm. The broker is basically the traffic cop for RDS connections. It keeps the RDS logins between the servers in the farm balanced based on connection and load. Some people in smaller environments will put this service on one of their RDS servers but in larger environments it will be best to put it on its own server. I setup three RDS servers and wanted the capability to grow the farm, so I want this service to be separated from a server that end users will log into.
For the record, as of this post the Microsoft RDP application for Mac OSX is not compatible with Server 2012 RDS so I used Server 2008r2 for all the servers in the farm. I know there are very good RDP apps for MACOSX that will work with server 2012 (iTap) but the good ones cost money which our organization is not favorable of.
To start, create your broker VM or server. Its as easy as installing the Remote desktop services role and choosing only the "Remote Desktop Connection Broker" service.
Click next all the way through accepting any dependencies that need to be installed.
Once that role is installed on the broker you need to go into the local users and groups on that server and add all the RDS servers that will be in your farm to the group named "Session Broker Computers".
Before adding the Servers you will need to select "object types" and select "computers" so the names or IP's of the servers resolve.
Now type in the name or IP of your servers you plan to use in the RDS farm to be added to the group. ***NOTE: YOU DO NOT NEED TO PUT THE SERVER WITH THE BROKER ROLE IN THIS GROUP UNLESS IT TOO IS A RDS SERVER YOUR USERS WILL USE".
Thats it for the Broker! There is nothing else to do here!
Now we will install the roles and configure the servers that the actual users will be using.
On each RDS server you want the users to use you need to install the "Remote Desktop Services" role with just the "Remote Desktop Session Host" service.
Accept all the defaults that follow.
Now we need to configure each server for the farm!
In the server manager drill down to the "RD Session Host Configuration".
Next, in this same window we need to open "Member of farm in RD Connection Broker".
The properties window that opens up needs the following: The name of your server you setup for "RD Connection Broker" and a name for your RDS Farm in "Farm Name". This is the first time you have named the farm so call it what you wish, but you will need to make sure that you use the same farm name in all the terminal servers with the session host service. This is also how you would create multiple farms with the same broker server managing them. So each server with the same farm name is in the same farm. (I hope that explains it well). "Check Participate in Connection Broker Load-Balancing" Also, in the window for "Select IP address to be used..." you want to select your NIC that should have your static IP of the server listed. Leave the setting for "Relative Weight of this server in the farm" to its default. This is the actual connections it will allow on this server. If you have older hardware or are worried about the performance of the RDS server you would drop this down so it would eventually deny connections to keep performance stable. Im running on Virtual machines so Im not worried about this as I can give the VM's more memory or processors if needed.
To use the farm simply have all your users log into the same RDS session host server. You don't have to give your users all the names or IP's of the servers in the farm. Better yet, make an A record on your internal DNS server called something like: remote.yourdomain.com and point it to just one of the IP's of a session host in your RDS farm. What happens is when a user uses an RDP client with that address, the server will pass the request to the broker and the broker will send the client to any of session host servers in your farm based on load and/or session count. So they won't always end up on that one server you have all the users logging into based on the IP or CNAME record.
Thats it! You know have a terminal server farm. If you want to have fun, watch the logs on the broker to see the broker do its work. For each session request you should see up to 4 records. You will see how the broker handles it and ultimately puts the user on the selected destination session host. The ones you want to watch for fun are found in server manager at: EventViewer > Applications and Services Logs > Microsoft > TerminalServices-RemoteConnectionManager > Operational
***Note*** If a user disconnects a session instead of logging off, the broker will always put them back to the same session host they left their disconnected session at. Its good to setup a good Group Policy for your terminal server so users are locked down from doing damage to the entire server. I even put things in my policy to terminate sessions that have been disconnected and idle for 8 hours.
Like I said, this part was very easy. I spent three days with our Network Administrator working out getting the farm to work from outside our network. What you do here with these instructions will work flawlessly on your internal network. Everything else you read in forums at Microsoft and other places on the net from other admins is that they finally settled on a RD Gateway to get the farm to work outside their network. YOU CAN GET THE FARM TO WORK OUTSIDE YOUR NETWORK WITHOUT A RD GATEWAY!!! I will show you how to do this in the next post. We spent many, many hours troubleshooting with trial and error but we did get it working and anyone can do it. I will try and get this posted for you next week.
Cheers!
No comments:
Post a Comment